(0) Received Access-Request Id 161 from 127.0.0.1:37025 to 127.0.0.1:1812 length 76 [50/862] (0) User-Name = "p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=" (0) NAS-Identifier = "nas-here" (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw= (0) sql: SQL-User-Name set to 'p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=' rlm_sql (sql): Reserved connection (0) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D' ORDER BY id echo "User-Name="p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=",NAS-Identifier=nas-here" | radclient 127.0.0.1 auth testing123 same with username %{User-Name}, default install just enabled sql module On 2019-07-17 16:58, Jorge Pereira wrote:
Please share the entire debug output
On 17 Jul 2019, at 08:41, belyj@belyj.eu wrote:
Hello.
After upgrade from 3.0.16 to 3.0.19 freeradius is replacing characters in mysql queries.
(76475085) Tue Jul 16 16:16:06 2019: Debug: Received Access-Request Id 54 from length 126 (76475085) Tue Jul 16 16:16:06 2019: Debug: NAS-Identifier = "XXXX" (76475085) Tue Jul 16 16:16:06 2019: Debug: User-Password = "p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw="
query
... xxx.value = '%{User-Password}' AND ...
(76475085) Tue Jul 16 16:16:06 2019: Debug: sql3: Executing select query: SELECT ... xxx.value = 'p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D' AND ...
\+ is replaced and =3D added at the end.
`p6suf+FyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=`
`p6suf=2BFyNBebQgLMTdAXD4q0U/yZVIaxSN/w8LzVMlw=3D`
radiusd: FreeRADIUS Version 3.0.19 (git #1156b5361), for host x86_64-pc-linux-gnu FreeRADIUS Version 3.0.19
On 3.0.16 same config, same query, password is not changed.
Any help would be appreciated.
Andrzej - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html