On Tue 17 Jul 2007, Alan DeKok wrote: > Peter Nixon wrote: > > Alan. Can you help out here? From memory I am seeing the same thing in > > cvs head. I ended up commenting out the username part of the query as I > > don't actually do anything based on username in my system. It definitely > > needs to be %{SQL-User-Name} though, as I was getting escape characters > > as the username from some users and it was blowing up the sql queries. > > (HUGE GAPPING SECURITY HOLE) > > > > Is there something special we need to do in rlm_sqlippool to get access > > to %{SQL-User-Name}? > > Yes. Call sql_set_user(). Patch is attached.
Hugh I have applied Alan's patch to the 1.1.x branch. Can you test and see if %{SQL-User-Name} works in rlm_sqlippool for MySQL now? Cheers -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html