safe_characters issue

Fabrice Durand fdurand at inverse.ca
Wed Jun 17 21:23:48 CEST 2020 

Hello Alan,

sorry to bother you.

I did one last test and built new binary and revert few commits in 
3.0.21 (attached to this email) in the rlm_sql modules and now 
freeradius take the safe_characters values from sql_degraded{...} 
section and not the sql {...} section anymore. (like it worked in 
freeradius 3.0.13)

My skills in C are not good enough to find the issue but it looks that 
the "sql_escape_func" use the main sql section.

Regards

Fabrice


Le 20-06-17 à 12 h 10, Alan DeKok a écrit :
> On Jun 17, 2020, at 11:11 AM, Fabrice Durand <fdurand at inverse.ca> wrote:
>> I am not sure it's the case, the only place i defined safe_characters is in mods-enabled/sql
>    OK.
>
>> I attached 2 debug outputs and the sql files used , the one with safe_characters defined in the sql {...} section (who works) and the other one with safe_characters defined in sql sql_degraded{...} (that doesn't works)
>>
>> For me it looks that even if you define safe_characters in another section than the sql {...} one the code doesn't use it and use the one from the sql {...} section instead.
>    Except that the code *always* looks at definition of safe_characters in the current configuration.
>
>    There's nothing in the rlm_sql source which says "search for the base SQL module and use that".
>
>> I did exactly the same tests on the FreeRADIUS version 3.0.13 (i am using another path for the configuration files than /etc/radiusd, so the files didn't changed) and it takes the safe_characters defined in the sql_degraded section.
>>
>> Btw setting the safe_characters in sql{...} fixed my issue, but it looks to be a regression.
>    I just took the current v3.0.x head, and created a "sql sql2" module, which uses MySQL.  The main "sql" module is using sqlite.  I edited the safe_characters definition in mods-config, and I see:
>
> $ radiusd -X | grep safe
>    	safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
>    	safe_characters = "YYY at abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
>    	safe_characters = "XXX at abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
>
>    The first one is from rlm_expr.  The second is from the sqlite definition that I edited.  The third one is from the MySQL definition that I edited.
>
>    And from the debug output you posted:
>
>    # Loading module "sql_degraded" from file /usr/local/pf/raddb/mods-enabled/sql
>    sql sql_degraded {
>    	driver = "rlm_sql_mysql"
>    	server = "127.0.0.1"
>    	port = 3306
>    	login = "pf"
>    	password = <<< secret >>>
>    	radius_db = "pf"
>    	read_groups = yes
>    	read_profiles = yes
>    	read_clients = no
>    	delete_stale_sessions = yes
>    	sql_user_name = "%{User-Name}"
>    	default_user_profile = ""
>    	client_query = "SELECT id,nasname,shortname,type,secret FROM nas"
>    	group_membership_query = ""
>    	safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /(),'"
>
>
>    So that seems to work.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Fabrice Durand
fdurand at inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)

More information about the Freeradius-Users mailing list