1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
# -*- text -*-
#
# dhcp/postgresql/queries.conf -- PostgreSQL configuration for DHCP schema (schema.sql)
#
# $Id$
# Use the driver specific SQL escape method.
#
# If you enable this configuration item, the "safe_characters"
# configuration is ignored. FreeRADIUS then uses the PostgreSQL escape
# functions to escape input strings. The only downside to making this
# change is that the PostgreSQL escaping method is not the same the one
# used by FreeRADIUS. So characters which are NOT in the
# "safe_characters" list will now be stored differently in the database.
#
#auto_escape = yes
# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
# Using 'auto_escape' is preferred
# safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
#######################################################################
# Query config: Identifier
#######################################################################
# This is the identifier that will get substituted, escaped, and added
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
# below everywhere an identifier substitution is needed so you you can
# be sure the identifier passed from the client is escaped properly.
#
sql_user_name = "%{control:DHCP-SQL-Option-Identifier}"
#######################################################################
# Open Query
#######################################################################
# This query is run whenever a new connection is opened.
# It is commented out by default.
#
# If you have issues with connections hanging for too long, uncomment
# the next line, and set the timeout in milliseconds. As a general
# rule, if the queries take longer than a second, something is wrong
# with the database.
#open_query = "set statement_timeout to 1000"
#######################################################################
# Attribute Lookup Queries
#######################################################################
# These queries setup the reply items in ${dhcpreply_table} and
# ${group_reply_query}. You can use any query/tables you want, but
# the return data for each row MUST be in the following order:
#
# 0. Row ID (currently unused)
# 1. Identifier
# 2. Item Attr Name
# 3. Item Attr Value
# 4. Item Attr Operation
#######################################################################
authorize_reply_query = "\
SELECT id, Identifier, Attribute, Value, Op \
FROM ${dhcpreply_table} \
WHERE Identifier = '%{SQL-User-Name}' AND Context = '%{control:DHCP-SQL-Option-Context}' \
ORDER BY id"
authorize_group_reply_query = "\
SELECT id, GroupName, Attribute, Value, op \
FROM ${groupreply_table} \
WHERE GroupName = '%{${group_attribute}}' AND Context = '%{control:DHCP-SQL-Option-Context}' \
ORDER BY id"
group_membership_query = "\
SELECT GroupName \
FROM ${dhcpgroup_table} \
WHERE Identifier='%{SQL-User-Name}' AND Context = '%{control:DHCP-SQL-Option-Context}' \
ORDER BY priority"
|
