entering multiple AVP into database

Alan DeKok aland at deployingradius.com
Sat Feb 6 13:22:34 CET 2021


On Feb 5, 2021, at 7:24 PM, Matt Zagrabelny via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> To get the ball rolling I decided for this option. As expected, the AVP is
> going into the database.
> 
> Here is one of the lines from queries.conf:
> 
> NULLIF('%{Cisco-AVPair[*]}', '')

 Yes.  The docs say that doing a [*] expansion prints all of the attributes, separated by commas.

> Looking at the database I see what looks to be quoted-printable [0] strings:
> 
> mdm-tlv=3Ddevice-platform=3Dlinux-64=2Caudit-session-id=3Dc0a87311021f3000601dda71=2Cmdm-tlv=3Dac-user-agent=3DOpenConnect
> VPN Agent =28NetworkManager=29 v8.10-1
> 
> The =3D is an encoded "=", the =2C is an encoded ",".
> 
> Is FR encoding the data in quoted-printable format?

  The file containing the SQL module queries describe which characters are escaped, and why.

> If so, is there a way to decode it?

  You can decode is quoted-printable.  You do NOT want to allow random things from the network to change your SQL queries.  So quoting them is entirely the correct thing to do.

  One plan for v4 is to allow for stored procedures, and have the strings passed as parameters rather than in-line.  This would remove the need for quoting strings from the network.

  Alan DeKok.




More information about the Freeradius-Users mailing list