I am not sure it's the case, the only place i defined safe_characters is in mods-enabled/sql ``` [root@localhost raddb]# grep safe_characters * -r mods-available/dhcp_sqlippool: # To use sqlite you need to add '%' to safe_characters in mods-available/expr:# escape escape string similar to rlm_sql safe_characters mods-available/expr: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" mods-config/sql/main/mysql/extras/wimax/queries.conf:#safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" mods-config/sql/main/mysql/queries.conf:#safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" mods-config/sql/main/mysql/reject.conf:#safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" mods-config/sql/main/postgresql/queries.conf:# safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" mods-config/sql/main/sqlite/queries.conf:#safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" mods-enabled/sql: safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /(),'" ``` I attached 2 debug outputs and the sql files used , the one with safe_characters defined in the sql {...} section (who works) and the other one with safe_characters defined in sql sql_degraded{...} (that doesn't works) For me it looks that even if you define safe_characters in another section than the sql {...} one the code doesn't use it and use the one from the sql {...} section instead. I did exactly the same tests on the FreeRADIUS version 3.0.13 (i am using another path for the configuration files than /etc/radiusd, so the files didn't changed) and it takes the safe_characters defined in the sql_degraded section. Btw setting the safe_characters in sql{...} fixed my issue, but it looks to be a regression. Regards Fabrice Le 20-06-17 à 10 h 19, Alan DeKok a écrit :
On Jun 17, 2020, at 9:55 AM, Fabrice Durand <fdurand@inverse.ca> wrote:
OK i found something, it looks if i set the safe_characters in the main sql definition it works. The configuration files are read in order, top to bottom. So if you put the safe_characters line before *any* $INCLUDE statements, then it will override the definitions in some later $INCLUDE.
What's happening is that you have multiple definitions of safe_characters. You were editing the second or third one, but only the first one was relevant. By adding a definition before the others, you've made a new first definition, which is then used.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Fabrice Durand fdurand@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)