On Wed, Sep 29, 2004 at 08:10:45AM +0200, Oliver Graf wrote:
> On Fri, Sep 24, 2004 at 10:24:09AM -0400, Alan DeKok wrote:
> > Oliver Graf <[EMAIL PROTECTED]> wrote:
> > Something is escaping '#' to '=23', probably in the SQL module.
>
> Yeah. The Problem is that the allowed_chars string in 0.9.3 included
> '=', but the one in 1.0.1 does not.
>
> But cause radius_xlat (or whatever else...) does not know if a value
> of a pair is already escaped (as SQL-User-Name is), this creates some
> ugly double escaping.
>
> So the correct solution is to change the sql.conf and remove
> SQL-User-Name from it, cause freeradius 1.0.1 will escape pairs used
> inside queries always correctly, as it seems.
Wrong.
Correct is: sql_set_user does NOT need to use sql_escape_func in
radius_xlat. That way the SQL-User-Name pair is unescaped, as any
other pair, and the radius_xlat (with sql_escape_func) that is run on
the query will escape that pair correctly, as it does it for any other
pair.
Diff vs 1.0.1 attached.
Oliver.
--- freeradius-1.0.1/src/modules/rlm_sql/rlm_sql.c.orig 2004-09-29 08:15:55.000000000
+0200
+++ freeradius-1.0.1/src/modules/rlm_sql/rlm_sql.c 2004-09-29 08:16:37.000000000
+0200
@@ -459,7 +459,7 @@
if (username != NULL) {
strNcpy(tmpuser, username, MAX_STRING_LEN);
} else if (strlen(inst->config->query_user)) {
- radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user,
request, sql_escape_func);
+ radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user,
request, NULL);
} else {
return 0;
}
