Musing and digressing around sqlite
Herwin Weststrate
herwin at quarantainenet.nl
Thu Jul 10 11:58:00 CEST 2014
On 10-07-14 11:26, Axel Luttgens wrote:
> Le 9 juil. 2014 à 18:54, Axel Luttgens a écrit :
>
>> [...]
>> Wed Jul 9 18:13:50 2014 : Debug: (0) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', %{%{Event-Timestamp}:-date('now')})
>> Wed Jul 9 18:13:50 2014 : Debug: (0) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'hello', 'Access-Accept', date=28=27now=27=29)
>> Wed Jul 9 18:13:50 2014 : Debug: rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'hello', 'Access-Accept', date=28=27now=27=29)'
>> Wed Jul 9 18:13:50 2014 : Debug: (0) sql : No additional queries configured
>>
>> Of course, that "date=28=27now=27=29" sequence of characters doesn't make any sense for sqlite, and no row gets inserted into the table.
>>
>> Still investigating...
>
> ...
>
> So, perhaps could it be inferred that unlang expansions misbehave in an sqlite context only.
I don't think this is misbehaving, it's more likely the module is trying
to prevent SQL injections.
I'm not that familiar with SQLite, but possibly something like this
would work:
COALESCE(%{%{Event-Timestamp}:NULL}, date('now'))
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list