Peter Nixon wrote: > Alan. Can you help out here? From memory I am seeing the same thing in cvs > head. I ended up commenting out the username part of the query as I don't > actually do anything based on username in my system. It definitely needs to > be %{SQL-User-Name} though, as I was getting escape characters as the > username from some users and it was blowing up the sql queries. (HUGE > GAPPING SECURITY HOLE) > > Is there something special we need to do in rlm_sqlippool to get access > to %{SQL-User-Name}?
Yes. Call sql_set_user(). Patch is attached. Also, the sqlippool_expand() function could be done better. The use of single-character values is awkward. Instead, it should register an xlat() function, to allow things like %{sqlippool:Pool-Name}. Hmm... that could be in the server core, come to think of it. Alan DeKok.
Index: src/modules/rlm_sql/rlm_sql.h =================================================================== RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.h,v retrieving revision 1.36 diff -u -r1.36 rlm_sql.h --- src/modules/rlm_sql/rlm_sql.h 3 Sep 2003 15:19:32 -0000 1.36 +++ src/modules/rlm_sql/rlm_sql.h 17 Jul 2007 09:52:40 -0000 @@ -85,4 +85,5 @@ int rlm_sql_select_query(SQLSOCK *sqlsocket, SQL_INST *inst, char *query); int rlm_sql_query(SQLSOCK *sqlsocket, SQL_INST *inst, char *query); int rlm_sql_fetch_row(SQLSOCK *sqlsocket, SQL_INST *inst); +int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username); #endif Index: src/modules/rlm_sql/rlm_sql.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.c,v retrieving revision 1.131.2.8.2.4 diff -u -r1.131.2.8.2.4 rlm_sql.c --- src/modules/rlm_sql/rlm_sql.c 7 Apr 2007 21:35:44 -0000 1.131.2.8.2.4 +++ src/modules/rlm_sql/rlm_sql.c 17 Jul 2007 09:52:41 -0000 @@ -138,7 +138,6 @@ /* * Yucky prototype. */ -static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username); static int generate_sql_clients(SQL_INST *inst); static int sql_escape_func(char *out, int outlen, const char *in); @@ -440,7 +439,7 @@ * escape it twice. (it will make things wrong if we have an * escape candidate character in the username) */ -static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username) +int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username) { VALUE_PAIR *vp=NULL; char tmpuser[MAX_STRING_LEN]; Index: src/modules/rlm_sqlippool/rlm_sqlippool.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_sqlippool/rlm_sqlippool.c,v retrieving revision 1.3.2.4 diff -u -r1.3.2.4 rlm_sqlippool.c --- src/modules/rlm_sqlippool/rlm_sqlippool.c 10 Jan 2007 16:07:18 -0000 1.3.2.4 +++ src/modules/rlm_sqlippool/rlm_sqlippool.c 17 Jul 2007 09:52:41 -0000 @@ -323,6 +323,12 @@ * Do an xlat on the provided string */ if (request) { + char sqlusername[MAX_STRING_LEN]; + + if(sql_set_user(data->sql_inst, request, sqlusername, NULL) < 0) { + return RLM_MODULE_FAIL; + } + if (!radius_xlat(query, sizeof(query), expansion, request, NULL)) { radlog(L_ERR, "sqlippool_command: xlat failed."); out[0] = '\0';
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html