%{SQL-User-Name} parsing in authorize section - bug?

Alan DeKok aland at deployingradius.com
Mon Oct 30 14:47:32 UTC 2023


On Oct 30, 2023, at 10:05 AM, Igor Smitran <sigor at blic.net> wrote:
> When i put this into authorize section:
> 
> authorize {
> 
>             # MAC LIMIT
>             update control {
>                 Tmp-Integer-3 := "%{sql: SELECT count(*) FROM radcheck WHERE Username = '%{SQL-User-Name}' and (mac_limit='%{Calling-Station-Id}' or mac_limit='*');}"

  The SQL-User-Name attribute is created only when running the default authorization queries.  It's deleted once those queries are over.

> it doesn't work, SQL-User-Name is empty:

  Exactly.  SQL-User-Name doesn't exist.

> It looks like SQL-User-Name population is done after authorize is processed, i am not sure. Everywhere else i am able to use SQL-User-Name, including queris.conf. But, not in authorize.

  It's populated 

> Please correct me if i am wrong. I would appreciate any help. If it's my error than even better. It's not so big problem, but it's annoying.

  It's working as documented in the "queries.conf" file.

  It's imperfect, but it is what it is.  We should probably just nuke SQL-User-Name from the v4 configuration.  It doesn't offer much in the way of value, and there are better / clearer ways to get the same result.

  Alan DeKok.



More information about the Freeradius-Users mailing list