SQL escaping

Phil Mayers p.mayers at imperial.ac.uk
Thu Sep 20 18:30:50 CEST 2012

On 20/09/12 07:21, Alan DeKok wrote:

> add REQUEST and context (void*) to the RADIUS_ESCAPE_FUNC.
> Add it to the prototypes, to all modules (as UNUSED), and have xlat.c
> store the context, and pass it and REQUEST to the calling function
> then, add the proper pass of the context in LDAP, SQL, etc.
> individually.  Have it pass the right context, and then use it in the
> escaping function.

Actually I've started to have a doubt about this having spent some time 
looking at it.

The xlat stuff is a bit more complex than I first appreciated. There are 
quite a few places where the escape func is just ignored when passed 
into *_xlat handlers, and even in quite a few places in radius_xlat 
itself (most of the single-string expansions that aren't passed off to 

In addition, literally the only places the escape function are used in 
the source are rlm_ldap, rlm_sql and rlm_rest, so it's a both a 
limited-use code path, but very important.

I don't know that I really want to touch it now!

[I did spot a bug in rlm_ldap though - one-liner pull request submitted]

I'll give it some more thought in a week or so, when I've finished my 
current assignment.

More information about the Freeradius-Devel mailing list