%{SQL-User-Name} parsing in authorize section - bug?
Hi list, Have i found a bug or i have made a mistake in configuring freeradius, version 3.2.3 from networkradius ubuntu repo... When i put this into authorize section: authorize { ... # MAC LIMIT update control { Tmp-Integer-3 := "%{sql: SELECT count(*) FROM radcheck WHERE Username = '%{SQL-User-Name}' and (mac_limit='%{Calling-Station-Id}' or mac_limit='*');}" } ... } it doesn't work, SQL-User-Name is empty: (0) update control { (0) EXPAND %{User-Name} (0) --> testuser (0) SQL-User-Name set to 'testuser' rlm_sql (sql): Reserved connection (2) (0) Executing select query: SELECT count(*) FROM radcheck WHERE Username = '' and (mac_limit='' or mac_limit='*'); rlm_sql (sql): Released connection (2) (0) EXPAND %{sql: SELECT count(*) FROM radcheck WHERE Username = '%{SQL-User-Name}' and (mac_limit='%{Calling-Station-Id}' or mac_limit='*');} (0) --> 0 (0) Tmp-Integer-3 := 0 (0) } # update control = noop If User-Name is used instead of SQL-User-Name it works: authorize { ... # MAC LIMIT update control { Tmp-Integer-3 := "%{sql: SELECT count(*) FROM radcheck WHERE Username = '%{User-Name}' and (mac_limit='%{Calling-Station-Id}' or mac_limit='*');}" } ... } (0) update control { rlm_sql (sql): Reserved connection (2) rlm_sql (sql): Released connection (2) (0) EXPAND %{User-Name} (0) --> testuser (0) SQL-User-Name set to 'testuser' rlm_sql (sql): Reserved connection (3) (0) Executing select query: SELECT count(*) FROM radcheck WHERE Username = 'testuser' and (mac_limit='' or mac_limit='*'); rlm_sql (sql): Released connection (3) (0) EXPAND %{sql: SELECT count(*) FROM radcheck WHERE Username = '%{User-Name}' and (mac_limit='%{Calling-Station-Id}' or mac_limit='*');} (0) --> 1 (0) Tmp-Integer-3 := 1 (0) } # update control = noop It looks like SQL-User-Name population is done after authorize is processed, i am not sure. Everywhere else i am able to use SQL-User-Name, including queris.conf. But, not in authorize. Please correct me if i am wrong. I would appreciate any help. If it's my error than even better. It's not so big problem, but it's annoying. Same setup works in 2.1 but not in 3.0 and 3.2 Thank you, Igor Smitran
On Oct 30, 2023, at 10:05 AM, Igor Smitran <sigor@blic.net> wrote:
When i put this into authorize section:
authorize {
# MAC LIMIT update control { Tmp-Integer-3 := "%{sql: SELECT count(*) FROM radcheck WHERE Username = '%{SQL-User-Name}' and (mac_limit='%{Calling-Station-Id}' or mac_limit='*');}"
The SQL-User-Name attribute is created only when running the default authorization queries. It's deleted once those queries are over.
it doesn't work, SQL-User-Name is empty:
Exactly. SQL-User-Name doesn't exist.
It looks like SQL-User-Name population is done after authorize is processed, i am not sure. Everywhere else i am able to use SQL-User-Name, including queris.conf. But, not in authorize.
It's populated
Please correct me if i am wrong. I would appreciate any help. If it's my error than even better. It's not so big problem, but it's annoying.
It's working as documented in the "queries.conf" file. It's imperfect, but it is what it is. We should probably just nuke SQL-User-Name from the v4 configuration. It doesn't offer much in the way of value, and there are better / clearer ways to get the same result. Alan DeKok.
On 30. 10. 23. 15:47, Alan DeKok wrote:
It's working as documented in the "queries.conf" file.
It's imperfect, but it is what it is. We should probably just nuke SQL-User-Name from the v4 configuration. It doesn't offer much in the way of value, and there are better / clearer ways to get the same result.
Ok, no problem, i can use User-Name instead. Thank you, Igor
participants (2)
-
Alan DeKok -
Igor Smitran