evaluating unlang IF with sql results

Bill Schoolfield bill at billmax.com
Thu Jun 13 23:29:17 CEST 2013 

I can't seem to make this work. I'm comparing some values in the post-auth section:

         if("(%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}})" < "(%{expr: %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}})") {
                 update reply {
                         Session-Timeout := "%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}"
                 }
         }
         else {
                 update reply {
                         Session-Timeout := "%{expr: (%{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))})}"
                 }
         }

The above code fails with a message (below) that says "(Right field is not a number at: (1371158700))". I tried adding
a zero to force a number interpretation but this does nothing.

I have checked every source I can find and I don't see anyhing that addresses this problem.

Thoughts anyone?

Bill



rad_recv: Access-Request packet from host 127.0.0.1 port 59971, id=77, length=74
         User-Name = "wrs"
         CHAP-Password = 0x4dab7bdecf6c70f078b77bfa11cebd490d
         NAS-IP-Address = 10.0.0.147
         NAS-Port = 0
         Message-Authenticator = 0xcf99944924652eda7706d17c69afca2c
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wrs", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} -> wrs
[sql] sql_set_user escaped user --> 'wrs'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'wrs'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'wrs'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'wrs'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
[expiration] Checking Expiration time: '13 Jun 2013 21:25:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
rlm_sqlcounter: Entering module authorize code
WARNING: Please replace '%k' with '${key}'
sqlcounter_expand:  'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}''
[noresetcounter]        expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs'
WARNING: Please replace '%S' with '${sqlmod-inst}'
sqlcounter_expand:  '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs'}'
[noresetcounter] sql_xlat
[noresetcounter]        expand: %{User-Name} -> wrs
[noresetcounter] sql_set_user escaped user --> 'wrs'
[noresetcounter]        expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs'
rlm_sql (sql): Reserving sql socket id: 2
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
[noresetcounter]        expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs'} -> 12
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user wrs, check_item=600, counter=12
rlm_sqlcounter: Sent Reply-Item for user wrs, Type=Session-Timeout, value=180
++[noresetcounter] returns ok
Found Auth-Type = CHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "wrs" with CHAP password
[chap] Using clear text password "test123" for user wrs authentication.
[chap] chap user wrs authenticated succesfully
++[chap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
++? if ("(%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}})" < "(%{expr: %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}})")
sql_xlat
         expand: %{User-Name} -> wrs
sql_set_user escaped user --> 'wrs'
         expand: select sum(acctsessiontime) from radacct where username='%{User-Name}' -> select sum(acctsessiontime) from radacct where username='wrs'
rlm_sql (sql): Reserving sql socket id: 1
sql_xlat finished
rlm_sql (sql): Released sql socket id: 1
         expand:  %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'} ->  600-12
         expand: (%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}) -> (588)
sql_xlat
         expand: %{User-Name} -> wrs
sql_set_user escaped user --> 'wrs'
         expand: select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0 -> select unix_timestamp(str_to_date('Jun 13 2013 21:25:00 UTC', '%b %d %Y %H:%i:%s'))+0
rlm_sql (sql): Reserving sql socket id: 0
sql_xlat finished
rlm_sql (sql): Released sql socket id: 0
         expand:  %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0} ->  1371158700
         expand: (%{expr: %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}}) -> (1371158700)
     (Right field is not a number at: (1371158700))
++- entering else else {...}
sql_xlat
         expand: %{User-Name} -> wrs
sql_set_user escaped user --> 'wrs'
         expand: select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s')) -> select unix_timestamp(str_to_date('Jun 13 2013 21:25:00 UTC', '%b %d %Y %H:%i:%s'))
rlm_sql (sql): Reserving sql socket id: 4
sql_xlat finished
rlm_sql (sql): Released sql socket id: 4
         expand:  (%{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))}) ->  (1371158700)
         expand: %{expr: (%{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))})} -> 1371158700
+++[reply] returns noop
++- else else returns noop

More information about the Freeradius-Users mailing list