special characters in username in rlm_sql
Duane Cox
duanec at mail.illicom.net
Wed Mar 29 02:34:58 CEST 2006
I've tracked down why some of my users aren't authenticating...
Appartenly somewhere (rlm_sql ?) the username is being changed possible in an anti-injection function, I don't know.
Can someone shed some light on this?
For instance, in the debug snip below, the username 'dcox&dcox' is changed to 'dcox=26dcox' which of course fails the sql select statement.
radius_xlat: 'dcox&dcox'
rlm_sql (sql): sql_set_user escaped user --> 'dcox&dcox'
radius_xlat: 'select id, username, attribute, value, op from radcheck where username = 'dcox=26dcox' order by id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User dcox&dcox not found in radcheck
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060328/fccec8ae/attachment.html>
More information about the Freeradius-Users
mailing list