Re: evaluating unlang IF with sql results

2013-06-14 Thread Bill Schoolfield 

Actually this particular issue was the parenthesis around the number. I had 
added
them in the expression to make sure the math occurred before the logical 
comparison.

Without them though, unlang's IF seems to evaluate the first expression (a 
subtraction)
and ignores things afterwards. So the IF always evaluated to true.

I've concluded that the use of IF with multiple expressions won't work. So I 
have move
this logic to perl.

Bill

On 6/13/2013 6:55 PM, Alan DeKok wrote:

Bill Schoolfield wrote:

The above code fails with a message (below) that says (Right field is
not a number at: (1371158700)). I tried adding
a zero to force a number interpretation but this does nothing.


   That error is produced by the SQL database, not by FreeRADIUS.

   My guess is that the error is because the number is larger than 2^32.

   Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: evaluating unlang IF with sql results

2013-06-14 Thread Alan DeKok 
Bill Schoolfield wrote:
 Actually this particular issue was the parenthesis around the number. I
 had added
 them in the expression to make sure the math occurred before the logical
 comparison.

  The man unlang documentation describes the syntax it expects.
Adding a random paranthesis won't work.

 Without them though, unlang's IF seems to evaluate the first expression
 (a subtraction)
 and ignores things afterwards.

  The first expression is an expansion, via %{expr:...}.  It *does* work.

 So the IF always evaluated to true.
 
 I've concluded that the use of IF with multiple expressions won't work.

  Well, no.  It does work.

  If you use git master branch, it produces much better error
messages.  They were added for precisely these reasons.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

evaluating unlang IF with sql results

2013-06-13 Thread Bill Schoolfield 

I can't seem to make this work. I'm comparing some values in the post-auth 
section:

if((%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct 
where username='%{User-Name}'}})  (%{expr: %{sql:select 
unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}})) {
update reply {
Session-Timeout := %{expr: 
%{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where 
username='%{User-Name}'}}
}
}
else {
update reply {
Session-Timeout := %{expr: (%{sql:select 
unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))})}
}
}

The above code fails with a message (below) that says (Right field is not a number 
at: (1371158700)). I tried adding
a zero to force a number interpretation but this does nothing.

I have checked every source I can find and I don't see anyhing that addresses 
this problem.

Thoughts anyone?

Bill



rad_recv: Access-Request packet from host 127.0.0.1 port 59971, id=77, length=74
User-Name = wrs
CHAP-Password = 0x4dab7bdecf6c70f078b77bfa11cebd490d
NAS-IP-Address = 10.0.0.147
NAS-Port = 0
Message-Authenticator = 0xcf99944924652eda7706d17c69afca2c
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = wrs, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} - wrs
[sql] sql_set_user escaped user -- 'wrs'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op   FROM radcheck  
 WHERE username = '%{SQL-User-Name}'   ORDER BY id - SELECT 
id, username, attribute, value, op   FROM radcheck   WHERE 
username = 'wrs'   ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op   FROM radreply  
 WHERE username = '%{SQL-User-Name}'   ORDER BY id - SELECT 
id, username, attribute, value, op   FROM radreply   WHERE 
username = 'wrs'   ORDER BY id
[sql]   expand: SELECT groupname   FROM radusergroup   WHERE 
username = '%{SQL-User-Name}'   ORDER BY priority - SELECT groupname   
FROM radusergroup   WHERE username = 'wrs'   ORDER BY 
priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
[expiration] Checking Expiration time: '13 Jun 2013 21:25:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
rlm_sqlcounter: Entering module authorize code
WARNING: Please replace '%k' with '${key}'
sqlcounter_expand:  'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE 
UserName='%{User-Name}''
[noresetcounter]expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct 
WHERE UserName='%{User-Name}' - SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='wrs'
WARNING: Please replace '%S' with '${sqlmod-inst}'
sqlcounter_expand:  '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct 
WHERE UserName='wrs'}'
[noresetcounter] sql_xlat
[noresetcounter]expand: %{User-Name} - wrs
[noresetcounter] sql_set_user escaped user -- 'wrs'
[noresetcounter]expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct 
WHERE UserName='wrs' - SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct 
WHERE UserName='wrs'
rlm_sql (sql): Reserving sql socket id: 2
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
[noresetcounter]expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM 
radacct WHERE UserName='wrs'} - 12
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user wrs, check_item=600, counter=12
rlm_sqlcounter: Sent Reply-Item for user wrs, Type=Session-Timeout, value=180
++[noresetcounter] returns ok
Found Auth-Type = CHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by wrs with CHAP password
[chap] Using clear text password test123 for user wrs authentication.
[chap] chap user wrs authenticated succesfully
++[chap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
++? if ((%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where 
username='%{User-Name}'}})  (%{expr: %{sql:select 
unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}}))
sql_xlat
expand: %{User-Name} - wrs

Re: evaluating unlang IF with sql results

2013-06-13 Thread Alan DeKok 
Bill Schoolfield wrote:
 The above code fails with a message (below) that says (Right field is
 not a number at: (1371158700)). I tried adding
 a zero to force a number interpretation but this does nothing.

  That error is produced by the SQL database, not by FreeRADIUS.

  My guess is that the error is because the number is larger than 2^32.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html