Fwd: (RADIATOR) FailureQuery quoted string

Tue Nov 26 15:01:00 CST 2002

Thanks for the reply.  I fixed the problem by placing single quotes 
around the %1 in my FailureQuery entry (see below).  This escapes the 
single quotes before and after the error message so they become a part 
of the message in the database.

Here's how I fixed it:
...
FailureQuery    BEGIN radius.logAppAction('%n','rad','LOGIN FAILED (%h): 
%n ('%1')','error','%c'); END;
...

Thanks again,

-- 
Jason Signalness, Systems Administrator
Basin Telecommunications, Inc.
--

Mike McCauley wrote:
> Hi Jason,
> 
> Thanks for sending this.
> %1 is replaced with the quoted reason string. There is every possibility that 
> the reason string would itself contain quotes, therefore, its not safe to use 
> it unquoted.
> 
> I think the best solution is to construct your FailureQuery so that %1 is 
> concatenated with the rest of the error message, using your SQL server's 
> concatenation operator.
> 
> Does that make sense?
> 
> Cheers.
> 
> On Sat, 23 Nov 2002 14:06, Hugh Irvine wrote:
> 
> 
>>Begin forwarded message:
>>
>>>From: Jason Signalness <jsignalness at btinet.net>
>>>Date: Sat Nov 23, 2002  02:44:28 Australia/Melbourne
>>>To: Hugh Irvine <hugh at open.com.au>
>>>Cc: radiator at open.com.au
>>>Subject: Re: (RADIATOR) FailureQuery quoted string
>>>
>>>Hello again,
>>>
>>>I applied the patches using the following procedure:
>>>1) copied the patches archive into the Radiator_3.3.1 directory and
>>>gunzip/untarred it.
>>>2) ran perl Makefile.PL
>>>3) ran make test (everything ok)
>>>4) ran make install
>>>5) restarted radiator.  I noticed the radiusd file was updated during
>>>this process.
>>>
>>>However, I still get the same exact problem.  I'll attach a piece of
>>>my radius log.
>>>
>>>Thanks for the help,
>>>Jason
>>>
>>>Hugh Irvine wrote:
>>>
>>>>Hello Jason -
>>>>There is a patch for this in the patches area.
>>>>If it doesn't fix the problem please let me know.
>>>>regards
>>>>Hugh
>>>>On Friday, Nov 22, 2002, at 09:35 Australia/Melbourne, Jason
>>>>
>>>>Signalness wrote:
>>>>
>>>>>Hello,
>>>>>
>>>>>I tried to post this a few hours ago, but it didn't show up in the
>>>>>list for whatever reason.  I apologize if it shows up twice.
>>>>>
>>>>>We make use of <AuthLog SQL> to log authentication failures to an
>>>>>SQL database (Oracle).  After upgrading to Radiator v3.3.1, this
>>>>>fails.
>>>>>
>>>>>The reason is that we use a %1 in the FailureQuery parameter to log
>>>>>the error.  The single quotes that are now a part of %1 (the quoted
>>>>>reason string for the failure) messes up our SQL syntax.
>>>>>
>>>>>Is there any way to get just the reason string, without the quotes?
>>>>>
>>>>>Here's my <AuthLog SQL> clause:
>>>>>
>>>>># Log authentication FAILURES to the database for  customers.
>>>>><AuthLog SQL>
>>>>>        Identifier BTIAuthLoggerSQL
>>>>>        DBSource        dbi:Oracle:<hidden>
>>>>>        DBUsername      <hidden>
>>>>>        DBAuth          <hidden>
>>>>>
>>>>>        Timeout                 10
>>>>>        FailureBackoffTime      60
>>>>>
>>>>>        FailureQuery    BEGIN radius.logAppAction('%n','rad','LOGIN
>>>>>FAILED (%h): %n (%1)','error','%c'); END;
>>>>></AuthLog>
>>>>>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.