On Jun 17, 2020, at 8:55 AM, Fabrice Durand <fdurand@inverse.ca> wrote:
i am trying to set the safe_characters in a sql configuration and it looks that the safe characters are not working anymore (at least the extra i add).
I'd suggest avoiding "safe_characters". From 3.0.18: * Some SQL modules can now use "auto_escape" to escape unsafe strings. See mods-config/sql/main/mysql/queries.conf
I have the following configuration:
```
sql sql_degraded { ... safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /(),'" }
```
I added (),' as extra char.
That should still work.
Followinf the trace from freeradius 3.0.21 (doesn't work) and from freeradius-3.0.13 (works) for exactly the same radius request and exactly the same configuration:
The key point for the sql_degraded module is:
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{Calling-Station-Id}' ORDER BY id" group_membership_query = "" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" auto_escape = no
So it's not picking up the "safe_characters" string you set. Probably because of this: ... $INCLUDE ${modconfdir}/${.:name}/main/mysql/reject.conf safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /(),'" ... If the "reject.conf" file *also* has "safe_characters" set, that one will be used instead of the extra one you added. You can't "over-ride" configuration items by adding a second one. Alan DeKok.