FreeRADIUS的3存储在组名#作为(%)= 23 {SQL-组}

问题描述 投票:0回答:1

我有一个链接到一个用户组的名为#DL# - 每日-计划,FR能够从MySQL数据库读取用户的比拼,但它存储在%= 23dl = 23日用计划{SQL-集团}。是否有此作为FR的香草配置IM任何具体的理由,似乎在这种情况发生

rlm_sql (sql): Reserved connection (7)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'Bipin' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'Bipin' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql:   Cleartext-Password := "bipin"
(1) sql:   Expiration := "Feb 10 2020 00:00:00 +04"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'Bipin' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'Bipin' ORDER BY id
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(1) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'Bipin' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'Bipin' ORDER BY priority
(1) sql: User found in the group table
(1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(1) sql:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '=23dl=23-daily-plan' ORDER BY id
(1) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '=23dl=23-daily-plan' ORDER BY id
(1) sql: Group "#dl#-daily-plan": Conditional check items matched
(1) sql: Group "#dl#-daily-plan": Merging assignment check items
(1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(1) sql:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '=23dl=23-daily-plan' ORDER BY id
(1) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '=23dl=23-daily-plan' ORDER BY id
(1) sql: Group "#dl#-daily-plan": Merging reply items
rlm_sql (sql): Released connection (7)
mysql freeradius
1个回答
0
投票

这是不是一个错误,但预期的行为。从SQL注入保护,还有的被作为是,所有其他字符被转换成一个查询使用此之前的十六进制转义符号传递安全字符(safe_characters)的列表。

为了解决这个问题,有几个选项:

  1. 重命名组数据库中的表使用此转义形式为好。
  2. 加#号的安全角色列表(风险自担)
  3. 插入查询到存储过程调用= HH转换回字符。
  4. 等到3.0.18发布和使用选项auto_escape
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.