SQL Module: Inconsistent behavior dealing with the escaping backslash

Kwak Wookjong Wookjong.Kwak at gemalto.com
Thu Jan 25 21:02:01 CET 2018


Yes, in the SQL DB, double slashes "\\" are presented.
Let me put the log with some comments below with ***** to make it clear.


   id  |    nasname    |        shortname       |  type  | ports |     secret    | server | community | description
-----+----------------+----------------------+--------+-------+-------------+--------+----------------+-------------
 112 | 192.168.99.1 | Radius Local Test  | other |            | test\\123  |              |                          |


(0) server dynamic_client_server {
(0) # Executing section authorize from file /etc/raddb/clients.conf
(0)   authorize {
(0)     if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}") {
rlm_sql (sql): Reserved connection (0)
(0)     Executing select query:  SELECT nasname FROM nas WHERE nasname = '192.168.99.1'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
rlm_sql (sql): Released connection (0)
(0)     EXPAND %{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}
(0)        --> 192.168.99.1
(0)     if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}")  -> TRUE
(0)     if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}")  {
(0)       update control {
(0)         EXPAND %{Packet-Src-IP-Address}
(0)            --> 192.168.99.1
(0)         FreeRADIUS-Client-IP-Address = 192.168.99.1
rlm_sql (sql): Reserved connection (1)
(0)         Executing select query:  SELECT shortname FROM nas WHERE nasname = '192.168.99.1'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
rlm_sql (sql): Released connection (1)
(0)         EXPAND %{sql: SELECT shortname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}
(0)            --> Radius Local Test
(0)         FreeRADIUS-Client-Shortname = Radius Local Test
rlm_sql (sql): Reserved connection (2)
(0)         Executing select query:  SELECT secret FROM nas WHERE nasname = '192.168.99.1'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
rlm_sql (sql): Released connection (2)

(0)         EXPAND %{sql: SELECT secret FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}
(0)            --> test\\123
(0)         FreeRADIUS-Client-Secret = test\123

***** up until here, everything seems good as "\\" becomes to "\"

rlm_sql (sql): Reserved connection (3)
(0)         Executing select query:  SELECT type FROM nas WHERE nasname = '192.168.99.1'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
rlm_sql (sql): Released connection (3)
(0)         EXPAND %{sql: SELECT type FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}
(0)            --> other
(0)         FreeRADIUS-Client-NAS-Type = other
(0)       } # update control = noop
(0)       [ok] = ok
(0)     } # if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}")  = ok
(0)   } # authorize = ok
(0) } # server dynamic_client_server

***** problem below when it is converting control list to client field,  "\" becomes to "\\", again.

(0) Converting control list to client fields
(0)   ipv4addr = 192.168.99.1
(0)   secret = test\\123
(0)   shortname = Radius Local Test
(0)   nas_type = other
Adding client 192.168.99.1/32 with shared secret "test\\123"

***** So, when it is adding the client, it is double backslashes.


Let me know if you need further information.

Thanks!

Best Regards,

WJ


-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+wookjong.kwak=gemalto.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Thursday, January 25, 2018 1:18 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: [+SPAM+]: Re: [+SPAM+]: Re: SQL Module: Inconsistent behavior dealing with the escaping backslash

On Jan 25, 2018, at 2:10 PM, Kwak Wookjong <Wookjong.Kwak at gemalto.com> wrote:
> Thanks for the respond and your suggestion.
> But I am still seeing the same problem. (Additional backslash
> prepended)
>
> Even though, using another table (other than NAS) for putting client
> information, When, putting the information into attributes, the additional step that you described would be applied.
> Then, it would make additional backslash in front of original backslash as it is not *directly* read from the table.
>
> My question would be how can I make the value read directly from the table as it does for NAS table reading?

  You can't.  You MUST put the value into an attribute.  That's how the dynamic clients work.

> Or, do we need to check if the escaping is properly done when putting the information into attributes?

  You need to ensure that the contents of SQL are correct.  Which means escaping things properly.

  Backslashes are special, because they allow escaping.  If you want a literal backslash, put "\\" into SQL.

  Then when you read it from SQL via a SELECT statement, it will be parsed correctly.

  If this isn't clear, post the *debug output* of the server when it reads a dynamic client from SQL.  That will be much clearer.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.



More information about the Freeradius-Users mailing list