On Jun 17, 2020, at 11:11 AM, Fabrice Durand <fdurand@inverse.ca> wrote:
I am not sure it's the case, the only place i defined safe_characters is in mods-enabled/sql
OK.
I attached 2 debug outputs and the sql files used , the one with safe_characters defined in the sql {...} section (who works) and the other one with safe_characters defined in sql sql_degraded{...} (that doesn't works)
For me it looks that even if you define safe_characters in another section than the sql {...} one the code doesn't use it and use the one from the sql {...} section instead.
Except that the code *always* looks at definition of safe_characters in the current configuration. There's nothing in the rlm_sql source which says "search for the base SQL module and use that".
I did exactly the same tests on the FreeRADIUS version 3.0.13 (i am using another path for the configuration files than /etc/radiusd, so the files didn't changed) and it takes the safe_characters defined in the sql_degraded section.
Btw setting the safe_characters in sql{...} fixed my issue, but it looks to be a regression.
I just took the current v3.0.x head, and created a "sql sql2" module, which uses MySQL. The main "sql" module is using sqlite. I edited the safe_characters definition in mods-config, and I see: $ radiusd -X | grep safe safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" safe_characters = "YYY@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" safe_characters = "XXX@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" The first one is from rlm_expr. The second is from the sqlite definition that I edited. The third one is from the MySQL definition that I edited. And from the debug output you posted: # Loading module "sql_degraded" from file /usr/local/pf/raddb/mods-enabled/sql sql sql_degraded { driver = "rlm_sql_mysql" server = "127.0.0.1" port = 3306 login = "pf" password = <<< secret >>> radius_db = "pf" read_groups = yes read_profiles = yes read_clients = no delete_stale_sessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" client_query = "SELECT id,nasname,shortname,type,secret FROM nas" group_membership_query = "" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /(),'" So that seems to work. Alan DeKok.