# -*- text -*- # # dhcp/postgresql/queries.conf -- PostgreSQL configuration for DHCP schema (schema.sql) # # $Id$ # Use the driver specific SQL escape method. # # If you enable this configuration item, the "safe_characters" # configuration is ignored. FreeRADIUS then uses the PostgreSQL escape # functions to escape input strings. The only downside to making this # change is that the PostgreSQL escaping method is not the same the one # used by FreeRADIUS. So characters which are NOT in the # "safe_characters" list will now be stored differently in the database. # #auto_escape = yes # Safe characters list for sql queries. Everything else is replaced # with their mime-encoded equivalents. # The default list should be ok # Using 'auto_escape' is preferred # safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" ####################################################################### # Query config: Identifier ####################################################################### # This is the identifier that will get substituted, escaped, and added # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used # below everywhere an identifier substitution is needed so you you can # be sure the identifier passed from the client is escaped properly. # sql_user_name = "%{control:DHCP-SQL-Option-Identifier}" ####################################################################### # Open Query ####################################################################### # This query is run whenever a new connection is opened. # It is commented out by default. # # If you have issues with connections hanging for too long, uncomment # the next line, and set the timeout in milliseconds. As a general # rule, if the queries take longer than a second, something is wrong # with the database. #open_query = "set statement_timeout to 1000" ####################################################################### # Attribute Lookup Queries ####################################################################### # These queries setup the reply items in ${dhcpreply_table} and # ${group_reply_query}. You can use any query/tables you want, but # the return data for each row MUST be in the following order: # # 0. Row ID (currently unused) # 1. Identifier # 2. Item Attr Name # 3. Item Attr Value # 4. Item Attr Operation ####################################################################### authorize_reply_query = "\ SELECT id, Identifier, Attribute, Value, Op \ FROM ${dhcpreply_table} \ WHERE Identifier = '%{SQL-User-Name}' AND Context = '%{control:DHCP-SQL-Option-Context}' \ ORDER BY id" authorize_group_reply_query = "\ SELECT id, GroupName, Attribute, Value, op \ FROM ${groupreply_table} \ WHERE GroupName = '%{${group_attribute}}' AND Context = '%{control:DHCP-SQL-Option-Context}' \ ORDER BY id" group_membership_query = "\ SELECT GroupName \ FROM ${dhcpgroup_table} \ WHERE Identifier='%{SQL-User-Name}' AND Context = '%{control:DHCP-SQL-Option-Context}' \ ORDER BY priority"