"Fossies" - the Fresh Open Source Software Archive

Member "freeradius-server-3.0.23/raddb/mods-config/sql/main/sqlite/queries.conf" (10 Jun 2021, 20541 Bytes) of package /linux/misc/freeradius-server-3.0.23.tar.bz2:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "queries.conf": 3.0.22_vs_3.0.23.

    1 # -*- text -*-
    2 #
    3 #  main/sqlite/queries.conf -- SQLite configuration for default schema (schema.sql)
    4 #
    5 #  Id: e1e83bf94814ed8be6239977b7bacfed21c0cd6a $
    6 
    7 # Safe characters list for sql queries. Everything else is replaced
    8 # with their mime-encoded equivalents.
    9 # The default list should be ok
   10 #safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
   11 
   12 #######################################################################
   13 #  Query config:  Username
   14 #######################################################################
   15 # This is the username that will get substituted, escaped, and added
   16 # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
   17 # everywhere a username substitution is needed so you you can be sure
   18 # the username passed from the client is escaped properly.
   19 #
   20 # Uncomment the next line, if you want the sql_user_name to mean:
   21 #
   22 #   Use Stripped-User-Name, if it's there.
   23 #   Else use User-Name, if it's there,
   24 #   Else use hard-coded string "DEFAULT" as the user name.
   25 #sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
   26 #
   27 sql_user_name = "%{User-Name}"
   28 
   29 #######################################################################
   30 #  Query config:  Event-Timestamp
   31 #######################################################################
   32 # event_timestamp_epoch is the basis for the time inserted into
   33 # accounting records. Typically this will be the Event-Timestamp of the
   34 # accounting request, which is usually provided by a NAS.
   35 #
   36 # Uncomment the next line, if you want the timestamp to be based on the
   37 # request reception time recorded by this server, for example if you
   38 # distrust the provided Event-Timestamp.
   39 #event_timestamp_epoch = "%l"
   40 
   41 event_timestamp_epoch = "%{%{integer:Event-Timestamp}:-%l}"
   42 
   43 # event_timestamp is the SQL snippet for converting an epoch timestamp
   44 # to an SQL date.
   45 
   46 event_timestamp = "${event_timestamp_epoch}"
   47 
   48 # NOTE: Recent SQLite versions allow proper arithmetic with dates
   49 # stored as strings including comparison using an index, so we keep
   50 # these variables differentiated in preparation for switching away from
   51 # integer storage.
   52 
   53 #######################################################################
   54 #  Query config:  Class attribute
   55 #######################################################################
   56 #
   57 #  3.0.22 and later have a "class" column in the accounting table.
   58 #
   59 #  However, we do NOT want to break existing configurations by adding
   60 #  the Class attribute to the default queries.  If we did that, then
   61 #  systems using newer versions of the server would fail, because
   62 #  there is no "class" column in their accounting tables.
   63 #
   64 #  The solution to that is the following "class" subsection.  If your
   65 #  database has a "class" column for the various tables, then you can
   66 #  uncomment the configuration items here.  The queries below will
   67 #  then automatically insert the Class attribute into radacct,
   68 #  radpostauth, etc.
   69 #
   70 class {
   71     #
   72     #  Delete the '#' character from each of the configuration
   73     #  items in this section.  This change puts the Class
   74     #  attribute into the various tables.  Leave the double-quoted
   75     #  string there, as the value for the configuration item.
   76     #
   77     #  See also policy.d/accounting, and the "insert_acct_class"
   78     #  policy.  You will need to list (or uncomment)
   79     #  "insert_acct_class" in the "post-auth" section in order to
   80     #  create a Class attribute.
   81     #
   82     column_name =   # ", class"
   83     packet_xlat =   # ", '%{Class}'"
   84     reply_xlat =    # ", '%{Reply:Class}'"
   85 }
   86 
   87 #######################################################################
   88 # Default profile
   89 #######################################################################
   90 # This is the default profile. It is found in SQL by group membership.
   91 # That means that this profile must be a member of at least one group
   92 # which will contain the corresponding check and reply items.
   93 # This profile will be queried in the authorize section for every user.
   94 # The point is to assign all users a default profile without having to
   95 # manually add each one to a group that will contain the profile.
   96 # The SQL module will also honor the User-Profile attribute. This
   97 # attribute can be set anywhere in the authorize section (ie the users
   98 # file). It is found exactly as the default profile is found.
   99 # If it is set then it will *overwrite* the default profile setting.
  100 # The idea is to select profiles based on checks on the incoming packets,
  101 # not on user group membership. For example:
  102 # -- users file --
  103 # DEFAULT   Service-Type == Outbound-User, User-Profile := "outbound"
  104 # DEFAULT   Service-Type == Framed-User, User-Profile := "framed"
  105 #
  106 # By default the default_user_profile is not set
  107 #
  108 #default_user_profile = "DEFAULT"
  109 
  110 #######################################################################
  111 # NAS Query
  112 #######################################################################
  113 # This query retrieves the radius clients
  114 #
  115 # 0. Row ID (currently unused)
  116 # 1. Name (or IP address)
  117 # 2. Shortname
  118 # 3. Type
  119 # 4. Secret
  120 # 5. Server
  121 #######################################################################
  122 
  123 client_query = "\
  124     SELECT id, nasname, shortname, type, secret, server \
  125     FROM ${client_table}"
  126 
  127 #######################################################################
  128 # Authorization Queries
  129 #######################################################################
  130 # These queries compare the check items for the user
  131 # in ${authcheck_table} and setup the reply items in
  132 # ${authreply_table}. You can use any query/tables
  133 # you want, but the return data for each row MUST
  134 # be in the following order:
  135 #
  136 # 0. Row ID (currently unused)
  137 # 1. UserName/GroupName
  138 # 2. Item Attr Name
  139 # 3. Item Attr Value
  140 # 4. Item Attr Operation
  141 #######################################################################
  142 
  143 #
  144 #  Use these for case sensitive usernames.
  145 #
  146 #authorize_check_query = "\
  147 #   SELECT id, username, attribute, value, op \
  148 #   FROM ${authcheck_table} \
  149 #   WHERE username = BINARY '%{SQL-User-Name}' \
  150 #   ORDER BY id"
  151 
  152 #authorize_reply_query = "\
  153 #   SELECT id, username, attribute, value, op \
  154 #   FROM ${authreply_table} \
  155 #   WHERE username = BINARY '%{SQL-User-Name}' \
  156 #   ORDER BY id"
  157 
  158 #
  159 #  The default queries are case insensitive. (for compatibility with older versions of FreeRADIUS)
  160 #
  161 authorize_check_query = "\
  162     SELECT id, username, attribute, value, op \
  163     FROM ${authcheck_table} \
  164     WHERE username = '%{SQL-User-Name}' \
  165     ORDER BY id"
  166 
  167 authorize_reply_query = "\
  168     SELECT id, username, attribute, value, op \
  169     FROM ${authreply_table} \
  170     WHERE username = '%{SQL-User-Name}' \
  171     ORDER BY id"
  172 
  173 #
  174 # Use these for case sensitive usernames.
  175 #
  176 #group_membership_query = "\
  177 #   SELECT groupname \
  178 #   FROM ${usergroup_table} \
  179 #   WHERE username = BINARY '%{SQL-User-Name}' \
  180 #   ORDER BY priority"
  181 
  182 group_membership_query = "\
  183     SELECT groupname \
  184     FROM ${usergroup_table} \
  185     WHERE username = '%{SQL-User-Name}' \
  186     ORDER BY priority"
  187 
  188 authorize_group_check_query = "\
  189     SELECT id, groupname, attribute, \
  190     Value, op \
  191     FROM ${groupcheck_table} \
  192     WHERE groupname = '%{${group_attribute}}' \
  193     ORDER BY id"
  194 
  195 authorize_group_reply_query = "\
  196     SELECT id, groupname, attribute, \
  197     value, op \
  198     FROM ${groupreply_table} \
  199     WHERE groupname = '%{${group_attribute}}' \
  200     ORDER BY id"
  201 
  202 #######################################################################
  203 # Simultaneous Use Checking Queries
  204 #######################################################################
  205 # simul_count_query - query for the number of current connections
  206 #           - If this is not defined, no simultaneous use checking
  207 #           - will be performed by this module instance
  208 # simul_verify_query    - query to return details of current connections
  209 #               for verification
  210 #           - Leave blank or commented out to disable verification step
  211 #           - Note that the returned field order should not be changed.
  212 #######################################################################
  213 
  214 simul_count_query = "\
  215     SELECT COUNT(*) \
  216     FROM ${acct_table1} \
  217     WHERE username = '%{SQL-User-Name}' \
  218     AND acctstoptime IS NULL"
  219 
  220 simul_verify_query = "\
  221     SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, \
  222         callingstationid, framedprotocol \
  223     FROM ${acct_table1} \
  224     WHERE username = '%{${group_attribute}}' \
  225     AND acctstoptime IS NULL"
  226 
  227 #######################################################################
  228 # Accounting and Post-Auth Queries
  229 #######################################################################
  230 # These queries insert/update accounting and authentication records.
  231 # The query to use is determined by the value of 'reference'.
  232 # This value is used as a configuration path and should resolve to one
  233 # or more 'query's. If reference points to multiple queries, and a query
  234 # fails, the next query is executed.
  235 #
  236 # Behaviour is identical to the old 1.x/2.x module, except we can now
  237 # fail between N queries, and query selection can be based on any
  238 # combination of attributes, or custom 'Acct-Status-Type' values.
  239 #######################################################################
  240 accounting {
  241     reference = "%{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}"
  242 
  243     # Write SQL queries to a logfile. This is potentially useful for bulk inserts
  244     # when used with the rlm_sql_null driver.
  245 #   logfile = ${logdir}/accounting.sql
  246 
  247     column_list = "\
  248         acctsessionid, \
  249         acctuniqueid, \
  250         username, \
  251         realm, \
  252         nasipaddress, \
  253         nasportid, \
  254         nasporttype, \
  255         acctstarttime, \
  256         acctupdatetime, \
  257         acctstoptime, \
  258         acctsessiontime, \
  259         acctauthentic, \
  260         connectinfo_start, \
  261         connectinfo_stop, \
  262         acctinputoctets, \
  263         acctoutputoctets, \
  264         calledstationid, \
  265         callingstationid, \
  266         acctterminatecause, \
  267         servicetype, \
  268         framedprotocol, \
  269         framedipaddress, \
  270         framedipv6address, \
  271         framedipv6prefix, \
  272         framedinterfaceid, \
  273         delegatedipv6prefix \
  274         ${..class.column_name}"
  275 
  276     type {
  277         accounting-on {
  278             #
  279             #  Bulk terminate all sessions associated with a given NAS
  280             #
  281             query = "\
  282                 UPDATE ${....acct_table1} \
  283                 SET \
  284                     acctstoptime = ${....event_timestamp}, \
  285                     acctsessiontime = \
  286                         (${....event_timestamp_epoch} \
  287                         - acctstarttime), \
  288                     acctterminatecause = '%{Acct-Terminate-Cause}' \
  289                 WHERE acctstoptime IS NULL \
  290                 AND nasipaddress = '%{NAS-IP-Address}' \
  291                 AND acctstarttime <= ${....event_timestamp}"
  292         }
  293 
  294         accounting-off {
  295             query = "${..accounting-on.query}"
  296         }
  297 
  298         start {
  299             #
  300             #  Insert a new record into the sessions table
  301             #
  302             query = "\
  303                 INSERT INTO ${....acct_table1} \
  304                     (${...column_list}) \
  305                 VALUES \
  306                     ('%{Acct-Session-Id}', \
  307                     '%{Acct-Unique-Session-Id}', \
  308                     '%{SQL-User-Name}', \
  309                     '%{Realm}', \
  310                     '%{NAS-IP-Address}', \
  311                     '%{%{NAS-Port-ID}:-%{NAS-Port}}', \
  312                     '%{NAS-Port-Type}', \
  313                     ${....event_timestamp}, \
  314                     ${....event_timestamp}, \
  315                     NULL, \
  316                     '0', \
  317                     '%{Acct-Authentic}', \
  318                     '%{Connect-Info}', \
  319                     '', \
  320                     '0', \
  321                     '0', \
  322                     '%{Called-Station-Id}', \
  323                     '%{Calling-Station-Id}', \
  324                     '', \
  325                     '%{Service-Type}', \
  326                     '%{Framed-Protocol}', \
  327                     '%{Framed-IP-Address}', \
  328                     '%{Framed-IPv6-Address}', \
  329                     '%{Framed-IPv6-Prefix}', \
  330                     '%{Framed-Interface-Id}', \
  331                     '%{Delegated-IPv6-Prefix}' \
  332                     ${....class.packet_xlat})"
  333 
  334             #
  335             #  When using "sql_session_start", you should comment out
  336             #  the previous query, and enable this one.
  337             #
  338             #  Just change the previous query to "-query",
  339             #  and this one to "query".  The previous one
  340             #  will be ignored, and this one will be
  341             #  enabled.
  342             #
  343             -query = "\
  344                 UPDATE ${....acct_table1} \
  345                 SET \
  346                     AcctSessionId = '%{Acct-Session-Id}', \
  347                     AcctUniqueId = '%{Acct-Unique-Session-Id}', \
  348                     AcctAuthentic = '%{Acct-Authentic}', \
  349                     ConnectInfo_start = '%{Connect-Info}', \
  350                     ServiceType = '%{Service-Type}', \
  351                     FramedProtocol = '%{Framed-Protocol}', \
  352                     framedipaddress = '%{Framed-IP-Address}', \
  353                     framedipv6address = '%{Framed-IPv6-Address}', \
  354                     framedipv6prefix = '%{Framed-IPv6-Prefix}', \
  355                     framedinterfaceid = '%{Framed-Interface-Id}', \
  356                     delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', \
  357                     AcctStartTime = ${....event_timestamp}, \
  358                     AcctUpdateTime = ${....event_timestamp} \
  359                 WHERE UserName = '%{SQL-User-Name}' \
  360                     AND NASIPAddress = '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
  361                     AND NASPortId = '%{%{NAS-Port-ID}:-%{NAS-Port}}' \
  362                     AND NASPortType = '%{NAS-Port-Type}' \
  363                     AND AcctStopTime IS NULL"
  364 
  365             #
  366             #  Key constraints prevented us from inserting a new session,
  367             #  use the alternate query to update an existing session.
  368             #
  369             query = "\
  370                 UPDATE ${....acct_table1} SET \
  371                     acctstarttime   = ${....event_timestamp}, \
  372                     acctupdatetime  = ${....event_timestamp}, \
  373                     connectinfo_start = '%{Connect-Info}' \
  374                 WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  375         }
  376 
  377         interim-update {
  378             #
  379             #  Update an existing session and calculate the interval
  380             #  between the last data we received for the session and this
  381             #  update. This can be used to find stale sessions.
  382             #
  383             query = "\
  384                 UPDATE ${....acct_table1} \
  385                 SET \
  386                     acctupdatetime  = ${....event_timestamp}, \
  387                     acctinterval    = 0, \
  388                     framedipaddress = '%{Framed-IP-Address}', \
  389                     framedipv6address = '%{Framed-IPv6-Address}', \
  390                     framedipv6prefix = '%{Framed-IPv6-Prefix}', \
  391                     framedinterfaceid = '%{Framed-Interface-Id}', \
  392                     delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', \
  393                     acctsessiontime = %{%{Acct-Session-Time}:-NULL}, \
  394                     acctinputoctets = %{%{Acct-Input-Gigawords}:-0} \
  395                         << 32 | %{%{Acct-Input-Octets}:-0}, \
  396                     acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} \
  397                         << 32 | %{%{Acct-Output-Octets}:-0} \
  398                 WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  399 
  400             #
  401             #  The update condition matched no existing sessions. Use
  402             #  the values provided in the update to create a new session.
  403             #
  404             query = "\
  405                 INSERT INTO ${....acct_table1} \
  406                     (${...column_list}) \
  407                 VALUES \
  408                     ('%{Acct-Session-Id}', \
  409                     '%{Acct-Unique-Session-Id}', \
  410                     '%{SQL-User-Name}', \
  411                     '%{Realm}', \
  412                     '%{NAS-IP-Address}', \
  413                     '%{%{NAS-Port-ID}:-%{NAS-Port}}', \
  414                     '%{NAS-Port-Type}', \
  415                     (${....event_timestamp_epoch} - %{%{Acct-Session-Time}:-0}), \
  416                     ${....event_timestamp}, \
  417                     NULL, \
  418                     %{%{Acct-Session-Time}:-NULL}, \
  419                     '%{Acct-Authentic}', \
  420                     '%{Connect-Info}', \
  421                     '', \
  422                     %{%{Acct-Input-Gigawords}:-0} << 32 | \
  423                         %{%{Acct-Input-Octets}:-0}, \
  424                     %{%{Acct-Output-Gigawords}:-0} << 32 | \
  425                         %{%{Acct-Output-Octets}:-0}, \
  426                     '%{Called-Station-Id}', \
  427                     '%{Calling-Station-Id}', \
  428                     '', \
  429                     '%{Service-Type}', \
  430                     '%{Framed-Protocol}', \
  431                     '%{Framed-IP-Address}', \
  432                     '%{Framed-IPv6-Address}', \
  433                     '%{Framed-IPv6-Prefix}', \
  434                     '%{Framed-Interface-Id}', \
  435                     '%{Delegated-IPv6-Prefix}' \
  436                     ${....class.packet_xlat})"
  437 
  438             #
  439             #  When using "sql_session_start", you should comment out
  440             #  the previous query, and enable this one.
  441             #
  442             #  Just change the previous query to "-query",
  443             #  and this one to "query".  The previous one
  444             #  will be ignored, and this one will be
  445             #  enabled.
  446             #
  447             -query = "\
  448                 UPDATE ${....acct_table1} \
  449                 SET \
  450                     AcctSessionId = '%{Acct-Session-Id}', \
  451                     AcctUniqueId = '%{Acct-Unique-Session-Id}', \
  452                     AcctAuthentic = '%{Acct-Authentic}', \
  453                     ConnectInfo_start = '%{Connect-Info}', \
  454                     ServiceType = '%{Service-Type}', \
  455                     FramedProtocol = '%{Framed-Protocol}', \
  456                     framedipaddress = '%{Framed-IP-Address}', \
  457                     framedipv6address = '%{Framed-IPv6-Address}', \
  458                     framedipv6prefix = '%{Framed-IPv6-Prefix}', \
  459                     framedinterfaceid = '%{Framed-Interface-Id}', \
  460                     delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', \
  461                     AcctUpdateTime = ${....event_timestamp}, \
  462                     AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, \
  463                     AcctInputOctets = '%{%{Acct-Input-Gigawords}:-0}' \
  464                         << 32 | '%{%{Acct-Input-Octets}:-0}', \
  465                     AcctOutputOctets = '%{%{Acct-Output-Gigawords}:-0}' \
  466                         << 32 | '%{%{Acct-Output-Octets}:-0}' \
  467                 WHERE UserName = '%{SQL-User-Name}' \
  468                     AND NASIPAddress = '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
  469                     AND NASPortId = '%{%{NAS-Port-ID}:-%{NAS-Port}}' \
  470                     AND NASPortType = '%{NAS-Port-Type}' \
  471                     AND AcctStopTime IS NULL"
  472 
  473         }
  474 
  475         stop {
  476             #
  477             #  Session has terminated, update the stop time and statistics.
  478             #
  479             query = "\
  480                 UPDATE ${....acct_table2} SET \
  481                     acctstoptime    = ${....event_timestamp}, \
  482                     acctsessiontime = %{%{Acct-Session-Time}:-NULL}, \
  483                     acctinputoctets = %{%{Acct-Input-Gigawords}:-0} \
  484                         << 32 | %{%{Acct-Input-Octets}:-0}, \
  485                     acctoutputoctets = %{%{Acct-Output-Gigawords}:-0} \
  486                         << 32 | %{%{Acct-Output-Octets}:-0}, \
  487                     acctterminatecause = '%{Acct-Terminate-Cause}', \
  488                     connectinfo_stop = '%{Connect-Info}' \
  489                 WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
  490 
  491             #
  492             #  The update condition matched no existing sessions. Use
  493             #  the values provided in the update to create a new session.
  494             #
  495             query = "\
  496                 INSERT INTO ${....acct_table2} \
  497                     (${...column_list}) \
  498                 VALUES \
  499                     ('%{Acct-Session-Id}', \
  500                     '%{Acct-Unique-Session-Id}', \
  501                     '%{SQL-User-Name}', \
  502                     '%{Realm}', \
  503                     '%{NAS-IP-Address}', \
  504                     '%{%{NAS-Port-ID}:-%{NAS-Port}}', \
  505                     '%{NAS-Port-Type}', \
  506                     (${....event_timestamp_epoch} - %{%{Acct-Session-Time}:-0}), \
  507                     ${....event_timestamp}, \
  508                     ${....event_timestamp}, \
  509                     %{%{Acct-Session-Time}:-NULL}, \
  510                     '%{Acct-Authentic}', \
  511                     '', \
  512                     '%{Connect-Info}', \
  513                     %{%{Acct-Input-Gigawords}:-0} << 32 | \
  514                         %{%{Acct-Input-Octets}:-0}, \
  515                     %{%{Acct-Output-Gigawords}:-0} << 32 | \
  516                         %{%{Acct-Output-Octets}:-0}, \
  517                     '%{Called-Station-Id}', \
  518                     '%{Calling-Station-Id}', \
  519                     '%{Acct-Terminate-Cause}', \
  520                     '%{Service-Type}', \
  521                     '%{Framed-Protocol}', \
  522                     '%{Framed-IP-Address}', \
  523                     '%{Framed-IPv6-Address}', \
  524                     '%{Framed-IPv6-Prefix}', \
  525                     '%{Framed-Interface-Id}', \
  526                     '%{Delegated-IPv6-Prefix}' \
  527                     ${....class.packet_xlat})"
  528 
  529             #
  530             #  When using "sql_session_start", you should comment out
  531             #  the previous query, and enable this one.
  532             #
  533             #  Just change the previous query to "-query",
  534             #  and this one to "query".  The previous one
  535             #  will be ignored, and this one will be
  536             #  enabled.
  537             #
  538             -query = "\
  539                 UPDATE ${....acct_table1} \
  540                 SET \
  541                     AcctSessionId = '%{Acct-Session-Id}', \
  542                     AcctUniqueId = '%{Acct-Unique-Session-Id}', \
  543                     AcctAuthentic = '%{Acct-Authentic}', \
  544                     ConnectInfo_start = '%{Connect-Info}', \
  545                     ServiceType = '%{Service-Type}', \
  546                     FramedProtocol = '%{Framed-Protocol}', \
  547                     framedipaddress = '%{Framed-IP-Address}', \
  548                     framedipv6address = '%{Framed-IPv6-Address}', \
  549                     framedipv6prefix = '%{Framed-IPv6-Prefix}', \
  550                     framedinterfaceid = '%{Framed-Interface-Id}', \
  551                     delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', \
  552                     AcctStopTime = ${....event_timestamp}, \
  553                     AcctUpdateTime = ${....event_timestamp}, \
  554                     AcctSessionTime = %{%{Acct-Session-Time}:-NULL}, \
  555                     AcctInputOctets = '%{%{Acct-Input-Gigawords}:-0}' \
  556                         << 32 | '%{%{Acct-Input-Octets}:-0}', \
  557                     AcctOutputOctets = '%{%{Acct-Output-Gigawords}:-0}' \
  558                         << 32 | '%{%{Acct-Output-Octets}:-0}', \
  559                     AcctTerminateCause = '%{Acct-Terminate-Cause}', \
  560                     ConnectInfo_stop = '%{Connect-Info}' \
  561                 WHERE UserName = '%{SQL-User-Name}' \
  562                 AND NASIPAddress = '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}' \
  563                 AND NASPortId = '%{%{NAS-Port-ID}:-%{NAS-Port}}' \
  564                 AND NASPortType = '%{NAS-Port-Type}' \
  565                 AND AcctStopTime IS NULL"
  566 
  567         }
  568 
  569 
  570         #
  571         #  No Acct-Status-Type == ignore the packet
  572         #
  573         accounting {
  574             query = "SELECT true"
  575         }
  576     }
  577 }
  578 
  579 #######################################################################
  580 # Authentication Logging Queries
  581 #######################################################################
  582 # postauth_query    - Insert some info after authentication
  583 #######################################################################
  584 
  585 post-auth {
  586     # Write SQL queries to a logfile. This is potentially useful for bulk inserts
  587     # when used with the rlm_sql_null driver.
  588 #   logfile = ${logdir}/post-auth.sql
  589 
  590     query = "\
  591         INSERT INTO ${..postauth_table} \
  592             (username, pass, reply, authdate ${..class.column_name}) \
  593         VALUES ( \
  594             '%{SQL-User-Name}', \
  595             '%{%{User-Password}:-%{Chap-Password}}', \
  596             '%{reply:Packet-Type}', \
  597             '%S.%M' \
  598             ${..class.reply_xlat})"
  599 }