Re: 1.1.7 sqlippool %{SQL-User-Name}

[Alan DeKok]

Peter Nixon wrote:
> Alan. Can you help out here? From memory I am seeing the same thing in cvs 
> head. I ended up commenting out the username part of the query as I don't 
> actually do anything based on username in my system. It definitely needs to 
> be %{SQL-User-Name} though, as I was getting escape characters as the 
> username from some users and it was blowing up the sql queries. (HUGE 
> GAPPING SECURITY HOLE)
> 
> Is there something special we need to do in rlm_sqlippool to get access 
> to %{SQL-User-Name}?

  Yes.  Call sql_set_user().  Patch is attached.

  Also, the sqlippool_expand() function could be done better.  The use
of single-character values is awkward.  Instead, it should register an
xlat() function, to allow things like %{sqlippool:Pool-Name}.

  Hmm... that could be in the server core, come to think of it.

  Alan DeKok.

Index: src/modules/rlm_sql/rlm_sql.h
===================================================================
RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.h,v
retrieving revision 1.36
diff -u -r1.36 rlm_sql.h
--- src/modules/rlm_sql/rlm_sql.h	3 Sep 2003 15:19:32 -0000	1.36
+++ src/modules/rlm_sql/rlm_sql.h	17 Jul 2007 09:52:40 -0000
@@ -85,4 +85,5 @@
 int	rlm_sql_select_query(SQLSOCK *sqlsocket, SQL_INST *inst, char *query);
 int	rlm_sql_query(SQLSOCK *sqlsocket, SQL_INST *inst, char *query);
 int	rlm_sql_fetch_row(SQLSOCK *sqlsocket, SQL_INST *inst);
+int	sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
 #endif
Index: src/modules/rlm_sql/rlm_sql.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.c,v
retrieving revision 1.131.2.8.2.4
diff -u -r1.131.2.8.2.4 rlm_sql.c
--- src/modules/rlm_sql/rlm_sql.c	7 Apr 2007 21:35:44 -0000	1.131.2.8.2.4
+++ src/modules/rlm_sql/rlm_sql.c	17 Jul 2007 09:52:41 -0000
@@ -138,7 +138,6 @@
 /*
  *	Yucky prototype.
  */
-static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
 static int generate_sql_clients(SQL_INST *inst);
 static int sql_escape_func(char *out, int outlen, const char *in);
 
@@ -440,7 +439,7 @@
  *	escape it twice. (it will make things wrong if we have an
  *	escape candidate character in the username)
  */
-static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username)
+int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username)
 {
 	VALUE_PAIR *vp=NULL;
 	char tmpuser[MAX_STRING_LEN];
Index: src/modules/rlm_sqlippool/rlm_sqlippool.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_sqlippool/rlm_sqlippool.c,v
retrieving revision 1.3.2.4
diff -u -r1.3.2.4 rlm_sqlippool.c
--- src/modules/rlm_sqlippool/rlm_sqlippool.c	10 Jan 2007 16:07:18 -0000	1.3.2.4
+++ src/modules/rlm_sqlippool/rlm_sqlippool.c	17 Jul 2007 09:52:41 -0000
@@ -323,6 +323,12 @@
 	 * Do an xlat on the provided string
 	 */
 	if (request) {
+		char sqlusername[MAX_STRING_LEN];
+
+		if(sql_set_user(data->sql_inst, request, sqlusername, NULL) < 0) {
+			return RLM_MODULE_FAIL;
+		}
+
 		if (!radius_xlat(query, sizeof(query), expansion, request, NULL)) {
 			radlog(L_ERR, "sqlippool_command: xlat failed.");
 			out[0] = '\0';

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html