Closed jpereira closed 9 years ago
The concept Alan and I discussed was to create mapping sections in the rlm_sql module. This is consistent with the ldap module, and couchbase.
In the sql module you would have something like:
sql {
map {
static_ip {
Framed-Route := 'framedRoute'
Framed-IP-Address := 'framedIPAddress'
<radaddr> := '<sqlattr>'
}
multi {
<radaddr> += '<sqlattr>'
}
}
}
Then in a virtual-server:
if ("%{static_ip:SELECT framedRoute, framedIpAddress FROM staticIps WHERE username = \"%{User-Name}\"" < 0) {
reject # need static ip
}
Operators in the map sections work as they do in an update {}
block, so if you want the result of multiple rows you'd use +=
instead.
In any case, for this to work we'd need the names of the columns, so one of these https://github.com/FreeRADIUS/freeradius-server/commit/25ecad94f749d783602d3775b6f9c72382ebc65a
Has to be defined for every driver.
Alan and I just looked, and PG/MySQL are about as simple as sqlite... so i'll do those now.
This solutions it's pretty. i'm working in the patch now.
Ok, added mysql and postgres too.
https://github.com/FreeRADIUS/freeradius-server/commit/dead5fe0636af3b8745b4466c5ce72b604b24acf
If you could work on the drivers first, and let us know which ones you're fixing up, that'd be helpful.
Come on @arr2036 ! you was so fast... I didn't have time to push my patch... :)
btw, my patch was saved here http://wifilabs.mobicare.com.br/patchs/freeradius-patch-rlm_sql-mysql-columns-names.patch
Thanks!
We still need patches for db2, firebird, freetds, iodbc, oracle and unixodbc, and the mapping code needs to be written. So lets leave the issue open for now :)
right! :+1:
I'll work in some example to be added on configuration. :)
The mapping section gets my :+1:!
@arr2036 I'm working for add the support to others sgdb. I believe finish soon.
@jpereira Great! I'm about half way through the new xlat.
Ok, code is in v3.1.x and works for sql_sqlite at least
(0) map sql_sqlite SELECT * FROM radusergroup WHERE priority = 0 AND username = '%{User-Name}' {
(0) EXPAND SELECT * FROM radusergroup WHERE priority = 0 AND username = '%{User-Name}'
(0) --> SELECT * FROM radusergroup WHERE priority = 0 AND username = 'bob'
(0) EXPAND %{User-Name}
(0) --> bob
(0) SQL-User-Name set to 'bob'
rlm_sql (sql_sqlite): Reserved connection (4)
(0) Executing select query: SELECT * FROM radusergroup WHERE priority = 0 AND username = 'bob'
(0) &control:Tmp-String-0 = 'bob'
(0) &control:Tmp-String-1 = 'bar'
(0) &control:Tmp-Integer-0 = 0
rlm_sql (sql_sqlite): Released connection (4)
(0) } # map sql_sqlite SELECT * FROM radusergroup WHERE priority = 0 AND username = '%{User-Name}' = updated
syntax ended up being
map <map proc isnt> <source> {
<server attr0> <op0> <result attr0>
<server attr1> <op1> <result attr1>
<server attrN> <opN> <result attrN>
}
@jpereira did you make any progress with the other drivers?
Ok, i'm going to close this issue, and start another one for tracking progress on the drivers.
@arr2036 yes, I'll push today.
Which ones did you complete?
@arr2036 I'm having problems with 'make deb', do you have idea about that?
dpkg-buildpackage: host architecture amd64 dpkg-source --before-build freeradius-server debian/rules clean make[1]: Entering directory
/home/jpereira/Devel/github-jpereira/freeradius-server'
QUILT_PATCHES=debian/patches \
quilt --quiltrc /dev/null pop -a -R || test $? = 2
Patch radiusd-to-freeradius.diff does not remove cleanly (refresh it or enforce with -f)
make[1]: *** [unpatch] Error 1
make[1]: Leaving directory /home/jpereira/Devel/github-jpereira/freeradius-server'
have idea?
there's a hidden file in the freeradius-server directory which holds the patch state git clean -fxd
might do it.
@arr2036 we are almost there! I hope to finish support for freetds and unixodbc tomorrow!
How i use this feature with mysql on a policy?
it's just
map <module> "<query>" {
<attr> := <sql field>
}
When i try to do this
map sql "SELECT username, password FROM users
WHERE mac =
'%{Calling-Station-ID}'" {
User-Name := 'username'
}
I got this error
Entry is not in "attribute = value" format
And i don´t know why
2016-02-08 19:46 GMT-02:00 Arran Cudbard-Bell notifications@github.com:
it's just
map
" " { := } — Reply to this email directly or view it on GitHub https://github.com/FreeRADIUS/freeradius-server/issues/984#issuecomment-181569710 .
Vinicius Sotti ANALISTA DE SISTEMAS
Sotti | Desenvolvimento Web Fone (44) 9949-1009 e-Mail: vinicius@sotti.com.br
Looks like you broke it over multiple lines? Can you paste the actual debug output.
apparently gmail broke the line, this is the code
update request {
map sql "SELECT username, password FROM `users` WHERE mac = '%{Calling-Station-ID}'" {
User-Name := 'username'
}
}
and this is where the error appears in the radiusd -X
reading file /usr/local/etc/raddb/mods-config/files/authorize
reading file /usr/local/etc/raddb/mods-config/files/accounting
reading file /usr/local/etc/raddb/mods-config/files/pre-proxy
reading file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
reading file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
reading file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
[/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
reading file /usr/local/etc/raddb/mods-config/attr_filter/access_challenge
reading file /usr/local/etc/raddb/mods-config/attr_filter/accounting_response
mschap: using internal authentication
reading file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
reading file /usr/local/etc/raddb/mods-config/preprocess/hints
cache_eap - Driver rlm_cache_rbtree loaded and linked
radiusd: #### Loading Virtual Servers #### server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Ignoring "ldap" (see raddb/mods-available/README.rst) } # server inner-tunnel server default { # from file /usr/local/etc/raddb/sites-enabled/default /usr/local/etc/raddb/sites-enabled/default[16]: Entry is not in "attribute = value" format /usr/local/etc/raddb/sites-enabled/default[12]: Errors parsing authorize section.
Maps can't be located within update blocks
This really isn't the place for support, if you have further questions you show post on the freeradius user's mailing list http://freeradius.org/list/users.html
Hi,
I have started the thread called "multiple fields from rlm_mysql" on the FreeRadius users list. And following the suggestion of Alan DeKok here we are.
My idea it's create a solution to be able to do something like:
And with the result saved in query_arr be able to transform in an array or do the concept of "eval" then will set the AVP based on the name of column-table. what do you think about the idea? if possible i would like to get more information about the ideas that was discussed between @alandekok and @arr2036 to thus be able to continue.
I believe that have many ways (possible solutions) to be done.