Problem sanitising usernames in accounting
Jonathan Gazeley
jonathan.gazeley at bristol.ac.uk
Wed Oct 7 11:26:55 CEST 2009
I'm seeing a problem with stripping usernames during accounting.
Accounting is done on a separate physical server from the authentication
(which works fine).
Most of our users don't include a domain so their accounting works
normally. Some users do send the domain (UOB) and this breaks the
accounting because the backslash doesn't seem to get escaped.
The account detail files have entries like User-Name = "UOB\\username"
but when this gets inserted into the database the backslash(es) are not
escaped and if the username starts with n, r or some other letters, the
database sees \n, \r and inserts linebreaks and other undesirable
characters.
Then selecting from the database to generate statistics returns garbage,
obviously.
At the top of dialup.conf I replaced sql_user_name = "%{User-Name}" with
sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" but
Stripped-User-Name does not have a value.
I'm not interested in the domain in my accounting, so does anyone have
any guidance on how to safely strip/sanitise the usernames?
Thanks,
Jonathan
--
----------------------------
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless& VPN Team
Information Services
University of Bristol
----------------------------
More information about the Freeradius-Users
mailing list