On Tue 17 Jul 2007, Alan DeKok wrote:
Peter Nixon wrote:
Alan. Can you help out here? From memory I am seeing the same thing in cvs head. I ended up commenting out the username part of the query as I don't actually do anything based on username in my system. It definitely needs to be %{SQL-User-Name} though, as I was getting escape characters as the username from some users and it was blowing up the sql queries. (HUGE GAPPING SECURITY HOLE)
Is there something special we need to do in rlm_sqlippool to get access to %{SQL-User-Name}?
Yes. Call sql_set_user(). Patch is attached.
Hugh I have applied Alan's patch to the 1.1.x branch. Can you test and see if %{SQL-User-Name} works in rlm_sqlippool for MySQL now? Cheers -- Peter Nixon http://peternixon.net/