- # This query properly handles calls that span from the
- # previous reset period into the current period but
- # involves more work for the SQL server than those
- # below
- query = "SELECT SUM(acctsessiontime - \
- GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
- FROM radacct WHERE username = '%{${key}}' AND \
- UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
+#
+# This query properly handles calls that span from the
+# previous reset period into the current period but
+# involves more work for the SQL server than those
+# below
+#
+query = "\
+ SELECT SUM(acctsessiontime - GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
+ FROM radacct \
+ WHERE username = '%{${key}}' \
+ AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
- # This query ignores calls that started in a previous
- # reset period and continue into into this one. But it
- # is a little easier on the SQL server
-# query = "SELECT SUM(acctsessiontime) FROM radacct WHERE \
-# username = '%{${key}}' AND acctstarttime > FROM_UNIXTIME('%b')"
+#
+# This query ignores calls that started in a previous
+# reset period and continue into into this one. But it
+# is a little easier on the SQL server
+#
+#query = "\
+# SELECT SUM(acctsessiontime) \
+# FROM radacct \
+# WHERE username = '%{${key}}' \
+# AND acctstarttime > FROM_UNIXTIME('%b')"
- # This query is the same as above, but demonstrates an
- # additional counter parameter '%e' which is the
- # timestamp for the end of the period
-# query = "SELECT SUM(acctsessiontime) FROM radacct \
-# WHERE username = '%{${key}}' AND acctstarttime BETWEEN \
-# FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
+#
+# This query is the same as above, but demonstrates an
+# additional counter parameter '%e' which is the
+# timestamp for the end of the period
+#
+#query = "\
+# SELECT SUM(acctsessiontime) \
+# FROM radacct \
+# WHERE username = '%{${key}}' \
+# AND acctstarttime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
- query = "SELECT TIMESTAMPDIFF(SECOND, acctstarttime, NOW()) \
- FROM radacct \
- WHERE UserName='%{${key}}' \
- ORDER BY acctstarttime \
- LIMIT 1;"
+query = "\
+ SELECT TIMESTAMPDIFF(SECOND, acctstarttime, NOW()) \
+ FROM radacct \
+ WHERE UserName='%{${key}}' \
+ ORDER BY acctstarttime \
+ LIMIT 1;"
- # This query properly handles calls that span from the
- # previous reset period into the current period but
- # involves more work for the SQL server than those
- # below
- query = "SELECT SUM(acctsessiontime - \
- GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
- FROM radacct WHERE username='%{${key}}' AND \
- UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
+#
+# This query properly handles calls that span from the
+# previous reset period into the current period but
+# involves more work for the SQL server than those
+# below
+#
+query = "\
+ SELECT SUM(acctsessiontime - GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
+ FROM radacct \
+ WHERE username='%{${key}}' \
+ AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"
- # This query ignores calls that started in a previous
- # reset period and continue into into this one. But it
- # is a little easier on the SQL server
-# query = "SELECT SUM(acctsessiontime) FROM radacct WHERE \
-# username='%{${key}}' AND acctstarttime > FROM_UNIXTIME('%b')"
+#
+# This query ignores calls that started in a previous
+# reset period and continue into into this one. But it
+# is a little easier on the SQL server
+#
+#query = "\
+# SELECT SUM(acctsessiontime) \
+# FROM radacct\
+# WHERE username='%{${key}}' \
+# AND acctstarttime > FROM_UNIXTIME('%b')"
- # This query is the same as above, but demonstrates an
- # additional counter parameter '%e' which is the
- # timestamp for the end of the period
-# query = "SELECT SUM(acctsessiontime) FROM radacct \
-# WHERE username='%{${key}}' AND acctstarttime BETWEEN \
-# FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
+#
+# This query is the same as above, but demonstrates an
+# additional counter parameter '%e' which is the
+# timestamp for the end of the period
+#
+#query = "\
+# SELECT SUM(acctsessiontime) \
+# FROM radacct \
+# WHERE username='%{${key}}' \
+# AND acctstarttime BETWEEN FROM_UNIXTIME('%b') \
+# AND FROM_UNIXTIME('%e')"
- query = "SELECT IFNULL(SUM(AcctSessionTime),0) \
- FROM radacct \
- WHERE UserName='%{${key}}'"
+query = "\
+ SELECT IFNULL(SUM(AcctSessionTime),0) \
+ FROM radacct \
+ WHERE UserName='%{${key}}'"
- # This query properly handles calls that span from the
- # previous reset period into the current period but
- # involves more work for the SQL server than those
- # below
- query = "SELECT SUM(AcctSessionTime - \
- GREATER((%b - AcctStartTime::ABSTIME::INT4), 0)) \
- FROM radacct WHERE UserName='%{${key}}' AND \
- AcctStartTime::ABSTIME::INT4 + AcctSessionTime > '%b'"
+#
+# This query properly handles calls that span from the
+# previous reset period into the current period but
+# involves more work for the SQL server than those
+# below
+#
+query = "\
+ SELECT SUM(AcctSessionTime - GREATER((%b - AcctStartTime::ABSTIME::INT4), 0)) \
+ FROM radacct \
+ WHERE UserName='%{${key}}' \
+ AND AcctStartTime::ABSTIME::INT4 + AcctSessionTime > '%b'"
- # This query ignores calls that started in a previous
- # reset period and continue into into this one. But it
- # is a little easier on the SQL server
-# query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE \
-# UserName='%{${key}}' AND AcctStartTime::ABSTIME::INT4 > '%b'"
+#
+# This query ignores calls that started in a previous
+# reset period and continue into into this one. But it
+# is a little easier on the SQL server
+#
+#query = "\
+# SELECT SUM(AcctSessionTime) \
+# FROM radacct \
+# WHERE UserName='%{${key}}' \
+# AND AcctStartTime::ABSTIME::INT4 > '%b'"
- # This query is the same as above, but demonstrates an
- # additional counter parameter '%e' which is the
- # timestamp for the end of the period
-# query = "SELECT SUM(AcctSessionTime) FROM radacct \
-# WHERE UserName='%{${key}}' AND AcctStartTime::ABSTIME::INT4 \
-# BETWEEN '%b' AND '%e'"
+#
+# This query is the same as above, but demonstrates an
+# additional counter parameter '%e' which is the
+# timestamp for the end of the period
+#
+#query = "\
+# SELECT SUM(AcctSessionTime) \
+# FROM radacct \
+# WHERE UserName='%{${key}}' \
+# AND AcctStartTime::ABSTIME::INT4 BETWEEN '%b' \
+# AND '%e'"
- query = "SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) \
- FROM radacct \
- WHERE UserName='%{${key}}' \
- ORDER BY acctstarttime \
- LIMIT 1;"
+query = "\
+ SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) \
+ FROM radacct \
+ WHERE UserName='%{${key}}' \
+ ORDER BY acctstarttime \
+ LIMIT 1;"
- # This query properly handles calls that span from the
- # previous reset period into the current period but
- # involves more work for the SQL server than those
- # below
- query = "SELECT SUM(AcctSessionTime - \
- GREATER((%b - AcctStartTime::ABSTIME::INT4), 0)) \
- FROM radacct WHERE UserName='%{${key}}' AND \
- AcctStartTime::ABSTIME::INT4 + AcctSessionTime > '%b'"
+# This query properly handles calls that span from the
+# previous reset period into the current period but
+# involves more work for the SQL server than those
+# below
+query = "\
+ SELECT SUM(AcctSessionTime - GREATER((%b - AcctStartTime::ABSTIME::INT4), 0)) \
+ FROM radacct \
+ WHERE UserName='%{${key}}' \
+ AND AcctStartTime::ABSTIME::INT4 + AcctSessionTime > '%b'"
- # This query ignores calls that started in a previous
- # reset period and continue into into this one. But it
- # is a little easier on the SQL server
-# query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE \
-# UserName='%{${key}}' AND AND AcctStartTime::ABSTIME::INT4 > '%b'"
+# This query ignores calls that started in a previous
+# reset period and continue into into this one. But it
+# is a little easier on the SQL server
+#query = "\
+# SELECT SUM(AcctSessionTime) \
+# FROM radacct \
+# WHERE UserName='%{${key}}' \
+# AND AcctStartTime::ABSTIME::INT4 > '%b'"
- # This query is the same as above, but demonstrates an
- # additional counter parameter '%e' which is the
- # timestamp for the end of the period
-# query = "SELECT SUM(AcctSessionTime) FROM radacct \
-# WHERE UserName='%{${key}}' AND AcctStartTime::ABSTIME::INT4 \
-# BETWEEN '%b' AND '%e'"
+# This query is the same as above, but demonstrates an
+# additional counter parameter '%e' which is the
+# timestamp for the end of the period
+#query = "\
+# SELECT SUM(AcctSessionTime) \
+# FROM radacct \
+# WHERE UserName='%{${key}}' \
+# AND AcctStartTime::ABSTIME::INT4 BETWEEN '%b' AND '%e'"
- query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{${key}}'"
+query = "\
+ SELECT SUM(AcctSessionTime) \
+ FROM radacct \
+ WHERE UserName='%{${key}}'"
- # This query properly handles calls that span from the
- # previous reset period into the current period but
- # involves more work for the SQL server than those
- # below
- query = "SELECT SUM(acctsessiontime - \
- GREATEST((%b - strftime('%%s', acctstarttime)), 0)) \
- FROM radacct WHERE username = '%{${key}}' AND \
- (strftime('%%s', acctstarttime) + acctsessiontime) > %b"
+#
+# This query properly handles calls that span from the
+# previous reset period into the current period but
+# involves more work for the SQL server than those
+# below
+#
+query = "\
+ SELECT SUM(acctsessiontime - GREATEST((%b - strftime('%%s', acctstarttime)), 0)) \
+ FROM radacct \
+ WHERE username = '%{${key}}' \
+ AND (strftime('%%s', acctstarttime) + acctsessiontime) > %b"
- # This query ignores calls that started in a previous
- # reset period and continue into into this one. But it
- # is a little easier on the SQL server
-# query = "SELECT SUM(acctsessiontime) FROM radacct WHERE \
-# username = '%{${key}}' AND acctstarttime > %b"
+#
+# This query ignores calls that started in a previous
+# reset period and continue into into this one. But it
+# is a little easier on the SQL server
+#
+#query = "\
+# SELECT SUM(acctsessiontime) \
+# FROM radacct \
+# WHERE \username = '%{${key}}' \
+# AND acctstarttime > %b"
- # This query is the same as above, but demonstrates an
- # additional counter parameter '%e' which is the
- # timestamp for the end of the period
-# query = "SELECT SUM(acctsessiontime) FROM radacct \
-# WHERE username = '%{${key}}' AND acctstarttime BETWEEN \
-# %b AND %e"
+#
+# This query is the same as above, but demonstrates an
+# additional counter parameter '%e' which is the
+# timestamp for the end of the period
+#
+#query = "\
+# SELECT SUM(acctsessiontime) FROM radacct \
+# WHERE username = '%{${key}}' \
+# AND acctstarttime BETWEEN %b \
+# AND %e"
- query = "SELECT GREATEST(strftime('%%s', NOW()) - strftime('%%s', acctstarttime), 0) AS expires \
- FROM radacct \
- WHERE username = '%{${key}}' \
- ORDER BY acctstarttime \
- LIMIT 1;"
+query = "\
+ SELECT GREATEST(strftime('%%s', NOW()) - strftime('%%s', acctstarttime), 0) AS expires \
+ FROM radacct \
+ WHERE username = '%{${key}}' \
+ ORDER BY acctstarttime \
+ LIMIT 1;"
- # This query properly handles calls that span from the
- # previous reset period into the current period but
- # involves more work for the SQL server than those
- # below
- query = "SELECT SUM(acctsessiontime - \
- GREATEST((%b - strftime('%%s', acctstarttime)), 0)) \
- FROM radacct WHERE username = '%{${key}}' AND \
- (strftime('%%s', acctstarttime) + acctsessiontime) > %b"
+#
+# This query properly handles calls that span from the
+# previous reset period into the current period but
+# involves more work for the SQL server than those
+# below
+#
+query = "\
+ SELECT SUM(acctsessiontime - GREATEST((%b - strftime('%%s', acctstarttime)), 0)) \
+ FROM radacct \
+ WHERE username = '%{${key}}' AND \
+ (strftime('%%s', acctstarttime) + acctsessiontime) > %b"
- # This query ignores calls that started in a previous
- # reset period and continue into into this one. But it
- # is a little easier on the SQL server
-# query = "SELECT SUM(acctsessiontime) FROM radacct WHERE \
-# username = '%{${key}}' AND acctstarttime > %b"
+#
+# This query ignores calls that started in a previous
+# reset period and continue into into this one. But it
+# is a little easier on the SQL server
+#
+#query = "\
+# SELECT SUM(acctsessiontime) \
+# FROM radacct \
+# WHERE username = '%{${key}}' \
+# AND acctstarttime > %b"
- # This query is the same as above, but demonstrates an
- # additional counter parameter '%e' which is the
- # timestamp for the end of the period
-# query = "SELECT SUM(acctsessiontime) FROM radacct \
-# WHERE username = '%{${key}}' AND acctstarttime BETWEEN \
-# %b AND %e"
+#
+# This query is the same as above, but demonstrates an
+# additional counter parameter '%e' which is the
+# timestamp for the end of the period
+#
+#query = "\
+# SELECT SUM(acctsessiontime) \
+# FROM radacct \
+# WHERE username = '%{${key}}' \
+# AND acctstarttime BETWEEN %b \
+# AND %e"
- query = "SELECT IFNULL(SUM(acctsessiontime),0) \
- FROM radacct \
- WHERE username = '%{${key}}'"
+query = "\
+ SELECT IFNULL(SUM(acctsessiontime),0) \
+ FROM radacct \
+ WHERE username = '%{${key}}'"
# -*- text -*-
-
-##
-## Queries to update the CUI table.
-##
+#
+# cui/mysql/queries.conf -- Queries to update a MySQL CUI table.
+#
+# $Id$
post-auth {
query = "\
VALUES \
('%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}', '%{Calling-Station-Id}', \
'%{User-Name}', '%{reply:Chargeable-User-Identity}', NULL) \
- ON DUPLICATE KEY UPDATE lastaccounting='0000-00-00 00:00:00', cui='%{reply:Chargeable-User-Identity}'"
+ ON DUPLICATE KEY UPDATE \
+ lastaccounting='0000-00-00 00:00:00', \
+ cui='%{reply:Chargeable-User-Identity}'"
}
UPDATE ${....cui_table} SET \
lastaccounting = CURRENT_TIMESTAMP \
WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
interim-update {
query ="\
UPDATE ${....cui_table} SET \
lastaccounting = CURRENT_TIMESTAMP \
WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
stop {
query ="\
- DELETE FROM ${....cui_table} WHERE \
- clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ DELETE FROM ${....cui_table} \
+ WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
}
}
# -*- text -*-
-
-##
-## Queries to update the CUI table.
-##
+#
+# cui/postgresql/queries.conf -- Queries to update a PostgreSQL CUI table.
+#
+# $Id$
post-auth {
query = "\
INSERT INTO ${..cui_table} \
(clientipaddress, callingstationid, username, cui) \
VALUES \
- ('%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}', '%{Calling-Station-Id}', '%{User-Name}', '%{reply:Chargeable-User-Identity}')"
+ ('%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}', '%{Calling-Station-Id}', \
+ '%{User-Name}', '%{reply:Chargeable-User-Identity}')"
}
UPDATE ${....cui_table} SET \
lastaccounting = now() \
WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
interim-update {
query ="\
UPDATE ${....cui_table} SET \
lastaccounting = now() \
WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
stop {
query ="\
- DELETE FROM ${....cui_table} WHERE \
- clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ DELETE FROM ${....cui_table} \
+ WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
}
}
# -*- text -*-
-
-##
-## Queries to update the CUI table.
-##
+#
+# cui/sqlite/queries.conf -- Queries to update a sqlite CUI table.
+#
+# $Id$
post-auth {
query = "\
UPDATE ${....cui_table} SET \
lastaccounting = CURRENT_TIMESTAMP \
WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
interim-update {
query ="\
UPDATE ${....cui_table} SET \
lastaccounting = CURRENT_TIMESTAMP \
WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
stop {
query ="\
- DELETE FROM ${....cui_table} WHERE \
- clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND username = '%{User-Name}' \
- AND cui = '%{Chargeable-User-Identity}'"
+ DELETE FROM ${....cui_table} \
+ WHERE clientipaddress = '%{%{Packet-Src-IPv6-Address}:-%{Packet-Src-IP-Address}}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND username = '%{User-Name}' \
+ AND cui = '%{Chargeable-User-Identity}'"
}
}
}
# -*- text -*-
-##
-## ippool.conf -- MySQL queries for rlm_sqlippool
-##
-## $Id$
-
-# ## This series of queries allocates an IP address
-# allocate_clear = "UPDATE ${ippool_table} \
-# SET nasipaddress = '', pool_key = 0, \
-# callingstationid = '', username = '', \
-# expiry_time = NULL \
-# WHERE pool_key = '${pool_key}'"
-
-## This series of queries allocates an IP address
-## (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
-## then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
-## from the WHERE clause)
-
-allocate_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, \
- callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE expiry_time <= NOW() - INTERVAL 1 SECOND \
- AND nasipaddress = '%{Nas-IP-Address}'"
-
-
-
-## The ORDER BY clause of this query tries to allocate the same IP-address
-## which user had last session...
-allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- WHERE pool_name = '%{control:Pool-Name}' AND (expiry_time < NOW() OR expiry_time IS NULL) \
- ORDER BY (username <> '%{User-Name}'), \
- (callingstationid <> '%{Calling-Station-Id}'), \
- expiry_time \
- LIMIT 1 \
- FOR UPDATE"
-
-# ## If you prefer to allocate a random IP address every time, i
-# ## use this query instead
-# allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
-# WHERE pool_name = '%{control:Pool-Name}' \
-# AND expiry_time IS NULL \
-# ORDER BY RAND() \
-# LIMIT 1 \
-# FOR UPDATE"
-
-
-
-## If an IP could not be allocated, check to see if the pool exists or not
-## This allows the module to differentiate between a full pool and no pool
-## Note: If you are not running redundant pool modules this query may be
-## commented out to save running this query every time an ip is not allocated.
-pool_check = "SELECT id FROM ${ippool_table} \
- WHERE pool_name='%{control:Pool-Name}' LIMIT 1"
-
-
-## This is the final IP Allocation query, which saves the allocated ip details
-allocate_update = "UPDATE ${ippool_table} \
- SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
- callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \
- expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
- WHERE framedipaddress = '%I' AND expiry_time IS NULL"
-
-
-
-## This series of queries frees an IP number when an accounting
-## START record arrives
-start_update = "UPDATE ${ippool_table} \
- SET expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
- WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-## This series of queries frees an IP number when an accounting
-## STOP record arrives
+#
+# ippool-dhcp/mysql/queries.conf -- MySQL queries for rlm_sqlippool
+#
+# $Id$
+
+#
+# This series of queries allocates an IP address
+#
+#allocate_clear = "\
+# UPDATE ${ippool_table} \
+# SET \
+# nasipaddress = '', \
+# pool_key = 0, \
+# callingstationid = '', \
+# username = '', \
+# expiry_time = NULL \
+# WHERE pool_key = '${pool_key}'"
+
+#
+# This series of queries allocates an IP address
+# (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
+# then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
+# from the WHERE clause)
+#
+allocate_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE expiry_time <= NOW() - INTERVAL 1 SECOND \
+ AND nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# The ORDER BY clause of this query tries to allocate the same IP-address
+# which user had last session...
+#
+allocate_find = "\
+ SELECT framedipaddress \
+ FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND (expiry_time < NOW() OR expiry_time IS NULL) \
+ ORDER BY \
+ (username <> '%{User-Name}'), \
+ (callingstationid <> '%{Calling-Station-Id}'), \
+ expiry_time \
+ LIMIT 1 \
+ OR UPDATE"
+
+#
+# If you prefer to allocate a random IP address every time, use this query instead
+#
+#allocate_find = "\
+# SELECT framedipaddress \
+# FROM ${ippool_table} \
+# WHERE pool_name = '%{control:Pool-Name}' \
+# AND expiry_time IS NULL \
+# ORDER BY RAND() \
+# LIMIT 1 \
+# FOR UPDATE"
+
+#
+# If an IP could not be allocated, check to see if the pool exists or not
+# This allows the module to differentiate between a full pool and no pool
+# Note: If you are not running redundant pool modules this query may be
+# commented out to save running this query every time an ip is not allocated.
+#
+pool_check = "\
+ SELECT id \
+ FROM ${ippool_table} \
+ WHERE pool_name='%{control:Pool-Name}' \
+ LIMIT 1"
+
+#
+# This is the final IP Allocation query, which saves the allocated ip details
+#
+allocate_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '%{NAS-IP-Address}', \
+ pool_key = '${pool_key}', \
+ callingstationid = '%{Calling-Station-Id}', \
+ username = '%{User-Name}', \
+ expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
+ WHERE framedipaddress = '%I' AND expiry_time IS NULL"
+
+#
+# This series of queries frees an IP number when an accounting
+# START record arrives
+#
+start_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting
+# STOP record arrives
+#
stop_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees an IP number when an accounting
-## ALIVE record arrives
-alive_update = "UPDATE ${ippool_table} \
- SET expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting ON record arrives
-on_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting OFF record arrives
-off_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting
+# ALIVE record arrives
+#
+alive_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting ON record arrives
+#
+on_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting OFF record arrives
+#
+off_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
# -*- text -*-
-##
-## queries.conf -- Oracle queries for dhcp-ippool
-##
-##
-
-
-## "START TRANSACTION" not required with Oracle
+#
+# ippool-dhcp/oracle/queries.conf -- Oracle queries for dhcp-ippool
+#
+# $id: 416d59802a1321c16b936bb5e63c288ca3634bcd $
+
+#
+# "START TRANSACTION" not required with Oracle
+#
allocate_begin = ""
start_begin = ""
alive_begin = ""
stop_begin = ""
on_begin = ""
off_begin = ""
-
-
-## This query allocates an IP address from the Pool
-## It query tries to allocate to the user
-## either the same IP-address that they had last session
-## or the IP which has been unused for the longest period of time
-allocate_find = "WITH POOLS AS (SELECT * FROM ${ippool_table} WHERE POOL_NAME = '%{control:Pool-Name}' AND (POOL_KEY = '${pool_key}' OR EXPIRY_TIME = (SELECT MIN(EXPIRY_TIME) FROM ${ippool_table} WHERE POOL_NAME = '%{control:Pool-Name}' AND EXPIRY_TIME < CURRENT_TIMESTAMP AND POOL_KEY != '${pool_key}'))) SELECT FRAMEDIPADDRESS FROM (SELECT FRAMEDIPADDRESS FROM POOLS WHERE POOL_KEY = '${pool_key}' OR (NOT EXISTS (SELECT 1 FROM POOLS WHERE POOL_KEY = '${pool_key}'))) WHERE ROWNUM = 1 FOR UPDATE"
-
-
-## This function is available if you want to use multiple pools
-# allocate_find = "select msqlippool('%{SQL-User-Name}','%{control:Pool-Name}') from dual"
-
-
-## If you prefer to allocate a random IP address every time, use this query instead
-#allocate_find = "SELECT FRAMEDIPADDRESS FROM ${ippool_table} WHERE FRAMEDIPADDRESS = (SELECT FRAMEDIPADDRESS FROM (SELECT FRAMEDIPADDRESS FROM ${ippool_table} WHERE POOL_NAME = '%{control:Pool-Name}' AND EXPIRY_TIME < CURRENT_TIMESTAMP ORDER BY DBMS_RANDOM.VALUE) WHERE ROWNUM = 1) FOR UPDATE"
-
-
-## If an IP could not be allocated, check to see whether the pool exists or not
-## This allows the module to differentiate between a full pool and no pool
-## Note: If you are not running redundant pool modules this query may be commented
-## out to save running this query every time an ip is not allocated.
-#pool_check = "SELECT ID FROM (SELECT ID FROM ${ippool_table} WHERE POOL_NAME = '%{control:Pool-Name}') WHERE ROWNUM = 1"
-
-
-## This query marks the IP address handed out by "allocate_find" as used
-## for the period of "lease_duration" after which time it may be reused.
-allocate_update = "UPDATE ${ippool_table} SET NASIPADDRESS = '%{NAS-IP-Address}', POOL_KEY = '${pool_key}', CALLINGSTATIONID = '%{Calling-Station-Id}', USERNAME = '%{SQL-User-Name}', EXPIRY_TIME = CURRENT_TIMESTAMP + INTERVAL '${lease_duration}' SECOND(1) WHERE FRAMEDIPADDRESS = '%I'"
-
-
-## This query frees the IP address assigned to "pool_key" when a new request
-## comes in for the same "pool_key". This means that either you are losing
-## accounting Stop records or you use Calling-Station-Id instead of NAS-Port
-## as your "pool_key" and your users are able to reconnect before your NAS
-## has timed out their previous session. (Generally on wireless networks)
-## (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
-## then you may wish to delete the "AND nasipaddress = '%{NAS-IP-Address}'
-## from the WHERE clause)
-allocate_clear = "UPDATE ${ippool_table} SET EXPIRY_TIME = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) WHERE POOL_KEY = '${pool_key}'"
-
-
-## This query extends an IP address lease by "lease_duration" when an accounting
-## START record arrives
-start_update = "UPDATE ${ippool_table} SET EXPIRY_TIME = CURRENT_TIMESTAMP + INTERVAL '${lease_duration}' SECOND(1) WHERE NASIPADDRESS = '%{NAS-IP-Address}' AND POOL_NAME = '%{control:Pool-Name}' AND POOL_KEY = '${pool_key}' AND FRAMEDIPADDRESS = '%{Framed-IP-Address}'"
-
-
-## This query frees an IP address when an accounting
-## STOP record arrives
-stop_clear = "UPDATE ${ippool_table} SET EXPIRY_TIME = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) WHERE POOL_KEY = '${pool_key}'"
-
-
-## This query extends an IP address lease by "lease_duration" when an accounting
-## ALIVE record arrives
-alive_update = "UPDATE ${ippool_table} SET EXPIRY_TIME = CURRENT_TIMESTAMP + INTERVAL '${lease_duration}' SECOND(1) WHERE POOL_KEY = '${pool_key}' AND POOL_NAME = '%{control:Pool-Name}' AND FRAMEDIPADDRESS = '%{Framed-IP-Address}'"
-
-
-## This query frees all IP addresses allocated to a NAS when an
-## accounting ON record arrives from that NAS
-on_clear = "UPDATE ${ippool_table} SET EXPIRY_TIME = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) WHERE NASIPADDRESS = '%{NAS-IP-Address}'"
-
-
-## This query frees all IP addresses allocated to a NAS when an
-## accounting OFF record arrives from that NAS
-off_clear = "UPDATE ${ippool_table} SET EXPIRY_TIME = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) WHERE NASIPADDRESS = '%{NAS-IP-Address}'"
+
+#
+# This query allocates an IP address from the Pool
+# It query tries to allocate to the user
+# either the same IP-address that they had last session
+# or the IP which has been unused for the longest period of time
+#
+allocate_find = "\
+ WITH POOLS AS (\
+ SELECT * \
+ FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND (\
+ pool_key = '${pool_key}' \
+ OR expiry_time = (\
+ SELECT MIN(expiry_time) \
+ FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND expiry_time < CURRENT_TIMESTAMP AND pool_key != '${pool_key}'\
+ )\
+ )\
+ ) \
+ SELECT framedipaddress \
+ FROM (\
+ SELECT framedipaddress \
+ FROM POOLS \
+ WHERE pool_key = '${pool_key}' \
+ OR (\
+ NOT EXISTS (\
+ SELECT 1 \
+ FROM POOLS \
+ WHERE pool_key = '${pool_key}'\
+ )\
+ )\
+ ) WHERE ROWNUM = 1 FOR UPDATE"
+
+#
+# This function is available if you want to use multiple pools
+#
+#allocate_find = "\
+ SELECT msqlippool('%{SQL-User-Name}','%{control:Pool-Name}') \
+ FROM dual"
+
+#
+# If you prefer to allocate a random IP address every time, use this query instead
+#
+#allocate_find = "\
+# SELECT framedipaddress \
+# FROM ${ippool_table}\
+# WHERE framedipaddress = (\
+# SELECT framedipaddress \
+# FROM (\
+# SELECT framedipaddress \
+# FROM ${ippool_table} \
+# WHERE pool_name = '%{control:Pool-Name}' \
+# AND expiry_time < CURRENT_TIMESTAMP \
+# ORDER BY DBMS_RANDOM.VALUE\
+# ) \
+# WHERE ROWNUM = 1\
+# ) \
+# FOR UPDATE"
+
+#
+# If an IP could not be allocated, check to see whether the pool exists or not
+# This allows the module to differentiate between a full pool and no pool
+# Note: If you are not running redundant pool modules this query may be commented
+# out to save running this query every time an ip is not allocated.
+#
+#pool_check = "\
+# SELECT id \
+# FROM (\
+# SELECT id \
+# FROM ${ippool_table} \
+# WHERE pool_name = '%{control:Pool-Name}'\
+# ) WHERE ROWNUM = 1"
+
+#
+# This query marks the IP address handed out by "allocate_find" as used
+# for the period of "lease_duration" after which time it may be reused.
+#
+allocate_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '%{NAS-IP-Address}', \
+ pool_key = '${pool_key}', \
+ callingstationid = '%{Calling-Station-id}', \
+ username = '%{SQL-User-Name}', \
+ expiry_time = CURRENT_TIMESTAMP + INTERVAL '${lease_duration}' SECOND(1) \
+ WHERE framedipaddress = '%I'"
+
+#
+# This query frees the IP address assigned to "pool_key" when a new request
+# comes in for the same "pool_key". This means that either you are losing
+# accounting Stop records or you use Calling-Station-id instead of NAS-Port
+# as your "pool_key" and your users are able to reconnect before your NAS
+# has timed out their previous session. (Generally on wireless networks)
+# (Note: If your pool_key is set to Calling-Station-id and not NAS-Port
+# then you may wish to delete the "AND nasipaddress = '%{NAS-IP-Address}'
+# from the WHERE clause)
+#
+allocate_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) \
+ WHERE pool_key = '${pool_key}'"
+
+#
+# This query extends an IP address lease by "lease_duration" when an accounting
+# START record arrives
+#
+start_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = CURRENT_TIMESTAMP + INTERVAL '${lease_duration}' SECOND(1) \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_name = '%{control:Pool-Name}' \
+ AND pool_key = '${pool_key}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This query frees an IP address when an accounting
+# STOP record arrives
+#
+stop_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) \
+ WHERE pool_key = '${pool_key}'"
+
+#
+# This query extends an IP address lease by "lease_duration" when an accounting
+# ALIVE record arrives
+#
+alive_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = CURRENT_TIMESTAMP + INTERVAL '${lease_duration}' SECOND(1) \
+ WHERE pool_key = '${pool_key}' \
+ AND pool_name = '%{control:Pool-Name}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This query frees all IP addresses allocated to a NAS when an
+# accounting ON record arrives from that NAS
+#
+on_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) \
+ WHERE nasipaddress = '%{NAS-IP-Address}'"
+
+#
+# This query frees all IP addresses allocated to a NAS when an
+# accounting OFF record arrives from that NAS
+#
+off_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = CURRENT_TIMESTAMP - INTERVAL '1' SECOND(1) \
+ WHERE nasipaddress = '%{NAS-IP-Address}'"
-CREATE TABLE RADIPPOOL (
- ID INT PRIMARY KEY,
- POOL_NAME VARCHAR(30) NOT NULL,
- FRAMEDIPADDRESS VARCHAR(30) NOT NULL,
- NASIPADDRESS VARCHAR(30) NOT NULL,
- POOL_KEY VARCHAR(64) NOT NULL,
- CALLEDSTATIONID VARCHAR(64),
- CALLINGSTATIONID VARCHAR(64) NOT NULL,
- EXPIRY_TIME TIMESTAMP(0) NOT NULL,
- USERNAME VARCHAR(100)
+CREATE TABLE radippool (
+ id INT PRIMARY KEY,
+ pool_name VARCHAR(30) NOT NULL,
+ framedipaddress VARCHAR(30) NOT NULL,
+ nasipaddress VARCHAR(30) NOT NULL,
+ pool_key VARCHAR(64) NOT NULL,
+ calledstationid VARCHAR(64),
+ callingstationid VARCHAR(64) NOT NULL,
+ expiry_time TIMESTAMP(0) NOT NULL,
+ username VARCHAR(100)
);
-
-CREATE INDEX RADIPPOOL_POOLNAME_IPADDR ON RADIPPOOL (POOL_NAME, FRAMEDIPADDRESS);
-CREATE INDEX RADIPPOOL_POOLNAME_EXPIRE ON RADIPPOOL (POOL_NAME, EXPIRY_TIME);
-CREATE INDEX RADIPPOOL_NASIPADDR_KEY ON RADIPPOOL (NASIPADDRESS, POOL_KEY);
-CREATE INDEX RADIPPOOL_NASIPADDR_CALLING ON RADIPPOOL (NASIPADDRESS, CALLINGSTATIONID);
-
-CREATE SEQUENCE RADIPPOOL_SEQ START WITH 1 INCREMENT BY 1;
-
-CREATE OR REPLACE TRIGGER RADIPPOOL_SERIALNUMBER
- BEFORE INSERT OR UPDATE OF ID ON RADIPPOOL
+
+CREATE INDEX radippool_poolname_ipaddr ON radippool (pool_name, framedipaddress);
+CREATE INDEX radippool_poolname_expire ON radippool (pool_name, expiry_time);
+CREATE INDEX radippool_nasipaddr_key ON radippool (nasipaddress, pool_key);
+CREATE INDEX radippool_nasipaddr_calling ON radippool (nasipaddress, callingstationid);
+
+CREATE SEQUENCE radippool_seq START WITH 1 INCREMENT BY 1;
+
+CREATE OR REPLACE TRIGGER radippool_serialnumber
+ BEFORE INSERT OR UPDATE OF id ON radippool
FOR EACH ROW
BEGIN
- IF ( :NEW.ID = 0 OR :NEW.ID IS NULL ) THEN
- SELECT RADIPPOOL_SEQ.NEXTVAL INTO :NEW.ID FROM DUAL;
+ IF ( :NEW.id = 0 OR :NEW.id IS NULL ) THEN
+ SELECT radippool_seq.NEXTVAL INTO :NEW.id FROM dual;
END IF;
END;
/
# -*- text -*-
-##
-## ippool.conf -- SQLite queries for rlm_sqlippool
-##
-## $Id$
-
-
-# To use these queries you need to add '%' to safe_characters
-# in raddb/mods-config/sql/main/sqlite/queries.conf
-
-
-# ## This series of queries allocates an IP address
-# allocate_clear = "UPDATE ${ippool_table} \
-# SET nasipaddress = '', pool_key = 0, \
-# callingstationid = '', username = '', \
-# expiry_time = NULL \
-# WHERE pool_key = '${pool_key}'"
-
-## This series of queries allocates an IP address
-## (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
-## then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
-## from the WHERE clause)
-
-allocate_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, \
- callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE expiry_time <= datetime(strftime('%%s', 'now') - 1, 'unixepoch') \
- AND nasipaddress = '%{Nas-IP-Address}'"
-
-
-
-## The ORDER BY clause of this query tries to allocate the same IP-address
-## which user had last session...
-allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- WHERE pool_name = '%{control:Pool-Name}' AND \
- ( (expiry_time < datetime('now') OR expiry_time IS NULL) \
- OR \
- (callingstationid = '%{Calling-Station-Id}') AND expiry_time > datetime('now') ) \
- ORDER BY (callingstationid <> '%{Calling-Station-Id}'), \
- expiry_time \
- LIMIT 1"
-
-# ## If you prefer to allocate a random IP address every time, i
-# ## use this query instead
-# allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
-# WHERE pool_name = '%{control:Pool-Name}' \
-# AND expiry_time IS NULL \
-# ORDER BY RAND() \
-# LIMIT 1 \
-# FOR UPDATE"
-
-
-
-## If an IP could not be allocated, check to see if the pool exists or not
-## This allows the module to differentiate between a full pool and no pool
-## Note: If you are not running redundant pool modules this query may be
-## commented out to save running this query every time an ip is not allocated.
-pool_check = "SELECT id FROM ${ippool_table} \
- WHERE pool_name='%{control:Pool-Name}' LIMIT 1"
-
-
-## This is the final IP Allocation query, which saves the allocated ip details
-allocate_update = "UPDATE ${ippool_table} \
- SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
- callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \
- expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
- WHERE framedipaddress = '%I' AND expiry_time IS NULL"
-
-
-
-
-# The following queries are not used for DHCP IP assignment.
-
-
-## This series of queries frees an IP number when an accounting
-## START record arrives
-start_update = "UPDATE ${ippool_table} \
- SET expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
- WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-## This series of queries frees an IP number when an accounting
-## STOP record arrives
-stop_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees an IP number when an accounting
-## ALIVE record arrives
-alive_update = "UPDATE ${ippool_table} \
- SET expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting ON record arrives
-on_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting OFF record arrives
-off_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
+#
+# ippool-dhcp/sqlite/queries.conf -- SQLite queries for rlm_sqlippool
+#
+# $Id$
+
+#
+# This series of queries allocates an IP address
+#
+#allocate_clear = "\
+# UPDATE ${ippool_table} \
+# SET \
+# nasipaddress = '', \
+# pool_key = 0, \
+# callingstationid = '', \
+# username = '', \
+# expiry_time = NULL \
+# WHERE pool_key = '${pool_key}'"
+
+#
+# This series of queries allocates an IP address
+# (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
+# then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
+# from the WHERE clause)
+#
+allocate_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE expiry_time <= datetime(strftime('%%s', 'now') - 1, 'unixepoch') \
+ AND nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# The ORDER BY clause of this query tries to allocate the same IP-address
+# which user had last session...
+#
+allocate_find = "\
+ SELECT framedipaddress \
+ FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND (\
+ ((expiry_time < datetime('now')) OR expiry_time IS NULL) \
+ OR (callingstationid = '%{Calling-Station-Id}') \
+ AND expiry_time > datetime('now')\
+ ) \
+ ORDER BY \
+ (callingstationid <> '%{Calling-Station-Id}'), \
+ expiry_time \
+ LIMIT 1"
+
+#
+# If you prefer to allocate a random IP address every time, use this query instead
+#
+#allocate_find = "\
+# SELECT framedipaddress FROM ${ippool_table} \
+# WHERE pool_name = '%{control:Pool-Name}' \
+# AND expiry_time IS NULL \
+# ORDER BY RAND() \
+# LIMIT 1 \
+# FOR UPDATE"
+
+#
+# If an IP could not be allocated, check to see if the pool exists or not
+# This allows the module to differentiate between a full pool and no pool
+# Note: If you are not running redundant pool modules this query may be
+# commented out to save running this query every time an ip is not allocated.
+#
+pool_check = "\
+ SELECT id \
+ FROM ${ippool_table} \
+ WHERE pool_name='%{control:Pool-Name}' \
+ LIMIT 1"
+
+#
+# This is the final IP Allocation query, which saves the allocated ip details
+#
+allocate_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '%{NAS-IP-Address}', \
+ pool_key = '${pool_key}', \
+ callingstationid = '%{Calling-Station-Id}', \
+ username = '%{User-Name}', \
+ expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
+ WHERE framedipaddress = '%I' \
+ AND expiry_time IS NULL"
+
+#
+# The following queries are not used for DHCP IP assignment.
+#
+
+#
+# This series of queries frees an IP number when an accounting START record arrives
+#
+start_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting STOP record arrives
+#
+stop_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting ALIVE record arrives
+#
+alive_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting ON record arrives
+#
+on_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE \nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting OFF record arrives
+#
+off_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
# -*- text -*-
-##
-## ippool.conf -- MySQL queries for rlm_sqlippool
-##
-## $Id$
-
-# ## This series of queries allocates an IP address
-# allocate_clear = "UPDATE ${ippool_table} \
-# SET nasipaddress = '', pool_key = 0, \
-# callingstationid = '', username = '', \
-# expiry_time = NULL \
-# WHERE pool_key = '${pool_key}'"
-
-## This series of queries allocates an IP address
-## (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
-## then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
-## from the WHERE clause)
-
-allocate_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, \
- callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE expiry_time <= NOW() - INTERVAL 1 SECOND \
- AND nasipaddress = '%{Nas-IP-Address}'"
-
-
-
-## The ORDER BY clause of this query tries to allocate the same IP-address
-## which user had last session...
-allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- WHERE pool_name = '%{control:Pool-Name}' AND (expiry_time < NOW() OR expiry_time IS NULL) \
- ORDER BY (username <> '%{User-Name}'), \
- (callingstationid <> '%{Calling-Station-Id}'), \
- expiry_time \
- LIMIT 1 \
- FOR UPDATE"
-
-# ## If you prefer to allocate a random IP address every time, i
-# ## use this query instead
-# allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
-# WHERE pool_name = '%{control:Pool-Name}' \
-# AND expiry_time IS NULL \
-# ORDER BY RAND() \
-# LIMIT 1 \
-# FOR UPDATE"
-
-
-
-## If an IP could not be allocated, check to see if the pool exists or not
-## This allows the module to differentiate between a full pool and no pool
-## Note: If you are not running redundant pool modules this query may be
-## commented out to save running this query every time an ip is not allocated.
-pool_check = "SELECT id FROM ${ippool_table} \
- WHERE pool_name='%{control:Pool-Name}' LIMIT 1"
-
-
-## This is the final IP Allocation query, which saves the allocated ip details
-allocate_update = "UPDATE ${ippool_table} \
- SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
- callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \
- expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
- WHERE framedipaddress = '%I' AND expiry_time IS NULL"
-
-
-
-## This series of queries frees an IP number when an accounting
-## START record arrives
-start_update = "UPDATE ${ippool_table} \
- SET expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
- WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-## This series of queries frees an IP number when an accounting
-## STOP record arrives
-stop_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees an IP number when an accounting
-## ALIVE record arrives
-alive_update = "UPDATE ${ippool_table} \
- SET expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting ON record arrives
-on_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting OFF record arrives
-off_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
+#
+# ippool/mysql/queries.conf -- MySQL queries for rlm_sqlippool
+#
+# $Id$
+
+#
+# This series of queries allocates an IP address
+#
+#allocate_clear = "\
+# UPDATE ${ippool_table} \
+# SET \
+# nasipaddress = '', \
+# pool_key = 0, \
+# callingstationid = '', \
+# username = '', \
+# expiry_time = NULL \
+# WHERE pool_key = '${pool_key}'"
+
+#
+# This series of queries allocates an IP address
+# (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
+# then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
+# from the WHERE clause)
+#
+allocate_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE expiry_time <= NOW() - INTERVAL 1 SECOND \
+ AND nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# The ORDER BY clause of this query tries to allocate the same IP-address
+# which user had last session...
+#
+allocate_find = "\
+ SELECT framedipaddress FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND (expiry_time < NOW() OR expiry_time IS NULL) \
+ ORDER BY \
+ (username <> '%{User-Name}'), \
+ (callingstationid <> '%{Calling-Station-Id}'), \
+ expiry_time \
+ LIMIT 1 \
+ FOR UPDATE"
+
+#
+# If you prefer to allocate a random IP address every time, use this query instead.
+#
+#allocate_find = "\
+# SELECT framedipaddress FROM ${ippool_table} \
+# WHERE pool_name = '%{control:Pool-Name}' \
+# AND expiry_time IS NULL \
+# ORDER BY \
+# RAND() \
+# LIMIT 1 \
+# FOR UPDATE"
+
+#
+# If an IP could not be allocated, check to see if the pool exists or not
+# This allows the module to differentiate between a full pool and no pool
+# Note: If you are not running redundant pool modules this query may be
+# commented out to save running this query every time an ip is not allocated.
+#
+pool_check = "\
+ SELECT id \
+ FROM ${ippool_table} \
+ WHERE pool_name='%{control:Pool-Name}' \
+ LIMIT 1"
+
+#
+# This is the final IP Allocation query, which saves the allocated ip details.
+#
+allocate_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
+ callingstationid = '%{Calling-Station-Id}', \
+ username = '%{User-Name}', expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
+ WHERE framedipaddress = '%I' \
+ AND expiry_time IS NULL"
+
+#
+# This series of queries frees an IP number when an accounting START record arrives.
+#
+start_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting STOP record arrives.
+#
+stop_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting ALIVE record arrives.
+#
+alive_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
+ WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting ON record arrives
+#
+on_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting OFF record arrives
+#
+off_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
# -*- text -*-
-##
-## ippool.conf -- Oracle queries for rlm_sqlippool
-##
-## $Id$
+#
+# ippool/oracle/queries.conf -- Oracle queries for rlm_sqlippool
+#
+# $Id$
allocate_begin = "commit"
start_begin = "commit"
on_begin = "commit"
off_begin = "commit"
- ## This query allocates an IP address from the Pool
- ## The ORDER BY clause of this query tries to allocate the same IP-address
- ## to the user that they had last session...
- allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < current_timestamp \
- AND rownum <= 1 \
- ORDER BY (username <> '%{SQL-User-Name}'), \
- (callingstationid <> '%{Calling-Station-Id}'), expiry_time \
- FOR UPDATE"
-
- ## This function is available if you want to use multiple pools
-# allocate_find = "select msqlippool('%{SQL-User-Name}','%{control:Pool-Name}') from dual"
-
- ## If you prefer to allocate a random IP address every time, use this query instead
- #allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- # WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < current_timestamp \
-# AND rownum <= 1 \
- # ORDER BY RANDOM() \
- # FOR UPDATE"
-
-
- ## If an IP could not be allocated, check to see whether the pool exists or not
- ## This allows the module to differentiate between a full pool and no pool
- ## Note: If you are not running redundant pool modules this query may be commented
- ## out to save running this query every time an ip is not allocated.
- pool_check = "SELECT id FROM (SELECT id FROM ${ippool_table} \
- WHERE pool_name='%{control:Pool-Name}') WHERE ROWNUM = 1"
-
-
- ## This query marks the IP address handed out by "allocate-find" as used
- ## for the period of "lease_duration" after which time it may be reused.
- allocate_update = "UPDATE ${ippool_table} \
- SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
- callingstationid = '%{Calling-Station-Id}', username = '%{SQL-User-Name}', \
- expiry_time = current_timestamp + INTERVAL '${lease_duration}' second(1) \
- WHERE framedipaddress = '%I'"
-
-
- ## This query frees the IP address assigned to "pool_key" when a new request
- ## comes in for the same "pool_key". This means that either you are losing
- ## accounting Stop records or you use Calling-Station-Id instead of NAS-Port
- ## as your "pool_key" and your users are able to reconnect before your NAS
- ## has timed out their previous session. (Generally on wireless networks)
- ## (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
- ## then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
- ## from the WHERE clause)
- allocate_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = current_timestamp - INTERVAL '1' second(1) \
- WHERE pool_key = '${pool_key}'"
-
-
- ## This query extends an IP address lease by "lease_duration" when an accounting
- ## START record arrives
- start_update = "UPDATE ${ippool_table} \
- SET expiry_time = current_timestamp + INTERVAL '${lease_duration}' second(1) \
- WHERE nasipaddress = '%{NAS-IP-Address}' \
- AND pool_key = '${pool_key}'"
-
-
- ## This query frees an IP address when an accounting
- ## STOP record arrives
- stop_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = current_timestamp - INTERVAL '1' second(1) \
- WHERE nasipaddress = '%{Nas-IP-Address}' \
- AND pool_key = '${pool_key}' \
- AND username = '%{SQL-User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}'"
-
-
-## This query extends an IP address lease by "lease_duration" when an accounting
-## ALIVE record arrives
-alive_update = "UPDATE ${ippool_table} \
- SET expiry_time = current_timestamp + INTERVAL '${lease_duration}' second(1) \
- WHERE nasipaddress = '%{Nas-IP-Address}' \
- AND pool_key = '${pool_key}' \
- AND framedipaddress = '%{Framed-IP-Address}' \
- AND username = '%{SQL-User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}'"
-
-
-## This query frees all IP addresses allocated to a NAS when an
-## accounting ON record arrives from that NAS
-on_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = current_timestamp - INTERVAL '1' second(1) \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
-
-## This query frees all IP addresses allocated to a NAS when an
-## accounting OFF record arrives from that NAS
-off_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = current_timestamp - INTERVAL '1' second(1) \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
+#
+# This query allocates an IP address from the Pool
+# The ORDER BY clause of this query tries to allocate the same IP-address
+# to the user that they had last session...
+#
+allocate_find = "\
+ SELECT framedipaddress \
+ FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND expiry_time < current_timestamp \
+ AND rownum <= 1 \
+ ORDER BY \
+ (username <> '%{SQL-User-Name}'), \
+ (callingstationid <> '%{Calling-Station-Id}'), \
+ expiry_time \
+ FOR UPDATE"
+
+#
+# This function is available if you want to use multiple pools
+#
+#allocate_find = "\
+# SELECT msqlippool('%{SQL-User-Name}','%{control:Pool-Name}') \
+# FROM dual"
+
+#
+# If you prefer to allocate a random IP address every time, use this query instead
+#
+#allocate_find = "\
+# SELECT framedipaddress \
+# FROM ${ippool_table} \
+# WHERE pool_name = '%{control:Pool-Name}' \
+# AND expiry_time < current_timestamp \
+# AND rownum <= 1 \
+# ORDER BY RANDOM() \
+# FOR UPDATE"
+
+#
+# If an IP could not be allocated, check to see whether the pool exists or not
+# This allows the module to differentiate between a full pool and no pool
+# Note: If you are not running redundant pool modules this query may be commented
+# out to save running this query every time an ip is not allocated.
+#
+pool_check = "\
+ SELECT id \
+ FROM (SELECT id FROM ${ippool_table} WHERE pool_name='%{control:Pool-Name}') \
+ WHERE ROWNUM = 1"
+
+#
+# This query marks the IP address handed out by "allocate-find" as used
+# for the period of "lease_duration" after which time it may be reused.
+#
+allocate_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '%{NAS-IP-Address}', \
+ pool_key = '${pool_key}', \
+ callingstationid = '%{Calling-Station-Id}', \
+ username = '%{SQL-User-Name}', \
+ expiry_time = current_timestamp + INTERVAL '${lease_duration}' second(1) \
+ WHERE framedipaddress = '%I'"
+
+#
+# This query frees the IP address assigned to "pool_key" when a new request
+# comes in for the same "pool_key". This means that either you are losing
+# accounting Stop records or you use Calling-Station-Id instead of NAS-Port
+# as your "pool_key" and your users are able to reconnect before your NAS
+# has timed out their previous session. (Generally on wireless networks)
+# (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
+# then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
+# from the WHERE clause)
+#
+allocate_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = current_timestamp - INTERVAL '1' second(1) \
+ WHERE pool_key = '${pool_key}'"
+
+#
+# This query extends an IP address lease by "lease_duration" when an accounting
+# START record arrives
+#
+start_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = current_timestamp + INTERVAL '${lease_duration}' second(1) \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_key = '${pool_key}'"
+
+#
+# This query frees an IP address when an accounting STOP record arrives
+#
+stop_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = current_timestamp - INTERVAL '1' second(1) \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{SQL-User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}'"
+
+#
+# This query extends an IP address lease by "lease_duration" when an accounting
+# ALIVE record arrives
+#
+alive_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = current_timestamp + INTERVAL '${lease_duration}' second(1) \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND framedipaddress = '%{Framed-IP-Address}' \
+ AND username = '%{SQL-User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}'"
+
+#
+# This query frees all IP addresses allocated to a NAS when an
+# accounting ON record arrives from that NAS
+#
+on_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = current_timestamp - INTERVAL '1' second(1) \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# This query frees all IP addresses allocated to a NAS when an
+# accounting OFF record arrives from that NAS
+#
+off_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = current_timestamp - INTERVAL '1' second(1) \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
# -*- text -*-
-##
-## ippool.conf -- PostgreSQL queries for rlm_sqlippool
-##
-## $Id$
-
- ## This query allocates an IP address from the Pool
- ## The ORDER BY clause of this query tries to allocate the same IP-address
- ## to the user that they had last session...
- allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < 'now'::timestamp(0) \
- ORDER BY (username <> '%{SQL-User-Name}'), \
- (callingstationid <> '%{Calling-Station-Id}'), expiry_time \
- LIMIT 1 \
- FOR UPDATE"
-
- ## If you prefer to allocate a random IP address every time, use this query instead
- #allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- # WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < 'now'::timestamp(0) \
- # ORDER BY RANDOM() \
- # LIMIT 1 \
- # FOR UPDATE"
-
-
- ## If an IP could not be allocated, check to see whether the pool exists or not
- ## This allows the module to differentiate between a full pool and no pool
- ## Note: If you are not running redundant pool modules this query may be commented
- ## out to save running this query every time an ip is not allocated.
- pool_check = "SELECT id FROM ${ippool_table} \
- WHERE pool_name='%{control:Pool-Name}' LIMIT 1"
-
-
- ## This query marks the IP address handed out by "allocate-find" as used
- ## for the period of "lease_duration" after which time it may be reused.
- allocate_update = "UPDATE ${ippool_table} \
- SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
- callingstationid = '%{Calling-Station-Id}', username = '%{SQL-User-Name}', \
- expiry_time = 'now'::timestamp(0) + '${lease_duration} second'::interval \
- WHERE framedipaddress = '%I'"
-
-
- ## This query frees the IP address assigned to "pool_key" when a new request
- ## comes in for the same "pool_key". This means that either you are losing
- ## accounting Stop records or you use Calling-Station-Id instead of NAS-Port
- ## as your "pool_key" and your users are able to reconnect before your NAS
- ## has timed out their previous session. (Generally on wireless networks)
- ## (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
- ## then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
- ## from the WHERE clause)
- allocate_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = 'now'::timestamp(0) - '1 second'::interval \
- WHERE nasipaddress = '%{NAS-IP-Address}' \
- AND pool_key = '${pool_key}'"
-
-
- ## This query extends an IP address lease by "lease_duration" when an accounting
- ## START record arrives
- start_update = "UPDATE ${ippool_table} \
- SET expiry_time = 'now'::timestamp(0) + '${lease_duration} second'::interval \
- WHERE nasipaddress = '%{NAS-IP-Address}' \
- AND pool_key = '${pool_key}'"
-
-
- ## This query frees an IP address when an accounting
- ## STOP record arrives
- stop_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = 'now'::timestamp(0) - '1 second'::interval \
- WHERE nasipaddress = '%{Nas-IP-Address}' \
- AND pool_key = '${pool_key}' \
- AND username = '%{SQL-User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
- ## This query extends an IP address lease by "lease_duration" when an accounting
- ## ALIVE record arrives
- alive_update = "UPDATE ${ippool_table} \
- SET expiry_time = 'now'::timestamp(0) + '${lease_duration} seconds'::interval \
- WHERE nasipaddress = '%{Nas-IP-Address}' \
- AND pool_key = '${pool_key}' \
- AND framedipaddress = '%{Framed-IP-Address}' \
- AND username = '%{SQL-User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}'"
-
-
- ## This query frees all IP addresses allocated to a NAS when an
- ## accounting ON record arrives from that NAS
- on_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = 'now'::timestamp(0) - '1 second'::interval \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
-
- ## This query frees all IP addresses allocated to a NAS when an
- ## accounting OFF record arrives from that NAS
- off_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', \
- expiry_time = 'now'::timestamp(0) - '1 second'::interval \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
+#
+# ippool/postgresql/queries.conf -- PostgreSQL queries for rlm_sqlippool
+#
+# $Id$
+
+#
+# This query allocates an IP address from the Pool
+# The ORDER BY clause of this query tries to allocate the same IP-address
+# to the user that they had last session...
+#
+allocate_find = "\
+ SELECT framedipaddress \
+ FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND expiry_time < 'now'::timestamp(0) \
+ ORDER BY \
+ (username <> '%{SQL-User-Name}'), \
+ (callingstationid <> '%{Calling-Station-Id}'), \
+ expiry_time \
+ LIMIT 1 \
+ FOR UPDATE"
+
+#
+# If you prefer to allocate a random IP address every time, use this query instead
+#
+allocate_find = "\
+ SELECT framedipaddress FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < 'now'::timestamp(0) \
+ ORDER BY RANDOM() \
+ LIMIT 1 \
+ FOR UPDATE"
+
+#
+# If an IP could not be allocated, check to see whether the pool exists or not
+# This allows the module to differentiate between a full pool and no pool
+# Note: If you are not running redundant pool modules this query may be commented
+# out to save running this query every time an ip is not allocated.
+#
+pool_check = "\
+ SELECT id \
+ FROM ${ippool_table} \
+ WHERE pool_name='%{control:Pool-Name}' \
+ LIMIT 1"
+
+#
+# This query marks the IP address handed out by "allocate-find" as used
+# for the period of "lease_duration" after which time it may be reused.
+#
+allocate_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '%{NAS-IP-Address}', \
+ pool_key = '${pool_key}', \
+ callingstationid = '%{Calling-Station-Id}', \
+ username = '%{SQL-User-Name}', \
+ expiry_time = 'now'::timestamp(0) + '${lease_duration} second'::interval \
+ WHERE framedipaddress = '%I'"
+
+#
+# This query frees the IP address assigned to "pool_key" when a new request
+# comes in for the same "pool_key". This means that either you are losing
+# accounting Stop records or you use Calling-Station-Id instead of NAS-Port
+# as your "pool_key" and your users are able to reconnect before your NAS
+# has timed out their previous session. (Generally on wireless networks)
+# (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
+# then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
+# from the WHERE clause)
+#
+allocate_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = 'now'::timestamp(0) - '1 second'::interval \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_key = '${pool_key}'"
+
+#
+# This query extends an IP address lease by "lease_duration" when an accounting
+# START record arrives
+#
+start_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = 'now'::timestamp(0) + '${lease_duration} second'::interval \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_key = '${pool_key}'"
+
+#
+# This query frees an IP address when an accounting
+# STOP record arrives
+#
+stop_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = 'now'::timestamp(0) - '1 second'::interval \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{SQL-User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This query extends an IP address lease by "lease_duration" when an accounting
+# ALIVE record arrives
+#
+alive_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = 'now'::timestamp(0) + '${lease_duration} seconds'::interval \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND framedipaddress = '%{Framed-IP-Address}' \
+ AND username = '%{SQL-User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}'"
+
+#
+# This query frees all IP addresses allocated to a NAS when an
+# accounting ON record arrives from that NAS
+#
+on_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = 'now'::timestamp(0) - '1 second'::interval \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# This query frees all IP addresses allocated to a NAS when an
+# accounting OFF record arrives from that NAS
+#
+off_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ expiry_time = 'now'::timestamp(0) - '1 second'::interval \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
# -*- text -*-
-##
-## ippool.conf -- SQLite queries for rlm_sqlippool
-##
-## $Id$
-
-# ## This series of queries allocates an IP address
-# allocate_clear = "UPDATE ${ippool_table} \
-# SET nasipaddress = '', pool_key = 0, \
-# callingstationid = '', username = '', \
-# expiry_time = NULL \
-# WHERE pool_key = '${pool_key}'"
-
-## This series of queries allocates an IP address
-## (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
-## then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
-## from the WHERE clause)
-
- allocate_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, \
- callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE expiry_time <= datetime(strftime('%%s', 'now') - 1, 'unixepoch') \
- AND nasipaddress = '%{Nas-IP-Address}'"
-
-
-
-## The ORDER BY clause of this query tries to allocate the same IP-address
-## which user had last session...
-allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
- WHERE pool_name = '%{control:Pool-Name}' AND (expiry_time < datetime('now') OR expiry_time IS NULL) \
- ORDER BY (username <> '%{User-Name}'), \
- (callingstationid <> '%{Calling-Station-Id}'), \
- expiry_time \
- LIMIT 1 \
- FOR UPDATE"
-
-# ## If you prefer to allocate a random IP address every time, i
-# ## use this query instead
-# allocate_find = "SELECT framedipaddress FROM ${ippool_table} \
-# WHERE pool_name = '%{control:Pool-Name}' \
-# AND expiry_time IS NULL \
-# ORDER BY RAND() \
-# LIMIT 1 \
-# FOR UPDATE"
-
-
-
-## If an IP could not be allocated, check to see if the pool exists or not
-## This allows the module to differentiate between a full pool and no pool
-## Note: If you are not running redundant pool modules this query may be
-## commented out to save running this query every time an ip is not allocated.
-pool_check = "SELECT id FROM ${ippool_table} \
- WHERE pool_name='%{control:Pool-Name}' LIMIT 1"
-
-
-## This is the final IP Allocation query, which saves the allocated ip details
-allocate_update = "UPDATE ${ippool_table} \
- SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
- callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \
- expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
- WHERE framedipaddress = '%I' AND expiry_time IS NULL"
-
-
-
-## This series of queries frees an IP number when an accounting
-## START record arrives
-start_update = "UPDATE ${ippool_table} \
- SET expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
- WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-## This series of queries frees an IP number when an accounting
-## STOP record arrives
-stop_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees an IP number when an accounting
-## ALIVE record arrives
-alive_update = "UPDATE ${ippool_table} \
- SET expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
- WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool_key}' \
- AND username = '%{User-Name}' \
- AND callingstationid = '%{Calling-Station-Id}' \
- AND framedipaddress = '%{Framed-IP-Address}'"
-
-
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting ON record arrives
-on_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
-
-## This series of queries frees the IP numbers allocate to a
-## NAS when an accounting OFF record arrives
-off_clear = "UPDATE ${ippool_table} \
- SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \
- expiry_time = NULL \
- WHERE nasipaddress = '%{Nas-IP-Address}'"
+#
+# ippool/sqlite/queries.conf -- SQLite queries for rlm_sqlippool
+#
+# $Id$
+
+#
+# This series of queries allocates an IP address
+#
+#allocate_clear = "\
+# UPDATE ${ippool_table} \
+# SET \
+# nasipaddress = '', pool_key = 0, \
+# callingstationid = '', username = '', \
+# expiry_time = NULL \
+# WHERE pool_key = '${pool_key}'"
+
+#
+# This series of queries allocates an IP address
+# (Note: If your pool_key is set to Calling-Station-Id and not NAS-Port
+# then you may wish to delete the "AND nasipaddress = '%{Nas-IP-Address}'
+# from the WHERE clause)
+#
+allocate_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE expiry_time <= datetime(strftime('%%s', 'now') - 1, 'unixepoch') \
+ AND nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# The ORDER BY clause of this query tries to allocate the same IP-address
+# which user had last session...
+#
+allocate_find = "\
+ SELECT framedipaddress \
+ FROM ${ippool_table} \
+ WHERE pool_name = '%{control:Pool-Name}' \
+ AND (expiry_time < datetime('now') OR expiry_time IS NULL) \
+ ORDER BY \
+ (username <> '%{User-Name}'), \
+ (callingstationid <> '%{Calling-Station-Id}'), \
+ expiry_time \
+ LIMIT 1 \
+ FOR UPDATE"
+
+#
+# If you prefer to allocate a random IP address every time, i
+# use this query instead
+#
+
+#allocate_find = "\
+# SELECT framedipaddress \
+# FROM ${ippool_table} \
+# WHERE pool_name = '%{control:Pool-Name}' \
+# AND expiry_time IS NULL \
+# ORDER BY RAND() \
+# LIMIT 1 \
+# FOR UPDATE"
+
+#
+# If an IP could not be allocated, check to see if the pool exists or not
+# This allows the module to differentiate between a full pool and no pool
+# Note: If you are not running redundant pool modules this query may be
+# commented out to save running this query every time an ip is not allocated.
+#
+pool_check = "\
+ SELECT id FROM ${ippool_table} \
+ WHERE pool_name='%{control:Pool-Name}' \
+ LIMIT 1"
+
+#
+# This is the final IP Allocation query, which saves the allocated ip details
+#
+allocate_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '%{NAS-IP-Address}', \
+ pool_key = '${pool_key}', \
+ callingstationid = '%{Calling-Station-Id}', \
+ username = '%{User-Name}', \
+ expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
+ WHERE framedipaddress = '%I' \
+ AND expiry_time IS NULL"
+
+#
+# This series of queries frees an IP number when an accounting START record arrives
+#
+start_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
+ WHERE nasipaddress = '%{NAS-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting STOP record arrives
+#
+stop_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees an IP number when an accounting
+# ALIVE record arrives
+#
+alive_update = "\
+ UPDATE ${ippool_table} \
+ SET \
+ expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
+ WHERE nasipaddress = '%{Nas-IP-Address}' \
+ AND pool_key = '${pool_key}' \
+ AND username = '%{User-Name}' \
+ AND callingstationid = '%{Calling-Station-Id}' \
+ AND framedipaddress = '%{Framed-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting ON record arrives
+#
+on_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
+
+#
+# This series of queries frees the IP numbers allocate to a
+# NAS when an accounting OFF record arrives
+#
+off_clear = "\
+ UPDATE ${ippool_table} \
+ SET \
+ nasipaddress = '', \
+ pool_key = 0, \
+ callingstationid = '', \
+ username = '', \
+ expiry_time = NULL \
+ WHERE nasipaddress = '%{Nas-IP-Address}'"
# -*- text -*-
-##
-## dialup.conf -- MSSQL configuration for default schema (schema.sql)
-##
-## $Id$
+#
+# main/mssql/queries.conf -- MSSQL configuration for default schema (schema.sql)
+#
+# $Id$
- # Safe characters list for sql queries. Everything else is replaced
- # with their mime-encoded equivalents.
- # The default list should be ok
- #safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
+# Safe characters list for sql queries. Everything else is replaced
+# with their mime-encoded equivalents.
+# The default list should be ok
+#safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
- #######################################################################
- # Query config: Username
- #######################################################################
- # This is the username that will get substituted, escaped, and added
- # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
- # below everywhere a username substitution is needed so you you can
- # be sure the username passed from the client is escaped properly.
- #
- # Uncomment the next line, if you want the sql_user_name to mean:
- #
- # Use Stripped-User-Name, if it's there.
- # Else use User-Name, if it's there,
- # Else use hard-coded string "none" as the user name.
- #sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name:-none}}"
- #
- sql_user_name = "%{User-Name}"
+#######################################################################
+# Query config: Username
+#######################################################################
+# This is the username that will get substituted, escaped, and added
+# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
+# below everywhere a username substitution is needed so you you can
+# be sure the username passed from the client is escaped properly.
+#
+# Uncomment the next line, if you want the sql_user_name to mean:
+#
+# Use Stripped-User-Name, if it's there.
+# Else use User-Name, if it's there,
+# Else use hard-coded string "none" as the user name.
+#sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name:-none}}"
+#
+sql_user_name = "%{User-Name}"
+#######################################################################
+# Authorization Queries
+#######################################################################
+# These queries compare the check items for the user
+# in ${authcheck_table} and setup the reply items in
+# ${authreply_table}. You can use any query/tables
+# you want, but the return data for each row MUST
+# be in the following order:
+#
+# 0. Row ID (currently unused)
+# 1. UserName/GroupName
+# 2. Item Attr Name
+# 3. Item Attr Value
+# 4. Item Attr Operation
+#######################################################################
+# Query for case sensitive usernames was removed. Please contact with me,
+# if you know analog of STRCMP functions for MS SQL.
- #######################################################################
- # Authorization Queries
- #######################################################################
- # These queries compare the check items for the user
- # in ${authcheck_table} and setup the reply items in
- # ${authreply_table}. You can use any query/tables
- # you want, but the return data for each row MUST
- # be in the following order:
- #
- # 0. Row ID (currently unused)
- # 1. UserName/GroupName
- # 2. Item Attr Name
- # 3. Item Attr Value
- # 4. Item Attr Operation
- #######################################################################
- # Query for case sensitive usernames was removed. Please contact with me,
- # if you know analog of STRCMP functions for MS SQL.
+authorize_check_query = "\
+ SELECT id, UserName, Attribute, Value, op \
+ FROM ${authcheck_table} \
+ WHERE Username = '%{SQL-User-Name}' \
+ ORDER BY id"
- authorize_check_query = "SELECT id,UserName,Attribute,Value,op \
- FROM ${authcheck_table} \
- WHERE Username = '%{SQL-User-Name}' \
- ORDER BY id"
+authorize_reply_query = "\
+ SELECT id, UserName, Attribute, Value, op \
+ FROM ${authreply_table} \
+ WHERE Username = '%{SQL-User-Name}' \
+ ORDER BY id"
- authorize_reply_query = "SELECT id,UserName,Attribute,Value,op \
- FROM ${authreply_table} \
- WHERE Username = '%{SQL-User-Name}' \
- ORDER BY id"
+authorize_group_check_query = "\
+ SELECT \
+ ${groupcheck_table}.id,${groupcheck_table}.GroupName, \
+ ${groupcheck_table}.Attribute,${groupcheck_table}.Value, \
+ ${groupcheck_table}.op \
+ FROM ${groupcheck_table},${usergroup_table} \
+ WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
+ AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
+ ORDER BY ${groupcheck_table}.id"
- authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName, \
- ${groupcheck_table}.Attribute,${groupcheck_table}.Value, \
- ${groupcheck_table}.op \
- FROM ${groupcheck_table},${usergroup_table} \
- WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
- AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
- ORDER BY ${groupcheck_table}.id"
- authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName, \
- ${groupreply_table}.Attribute,${groupreply_table}.Value, \
- ${groupreply_table}.op \
- FROM ${groupreply_table},${usergroup_table} \
- WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
- AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
- ORDER BY ${groupreply_table}.id"
+authorize_group_reply_query = "\
+ SELECT \
+ ${groupreply_table}.id, ${groupreply_table}.GroupName, \
+ ${groupreply_table}.Attribute,${groupreply_table}.Value, \
+ ${groupreply_table}.op \
+ FROM ${groupreply_table},${usergroup_table} \
+ WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
+ AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
+ ORDER BY ${groupreply_table}.id"
- group_membership_query = "SELECT groupname \
- FROM ${usergroup_table} \
- WHERE username = '%{SQL-User-Name}' \
- ORDER BY priority"
+group_membership_query = "\
+ SELECT groupname \
+ FROM ${usergroup_table} \
+ WHERE username = '%{SQL-User-Name}' \
+ ORDER BY priority"
- #######################################################################
- # Accounting and Post-Auth Queries
- #######################################################################
- # These queries insert/update accounting and authentication records.
- # The query to use is determined by the value of 'reference'.
- # This value is used as a configuration path and should resolve to one
- # or more 'query's. If reference points to multiple queries, and a query
- # fails, the next query is executed.
- #
- # Behaviour is identical to the old 1.x/2.x module, except we can now
- # fail between N queries, and query selection can be based on any
- # combination of attributes, or custom 'Acct-Status-Type' values.
- #######################################################################
- accounting {
- reference = "%{tolower:type.%{Acct-Status-Type}.query}"
+#######################################################################
+# Accounting and Post-Auth Queries
+#######################################################################
+# These queries insert/update accounting and authentication records.
+# The query to use is determined by the value of 'reference'.
+# This value is used as a configuration path and should resolve to one
+# or more 'query's. If reference points to multiple queries, and a query
+# fails, the next query is executed.
+#
+# Behaviour is identical to the old 1.x/2.x module, except we can now
+# fail between N queries, and query selection can be based on any
+# combination of attributes, or custom 'Acct-Status-Type' values.
+#######################################################################
+accounting {
+ reference = "%{tolower:type.%{Acct-Status-Type}.query}"
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/accounting.sql
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/accounting.sql
- type {
- accounting-on {
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- AcctStopTime='%S', \
- AcctSessionTime=unix_timestamp('%S') - \
- unix_timestamp(AcctStartTime), \
- AcctTerminateCause='%{Acct-Terminate-Cause}', \
- AcctStopDelay = %{Acct-Delay-Time:-0} \
- WHERE AcctStopTime = 0 \
- AND NASIPAddress = '%{NAS-IP-Address}' \
- AND AcctStartTime <= '%S'"
- }
+ type {
+ accounting-on {
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ AcctStopTime='%S', \
+ AcctSessionTime=unix_timestamp('%S') - \
+ unix_timestamp(AcctStartTime), \
+ AcctTerminateCause='%{Acct-Terminate-Cause}', \
+ AcctStopDelay = %{Acct-Delay-Time:-0} \
+ WHERE AcctStopTime = 0 \
+ AND NASIPAddress = '%{NAS-IP-Address}' \
+ AND AcctStartTime <= '%S'"
+ }
- accounting-off {
- query = "${..accounting-on.query}"
- }
+ accounting-off {
+ query = "${..accounting-on.query}"
+ }
- start {
- query = "\
- INSERT INTO ${....acct_table1} \
- (AcctSessionId, AcctUniqueId, UserName, \
- Realm, NASIPAddress, NASPort, \
- NASPortType, AcctStartTime, AcctSessionTime, \
- AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, \
- AcctInputOctets, AcctOutputOctets, CalledStationId, \
- CallingStationId, AcctTerminateCause, ServiceType, \
- FramedProtocol, FramedIPAddress, AcctStartDelay, \
- AcctStopDelay, XAscendSessionSvrKey) \
- VALUES(\
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port-Id}', \
- '%{NAS-Port-Type}', \
- '%S', \
- '0', \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- '', \
- '0', \
- '0', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}', \
- '%{Acct-Delay-Time}', \
- '0', \
- '%{X-Ascend-Session-Svr-Key}')"
+ start {
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (AcctSessionId, AcctUniqueId, UserName, \
+ Realm, NASIPAddress, NASPort, \
+ NASPortType, AcctStartTime, AcctSessionTime, \
+ AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, \
+ AcctInputOctets, AcctOutputOctets, CalledStationId, \
+ CallingStationId, AcctTerminateCause, ServiceType, \
+ FramedProtocol, FramedIPAddress, AcctStartDelay, \
+ AcctStopDelay, XAscendSessionSvrKey) \
+ VALUES(\
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port-Id}', \
+ '%{NAS-Port-Type}', \
+ '%S', \
+ '0', \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ '', \
+ '0', \
+ '0', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}', \
+ '%{Acct-Delay-Time}', \
+ '0', \
+ '%{X-Ascend-Session-Svr-Key}')"
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- AcctStartTime = '%S', \
- AcctStartDelay = '%{Acct-Delay-Time:-0}', \
- ConnectInfo_start = '%{Connect-Info}' \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress = '%{NAS-IP-Address}' \
- AND AcctStopTime = 0"
- }
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ AcctStartTime = '%S', \
+ AcctStartDelay = '%{Acct-Delay-Time:-0}', \
+ ConnectInfo_start = '%{Connect-Info}' \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress = '%{NAS-IP-Address}' \
+ AND AcctStopTime = 0"
+ }
- interim-update {
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- FramedIPAddress = '%{Framed-IP-Address}' \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress= '%{NAS-IP-Address}' \
- AND AcctStopTime = 0"
+ interim-update {
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ FramedIPAddress = '%{Framed-IP-Address}' \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress= '%{NAS-IP-Address}' \
+ AND AcctStopTime = 0"
- query = "\
- INSERT INTO ${....acct_table1} \
- (AcctSessionId, AcctUniqueId, UserName, \
- Realm, NASIPAddress, NASPort, \
- NASPortType, AcctSessionTime, AcctAuthentic, \
- ConnectInfo_start, AcctInputOctets, AcctOutputOctets, \
- CalledStationId, CallingStationId, ServiceType, \
- FramedProtocol, FramedIPAddress, AcctStartDelay, \
- XAscendSessionSvrKey) \
- VALUES(\
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port-Id}', \
- '%{NAS-Port-Type}', \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', \
- '', \
- '%{Acct-Input-Octets}', \
- '%{Acct-Output-Octets}', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}', \
- '0', \
- '%{X-Ascend-Session-Svr-Key}')"
- }
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (AcctSessionId, AcctUniqueId, UserName, \
+ Realm, NASIPAddress, NASPort, \
+ NASPortType, AcctSessionTime, AcctAuthentic, \
+ ConnectInfo_start, AcctInputOctets, AcctOutputOctets, \
+ CalledStationId, CallingStationId, ServiceType, \
+ FramedProtocol, FramedIPAddress, AcctStartDelay, \
+ XAscendSessionSvrKey) \
+ VALUES(\
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port-Id}', \
+ '%{NAS-Port-Type}', \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', \
+ '', \
+ '%{Acct-Input-Octets}', \
+ '%{Acct-Output-Octets}', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}', \
+ '0', \
+ '%{X-Ascend-Session-Svr-Key}')"
+ }
- stop {
- query = "\
- UPDATE ${....acct_table2} \
- SET \
- AcctStopTime = '%S', \
- AcctSessionTime = '%{Acct-Session-Time}', \
- AcctInputOctets = '%{Acct-Input-Octets}', \
- AcctOutputOctets = '%{Acct-Output-Octets}', \
- AcctTerminateCause = '%{Acct-Terminate-Cause}', \
- AcctStopDelay = '%{Acct-Delay-Time:-0}', \
- ConnectInfo_stop = '%{Connect-Info}' \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress = '%{NAS-IP-Address}' \
- AND AcctStopTime = 0"
+ stop {
+ query = "\
+ UPDATE ${....acct_table2} \
+ SET \
+ AcctStopTime = '%S', \
+ AcctSessionTime = '%{Acct-Session-Time}', \
+ AcctInputOctets = '%{Acct-Input-Octets}', \
+ AcctOutputOctets = '%{Acct-Output-Octets}', \
+ AcctTerminateCause = '%{Acct-Terminate-Cause}', \
+ AcctStopDelay = '%{Acct-Delay-Time:-0}', \
+ ConnectInfo_stop = '%{Connect-Info}' \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress = '%{NAS-IP-Address}' \
+ AND AcctStopTime = 0"
- query = "\
- INSERT into ${....acct_table2} \
- (AcctSessionId, AcctUniqueId, UserName, \
- Realm, NASIPAddress, NASPort, \
- NASPortType, AcctStopTime, AcctSessionTime, \
- AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, \
- AcctInputOctets, AcctOutputOctets, CalledStationId, \
- CallingStationId, AcctTerminateCause, ServiceType, \
- FramedProtocol, FramedIPAddress, AcctStartDelay, \
- AcctStopDelay) \
- VALUES(\
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port-Id}', \
- '%{NAS-Port-Type}', \
- '%S', \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', \
- '', \
- '%{Connect-Info}', \
- '%{Acct-Input-Octets}', \
- '%{Acct-Output-Octets}', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '%{Acct-Terminate-Cause}', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}', \
- '0', \
- '%{Acct-Delay-Time:-0}')"
- }
+ query = "\
+ INSERT into ${....acct_table2} \
+ (AcctSessionId, AcctUniqueId, UserName, \
+ Realm, NASIPAddress, NASPort, \
+ NASPortType, AcctStopTime, AcctSessionTime, \
+ AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, \
+ AcctInputOctets, AcctOutputOctets, CalledStationId, \
+ CallingStationId, AcctTerminateCause, ServiceType, \
+ FramedProtocol, FramedIPAddress, AcctStartDelay, \
+ AcctStopDelay) \
+ VALUES(\
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port-Id}', \
+ '%{NAS-Port-Type}', \
+ '%S', \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', \
+ '', \
+ '%{Connect-Info}', \
+ '%{Acct-Input-Octets}', \
+ '%{Acct-Output-Octets}', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '%{Acct-Terminate-Cause}', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}', \
+ '0', \
+ '%{Acct-Delay-Time:-0}')"
}
}
+}
- post-auth {
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/post-auth.sql
- }
+post-auth {
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/post-auth.sql
+}
# -*- text -*-
-##
-## dialup.conf -- MySQL configuration for default schema (schema.sql)
-##
-## $Id$
-
- # Safe characters list for sql queries. Everything else is replaced
- # with their mime-encoded equivalents.
- # The default list should be ok
- #safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
-
- #######################################################################
- # Connection config
- #######################################################################
- # The character set is not configurable. The default character set of
- # the mysql client library is used. To control the character set,
- # create/edit my.cnf (typically in /etc/mysql/my.cnf or /etc/my.cnf)
- # and enter
- # [client]
- # default-character-set = utf8
- #
-
- #######################################################################
- # Query config: Username
- #######################################################################
- # This is the username that will get substituted, escaped, and added
- # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
- # everywhere a username substitution is needed so you you can be sure
- # the username passed from the client is escaped properly.
- #
- # Uncomment the next line, if you want the sql_user_name to mean:
- #
- # Use Stripped-User-Name, if it's there.
- # Else use User-Name, if it's there,
- # Else use hard-coded string "DEFAULT" as the user name.
- #sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
- #
- sql_user_name = "%{User-Name}"
-
- #######################################################################
- # Default profile
- #######################################################################
- # This is the default profile. It is found in SQL by group membership.
- # That means that this profile must be a member of at least one group
- # which will contain the corresponding check and reply items.
- # This profile will be queried in the authorize section for every user.
- # The point is to assign all users a default profile without having to
- # manually add each one to a group that will contain the profile.
- # The SQL module will also honor the User-Profile attribute. This
- # attribute can be set anywhere in the authorize section (ie the users
- # file). It is found exactly as the default profile is found.
- # If it is set then it will *overwrite* the default profile setting.
- # The idea is to select profiles based on checks on the incoming packets,
- # not on user group membership. For example:
- # -- users file --
- # DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
- # DEFAULT Service-Type == Framed-User, User-Profile := "framed"
- #
- # By default the default_user_profile is not set
- #
- #default_user_profile = "DEFAULT"
-
- #######################################################################
- # NAS Query
- #######################################################################
- # This query retrieves the radius clients
- #
- # 0. Row ID (currently unused)
- # 1. Name (or IP address)
- # 2. Shortname
- # 3. Type
- # 4. Secret
- # 5. Server
- #######################################################################
-
- client_query = "SELECT id, nasname, shortname, type, secret, server FROM ${client_table}"
-
- #######################################################################
- # Authorization Queries
- #######################################################################
- # These queries compare the check items for the user
- # in ${authcheck_table} and setup the reply items in
- # ${authreply_table}. You can use any query/tables
- # you want, but the return data for each row MUST
- # be in the following order:
- #
- # 0. Row ID (currently unused)
- # 1. UserName/GroupName
- # 2. Item Attr Name
- # 3. Item Attr Value
- # 4. Item Attr Operation
- #######################################################################
- # Use these for case sensitive usernames.
-# authorize_check_query = "\
+#
+# main/mysql/queries.conf-- MySQL configuration for default schema (schema.sql)
+#
+# $Id$
+
+# Safe characters list for sql queries. Everything else is replaced
+# with their mime-encoded equivalents.
+# The default list should be ok
+#safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
+
+#######################################################################
+# Connection config
+#######################################################################
+# The character set is not configurable. The default character set of
+# the mysql client library is used. To control the character set,
+# create/edit my.cnf (typically in /etc/mysql/my.cnf or /etc/my.cnf)
+# and enter
+# [client]
+# default-character-set = utf8
+#
+
+#######################################################################
+# Query config: Username
+#######################################################################
+# This is the username that will get substituted, escaped, and added
+# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
+# everywhere a username substitution is needed so you you can be sure
+# the username passed from the client is escaped properly.
+#
+# Uncomment the next line, if you want the sql_user_name to mean:
+#
+# Use Stripped-User-Name, if it's there.
+# Else use User-Name, if it's there,
+# Else use hard-coded string "DEFAULT" as the user name.
+#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
+#
+sql_user_name = "%{User-Name}"
+
+#######################################################################
+# Default profile
+#######################################################################
+# This is the default profile. It is found in SQL by group membership.
+# That means that this profile must be a member of at least one group
+# which will contain the corresponding check and reply items.
+# This profile will be queried in the authorize section for every user.
+# The point is to assign all users a default profile without having to
+# manually add each one to a group that will contain the profile.
+# The SQL module will also honor the User-Profile attribute. This
+# attribute can be set anywhere in the authorize section (ie the users
+# file). It is found exactly as the default profile is found.
+# If it is set then it will *overwrite* the default profile setting.
+# The idea is to select profiles based on checks on the incoming packets,
+# not on user group membership. For example:
+# -- users file --
+# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
+# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
+#
+# By default the default_user_profile is not set
+#
+#default_user_profile = "DEFAULT"
+
+#######################################################################
+# NAS Query
+#######################################################################
+# This query retrieves the radius clients
+#
+# 0. Row ID (currently unused)
+# 1. Name (or IP address)
+# 2. Shortname
+# 3. Type
+# 4. Secret
+# 5. Server
+#######################################################################
+
+client_query = "\
+ SELECT id, nasname, shortname, type, secret, server \
+ FROM ${client_table}"
+
+#######################################################################
+# Authorization Queries
+#######################################################################
+# These queries compare the check items for the user
+# in ${authcheck_table} and setup the reply items in
+# ${authreply_table}. You can use any query/tables
+# you want, but the return data for each row MUST
+# be in the following order:
+#
+# 0. Row ID (currently unused)
+# 1. UserName/GroupName
+# 2. Item Attr Name
+# 3. Item Attr Value
+# 4. Item Attr Operation
+#######################################################################
+# Use these for case sensitive usernames.
+
+authorize_check_query = "\
# SELECT id, username, attribute, value, op \
# FROM ${authcheck_table} \
# WHERE username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
-# authorize_reply_query = "\
+authorize_reply_query = "\
# SELECT id, username, attribute, value, op \
# FROM ${authreply_table} \
# WHERE username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
- # The default queries are case insensitive. (for compatibility with
- # older versions of FreeRADIUS)
- authorize_check_query = "\
+#
+# The default queries are case insensitive. (for compatibility with
+# older versions of FreeRADIUS)
+#
+authorize_check_query = "\
SELECT id, username, attribute, value, op \
FROM ${authcheck_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY id"
- authorize_reply_query = "\
+authorize_reply_query = "\
SELECT id, username, attribute, value, op \
FROM ${authreply_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY id"
- # Use these for case sensitive usernames.
-# group_membership_query = "\
+#
+# Use these for case sensitive usernames.
+#
+group_membership_query = "\
# SELECT groupname \
# FROM ${usergroup_table} \
# WHERE username = BINARY '%{SQL-User-Name}' \
# ORDER BY priority"
- group_membership_query = "\
+group_membership_query = "\
SELECT groupname \
FROM ${usergroup_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY priority"
- authorize_group_check_query = "\
+authorize_group_check_query = "\
SELECT id, groupname, attribute, \
Value, op \
FROM ${groupcheck_table} \
WHERE groupname = '%{Sql-Group}' \
ORDER BY id"
- authorize_group_reply_query = "\
+authorize_group_reply_query = "\
SELECT id, groupname, attribute, \
value, op \
FROM ${groupreply_table} \
WHERE groupname = '%{Sql-Group}' \
ORDER BY id"
- #######################################################################
- # Simultaneous Use Checking Queries
- #######################################################################
- # simul_count_query - query for the number of current connections
- # - If this is not defined, no simultaneouls use checking
- # - will be performed by this module instance
- # simul_verify_query - query to return details of current connections
- # for verification
- # - Leave blank or commented out to disable verification step
- # - Note that the returned field order should not be changed.
- #######################################################################
-
- # Uncomment simul_count_query to enable simultaneous use checking
-# simul_count_query = "\
+#######################################################################
+# Simultaneous Use Checking Queries
+#######################################################################
+# simul_count_query - query for the number of current connections
+# - If this is not defined, no simultaneouls use checking
+# - will be performed by this module instance
+# simul_verify_query - query to return details of current connections
+# for verification
+# - Leave blank or commented out to disable verification step
+# - Note that the returned field order should not be changed.
+#######################################################################
+
+#
+# Uncomment simul_count_query to enable simultaneous use checking
+#
+#simul_count_query = "\
# SELECT COUNT(*) \
# FROM ${acct_table1} \
# WHERE username = '%{SQL-User-Name}' \
# AND acctstoptime IS NULL"
- simul_verify_query = "\
- SELECT radacctid, acctsessionid, username, \
- nasipaddress, nasportid, framedipaddress, \
- callingstationid, framedprotocol \
+simul_verify_query = "\
+ SELECT \
+ radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, \
+ callingstationid, framedprotocol \
FROM ${acct_table1} \
WHERE username = '%{SQL-User-Name}' \
AND acctstoptime IS NULL"
- #######################################################################
- # Accounting and Post-Auth Queries
- #######################################################################
- # These queries insert/update accounting and authentication records.
- # The query to use is determined by the value of 'reference'.
- # This value is used as a configuration path and should resolve to one
- # or more 'query's. If reference points to multiple queries, and a query
- # fails, the next query is executed.
- #
- # Behaviour is identical to the old 1.x/2.x module, except we can now
- # fail between N queries, and query selection can be based on any
- # combination of attributes, or custom 'Acct-Status-Type' values.
- #######################################################################
- accounting {
- reference = "%{tolower:type.%{Acct-Status-Type}.query}"
-
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/accounting.sql
-
- column_list = "\
- acctsessionid, acctuniqueid, username, \
- realm, nasipaddress, nasportid, \
- nasporttype, acctstarttime, acctupdatetime, \
- acctstoptime, acctsessiontime, acctauthentic, \
- connectinfo_start, connectinfo_stop, acctinputoctets, \
- acctoutputoctets, calledstationid, callingstationid, \
- acctterminatecause, servicetype, framedprotocol, \
- framedipaddress"
-
- type {
- accounting-on {
- #
- # Bulk terminate all sessions associated with a given NAS
- #
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- acctstoptime = FROM_UNIXTIME(\
- %{integer:Event-Timestamp}), \
- acctsessiontime = '%{integer:Event-Timestamp}' \
- - UNIX_TIMESTAMP(acctstarttime), \
- acctterminatecause = '%{Acct-Terminate-Cause}' \
- WHERE acctstoptime IS NULL \
- AND nasipaddress = '%{NAS-IP-Address}' \
- AND acctstarttime <= FROM_UNIXTIME(\
- %{integer:Event-Timestamp})"
- }
-
- accounting-off {
- query = "${..accounting-on.query}"
- }
-
- start {
- #
- # Insert a new record into the sessions table
- #
- query = "\
- INSERT INTO ${....acct_table1} \
- (${...column_list}) \
- VALUES \
- ('%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port}', \
- '%{NAS-Port-Type}', \
- FROM_UNIXTIME(%{integer:Event-Timestamp}), \
- FROM_UNIXTIME(%{integer:Event-Timestamp}), \
- NULL, \
- '0', \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- '', \
- '0', \
- '0', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}')"
-
- #
- # Key constraints prevented us from inserting a new session,
- # use the alternate query to update an existing session.
- #
- query = "\
- UPDATE ${....acct_table1} SET \
- acctstarttime = FROM_UNIXTIME(%{integer:Event-Timestamp}), \
- acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), \
- connectinfo_start = '%{Connect-Info}' \
- WHERE acctsessionid = '%{Acct-Session-Id}' \
- AND username = '%{SQL-User-Name}' \
- AND nasipaddress = '%{NAS-IP-Address}'"
- }
-
- interim-update {
- #
- # Update an existing session and calculate the interval
- # between the last data we received for the session and this
- # update. This can be used to find stale sessions.
- #
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- acctupdatetime = (@acctupdatetime_old:=acctupdatetime), \
- acctupdatetime = FROM_UNIXTIME(\
- %{integer:Event-Timestamp}), \
- acctinterval = %{integer:Event-Timestamp} - \
- UNIX_TIMESTAMP(@acctupdatetime_old), \
- framedipaddress = '%{Framed-IP-Address}', \
- acctsessiontime = '%{Acct-Session-Time}', \
- acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' \
- << 32 | '%{%{Acct-Input-Octets}:-0}', \
- acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' \
- << 32 | '%{%{Acct-Output-Octets}:-0}' \
- WHERE acctsessionid = '%{Acct-Session-Id}' \
- AND username = '%{SQL-User-Name}' \
- AND nasipaddress = '%{NAS-IP-Address}'"
-
- #
- # The update condition matched no existing sessions. Use
- # the values provided in the update to create a new session.
- #
- query = "\
- INSERT INTO ${....acct_table1} \
- (${...column_list}) \
- VALUES \
- ('%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port}', \
- '%{NAS-Port-Type}', \
- FROM_UNIXTIME(%{integer:Event-Timestamp} - \
- %{%{Acct-Session-Time}:-0}), \
- FROM_UNIXTIME(%{integer:Event-Timestamp}), \
- NULL, \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- '', \
- '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
- '%{%{Acct-Input-Octets}:-0}', \
- '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
- '%{%{Acct-Output-Octets}:-0}', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}')"
- }
-
- stop {
- #
- # Session has terminated, update the stop time and statistics.
- #
- query = "\
- UPDATE ${....acct_table2} SET \
- acctstoptime = FROM_UNIXTIME(\
- %{integer:Event-Timestamp}), \
- acctsessiontime = '%{Acct-Session-Time}', \
- acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' \
- << 32 | '%{%{Acct-Input-Octets}:-0}', \
- acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' \
- << 32 | '%{%{Acct-Output-Octets}:-0}', \
- acctterminatecause = '%{Acct-Terminate-Cause}', \
- connectinfo_stop = '%{Connect-Info}' \
- WHERE acctsessionid = '%{Acct-Session-Id}' \
- AND username = '%{SQL-User-Name}' \
- AND nasipaddress = '%{NAS-IP-Address}'"
-
- #
- # The update condition matched no existing sessions. Use
- # the values provided in the update to create a new session.
- #
- query = "\
- INSERT INTO ${....acct_table2} \
- (${...column_list}) \
- VALUES \
- ('%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port}', \
- '%{NAS-Port-Type}', \
- FROM_UNIXTIME(%{integer:Event-Timestamp} - \
- %{%{Acct-Session-Time}:-0}), \
- FROM_UNIXTIME(%{integer:Event-Timestamp}), \
- FROM_UNIXTIME(%{integer:Event-Timestamp}), \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', '', \
- '%{Connect-Info}', \
- '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
- '%{%{Acct-Input-Octets}:-0}', \
- '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
- '%{%{Acct-Output-Octets}:-0}', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '%{Acct-Terminate-Cause}', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}')"
- }
+#######################################################################
+# Accounting and Post-Auth Queries
+#######################################################################
+# These queries insert/update accounting and authentication records.
+# The query to use is determined by the value of 'reference'.
+# This value is used as a configuration path and should resolve to one
+# or more 'query's. If reference points to multiple queries, and a query
+# fails, the next query is executed.
+#
+# Behaviour is identical to the old 1.x/2.x module, except we can now
+# fail between N queries, and query selection can be based on any
+# combination of attributes, or custom 'Acct-Status-Type' values.
+#######################################################################
+accounting {
+ reference = "%{tolower:type.%{Acct-Status-Type}.query}"
+
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/accounting.sql
+
+ column_list = "\
+ acctsessionid, acctuniqueid, username, \
+ realm, nasipaddress, nasportid, \
+ nasporttype, acctstarttime, acctupdatetime, \
+ acctstoptime, acctsessiontime, acctauthentic, \
+ connectinfo_start, connectinfo_stop, acctinputoctets, \
+ acctoutputoctets, calledstationid, callingstationid, \
+ acctterminatecause, servicetype, framedprotocol, \
+ framedipaddress"
+
+ type {
+ accounting-on {
+ #
+ # Bulk terminate all sessions associated with a given NAS
+ #
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ acctstoptime = FROM_UNIXTIME(\
+ %{integer:Event-Timestamp}), \
+ acctsessiontime = '%{integer:Event-Timestamp}' \
+ - UNIX_TIMESTAMP(acctstarttime), \
+ acctterminatecause = '%{Acct-Terminate-Cause}' \
+ WHERE acctstoptime IS NULL \
+ AND nasipaddress = '%{NAS-IP-Address}' \
+ AND acctstarttime <= FROM_UNIXTIME(\
+ %{integer:Event-Timestamp})"
}
- }
- #######################################################################
- # Authentication Logging Queries
- #######################################################################
- # postauth_query - Insert some info after authentication
- #######################################################################
-
- post-auth {
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/post-auth.sql
-
- query = "\
- INSERT INTO ${..postauth_table} \
- (username, pass, reply, authdate) \
- VALUES ( \
- '%{SQL-User-Name}', \
- '%{%{User-Password}:-%{Chap-Password}}', \
- '%{reply:Packet-Type}', \
- '%S')"
+ accounting-off {
+ query = "${..accounting-on.query}"
+ }
+
+ start {
+ #
+ # Insert a new record into the sessions table
+ #
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (${...column_list}) \
+ VALUES \
+ ('%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port}', \
+ '%{NAS-Port-Type}', \
+ FROM_UNIXTIME(%{integer:Event-Timestamp}), \
+ FROM_UNIXTIME(%{integer:Event-Timestamp}), \
+ NULL, \
+ '0', \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ '', \
+ '0', \
+ '0', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}')"
+
+ #
+ # Key constraints prevented us from inserting a new session,
+ # use the alternate query to update an existing session.
+ #
+ query = "\
+ UPDATE ${....acct_table1} SET \
+ acctstarttime = FROM_UNIXTIME(%{integer:Event-Timestamp}), \
+ acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), \
+ connectinfo_start = '%{Connect-Info}' \
+ WHERE acctsessionid = '%{Acct-Session-Id}' \
+ AND username = '%{SQL-User-Name}' \
+ AND nasipaddress = '%{NAS-IP-Address}'"
+ }
+
+ interim-update {
+ #
+ # Update an existing session and calculate the interval
+ # between the last data we received for the session and this
+ # update. This can be used to find stale sessions.
+ #
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ acctupdatetime = (@acctupdatetime_old:=acctupdatetime), \
+ acctupdatetime = FROM_UNIXTIME(\
+ %{integer:Event-Timestamp}), \
+ acctinterval = %{integer:Event-Timestamp} - \
+ UNIX_TIMESTAMP(@acctupdatetime_old), \
+ framedipaddress = '%{Framed-IP-Address}', \
+ acctsessiontime = '%{Acct-Session-Time}', \
+ acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' \
+ << 32 | '%{%{Acct-Input-Octets}:-0}', \
+ acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' \
+ << 32 | '%{%{Acct-Output-Octets}:-0}' \
+ WHERE acctsessionid = '%{Acct-Session-Id}' \
+ AND username = '%{SQL-User-Name}' \
+ AND nasipaddress = '%{NAS-IP-Address}'"
+
+ #
+ # The update condition matched no existing sessions. Use
+ # the values provided in the update to create a new session.
+ #
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (${...column_list}) \
+ VALUES \
+ ('%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port}', \
+ '%{NAS-Port-Type}', \
+ FROM_UNIXTIME(%{integer:Event-Timestamp} - \
+ %{%{Acct-Session-Time}:-0}), \
+ FROM_UNIXTIME(%{integer:Event-Timestamp}), \
+ NULL, \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ '', \
+ '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
+ '%{%{Acct-Input-Octets}:-0}', \
+ '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
+ '%{%{Acct-Output-Octets}:-0}', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}')"
+ }
+
+ stop {
+ #
+ # Session has terminated, update the stop time and statistics.
+ #
+ query = "\
+ UPDATE ${....acct_table2} SET \
+ acctstoptime = FROM_UNIXTIME(\
+ %{integer:Event-Timestamp}), \
+ acctsessiontime = '%{Acct-Session-Time}', \
+ acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' \
+ << 32 | '%{%{Acct-Input-Octets}:-0}', \
+ acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' \
+ << 32 | '%{%{Acct-Output-Octets}:-0}', \
+ acctterminatecause = '%{Acct-Terminate-Cause}', \
+ connectinfo_stop = '%{Connect-Info}' \
+ WHERE acctsessionid = '%{Acct-Session-Id}' \
+ AND username = '%{SQL-User-Name}' \
+ AND nasipaddress = '%{NAS-IP-Address}'"
+
+ #
+ # The update condition matched no existing sessions. Use
+ # the values provided in the update to create a new session.
+ #
+ query = "\
+ INSERT INTO ${....acct_table2} \
+ (${...column_list}) \
+ VALUES \
+ ('%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port}', \
+ '%{NAS-Port-Type}', \
+ FROM_UNIXTIME(%{integer:Event-Timestamp} - \
+ %{%{Acct-Session-Time}:-0}), \
+ FROM_UNIXTIME(%{integer:Event-Timestamp}), \
+ FROM_UNIXTIME(%{integer:Event-Timestamp}), \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', '', \
+ '%{Connect-Info}', \
+ '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
+ '%{%{Acct-Input-Octets}:-0}', \
+ '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
+ '%{%{Acct-Output-Octets}:-0}', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '%{Acct-Terminate-Cause}', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}')"
+ }
}
+}
+
+#######################################################################
+# Authentication Logging Queries
+#######################################################################
+# postauth_query - Insert some info after authentication
+#######################################################################
+
+post-auth {
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/post-auth.sql
+
+ query = "\
+ INSERT INTO ${..postauth_table} \
+ (username, pass, reply, authdate) \
+ VALUES ( \
+ '%{SQL-User-Name}', \
+ '%{%{User-Password}:-%{Chap-Password}}', \
+ '%{reply:Packet-Type}', \
+ '%S')"
+}
# -*- text -*-
-##
-## dialup.conf -- Oracle configuration for default schema (schema.sql)
-##
-## $Id$
+#
+# main/oracle/queries.conf -- Oracle configuration for default schema (schema.sql)
+#
+# $Id$
- #######################################################################
- # Query config: Username
- #######################################################################
- # This is the username that will get substituted, escaped, and added
- # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
- # everywhere a username substitution is needed so you you can be sure
- # the username passed from the client is escaped properly.
- #
- # Uncomment the next line, if you want the sql_user_name to mean:
- #
- # Use Stripped-User-Name, if it's there.
- # Else use User-Name, if it's there,
- # Else use hard-coded string "DEFAULT" as the user name.
- #sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
- #
- sql_user_name = "%{User-Name}"
+#######################################################################
+# Query config: Username
+#######################################################################
+# This is the username that will get substituted, escaped, and added
+# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
+# everywhere a username substitution is needed so you you can be sure
+# the username passed from the client is escaped properly.
+#
+# Uncomment the next line, if you want the sql_user_name to mean:
+#
+# Use Stripped-User-Name, if it's there.
+# Else use User-Name, if it's there,
+# Else use hard-coded string "DEFAULT" as the user name.
+#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
+#
+sql_user_name = "%{User-Name}"
- #######################################################################
- # Default profile
- #######################################################################
- # This is the default profile. It is found in SQL by group membership.
- # That means that this profile must be a member of at least one group
- # which will contain the corresponding check and reply items.
- # This profile will be queried in the authorize section for every user.
- # The point is to assign all users a default profile without having to
- # manually add each one to a group that will contain the profile.
- # The SQL module will also honor the User-Profile attribute. This
- # attribute can be set anywhere in the authorize section (ie the users
- # file). It is found exactly as the default profile is found.
- # If it is set then it will *overwrite* the default profile setting.
- # The idea is to select profiles based on checks on the incoming packets,
- # not on user group membership. For example:
- # -- users file --
- # DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
- # DEFAULT Service-Type == Framed-User, User-Profile := "framed"
- #
- # By default the default_user_profile is not set
- #
- #default_user_profile = "DEFAULT"
- #
- # Determines if we will query the default_user_profile or the User-Profile
- # if the user is not found. If the profile is found then we consider the user
- # found. By default this is set to 'no'.
- #
- #query_on_not_found = no
+#######################################################################
+# Default profile
+#######################################################################
+# This is the default profile. It is found in SQL by group membership.
+# That means that this profile must be a member of at least one group
+# which will contain the corresponding check and reply items.
+# This profile will be queried in the authorize section for every user.
+# The point is to assign all users a default profile without having to
+# manually add each one to a group that will contain the profile.
+# The SQL module will also honor the User-Profile attribute. This
+# attribute can be set anywhere in the authorize section (ie the users
+# file). It is found exactly as the default profile is found.
+# If it is set then it will *overwrite* the default profile setting.
+# The idea is to select profiles based on checks on the incoming packets,
+# not on user group membership. For example:
+# -- users file --
+# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
+# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
+#
+# By default the default_user_profile is not set
+#
+#default_user_profile = "DEFAULT"
+#
+# Determines if we will query the default_user_profile or the User-Profile
+# if the user is not found. If the profile is found then we consider the user
+# found. By default this is set to 'no'.
+#
+#query_on_not_found = no
- #######################################################################
- # NAS Query
- #######################################################################
- # This query retrieves the radius clients
- #
- # 0. Row ID (currently unused)
- # 1. Name (or IP address)
- # 2. Shortname
- # 3. Type
- # 4. Secret
- # 5. Virtual server
- #######################################################################
+#######################################################################
+# NAS Query
+#######################################################################
+# This query retrieves the radius clients
+#
+# 0. Row ID (currently unused)
+# 1. Name (or IP address)
+# 2. Shortname
+# 3. Type
+# 4. Secret
+# 5. Virtual server
+#######################################################################
- client_query = "SELECT id, nasname, shortname, type, secret, server FROM ${client_table}"
- #######################################################################
- # Authorization Queries
- #######################################################################
- # These queries compare the check items for the user
- # in ${authcheck_table} and setup the reply items in
- # ${authreply_table}. You can use any query/tables
- # you want, but the return data for each row MUST
- # be in the following order:
- #
- # 0. Row ID (currently unused)
- # 1. UserName/GroupName
- # 2. Item Attr Name
- # 3. Item Attr Value
- # 4. Item Attr Operation
- #######################################################################
- #
- # WARNING: Oracle is case sensitive
- #
- # The main difference between MySQL and Oracle queries is the date format.
- # You must use the TO_DATE function to transform the radius date format to
- # the Oracle date format, and put NULL otherwise '0' in a void date field.
- #
- #######################################################################
+client_query = "\
+ SELECT id, nasname, shortname, type, secret, server \
+ FROM ${client_table}"
- authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
- authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
+#######################################################################
+# Authorization Queries
+#######################################################################
+# These queries compare the check items for the user
+# in ${authcheck_table} and setup the reply items in
+# ${authreply_table}. You can use any query/tables
+# you want, but the return data for each row MUST
+# be in the following order:
+#
+# 0. Row ID (currently unused)
+# 1. UserName/GroupName
+# 2. Item Attr Name
+# 3. Item Attr Value
+# 4. Item Attr Operation
+#######################################################################
+#
+# WARNING: Oracle is case sensitive
+#
+# The main difference between MySQL and Oracle queries is the date format.
+# You must use the TO_DATE function to transform the radius date format to
+# the Oracle date format, and put NULL otherwise '0' in a void date field.
+#
+#######################################################################
- authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
- authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"
+authorize_check_query = "\
+ SELECT id, UserName, Attribute, Value, op \
+ FROM ${authcheck_table} \
+ WHERE Username = '%{SQL-User-Name}' \
+ ORDER BY id"
- #######################################################################
- # Simultaneous Use Checking Queries
- #######################################################################
- # simul_count_query - query for the number of current connections
- # - If this is not defined, no simultaneouls use checking
- # - will be performed by this module instance
- # simul_verify_query - query to return details of current connections for verification
- # - Leave blank or commented out to disable verification step
- # - Note that the returned field order should not be changed.
- #######################################################################
+authorize_reply_query = "\
+ SELECT id, UserName, Attribute, Value, op \
+ FROM ${authreply_table} \
+ WHERE Username = '%{SQL-User-Name}' \
+ ORDER BY id"
- # Uncomment simul_count_query to enable simultaneous use checking
- # simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
- simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
+authorize_group_check_query = "\
+ SELECT \
+ ${groupcheck_table}.id, ${groupcheck_table}.GroupName, ${groupcheck_table}.Attribute, \
+ ${groupcheck_table}.Value,${groupcheck_table}.op \
+ FROM ${groupcheck_table}, ${usergroup_table} \
+ WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
+ AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
+ ORDER BY ${groupcheck_table}.id"
- #######################################################################
- # Group Membership Queries
- #######################################################################
- # group_membership_query - Check user group membership
- #######################################################################
+authorize_group_reply_query = "\
+ SELECT \
+ ${groupreply_table}.id, ${groupreply_table}.GroupName, ${groupreply_table}.Attribute, \
+ ${groupreply_table}.Value, ${groupreply_table}.op \
+ FROM ${groupreply_table}, ${usergroup_table} \
+ WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
+ AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
+ ORDER BY ${groupreply_table}.id"
- group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
+#######################################################################
+# Simultaneous Use Checking Queries
+#######################################################################
+# simul_count_query - query for the number of current connections
+# - If this is not defined, no simultaneouls use checking
+# - will be performed by this module instance
+# simul_verify_query - query to return details of current connections for verification
+# - Leave blank or commented out to disable verification step
+# - Note that the returned field order should not be changed.
+#######################################################################
- #######################################################################
- # Accounting and Post-Auth Queries
- #######################################################################
- # These queries insert/update accounting and authentication records.
- # The query to use is determined by the value of 'reference'.
- # This value is used as a configuration path and should resolve to one
- # or more 'query's. If reference points to multiple queries, and a query
- # fails, the next query is executed.
- #
- # Behaviour is identical to the old 1.x/2.x module, except we can now
- # fail between N queries, and query selection can be based on any
- # combination of attributes, or custom 'Acct-Status-Type' values.
- #######################################################################
- accounting {
- reference = "%{tolower:type.%{Acct-Status-Type}.query}"
+#
+# Uncomment simul_count_query to enable simultaneous use checking
+#
+#simul_count_query = "\
+ SELECT COUNT(*) \
+ FROM ${acct_table1} \
+ WHERE UserName = '%{SQL-User-Name}' \
+ AND AcctStopTime IS NULL"
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
+simul_verify_query = "\
+ SELECT \
+ RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, \
+ FramedIPAddress, CallingStationId, FramedProtocol \
+ FROM ${acct_table1} \
+ WHERE UserName='%{SQL-User-Name}' \
+ AND AcctStopTime IS NULL"
+
+#######################################################################
+# Group Membership Queries
+#######################################################################
+# group_membership_query - Check user group membership
+#######################################################################
+
+group_membership_query = "\
+ SELECT GroupName \
+ FROM ${usergroup_table} \
+ WHERE UserName='%{SQL-User-Name}'"
+
+#######################################################################
+# Accounting and Post-Auth Queries
+#######################################################################
+# These queries insert/update accounting and authentication records.
+# The query to use is determined by the value of 'reference'.
+# This value is used as a configuration path and should resolve to one
+# or more 'query's. If reference points to multiple queries, and a query
+# fails, the next query is executed.
+#
+# Behaviour is identical to the old 1.x/2.x module, except we can now
+# fail between N queries, and query selection can be based on any
+# combination of attributes, or custom 'Acct-Status-Type' values.
+#######################################################################
+accounting {
+ reference = "%{tolower:type.%{Acct-Status-Type}.query}"
+
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
# logfile = ${logdir}/accounting.sql
- type {
- accounting-on {
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
- AcctSessionTime = round((TO_DATE('%S','yyyy-mm-dd hh24:mi:ss') - \
- TO_DATE(TO_CHAR(acctstarttime, 'yyyy-mm-dd hh24:mi:ss'),'yyyy-mm-dd hh24:mi:ss'))*86400), \
- AcctTerminateCause='%{Acct-Terminate-Cause}', \
- AcctStopDelay = %{Acct-Delay-Time:-0} \
- WHERE AcctStopTime IS NULL \
- AND NASIPAddress = '%{NAS-IP-Address}' \
- AND AcctStartTime <= TO_DATE('%S','yyyy-mm-dd hh24:mi:ss')"
- }
+ type {
+ accounting-on {
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
+ AcctSessionTime = round((TO_DATE('%S','yyyy-mm-dd hh24:mi:ss') - \
+ TO_DATE(TO_CHAR(acctstarttime, 'yyyy-mm-dd hh24:mi:ss'),'yyyy-mm-dd hh24:mi:ss'))*86400), \
+ AcctTerminateCause='%{Acct-Terminate-Cause}', \
+ AcctStopDelay = %{Acct-Delay-Time:-0} \
+ WHERE AcctStopTime IS NULL \
+ AND NASIPAddress = '%{NAS-IP-Address}' \
+ AND AcctStartTime <= TO_DATE('%S','yyyy-mm-dd hh24:mi:ss')"
+ }
- accounting-off {
- query = "${..accounting-on.query}"
- }
+ accounting-off {
+ query = "${..accounting-on.query}"
+ }
- start {
- query = "\
- INSERT INTO ${....acct_table1} \
- (RadAcctId, AcctSessionId, AcctUniqueId, \
- UserName, Realm, NASIPAddress, \
- NASPortId, NASPortType, AcctStartTime, \
- AcctStopTime, AcctSessionTime, AcctAuthentic, \
- ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, \
- AcctOutputOctets, CalledStationId, CallingStationId, \
- AcctTerminateCause, ServiceType, FramedProtocol, \
- FramedIPAddress, AcctStartDelay, AcctStopDelay, \
- XAscendSessionSvrKey) \
- VALUES(\
- '', \
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port-Id}', \
- '%{NAS-Port-Type}', \
- TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
- NULL, \
- '0', \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- '', \
- '0', \
- '0', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}', \
- '%{Acct-Delay-Time}', \
- '0', \
- '%{X-Ascend-Session-Svr-Key}')"
+ start {
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (RadAcctId, AcctSessionId, AcctUniqueId, \
+ UserName, Realm, NASIPAddress, \
+ NASPortId, NASPortType, AcctStartTime, \
+ AcctStopTime, AcctSessionTime, AcctAuthentic, \
+ ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, \
+ AcctOutputOctets, CalledStationId, CallingStationId, \
+ AcctTerminateCause, ServiceType, FramedProtocol, \
+ FramedIPAddress, AcctStartDelay, AcctStopDelay, \
+ XAscendSessionSvrKey) \
+ VALUES(\
+ '', \
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port-Id}', \
+ '%{NAS-Port-Type}', \
+ TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
+ NULL, \
+ '0', \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ '', \
+ '0', \
+ '0', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}', \
+ '%{Acct-Delay-Time}', \
+ '0', \
+ '%{X-Ascend-Session-Svr-Key}')"
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- AcctStartTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
- AcctStartDelay = '%{Acct-Delay-Time:-0}', \
- ConnectInfo_start = '%{Connect-Info}' \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress = '%{NAS-IP-Address}' \
- AND AcctStopTime IS NULL"
- }
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ AcctStartTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
+ AcctStartDelay = '%{Acct-Delay-Time:-0}', \
+ ConnectInfo_start = '%{Connect-Info}' \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress = '%{NAS-IP-Address}' \
+ AND AcctStopTime IS NULL"
+ }
- interim-update {
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- FramedIPAddress = NULLIF('%{Framed-IP-Address}', ''), \
- AcctSessionTime = '%{Acct-Session-Time}', \
- AcctInputOctets = '%{Acct-Input-Octets}' + \
- ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
- AcctOutputOctets = '%{Acct-Output-Octets}' + \
- ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296) \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress= '%{NAS-IP-Address}' \
- AND AcctStopTime IS NULL"
+ interim-update {
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ FramedIPAddress = NULLIF('%{Framed-IP-Address}', ''), \
+ AcctSessionTime = '%{Acct-Session-Time}', \
+ AcctInputOctets = '%{Acct-Input-Octets}' + \
+ ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
+ AcctOutputOctets = '%{Acct-Output-Octets}' + \
+ ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296) \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress= '%{NAS-IP-Address}' \
+ AND AcctStopTime IS NULL"
- query = "\
- INSERT into ${....acct_table1} \
- (RadAcctId, AcctSessionId, AcctUniqueId, \
- UserName, Realm, NASIPAddress, \
- NASPortId, NASPortType, AcctStartTime, \
- AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
- AcctInputOctets, AcctOutputOctets, CalledStationId, \
- CallingStationId, ServiceType, FramedProtocol, \
- FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey) \
- VALUES(\
- '', \
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port-Id}', \
- '%{NAS-Port-Type}', \
- NULL, \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', \
- '', \
- '%{Acct-Input-Octets}' + \
- ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
- '%{Acct-Output-Octets}' + \
- ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}', \
- '0', \
- '%{X-Ascend-Session-Svr-Key}')"
- }
+ query = "\
+ INSERT into ${....acct_table1} \
+ (RadAcctId, AcctSessionId, AcctUniqueId, \
+ UserName, Realm, NASIPAddress, \
+ NASPortId, NASPortType, AcctStartTime, \
+ AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
+ AcctInputOctets, AcctOutputOctets, CalledStationId, \
+ CallingStationId, ServiceType, FramedProtocol, \
+ FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey) \
+ VALUES(\
+ '', \
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port-Id}', \
+ '%{NAS-Port-Type}', \
+ NULL, \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', \
+ '', \
+ '%{Acct-Input-Octets}' + \
+ ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
+ '%{Acct-Output-Octets}' + \
+ ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}', \
+ '0', \
+ '%{X-Ascend-Session-Svr-Key}')"
+ }
- stop {
- query = "\
- UPDATE ${....acct_table2} \
- SET \
- AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
- AcctSessionTime = '%{Acct-Session-Time}', \
- AcctInputOctets = '%{Acct-Input-Octets}' + \
- ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
- AcctOutputOctets = '%{Acct-Output-Octets}' + \
- ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
- AcctTerminateCause = '%{Acct-Terminate-Cause}', \
- AcctStopDelay = '%{Acct-Delay-Time:-0}', \
- ConnectInfo_stop = '%{Connect-Info}' \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress = '%{NAS-IP-Address}' \
- AND AcctStopTime IS NULL"
+ stop {
+ query = "\
+ UPDATE ${....acct_table2} \
+ SET \
+ AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
+ AcctSessionTime = '%{Acct-Session-Time}', \
+ AcctInputOctets = '%{Acct-Input-Octets}' + \
+ ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
+ AcctOutputOctets = '%{Acct-Output-Octets}' + \
+ ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
+ AcctTerminateCause = '%{Acct-Terminate-Cause}', \
+ AcctStopDelay = '%{Acct-Delay-Time:-0}', \
+ ConnectInfo_stop = '%{Connect-Info}' \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress = '%{NAS-IP-Address}' \
+ AND AcctStopTime IS NULL"
- query = "\
- "INSERT into ${....acct_table2} \
- (RadAcctId, AcctSessionId, AcctUniqueId, \
- UserName, Realm, NASIPAddress, \
- NASPortId, NASPortType, AcctStartTime, \
- AcctStopTime, AcctSessionTime, AcctAuthentic, \
- ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, \
- AcctOutputOctets, CalledStationId, CallingStationId, \
- AcctTerminateCause, ServiceType, FramedProtocol, \
- FramedIPAddress, AcctStartDelay, AcctStopDelay) \
- VALUES(\
- '', \
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port-Id}', \
- '%{NAS-Port-Type}', \
- NULL, \
- TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', \
- '', \
- '%{Connect-Info}', \
- '%{Acct-Input-Octets}' + \
- ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
- '%{Acct-Output-Octets}' + \
- ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '%{Acct-Terminate-Cause}', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}', \
- '0', \
- '%{Acct-Delay-Time:-0}')"
+ query = "\
+ "INSERT into ${....acct_table2} \
+ (RadAcctId, AcctSessionId, AcctUniqueId, \
+ UserName, Realm, NASIPAddress, \
+ NASPortId, NASPortType, AcctStartTime, \
+ AcctStopTime, AcctSessionTime, AcctAuthentic, \
+ ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, \
+ AcctOutputOctets, CalledStationId, CallingStationId, \
+ AcctTerminateCause, ServiceType, FramedProtocol, \
+ FramedIPAddress, AcctStartDelay, AcctStopDelay) \
+ VALUES(\
+ '', \
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port-Id}', \
+ '%{NAS-Port-Type}', \
+ NULL, \
+ TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', \
+ '', \
+ '%{Connect-Info}', \
+ '%{Acct-Input-Octets}' + \
+ ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
+ '%{Acct-Output-Octets}' + \
+ ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '%{Acct-Terminate-Cause}', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}', \
+ '0', \
+ '%{Acct-Delay-Time:-0}')"
- }
}
}
+}
- #######################################################################
- # Authentication Logging Queries
- #######################################################################
- # postauth_query - Insert some info after authentication
- #######################################################################
+#######################################################################
+# Authentication Logging Queries
+#######################################################################
+# postauth_query - Insert some info after authentication
+#######################################################################
- post-auth {
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/post-auth.sql
- query = "\
- INSERT INTO ${..postauth_table} \
- (username, pass, reply, authdate) \
- VALUES (\
+post-auth {
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/post-auth.sql
+ query = "\
+ INSERT INTO ${..postauth_table} \
+ (username, pass, reply, authdate) \
+ VALUES (\
'%{User-Name}', \
'%{%{User-Password}:-%{Chap-Password}}', \
'%{reply:Packet-Type}', \
TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS'))"
- }
+}
- # -*- text -*-
- ##
- ## dialup.conf -- PostgreSQL configuration for default schema (schema.sql)
- ##
- ## $Id$
-
- # Safe characters list for sql queries. Everything else is replaced
- # with their mime-encoded equivalents.
- # The default list should be ok
- # safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
-
- #######################################################################
- # Query config: Username
- #######################################################################
- # This is the username that will get substituted, escaped, and added
- # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
- # below everywhere a username substitution is needed so you you can
- # be sure the username passed from the client is escaped properly.
- #
- # Uncomment the next line, if you want the sql_user_name to mean:
- #
- # Use Stripped-User-Name, if it's there.
- # Else use User-Name, if it's there,
- # Else use hard-coded string "none" as the user name.
- #
- #sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}"
-
- sql_user_name = "%{User-Name}"
-
- #######################################################################
- # Default profile
- #######################################################################
- # This is the default profile. It is found in SQL by group membership.
- # That means that this profile must be a member of at least one group
- # which will contain the corresponding check and reply items.
- # This profile will be queried in the authorize section for every user.
- # The point is to assign all users a default profile without having to
- # manually add each one to a group that will contain the profile.
- # The SQL module will also honor the User-Profile attribute. This
- # attribute can be set anywhere in the authorize section (ie the users
- # file). It is found exactly as the default profile is found.
- # If it is set then it will *overwrite* the default profile setting.
- # The idea is to select profiles based on checks on the incoming
- # packets, not on user group membership. For example:
- # -- users file --
- # DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
- # DEFAULT Service-Type == Framed-User, User-Profile := "framed"
- #
- # By default the default_user_profile is not set
- #
- # default_user_profile = "DEFAULT"
-
- #######################################################################
- # NAS Query
- #######################################################################
- # This query retrieves the radius clients
- #
- # 0. Row ID (currently unused)
- # 1. Name (or IP address)
- # 2. Shortname
- # 3. Type
- # 4. Secret
- # 5. Server
- #######################################################################
-
- client_query = "SELECT id, nasname, shortname, type, secret, server FROM ${client_table}"
-
- #######################################################################
- # Authorization Queries
- #######################################################################
- # These queries compare the check items for the user
- # in ${authcheck_table} and setup the reply items in
- # ${authreply_table}. You can use any query/tables
- # you want, but the return data for each row MUST
- # be in the following order:
- #
- # 0. Row ID (currently unused)
- # 1. UserName/GroupName
- # 2. Item Attr Name
- # 3. Item Attr Value
- # 4. Item Attr Operation
- #######################################################################
-
- # Use these for case insensitive usernames. WARNING: Slower queries!
- # authorize_check_query = "SELECT id, UserName, Attribute, Value, Op \
- # FROM ${authcheck_table} \
- # WHERE LOWER(UserName) = LOWER('%{SQL-User-Name}') \
- # ORDER BY id"
- # authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op \
- # FROM ${authreply_table} \
- # WHERE LOWER(UserName) = LOWER('%{SQL-User-Name}') \
- # ORDER BY id"
-
- authorize_check_query = "SELECT id, UserName, Attribute, Value, Op \
- FROM ${authcheck_table} \
- WHERE Username = '%{SQL-User-Name}' \
- ORDER BY id"
-
- authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op \
- FROM ${authreply_table} \
- WHERE Username = '%{SQL-User-Name}' \
- ORDER BY id"
-
- # Use these for case insensitive usernames. WARNING: Slower queries!
- # authorize_group_check_query = "SELECT ${groupcheck_table}.id, ${groupcheck_table}.GroupName, \
- # ${groupcheck_table}.Attribute, ${groupcheck_table}.Value, ${groupcheck_table}.Op \
- # FROM ${groupcheck_table}, ${usergroup_table} \
- # WHERE LOWER(${usergroup_table}.UserName) = LOWER('%{SQL-User-Name}') AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
- # ORDER BY ${groupcheck_table}.id"
- # authorize_group_reply_query = "SELECT ${groupreply_table}.id, ${groupreply_table}.GroupName, \
- # ${groupreply_table}.Attribute, ${groupreply_table}.Value, ${groupreply_table}.Op \
- # FROM ${groupreply_table}, ${usergroup_table} \
- # WHERE LOWER(${usergroup_table}.UserName) = LOWER('%{SQL-User-Name}') AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
- # ORDER BY ${groupreply_table}.id"
-
- authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op \
- FROM ${groupcheck_table} \
- WHERE GroupName = '%{Sql-Group}' \
- ORDER BY id"
-
- authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op \
- FROM ${groupreply_table} \
- WHERE GroupName = '%{Sql-Group}' \
- ORDER BY id"
-
- #######################################################################
- # Simultaneous Use Checking Queries
- #######################################################################
- # simul_count_query - query for the number of current connections
- # - If this is not defined, no simultaneous use checking
- # - will be performed by this module instance
- # simul_verify_query - query to return details of current connections for verification
- # - Leave blank or commented out to disable verification step
- # - Note that the returned field order should not be changed.
- #######################################################################
-
- # Uncomment simul_count_query to enable simultaneous use checking
- # simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
- # simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
-
- #######################################################################
- # Group Membership Queries
- #######################################################################
- # group_membership_query - Check user group membership
- #######################################################################
-
- # Use these for case insensitive usernames. WARNING: Slower queries!
- # group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE LOWER(UserName) = LOWER('%{SQL-User-Name}') ORDER BY priority"
-
- group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}' ORDER BY priority"
-
- #######################################################################
- # Accounting and Post-Auth Queries
- #######################################################################
- # These queries insert/update accounting and authentication records.
- # The query to use is determined by the value of 'reference'.
- # This value is used as a configuration path and should resolve to one
- # or more 'query's. If reference points to multiple queries, and a query
- # fails, the next query is executed.
- #
- # Behaviour is identical to the old 1.x/2.x module, except we can now
- # fail between N queries, and query selection can be based on any
- # combination of attributes, or custom 'Acct-Status-Type' values.
- #######################################################################
- accounting {
- reference = "%{tolower:type.%{Acct-Status-Type}.query}"
-
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/accounting.sql
-
- column_list = "\
- AcctSessionId, AcctUniqueId, UserName, \
- Realm, NASIPAddress, NASPortId, \
- NASPortType, AcctStartTime, AcctUpdateTime, \
- AcctStopTime, AcctSessionTime, AcctAuthentic, \
- ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, \
- AcctOutputOctets, CalledStationId, CallingStationId, \
- AcctTerminateCause, ServiceType, FramedProtocol, \
- FramedIpAddress"
-
- type {
- accounting-on {
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), \
- AcctTerminateCause = '%{Acct-Terminate-Cause}', \
- WHERE AcctStopTime IS NULL \
- AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
- AND AcctStartTime <= '%S'::timestamp"
- }
-
- accounting-off {
- query = "${..accounting-on.query}"
- }
-
- start {
- query = "\
- INSERT INTO ${....acct_table1} \
- (${...column_list}) \
- VALUES(\
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- NULLIF('%{Realm}', ''), \
- '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', \
- %{%{NAS-Port}:-NULL}, \
- '%{NAS-Port-Type}', \
- TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- NULL, \
- 0, \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- NULL, \
- 0, \
- 0, \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- NULL, \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- NULLIF('%{Framed-IP-Address}', '')::inet)"
-
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- AcctStartTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- ConnectInfo_start = '%{Connect-Info}' \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress = '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
- AND AcctStopTime IS NULL"
- }
-
- interim-update {
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, \
- AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, \
- AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), \
- AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Input-Octets}:-0}'::bigint), \
- AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Output-Octets}:-0}'::bigint) \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
- AND AcctStopTime IS NULL"
-
- query = "\
- INSERT INTO ${....acct_table1} \
- (${...column_list}) \
- VALUES(\
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- NULLIF('%{Realm}', ''), \
- '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', \
- %{%{NAS-Port}:-NULL}, \
- '%{NAS-Port-Type}', \
- TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- NULL, \
- %{%{Acct-Session-Time}:-NULL}, \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- NULL, \
- (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Input-Octets}:-0}'::bigint), \
- (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Output-Octets}:-0}'::bigint), \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- NULL, \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- NULLIF('%{Framed-IP-Address}', '')::inet)"
- }
-
- stop {
- query = "\
- UPDATE ${....acct_table2} \
- SET \
- AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL}, \
- (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime)))), \
- AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Input-Octets}:-0}'::bigint), \
- AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Output-Octets}:-0}'::bigint), \
- AcctTerminateCause = '%{Acct-Terminate-Cause}', \M (COALESCE(AcctUpdateT
- FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, \
- ConnectInfo_stop = '%{Connect-Info}' \
- WHERE AcctSessionId = '%{Acct-Session-Id}' \
- AND UserName = '%{SQL-User-Name}' \
- AND NASIPAddress = '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
- AND AcctStopTime IS NULL"
-
- query = "\
- INSERT INTO ${....acct_table1} \
- (${...column_list}) \
- VALUES(\
- '%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- NULLIF('%{Realm}', ''), \
- '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', \
- %{%{NAS-Port}:-NULL}, \
- '%{NAS-Port-Type}', \
- TO_TIMESTAMP(%{integer:Event-Timestamp} - %{%{Acct-Session-Time}:-0}), \
- TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- TO_TIMESTAMP(%{integer:Event-Timestamp}), \
- NULLIF('%{Acct-Session-Time}', '')::bigint, \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- NULL, \
- (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Input-Octets}:-0}'::bigint), \
- (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
- '%{%{Acct-Output-Octets}:-0}'::bigint), \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '%{Acct-Terminate-Cause}', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- NULLIF('%{Framed-IP-Address}', '')::inet)"
- }
+# -*- text -*-
+#
+# main/postgresql/queries.conf -- PostgreSQL configuration for default schema (schema.sql)
+#
+# $Id$
+
+# Safe characters list for sql queries. Everything else is replaced
+# with their mime-encoded equivalents.
+# The default list should be ok
+# safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
+
+#######################################################################
+# Query config: Username
+#######################################################################
+# This is the username that will get substituted, escaped, and added
+# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
+# below everywhere a username substitution is needed so you you can
+# be sure the username passed from the client is escaped properly.
+#
+# Uncomment the next line, if you want the sql_user_name to mean:
+#
+# Use Stripped-User-Name, if it's there.
+# Else use User-Name, if it's there,
+# Else use hard-coded string "none" as the user name.
+#
+#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}"
+
+sql_user_name = "%{User-Name}"
+
+#######################################################################
+# Default profile
+#######################################################################
+# This is the default profile. It is found in SQL by group membership.
+# That means that this profile must be a member of at least one group
+# which will contain the corresponding check and reply items.
+# This profile will be queried in the authorize section for every user.
+# The point is to assign all users a default profile without having to
+# manually add each one to a group that will contain the profile.
+# The SQL module will also honor the User-Profile attribute. This
+# attribute can be set anywhere in the authorize section (ie the users
+# file). It is found exactly as the default profile is found.
+# If it is set then it will *overwrite* the default profile setting.
+# The idea is to select profiles based on checks on the incoming
+# packets, not on user group membership. For example:
+# -- users file --
+# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
+# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
+#
+# By default the default_user_profile is not set
+#
+# default_user_profile = "DEFAULT"
+
+#######################################################################
+# NAS Query
+#######################################################################
+# This query retrieves the radius clients
+#
+# 0. Row ID (currently unused)
+# 1. Name (or IP address)
+# 2. Shortname
+# 3. Type
+# 4. Secret
+# 5. Server
+#######################################################################
+
+client_query = "\
+ SELECT id, nasname, shortname, type, secret, server \
+ FROM ${client_table}"
+
+#######################################################################
+# Authorization Queries
+#######################################################################
+# These queries compare the check items for the user
+# in ${authcheck_table} and setup the reply items in
+# ${authreply_table}. You can use any query/tables
+# you want, but the return data for each row MUST
+# be in the following order:
+#
+# 0. Row ID (currently unused)
+# 1. UserName/GroupName
+# 2. Item Attr Name
+# 3. Item Attr Value
+# 4. Item Attr Operation
+#######################################################################
+
+#
+# Use these for case insensitive usernames. WARNING: Slower queries!
+#
+#authorize_check_query = "\
+# SELECT id, UserName, Attribute, Value, Op \
+# FROM ${authcheck_table} \
+# WHERE LOWER(UserName) = LOWER('%{SQL-User-Name}') \
+# ORDER BY id"
+
+#authorize_reply_query = "\
+# SELECT id, UserName, Attribute, Value, Op \
+# FROM ${authreply_table} \
+# WHERE LOWER(UserName) = LOWER('%{SQL-User-Name}') \
+# ORDER BY id"
+
+authorize_check_query = "\
+ SELECT id, UserName, Attribute, Value, Op \
+ FROM ${authcheck_table} \
+ WHERE Username = '%{SQL-User-Name}' \
+ ORDER BY id"
+
+authorize_reply_query = "\
+ SELECT id, UserName, Attribute, Value, Op \
+ FROM ${authreply_table} \
+ WHERE Username = '%{SQL-User-Name}' \
+ ORDER BY id"
+
+#
+# Use these for case insensitive usernames. WARNING: Slower queries!
+#
+#authorize_group_check_query = "\
+# SELECT \
+# ${groupcheck_table}.id, ${groupcheck_table}.GroupName, ${groupcheck_table}.Attribute, \
+# ${groupcheck_table}.Value, ${groupcheck_table}.Op \
+# FROM ${groupcheck_table}, ${usergroup_table} \
+# WHERE LOWER(${usergroup_table}.UserName) = LOWER('%{SQL-User-Name}') \
+# AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
+# ORDER BY ${groupcheck_table}.id"
+
+#authorize_group_reply_query = "\
+# SELECT \
+# ${groupreply_table}.id, ${groupreply_table}.GroupName, \
+# ${groupreply_table}.Attribute, ${groupreply_table}.Value, ${groupreply_table}.Op \
+# FROM ${groupreply_table}, ${usergroup_table} \
+# WHERE LOWER(${usergroup_table}.UserName) = LOWER('%{SQL-User-Name}') \
+# AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
+# ORDER BY ${groupreply_table}.id"
+
+authorize_group_check_query = "\
+ SELECT id, GroupName, Attribute, Value, op \
+ FROM ${groupcheck_table} \
+ WHERE GroupName = '%{Sql-Group}' \
+ ORDER BY id"
+
+authorize_group_reply_query = "\
+ SELECT id, GroupName, Attribute, Value, op \
+ FROM ${groupreply_table} \
+ WHERE GroupName = '%{Sql-Group}' \
+ ORDER BY id"
+
+#######################################################################
+# Simultaneous Use Checking Queries
+#######################################################################
+# simul_count_query - query for the number of current connections
+# - If this is not defined, no simultaneous use checking
+# - will be performed by this module instance
+# simul_verify_query - query to return details of current connections for verification
+# - Leave blank or commented out to disable verification step
+# - Note that the returned field order should not be changed.
+#######################################################################
+
+#
+# Uncomment simul_count_query to enable simultaneous use checking
+#
+#simul_count_query = "\
+# SELECT COUNT(*) \
+# FROM ${acct_table1} \
+# WHERE UserName='%{SQL-User-Name}' \
+# AND AcctStopTime IS NULL"
+
+#simul_verify_query = "\
+# SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, \
+# FramedProtocol \
+# FROM ${acct_table1} \
+# WHERE UserName='%{SQL-User-Name}' \
+# AND AcctStopTime IS NULL"
+
+#######################################################################
+# Group Membership Queries
+#######################################################################
+# group_membership_query - Check user group membership
+#######################################################################
+
+# Use these for case insensitive usernames. WARNING: Slower queries!
+#group_membership_query = "\
+# SELECT GroupName \
+# FROM ${usergroup_table} \
+# WHERE LOWER(UserName) = LOWER('%{SQL-User-Name}') \
+# ORDER BY priority"
+
+group_membership_query = "\
+ SELECT GroupName \
+ FROM ${usergroup_table} \
+ WHERE UserName='%{SQL-User-Name}' \
+ ORDER BY priority"
+
+#######################################################################
+# Accounting and Post-Auth Queries
+#######################################################################
+# These queries insert/update accounting and authentication records.
+# The query to use is determined by the value of 'reference'.
+# This value is used as a configuration path and should resolve to one
+# or more 'query's. If reference points to multiple queries, and a query
+# fails, the next query is executed.
+#
+# Behaviour is identical to the old 1.x/2.x module, except we can now
+# fail between N queries, and query selection can be based on any
+# combination of attributes, or custom 'Acct-Status-Type' values.
+#######################################################################
+accounting {
+ reference = "%{tolower:type.%{Acct-Status-Type}.query}"
+
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/accounting.sql
+
+ column_list = "\
+ AcctSessionId, AcctUniqueId, UserName, \
+ Realm, NASIPAddress, NASPortId, \
+ NASPortType, AcctStartTime, AcctUpdateTime, \
+ AcctStopTime, AcctSessionTime, AcctAuthentic, \
+ ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, \
+ AcctOutputOctets, CalledStationId, CallingStationId, \
+ AcctTerminateCause, ServiceType, FramedProtocol, \
+ FramedIpAddress"
+
+ type {
+ accounting-on {
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ AcctSessionTime = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime))), \
+ AcctTerminateCause = '%{Acct-Terminate-Cause}', \
+ WHERE AcctStopTime IS NULL \
+ AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
+ AND AcctStartTime <= '%S'::timestamp"
+ }
+
+ accounting-off {
+ query = "${..accounting-on.query}"
}
- }
+ start {
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (${...column_list}) \
+ VALUES(\
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ NULLIF('%{Realm}', ''), \
+ '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', \
+ %{%{NAS-Port}:-NULL}, \
+ '%{NAS-Port-Type}', \
+ TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ NULL, \
+ 0, \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ NULL, \
+ 0, \
+ 0, \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ NULL, \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ NULLIF('%{Framed-IP-Address}', '')::inet)"
+
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ AcctStartTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ ConnectInfo_start = '%{Connect-Info}' \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress = '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
+ AND AcctStopTime IS NULL"
+ }
- #######################################################################
- # Authentication Logging Queries
- #######################################################################
- # postauth_query - Insert some info after authentication
- #######################################################################
-
- post-auth {
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/post-auth.sql
-
- query = "\
- INSERT INTO ${..postauth_table} \
- (username, pass, reply, authdate) \
- VALUES(\
- '%{User-Name}', \
- '%{%{User-Password}:-Chap-Password}', \
- '%{reply:Packet-Type}', \
- NOW())"
+ interim-update {
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, \
+ AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, \
+ AcctInterval = (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM (COALESCE(AcctUpdateTime, AcctStartTime)))), \
+ AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Input-Octets}:-0}'::bigint), \
+ AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Output-Octets}:-0}'::bigint) \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress= '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
+ AND AcctStopTime IS NULL"
+
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (${...column_list}) \
+ VALUES(\
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ NULLIF('%{Realm}', ''), \
+ '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', \
+ %{%{NAS-Port}:-NULL}, \
+ '%{NAS-Port-Type}', \
+ TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ NULL, \
+ %{%{Acct-Session-Time}:-NULL}, \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ NULL, \
+ (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Input-Octets}:-0}'::bigint), \
+ (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Output-Octets}:-0}'::bigint), \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ NULL, \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ NULLIF('%{Framed-IP-Address}', '')::inet)"
+ }
+
+ stop {
+ query = "\
+ UPDATE ${....acct_table2} \
+ SET \
+ AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL}, \
+ (%{integer:Event-Timestamp} - EXTRACT(EPOCH FROM(AcctStartTime)))), \
+ AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Input-Octets}:-0}'::bigint), \
+ AcctOutputOctets = (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Output-Octets}:-0}'::bigint), \
+ AcctTerminateCause = '%{Acct-Terminate-Cause}', \M (COALESCE(AcctUpdateT
+ FramedIPAddress = NULLIF('%{Framed-IP-Address}', '')::inet, \
+ ConnectInfo_stop = '%{Connect-Info}' \
+ WHERE AcctSessionId = '%{Acct-Session-Id}' \
+ AND UserName = '%{SQL-User-Name}' \
+ AND NASIPAddress = '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
+ AND AcctStopTime IS NULL"
+
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (${...column_list}) \
+ VALUES(\
+ '%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ NULLIF('%{Realm}', ''), \
+ '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', \
+ %{%{NAS-Port}:-NULL}, \
+ '%{NAS-Port-Type}', \
+ TO_TIMESTAMP(%{integer:Event-Timestamp} - %{%{Acct-Session-Time}:-0}), \
+ TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ TO_TIMESTAMP(%{integer:Event-Timestamp}), \
+ NULLIF('%{Acct-Session-Time}', '')::bigint, \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ NULL, \
+ (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Input-Octets}:-0}'::bigint), \
+ (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) + \
+ '%{%{Acct-Output-Octets}:-0}'::bigint), \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '%{Acct-Terminate-Cause}', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ NULLIF('%{Framed-IP-Address}', '')::inet)"
+ }
}
+}
+
+
+#######################################################################
+# Authentication Logging Queries
+#######################################################################
+# postauth_query - Insert some info after authentication
+#######################################################################
+
+post-auth {
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/post-auth.sql
+
+ query = "\
+ INSERT INTO ${..postauth_table} \
+ (username, pass, reply, authdate) \
+ VALUES(\
+ '%{User-Name}', \
+ '%{%{User-Password}:-Chap-Password}', \
+ '%{reply:Packet-Type}', \
+ NOW())"
+}
# -*- text -*-
-##
-## dialup.conf -- SQLite configuration for default schema (schema.sql)
-##
-## $Id$
+#
+# main/sqlite/queries.conf -- SQLite configuration for default schema (schema.sql)
+#
+# Id: e1e83bf94814ed8be6239977b7bacfed21c0cd6a $
- # Safe characters list for sql queries. Everything else is replaced
- # with their mime-encoded equivalents.
- # The default list should be ok
- #safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
+# Safe characters list for sql queries. Everything else is replaced
+# with their mime-encoded equivalents.
+# The default list should be ok
+#safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
- #######################################################################
- # Query config: Username
- #######################################################################
- # This is the username that will get substituted, escaped, and added
- # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
- # everywhere a username substitution is needed so you you can be sure
- # the username passed from the client is escaped properly.
- #
- # Uncomment the next line, if you want the sql_user_name to mean:
- #
- # Use Stripped-User-Name, if it's there.
- # Else use User-Name, if it's there,
- # Else use hard-coded string "DEFAULT" as the user name.
- #sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
- #
- sql_user_name = "%{User-Name}"
+#######################################################################
+# Query config: Username
+#######################################################################
+# This is the username that will get substituted, escaped, and added
+# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
+# everywhere a username substitution is needed so you you can be sure
+# the username passed from the client is escaped properly.
+#
+# Uncomment the next line, if you want the sql_user_name to mean:
+#
+# Use Stripped-User-Name, if it's there.
+# Else use User-Name, if it's there,
+# Else use hard-coded string "DEFAULT" as the user name.
+#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
+#
+sql_user_name = "%{User-Name}"
- #######################################################################
- # Default profile
- #######################################################################
- # This is the default profile. It is found in SQL by group membership.
- # That means that this profile must be a member of at least one group
- # which will contain the corresponding check and reply items.
- # This profile will be queried in the authorize section for every user.
- # The point is to assign all users a default profile without having to
- # manually add each one to a group that will contain the profile.
- # The SQL module will also honor the User-Profile attribute. This
- # attribute can be set anywhere in the authorize section (ie the users
- # file). It is found exactly as the default profile is found.
- # If it is set then it will *overwrite* the default profile setting.
- # The idea is to select profiles based on checks on the incoming packets,
- # not on user group membership. For example:
- # -- users file --
- # DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
- # DEFAULT Service-Type == Framed-User, User-Profile := "framed"
- #
- # By default the default_user_profile is not set
- #
- #default_user_profile = "DEFAULT"
+#######################################################################
+# Default profile
+#######################################################################
+# This is the default profile. It is found in SQL by group membership.
+# That means that this profile must be a member of at least one group
+# which will contain the corresponding check and reply items.
+# This profile will be queried in the authorize section for every user.
+# The point is to assign all users a default profile without having to
+# manually add each one to a group that will contain the profile.
+# The SQL module will also honor the User-Profile attribute. This
+# attribute can be set anywhere in the authorize section (ie the users
+# file). It is found exactly as the default profile is found.
+# If it is set then it will *overwrite* the default profile setting.
+# The idea is to select profiles based on checks on the incoming packets,
+# not on user group membership. For example:
+# -- users file --
+# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
+# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
+#
+# By default the default_user_profile is not set
+#
+#default_user_profile = "DEFAULT"
- #######################################################################
- # NAS Query
- #######################################################################
- # This query retrieves the radius clients
- #
- # 0. Row ID (currently unused)
- # 1. Name (or IP address)
- # 2. Shortname
- # 3. Type
- # 4. Secret
- # 5. Server
- #######################################################################
+#######################################################################
+# NAS Query
+#######################################################################
+# This query retrieves the radius clients
+#
+# 0. Row ID (currently unused)
+# 1. Name (or IP address)
+# 2. Shortname
+# 3. Type
+# 4. Secret
+# 5. Server
+#######################################################################
- client_query = "SELECT id, nasname, shortname, type, secret, server FROM ${client_table}"
+client_query = "\
+ SELECT id, nasname, shortname, type, secret, server \
+ FROM ${client_table}"
- #######################################################################
- # Authorization Queries
- #######################################################################
- # These queries compare the check items for the user
- # in ${authcheck_table} and setup the reply items in
- # ${authreply_table}. You can use any query/tables
- # you want, but the return data for each row MUST
- # be in the following order:
- #
- # 0. Row ID (currently unused)
- # 1. UserName/GroupName
- # 2. Item Attr Name
- # 3. Item Attr Value
- # 4. Item Attr Operation
- #######################################################################
- # Use these for case sensitive usernames.
-# authorize_check_query = "\
+#######################################################################
+# Authorization Queries
+#######################################################################
+# These queries compare the check items for the user
+# in ${authcheck_table} and setup the reply items in
+# ${authreply_table}. You can use any query/tables
+# you want, but the return data for each row MUST
+# be in the following order:
+#
+# 0. Row ID (currently unused)
+# 1. UserName/GroupName
+# 2. Item Attr Name
+# 3. Item Attr Value
+# 4. Item Attr Operation
+#######################################################################
+
+#
+# Use these for case sensitive usernames.
+#
+#authorize_check_query = "\
# SELECT id, username, attribute, value, op \
# FROM ${authcheck_table} \
# WHERE username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
-# authorize_reply_query = "\
+#authorize_reply_query = "\
# SELECT id, username, attribute, value, op \
# FROM ${authreply_table} \
# WHERE username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
- # The default queries are case insensitive. (for compatibility with
- # older versions of FreeRADIUS)
- authorize_check_query = "\
+#
+# The default queries are case insensitive. (for compatibility with older versions of FreeRADIUS)
+#
+authorize_check_query = "\
SELECT id, username, attribute, value, op \
FROM ${authcheck_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY id"
- authorize_reply_query = "\
+authorize_reply_query = "\
SELECT id, username, attribute, value, op \
FROM ${authreply_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY id"
- # Use these for case sensitive usernames.
-# group_membership_query = "\
+#
+# Use these for case sensitive usernames.
+#
+#group_membership_query = "\
# SELECT groupname \
# FROM ${usergroup_table} \
# WHERE username = BINARY '%{SQL-User-Name}' \
# ORDER BY priority"
- group_membership_query = "\
+group_membership_query = "\
SELECT groupname \
FROM ${usergroup_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY priority"
- authorize_group_check_query = "\
+authorize_group_check_query = "\
SELECT id, groupname, attribute, \
Value, op \
FROM ${groupcheck_table} \
WHERE groupname = '%{Sql-Group}' \
ORDER BY id"
- authorize_group_reply_query = "\
+authorize_group_reply_query = "\
SELECT id, groupname, attribute, \
value, op \
FROM ${groupreply_table} \
WHERE groupname = '%{Sql-Group}' \
ORDER BY id"
- #######################################################################
- # Simultaneous Use Checking Queries
- #######################################################################
- # simul_count_query - query for the number of current connections
- # - If this is not defined, no simultaneouls use checking
- # - will be performed by this module instance
- # simul_verify_query - query to return details of current connections
- # for verification
- # - Leave blank or commented out to disable verification step
- # - Note that the returned field order should not be changed.
- #######################################################################
+#######################################################################
+# Simultaneous Use Checking Queries
+#######################################################################
+# simul_count_query - query for the number of current connections
+# - If this is not defined, no simultaneouls use checking
+# - will be performed by this module instance
+# simul_verify_query - query to return details of current connections
+# for verification
+# - Leave blank or commented out to disable verification step
+# - Note that the returned field order should not be changed.
+#######################################################################
- # Uncomment simul_count_query to enable simultaneous use checking
-# simul_count_query = "\
+#
+# Uncomment simul_count_query to enable simultaneous use checking
+#
+#simul_count_query = "\
# SELECT COUNT(*) \
# FROM ${acct_table1} \
# WHERE username = '%{SQL-User-Name}' \
# AND acctstoptime IS NULL"
- simul_verify_query = "\
- SELECT radacctid, acctsessionid, username, \
- nasipaddress, nasportid, framedipaddress, \
- callingstationid, framedprotocol \
+simul_verify_query = "\
+ SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, \
+ callingstationid, framedprotocol \
FROM ${acct_table1} \
WHERE username = '%{SQL-User-Name}' \
AND acctstoptime IS NULL"
- #######################################################################
- # Accounting and Post-Auth Queries
- #######################################################################
- # These queries insert/update accounting and authentication records.
- # The query to use is determined by the value of 'reference'.
- # This value is used as a configuration path and should resolve to one
- # or more 'query's. If reference points to multiple queries, and a query
- # fails, the next query is executed.
- #
- # Behaviour is identical to the old 1.x/2.x module, except we can now
- # fail between N queries, and query selection can be based on any
- # combination of attributes, or custom 'Acct-Status-Type' values.
- #######################################################################
- accounting {
- reference = "%{tolower:type.%{Acct-Status-Type}.query}"
+#######################################################################
+# Accounting and Post-Auth Queries
+#######################################################################
+# These queries insert/update accounting and authentication records.
+# The query to use is determined by the value of 'reference'.
+# This value is used as a configuration path and should resolve to one
+# or more 'query's. If reference points to multiple queries, and a query
+# fails, the next query is executed.
+#
+# Behaviour is identical to the old 1.x/2.x module, except we can now
+# fail between N queries, and query selection can be based on any
+# combination of attributes, or custom 'Acct-Status-Type' values.
+#######################################################################
+accounting {
+ reference = "%{tolower:type.%{Acct-Status-Type}.query}"
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/accounting.sql
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/accounting.sql
- column_list = "\
- acctsessionid, acctuniqueid, username, \
- realm, nasipaddress, nasportid, \
- nasporttype, acctstarttime, acctupdatetime, \
- acctstoptime, acctsessiontime, acctauthentic, \
- connectinfo_start, connectinfo_stop, acctinputoctets, \
- acctoutputoctets, calledstationid, callingstationid, \
- acctterminatecause, servicetype, framedprotocol, \
- framedipaddress"
+ column_list = "\
+ acctsessionid, acctuniqueid, username, \
+ realm, nasipaddress, nasportid, \
+ nasporttype, acctstarttime, acctupdatetime, \
+ acctstoptime, acctsessiontime, acctauthentic, \
+ connectinfo_start, connectinfo_stop, acctinputoctets, \
+ acctoutputoctets, calledstationid, callingstationid, \
+ acctterminatecause, servicetype, framedprotocol, \
+ framedipaddress"
- type {
- accounting-on {
- #
- # Bulk terminate all sessions associated with a given NAS
- #
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, \
- acctsessiontime = \
- %{%{integer:Event-Timestamp}:-strftime('%s', 'now')} \
- - strftime('%s', acctstarttime)), \
- acctterminatecause = '%{Acct-Terminate-Cause}' \
- WHERE acctstoptime IS NULL \
- AND nasipaddress = '%{NAS-IP-Address}' \
- AND acctstarttime <= %{integer:Event-Timestamp}"
- }
+ type {
+ accounting-on {
+ #
+ # Bulk terminate all sessions associated with a given NAS
+ #
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, \
+ acctsessiontime = \
+ %{%{integer:Event-Timestamp}:-strftime('%s', 'now')} \
+ - strftime('%s', acctstarttime)), \
+ acctterminatecause = '%{Acct-Terminate-Cause}' \
+ WHERE acctstoptime IS NULL \
+ AND nasipaddress = '%{NAS-IP-Address}' \
+ AND acctstarttime <= %{integer:Event-Timestamp}"
+ }
- accounting-off {
- query = "${..accounting-on.query}"
- }
+ accounting-off {
+ query = "${..accounting-on.query}"
+ }
- start {
- #
- # Insert a new record into the sessions table
- #
- query = "\
- INSERT INTO ${....acct_table1} \
- (${...column_list}) \
- VALUES \
- ('%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port}', \
- '%{NAS-Port-Type}', \
- %{%{integer:Event-Timestamp}:-date('now')}, \
- %{%{integer:Event-Timestamp}:-date('now')}, \
- NULL, \
- '0', \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- '', \
- '0', \
- '0', \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}')"
+ start {
+ #
+ # Insert a new record into the sessions table
+ #
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (${...column_list}) \
+ VALUES \
+ ('%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port}', \
+ '%{NAS-Port-Type}', \
+ %{%{integer:Event-Timestamp}:-date('now')}, \
+ %{%{integer:Event-Timestamp}:-date('now')}, \
+ NULL, \
+ '0', \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ '', \
+ '0', \
+ '0', \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}')"
- #
- # Key constraints prevented us from inserting a new session,
- # use the alternate query to update an existing session.
- #
- query = "\
- UPDATE ${....acct_table1} SET \
- acctstarttime = %{%{integer:Event-Timestamp}:-date('now')}, \
- acctupdatetime = %{%{integer:Event-Timestamp}:-date('now'))}, \
- connectinfo_start = '%{Connect-Info}' \
- WHERE acctsessionid = '%{Acct-Session-Id}' \
- AND username = '%{SQL-User-Name}' \
- AND nasipaddress = '%{NAS-IP-Address}'"
- }
+ #
+ # Key constraints prevented us from inserting a new session,
+ # use the alternate query to update an existing session.
+ #
+ query = "\
+ UPDATE ${....acct_table1} SET \
+ acctstarttime = %{%{integer:Event-Timestamp}:-date('now')}, \
+ acctupdatetime = %{%{integer:Event-Timestamp}:-date('now'))}, \
+ connectinfo_start = '%{Connect-Info}' \
+ WHERE acctsessionid = '%{Acct-Session-Id}' \
+ AND username = '%{SQL-User-Name}' \
+ AND nasipaddress = '%{NAS-IP-Address}'"
+ }
- interim-update {
- #
- # Update an existing session and calculate the interval
- # between the last data we received for the session and this
- # update. This can be used to find stale sessions.
- #
- query = "\
- UPDATE ${....acct_table1} \
- SET \
- acctupdatetime = %{%{integer:Event-Timestamp}:-date('now')}, \
- acctinterval = 0, \
- framedipaddress = '%{Framed-IP-Address}', \
- acctsessiontime = '%{Acct-Session-Time}', \
- acctinputoctets = %{%{Acct-Input-Gigawords}:-0} \
- << 32 | %{%{Acct-Input-Octets}:-0}, \
- acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} \
- << 32 | %{%{Acct-Output-Octets}:-0} \
- WHERE acctsessionid = '%{Acct-Session-Id}' \
- AND username = '%{SQL-User-Name}' \
- AND nasipaddress = '%{NAS-IP-Address}'"
+ interim-update {
+ #
+ # Update an existing session and calculate the interval
+ # between the last data we received for the session and this
+ # update. This can be used to find stale sessions.
+ #
+ query = "\
+ UPDATE ${....acct_table1} \
+ SET \
+ acctupdatetime = %{%{integer:Event-Timestamp}:-date('now')}, \
+ acctinterval = 0, \
+ framedipaddress = '%{Framed-IP-Address}', \
+ acctsessiontime = '%{Acct-Session-Time}', \
+ acctinputoctets = %{%{Acct-Input-Gigawords}:-0} \
+ << 32 | %{%{Acct-Input-Octets}:-0}, \
+ acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} \
+ << 32 | %{%{Acct-Output-Octets}:-0} \
+ WHERE acctsessionid = '%{Acct-Session-Id}' \
+ AND username = '%{SQL-User-Name}' \
+ AND nasipaddress = '%{NAS-IP-Address}'"
- #
- # The update condition matched no existing sessions. Use
- # the values provided in the update to create a new session.
- #
- query = "\
- INSERT INTO ${....acct_table1} \
- (${...column_list}) \
- VALUES \
- ('%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port}', \
- '%{NAS-Port-Type}', \
- (%{%{integer:Event-Timestamp}:-strftime('%s', 'now')} - %{%{Acct-Session-Time}:-0}), \
- %{%{integer:Event-Timestamp}:-date('now')}, \
- NULL, \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', \
- '%{Connect-Info}', \
- '', \
- %{%{Acct-Input-Gigawords}:-0} << 32 | \
- %{%{Acct-Input-Octets}:-0}, \
- %{%{Acct-Output-Gigawords}:-0} << 32 | \
- %{%{Acct-Output-Octets}:-0}, \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}')"
- }
+ #
+ # The update condition matched no existing sessions. Use
+ # the values provided in the update to create a new session.
+ #
+ query = "\
+ INSERT INTO ${....acct_table1} \
+ (${...column_list}) \
+ VALUES \
+ ('%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port}', \
+ '%{NAS-Port-Type}', \
+ (%{%{integer:Event-Timestamp}:-strftime('%s', 'now')} - %{%{Acct-Session-Time}:-0}), \
+ %{%{integer:Event-Timestamp}:-date('now')}, \
+ NULL, \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', \
+ '%{Connect-Info}', \
+ '', \
+ %{%{Acct-Input-Gigawords}:-0} << 32 | \
+ %{%{Acct-Input-Octets}:-0}, \
+ %{%{Acct-Output-Gigawords}:-0} << 32 | \
+ %{%{Acct-Output-Octets}:-0}, \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}')"
+ }
- stop {
- #
- # Session has terminated, update the stop time and statistics.
- #
- query = "\
- UPDATE ${....acct_table2} SET \
- acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, \
- acctsessiontime = '%{Acct-Session-Time}', \
- acctinputoctets = %{%{Acct-Input-Gigawords}:-0} \
- << 32 | %{%{Acct-Input-Octets}:-0}, \
- acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} \
- << 32 | %{%{Acct-Output-Octets}:-0}, \
- acctterminatecause = '%{Acct-Terminate-Cause}', \
- connectinfo_stop = '%{Connect-Info}' \
- WHERE acctsessionid = '%{Acct-Session-Id}' \
- AND username = '%{SQL-User-Name}' \
- AND nasipaddress = '%{NAS-IP-Address}'"
+ stop {
+ #
+ # Session has terminated, update the stop time and statistics.
+ #
+ query = "\
+ UPDATE ${....acct_table2} SET \
+ acctstoptime = %{%{integer:Event-Timestamp}:-date('now')}, \
+ acctsessiontime = '%{Acct-Session-Time}', \
+ acctinputoctets = %{%{Acct-Input-Gigawords}:-0} \
+ << 32 | %{%{Acct-Input-Octets}:-0}, \
+ acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} \
+ << 32 | %{%{Acct-Output-Octets}:-0}, \
+ acctterminatecause = '%{Acct-Terminate-Cause}', \
+ connectinfo_stop = '%{Connect-Info}' \
+ WHERE acctsessionid = '%{Acct-Session-Id}' \
+ AND username = '%{SQL-User-Name}' \
+ AND nasipaddress = '%{NAS-IP-Address}'"
- #
- # The update condition matched no existing sessions. Use
- # the values provided in the update to create a new session.
- #
- query = "\
- INSERT INTO ${....acct_table2} \
- (${...column_list}) \
- VALUES \
- ('%{Acct-Session-Id}', \
- '%{Acct-Unique-Session-Id}', \
- '%{SQL-User-Name}', \
- '%{Realm}', \
- '%{NAS-IP-Address}', \
- '%{NAS-Port}', \
- '%{NAS-Port-Type}', \
- %{%{integer:Event-Timestamp}:-strftime('%s', 'now')} - %{%{Acct-Session-Time}:-0}), \
- %{%{integer:Event-Timestamp}:-date('now')}, \
- %{%{integer:Event-Timestamp}:-date('now')}, \
- '%{Acct-Session-Time}', \
- '%{Acct-Authentic}', \
- '', \
- '%{Connect-Info}', \
- %{%{Acct-Input-Gigawords}:-0} << 32 | \
- %{%{Acct-Input-Octets}:-0}, \
- %{%{Acct-Output-Gigawords}:-0} << 32 | \
- %{%{Acct-Output-Octets}:-0}, \
- '%{Called-Station-Id}', \
- '%{Calling-Station-Id}', \
- '%{Acct-Terminate-Cause}', \
- '%{Service-Type}', \
- '%{Framed-Protocol}', \
- '%{Framed-IP-Address}')"
- }
+ #
+ # The update condition matched no existing sessions. Use
+ # the values provided in the update to create a new session.
+ #
+ query = "\
+ INSERT INTO ${....acct_table2} \
+ (${...column_list}) \
+ VALUES \
+ ('%{Acct-Session-Id}', \
+ '%{Acct-Unique-Session-Id}', \
+ '%{SQL-User-Name}', \
+ '%{Realm}', \
+ '%{NAS-IP-Address}', \
+ '%{NAS-Port}', \
+ '%{NAS-Port-Type}', \
+ %{%{integer:Event-Timestamp}:-strftime('%s', 'now')} - %{%{Acct-Session-Time}:-0}), \
+ %{%{integer:Event-Timestamp}:-date('now')}, \
+ %{%{integer:Event-Timestamp}:-date('now')}, \
+ '%{Acct-Session-Time}', \
+ '%{Acct-Authentic}', \
+ '', \
+ '%{Connect-Info}', \
+ %{%{Acct-Input-Gigawords}:-0} << 32 | \
+ %{%{Acct-Input-Octets}:-0}, \
+ %{%{Acct-Output-Gigawords}:-0} << 32 | \
+ %{%{Acct-Output-Octets}:-0}, \
+ '%{Called-Station-Id}', \
+ '%{Calling-Station-Id}', \
+ '%{Acct-Terminate-Cause}', \
+ '%{Service-Type}', \
+ '%{Framed-Protocol}', \
+ '%{Framed-IP-Address}')"
}
}
+}
- #######################################################################
- # Authentication Logging Queries
- #######################################################################
- # postauth_query - Insert some info after authentication
- #######################################################################
+#######################################################################
+# Authentication Logging Queries
+#######################################################################
+# postauth_query - Insert some info after authentication
+#######################################################################
- post-auth {
- # Write SQL queries to a logfile. This is potentially useful for bulk inserts
- # when used with the rlm_sql_null driver.
-# logfile = ${logdir}/post-auth.sql
+post-auth {
+ # Write SQL queries to a logfile. This is potentially useful for bulk inserts
+ # when used with the rlm_sql_null driver.
+# logfile = ${logdir}/post-auth.sql
- query = "\
- INSERT INTO ${..postauth_table} \
- (username, pass, reply, authdate) \
- VALUES ( \
- '%{SQL-User-Name}', \
- '%{%{User-Password}:-%{Chap-Password}}', \
- '%{reply:Packet-Type}', \
- %{%{integer:Event-Timestamp}:-date('now')})"
- }
+ query = "\
+ INSERT INTO ${..postauth_table} \
+ (username, pass, reply, authdate) \
+ VALUES ( \
+ '%{SQL-User-Name}', \
+ '%{%{User-Password}:-%{Chap-Password}}', \
+ '%{reply:Packet-Type}', \
+ %{%{integer:Event-Timestamp}:-date('now')})"
+}