Re: Fwd: (RADIATOR) FailureQuery quoted string

Tue, 26 Nov 2002 13:06:50 -0800

Thanks for the reply. I fixed the problem by placing single quotes around the %1 in my FailureQuery entry (see below). This escapes the single quotes before and after the error message so they become a part of the message in the database.

Here's how I fixed it:
...
FailureQuery BEGIN radius.logAppAction('%n','rad','LOGIN FAILED (%h): %n ('%1')','error','%c'); END;
...

Thanks again,

--
Jason Signalness, Systems Administrator
Basin Telecommunications, Inc.
--

Mike McCauley wrote:
Hi Jason,

Thanks for sending this.
%1 is replaced with the quoted reason string. There is every possibility that the reason string would itself contain quotes, therefore, its not safe to use it unquoted.

I think the best solution is to construct your FailureQuery so that %1 is concatenated with the rest of the error message, using your SQL server's concatenation operator.

Does that make sense?

Cheers.

On Sat, 23 Nov 2002 14:06, Hugh Irvine wrote:


Begin forwarded message:


From: Jason Signalness <[EMAIL PROTECTED]>
Date: Sat Nov 23, 2002  02:44:28 Australia/Melbourne
To: Hugh Irvine <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) FailureQuery quoted string

Hello again,

I applied the patches using the following procedure:
1) copied the patches archive into the Radiator_3.3.1 directory and
gunzip/untarred it.
2) ran perl Makefile.PL
3) ran make test (everything ok)
4) ran make install
5) restarted radiator.  I noticed the radiusd file was updated during
this process.

However, I still get the same exact problem.  I'll attach a piece of
my radius log.

Thanks for the help,
Jason

Hugh Irvine wrote:


Hello Jason -
There is a patch for this in the patches area.
If it doesn't fix the problem please let me know.
regards
Hugh
On Friday, Nov 22, 2002, at 09:35 Australia/Melbourne, Jason

Signalness wrote:


Hello,

I tried to post this a few hours ago, but it didn't show up in the
list for whatever reason.  I apologize if it shows up twice.

We make use of <AuthLog SQL> to log authentication failures to an
SQL database (Oracle).  After upgrading to Radiator v3.3.1, this
fails.

The reason is that we use a %1 in the FailureQuery parameter to log
the error.  The single quotes that are now a part of %1 (the quoted
reason string for the failure) messes up our SQL syntax.

Is there any way to get just the reason string, without the quotes?

Here's my <AuthLog SQL> clause:

# Log authentication FAILURES to the database for  customers.
<AuthLog SQL>
       Identifier BTIAuthLoggerSQL
       DBSource        dbi:Oracle:<hidden>
       DBUsername      <hidden>
       DBAuth          <hidden>

       Timeout                 10
       FailureBackoffTime      60

       FailureQuery    BEGIN radius.logAppAction('%n','rad','LOGIN
FAILED (%h): %n (%1)','error','%c'); END;
</AuthLog>


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to