SQL-User-Name in %{sql:..} expansion
Jakob Hirsch
jh at plonk.de
Wed May 18 12:51:57 CEST 2016
Hi,
I am currently in the process of migrating our 2.2.9 setup to 3.0.11
and, naturally, stumbled over a few things (i.e. more messages will follow).
It seems that SQL-User-Name is not usable in expansions any more, only
when calling the module (we use authorize_check_query and
authorize_reply_query).
When I put this (for testing only) in my authorize section ...
update {
request:Stripped-User-Name := "bla"
}
update {
control:Tmp-String-0 := "%{sql:SELECT '%{SQL-User-Name}'}"
}
... I get this in the debug output:
(0) authorize {
(0) update {
(0) request:Stripped-User-Name := "bla"
(0) } # update = noop
(0) update {
(0) EXPAND %{Stripped-User-Name}
(0) --> bla
(0) SQL-User-Name set to 'bla'
rlm_sql (sql): Reserved connection (1)
(0) Executing select query: SELECT ''
rlm_sql (sql): Released connection (1)
(0) EXPAND %{sql:SELECT '%{SQL-User-Name}'}
(0) -->
(0) control:Tmp-String-0 :=
(0) } # update = noop
...
So, it says that Stripped-User-Name will contain "bla", but in the query
it is the empty string.
Is this intended, a glitch, or am I doing something wrong?
My current workaround is to escape myself (with
%{escape:%{Stripped-User-Name}} and proper escape_characters in the expr
config).
Regards
Jakob
More information about the Freeradius-Users
mailing list