src/test/setup/radius-config/freeradius/mods-config/sql/main/oracle/queries.conf - cord-tester - Gitiles

 # -*- text -*-
 #
 #  main/oracle/queries.conf -- Oracle configuration for default schema (schema.sql)
 #
 #  $Id: ca22f5f5c9bf5dff47e60fb2bed56d6b161a4d08 $

 #######################################################################
 #  Query config:  Username
 #######################################################################
 # This is the username that will get substituted, escaped, and added
 # as attribute 'SQL-User-Name'.  '%{SQL-User-Name}' should be used below
 # everywhere a username substitution is needed so you you can be sure
 # the username passed from the client is escaped properly.
 #
 #  Uncomment the next line, if you want the sql_user_name to mean:
 #
 #    Use Stripped-User-Name, if it's there.
 #    Else use User-Name, if it's there,
 #    Else use hard-coded string "DEFAULT" as the user name.
 #sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
 #
 sql_user_name = "%{User-Name}"

 #######################################################################
 #  Default profile
 #######################################################################
 # This is the default profile. It is found in SQL by group membership.
 # That means that this profile must be a member of at least one group
 # which will contain the corresponding check and reply items.
 # This profile will be queried in the authorize section for every user.
 # The point is to assign all users a default profile without having to
 # manually add each one to a group that will contain the profile.
 # The SQL module will also honor the User-Profile attribute. This
 # attribute can be set anywhere in the authorize section (ie the users
 # file). It is found exactly as the default profile is found.
 # If it is set then it will *overwrite* the default profile setting.
 # The idea is to select profiles based on checks on the incoming packets,
 # not on user group membership. For example:
 # -- users file --
 # DEFAULT	Service-Type == Outbound-User, User-Profile := "outbound"
 # DEFAULT	Service-Type == Framed-User, User-Profile := "framed"
 #
 # By default the default_user_profile is not set
 #
 #default_user_profile = "DEFAULT"
 #
 # Determines if we will query the default_user_profile or the User-Profile
 # if the user is not found. If the profile is found then we consider the user
 # found. By default this is set to 'no'.
 #
 #query_on_not_found = no


 #######################################################################
 #  NAS Query
 #######################################################################
 #  This query retrieves the radius clients
 #
 #  0. Row ID (currently unused)
 #  1. Name (or IP address)
 #  2. Shortname
 #  3. Type
 #  4. Secret
 #  5. Virtual server
 #######################################################################

 client_query = "\
 	SELECT id, nasname, shortname, type, secret, server \
 	FROM ${client_table}"

 #######################################################################
 #  Authorization Queries
 #######################################################################
 #  These queries compare the check items for the user
 #  in ${authcheck_table} and setup the reply items in
 #  ${authreply_table}.  You can use any query/tables
 #  you want, but the return data for each row MUST
 #  be in the  following order:
 #
 #  0. Row ID (currently unused)
 #  1. UserName/GroupName
 #  2. Item Attr Name
 #  3. Item Attr Value
 #  4. Item Attr Operation
 #######################################################################
 #
 # WARNING: Oracle is case sensitive
 #
 # The main difference between MySQL and Oracle queries is the date format.
 # You must use the TO_DATE function to transform the radius date format to
 # the Oracle date format, and put NULL otherwise '0' in a void date field.
 #
 #######################################################################

 authorize_check_query = "\
 	SELECT id, UserName, Attribute, Value, op \
 	FROM ${authcheck_table} \
 	WHERE Username = '%{SQL-User-Name}' \
 	ORDER BY id"

 authorize_reply_query = "\
 	SELECT id, UserName, Attribute, Value, op \
 	FROM ${authreply_table} \
 	WHERE Username = '%{SQL-User-Name}' \
 	ORDER BY id"

 authorize_group_check_query = "\
 	SELECT \
 		${groupcheck_table}.id, ${groupcheck_table}.GroupName, ${groupcheck_table}.Attribute, \
 		${groupcheck_table}.Value,${groupcheck_table}.op \
 	FROM ${groupcheck_table}, ${usergroup_table} \
 	WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
 	AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
 	ORDER BY ${groupcheck_table}.id"

 authorize_group_reply_query = "\
 	SELECT \
 		${groupreply_table}.id, ${groupreply_table}.GroupName, ${groupreply_table}.Attribute, \
 		${groupreply_table}.Value, ${groupreply_table}.op \
 	FROM ${groupreply_table}, ${usergroup_table} \
 	WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
 	AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
 	ORDER BY ${groupreply_table}.id"

 #######################################################################
 # Simultaneous Use Checking Queries
 #######################################################################
 # simul_count_query	- query for the number of current connections
 #			- If this is not defined, no simultaneouls use checking
 #			- will be performed by this module instance
 # simul_verify_query	- query to return details of current connections for verification
 #			- Leave blank or commented out to disable verification step
 #			- Note that the returned field order should not be changed.
 #######################################################################

 #
 #  Uncomment simul_count_query to enable simultaneous use checking
 #
 #simul_count_query = "\
 #	SELECT COUNT(*) \
 #	FROM ${acct_table1} \
 #	WHERE UserName = '%{SQL-User-Name}' \
 #	AND AcctStopTime IS NULL"

 simul_verify_query = "\
 	SELECT \
 		RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, \
 		FramedIPAddress, CallingStationId, FramedProtocol \
 	FROM ${acct_table1} \
 	WHERE UserName='%{SQL-User-Name}' \
 	AND AcctStopTime IS NULL"

 #######################################################################
 # Group Membership Queries
 #######################################################################
 # group_membership_query	- Check user group membership
 #######################################################################

 group_membership_query = "\
 	SELECT GroupName \
 	FROM ${usergroup_table} \
 	WHERE UserName='%{SQL-User-Name}'"

 #######################################################################
 # Accounting and Post-Auth Queries
 #######################################################################
 # These queries insert/update accounting and authentication records.
 # The query to use is determined by the value of 'reference'.
 # This value is used as a configuration path and should resolve to one
 # or more 'query's. If reference points to multiple queries, and a query
 # fails, the next query is executed.
 #
 # Behaviour is identical to the old 1.x/2.x module, except we can now
 # fail between N queries, and query selection can be based on any
 # combination of attributes, or custom 'Acct-Status-Type' values.
 #######################################################################
 accounting {
 	reference = "%{tolower:type.%{Acct-Status-Type}.query}"

 	# Write SQL queries to a logfile. This is potentially useful for bulk inserts
 	# when used with the rlm_sql_null driver.
 #		logfile = ${logdir}/accounting.sql

 	type {
 		accounting-on {
 			query = "\
 				UPDATE ${....acct_table1} \
 				SET \
 					AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
 					AcctSessionTime = round((TO_DATE('%S','yyyy-mm-dd hh24:mi:ss') - \
 						TO_DATE(TO_CHAR(acctstarttime, 'yyyy-mm-dd hh24:mi:ss'),'yyyy-mm-dd hh24:mi:ss'))*86400), \
 					AcctTerminateCause='%{%{Acct-Terminate-Cause}:-NAS-Reboot}', \
 					AcctStopDelay = %{%{Acct-Delay-Time}:-0} \
 				WHERE AcctStopTime IS NULL \
 				AND NASIPAddress = '%{NAS-IP-Address}' \
 				AND AcctStartTime <= TO_DATE('%S','yyyy-mm-dd hh24:mi:ss')"
 		}

 		accounting-off {
 			query = "${..accounting-on.query}"
 		}

 		start {
 			query = "\
 				INSERT INTO ${....acct_table1} \
 					(RadAcctId,		AcctSessionId,		AcctUniqueId, \
 					UserName,		Realm,			NASIPAddress, \
 					NASPortId,		NASPortType,		AcctStartTime, \
 					AcctStopTime,		AcctSessionTime,	AcctAuthentic, \
 					ConnectInfo_start,	ConnectInfo_stop,	AcctInputOctets, \
 					AcctOutputOctets,	CalledStationId,	CallingStationId, \
 					AcctTerminateCause,	ServiceType,		FramedProtocol, \
 					FramedIPAddress,	AcctStartDelay,		AcctStopDelay, \
 					XAscendSessionSvrKey) \
 				VALUES(\
 					'', \
 					'%{Acct-Session-Id}', \
 					'%{Acct-Unique-Session-Id}', \
 					'%{SQL-User-Name}', \
 					'%{Realm}', \
 					'%{NAS-IP-Address}', \
 					'%{NAS-Port-Id}', \
 					'%{NAS-Port-Type}', \
 					TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
 					NULL, \
 					'0', \
 					'%{Acct-Authentic}', \
 					'%{Connect-Info}', \
 					'', \
 					'0', \
 					'0', \
 					'%{Called-Station-Id}', \
 					'%{Calling-Station-Id}', \
 					'', \
 					'%{Service-Type}', \
 					'%{Framed-Protocol}', \
 					'%{Framed-IP-Address}', \
 					'%{Acct-Delay-Time}', \
 					'0', \
 					'%{X-Ascend-Session-Svr-Key}')"

 			query = "\
 				UPDATE ${....acct_table1} \
 				SET \
 					AcctStartTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
 					AcctStartDelay = '%{%{Acct-Delay-Time}:-0}', \
 					ConnectInfo_start = '%{Connect-Info}' \
 				WHERE AcctSessionId = '%{Acct-Session-Id}' \
 				AND UserName = '%{SQL-User-Name}' \
 				AND NASIPAddress = '%{NAS-IP-Address}' \
 				AND AcctStopTime IS NULL"
 		}

 		interim-update {
 			query = "\
 				UPDATE ${....acct_table1} \
 				SET \
 					FramedIPAddress = NULLIF('%{Framed-IP-Address}', ''), \
 					AcctSessionTime = '%{Acct-Session-Time}', \
 					AcctInputOctets = '%{Acct-Input-Octets}' + \
 						('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
 					AcctOutputOctets = '%{Acct-Output-Octets}' +  \
 						('%{%{Acct-Output-Gigawords}:-0}' * 4294967296) \
 				WHERE AcctSessionId = '%{Acct-Session-Id}' \
 				AND UserName = '%{SQL-User-Name}' \
 				AND NASIPAddress= '%{NAS-IP-Address}' \
 				AND AcctStopTime IS NULL"

 			query = "\
 				INSERT into ${....acct_table1} \
 					(RadAcctId,		AcctSessionId,		AcctUniqueId, \
 					UserName,		Realm,			NASIPAddress, \
 					NASPortId,		NASPortType,		AcctStartTime, \
 					AcctSessionTime, 	AcctAuthentic,		ConnectInfo_start, \
 					AcctInputOctets,	AcctOutputOctets,	CalledStationId, \
 					CallingStationId,	ServiceType,		FramedProtocol, \
 					FramedIPAddress,	AcctStartDelay,		XAscendSessionSvrKey) \
 				VALUES(\
 					'', \
 					'%{Acct-Session-Id}', \
 					'%{Acct-Unique-Session-Id}', \
 					'%{SQL-User-Name}', \
 					'%{Realm}', \
 					'%{NAS-IP-Address}', \
 					'%{NAS-Port-Id}', \
 					'%{NAS-Port-Type}', \
 					NULL, \
 					'%{Acct-Session-Time}', \
 					'%{Acct-Authentic}', \
 					'', \
 					'%{Acct-Input-Octets}' + \
 						('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
 					'%{Acct-Output-Octets}' +  \
 						('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
 					'%{Called-Station-Id}', \
 					'%{Calling-Station-Id}', \
 					'%{Service-Type}', \
 					'%{Framed-Protocol}', \
 					'%{Framed-IP-Address}', \
 					'0', \
 					'%{X-Ascend-Session-Svr-Key}')"
 		}

 		stop {
 			query = "\
 				UPDATE ${....acct_table2} \
 				SET \
 					AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
 					AcctSessionTime = '%{Acct-Session-Time}', \
 					AcctInputOctets = '%{Acct-Input-Octets}' + \
 						('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
 					AcctOutputOctets = '%{Acct-Output-Octets}' +  \
 						('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
 					AcctTerminateCause = '%{Acct-Terminate-Cause}', \
 					AcctStopDelay = '%{%{Acct-Delay-Time}:-0}', \
 					ConnectInfo_stop = '%{Connect-Info}' \
 				WHERE AcctSessionId = '%{Acct-Session-Id}' \
 				AND UserName = '%{SQL-User-Name}' \
 				AND NASIPAddress = '%{NAS-IP-Address}' \
 				AND AcctStopTime IS NULL"

 			query = "\
 				INSERT into ${....acct_table2} \
 					(RadAcctId,		AcctSessionId,		AcctUniqueId, \
 					 UserName,		Realm,			NASIPAddress, \
 					 NASPortId,		NASPortType,		AcctStartTime, \
 					 AcctStopTime,		AcctSessionTime,	AcctAuthentic, \
 					 ConnectInfo_start,	ConnectInfo_stop,	AcctInputOctets, \
 					 AcctOutputOctets,	CalledStationId,	CallingStationId, \
 					 AcctTerminateCause,	ServiceType,		FramedProtocol, \
 					 FramedIPAddress,	AcctStartDelay,		AcctStopDelay) \
 				VALUES(\
 					'', \
 					'%{Acct-Session-Id}', \
 					'%{Acct-Unique-Session-Id}', \
 					'%{SQL-User-Name}', \
 					'%{Realm}', \
 					'%{NAS-IP-Address}', \
 					'%{NAS-Port-Id}', \
 					'%{NAS-Port-Type}', \
 					NULL, \
 					TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
 					'%{Acct-Session-Time}', \
 					'%{Acct-Authentic}', \
 					'', \
 					'%{Connect-Info}', \
 					'%{Acct-Input-Octets}' + \
 						('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
 					'%{Acct-Output-Octets}' + \
 						('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
 					'%{Called-Station-Id}', \
 					'%{Calling-Station-Id}', \
 					'%{Acct-Terminate-Cause}', \
 					'%{Service-Type}', \
 					'%{Framed-Protocol}', \
 					'%{Framed-IP-Address}', \
 					'0', \
 					'%{%{Acct-Delay-Time}:-0}')"

 		}
 	}
 }

 #######################################################################
 # Authentication Logging Queries
 #######################################################################
 # postauth_query                - Insert some info after authentication
 #######################################################################

 post-auth {
 	# Write SQL queries to a logfile. This is potentially useful for bulk inserts
 	# when used with the rlm_sql_null driver.
 #	logfile = ${logdir}/post-auth.sql
 	query = "\
 		INSERT INTO ${..postauth_table} \
 			(username, pass, reply, authdate) \
 		VALUES (\
 			'%{User-Name}', \
 			'%{%{User-Password}:-%{Chap-Password}}', \
 			'%{reply:Packet-Type}', \
 			TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS'))"
 }
	# -- text --
	#
	# main/oracle/queries.conf -- Oracle configuration for default schema (schema.sql)
	#
	# $Id: ca22f5f5c9bf5dff47e60fb2bed56d6b161a4d08 $

	#######################################################################
	# Query config: Username
	#######################################################################
	# This is the username that will get substituted, escaped, and added
	# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
	# everywhere a username substitution is needed so you you can be sure
	# the username passed from the client is escaped properly.
	#
	# Uncomment the next line, if you want the sql_user_name to mean:
	#
	# Use Stripped-User-Name, if it's there.
	# Else use User-Name, if it's there,
	# Else use hard-coded string "DEFAULT" as the user name.
	#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
	#
	sql_user_name = "%{User-Name}"

	#######################################################################
	# Default profile
	#######################################################################
	# This is the default profile. It is found in SQL by group membership.
	# That means that this profile must be a member of at least one group
	# which will contain the corresponding check and reply items.
	# This profile will be queried in the authorize section for every user.
	# The point is to assign all users a default profile without having to
	# manually add each one to a group that will contain the profile.
	# The SQL module will also honor the User-Profile attribute. This
	# attribute can be set anywhere in the authorize section (ie the users
	# file). It is found exactly as the default profile is found.
	# If it is set then it will overwrite the default profile setting.
	# The idea is to select profiles based on checks on the incoming packets,
	# not on user group membership. For example:
	# -- users file --
	# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
	# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
	#
	# By default the default_user_profile is not set
	#
	#default_user_profile = "DEFAULT"
	#
	# Determines if we will query the default_user_profile or the User-Profile
	# if the user is not found. If the profile is found then we consider the user
	# found. By default this is set to 'no'.
	#
	#query_on_not_found = no


	#######################################################################
	# NAS Query
	#######################################################################
	# This query retrieves the radius clients
	#
	# 0. Row ID (currently unused)
	# 1. Name (or IP address)
	# 2. Shortname
	# 3. Type
	# 4. Secret
	# 5. Virtual server
	#######################################################################

	client_query = "\
	SELECT id, nasname, shortname, type, secret, server \
	FROM ${client_table}"

	#######################################################################
	# Authorization Queries
	#######################################################################
	# These queries compare the check items for the user
	# in ${authcheck_table} and setup the reply items in
	# ${authreply_table}. You can use any query/tables
	# you want, but the return data for each row MUST
	# be in the following order:
	#
	# 0. Row ID (currently unused)
	# 1. UserName/GroupName
	# 2. Item Attr Name
	# 3. Item Attr Value
	# 4. Item Attr Operation
	#######################################################################
	#
	# WARNING: Oracle is case sensitive
	#
	# The main difference between MySQL and Oracle queries is the date format.
	# You must use the TO_DATE function to transform the radius date format to
	# the Oracle date format, and put NULL otherwise '0' in a void date field.
	#
	#######################################################################

	authorize_check_query = "\
	SELECT id, UserName, Attribute, Value, op \
	FROM ${authcheck_table} \
	WHERE Username = '%{SQL-User-Name}' \
	ORDER BY id"

	authorize_reply_query = "\
	SELECT id, UserName, Attribute, Value, op \
	FROM ${authreply_table} \
	WHERE Username = '%{SQL-User-Name}' \
	ORDER BY id"

	authorize_group_check_query = "\
	SELECT \
	${groupcheck_table}.id, ${groupcheck_table}.GroupName, ${groupcheck_table}.Attribute, \
	${groupcheck_table}.Value,${groupcheck_table}.op \
	FROM ${groupcheck_table}, ${usergroup_table} \
	WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
	AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
	ORDER BY ${groupcheck_table}.id"

	authorize_group_reply_query = "\
	SELECT \
	${groupreply_table}.id, ${groupreply_table}.GroupName, ${groupreply_table}.Attribute, \
	${groupreply_table}.Value, ${groupreply_table}.op \
	FROM ${groupreply_table}, ${usergroup_table} \
	WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' \
	AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
	ORDER BY ${groupreply_table}.id"

	#######################################################################
	# Simultaneous Use Checking Queries
	#######################################################################
	# simul_count_query - query for the number of current connections
	# - If this is not defined, no simultaneouls use checking
	# - will be performed by this module instance
	# simul_verify_query - query to return details of current connections for verification
	# - Leave blank or commented out to disable verification step
	# - Note that the returned field order should not be changed.
	#######################################################################

	#
	# Uncomment simul_count_query to enable simultaneous use checking
	#
	#simul_count_query = "\
	# SELECT COUNT(*) \
	# FROM ${acct_table1} \
	# WHERE UserName = '%{SQL-User-Name}' \
	# AND AcctStopTime IS NULL"

	simul_verify_query = "\
	SELECT \
	RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, \
	FramedIPAddress, CallingStationId, FramedProtocol \
	FROM ${acct_table1} \
	WHERE UserName='%{SQL-User-Name}' \
	AND AcctStopTime IS NULL"

	#######################################################################
	# Group Membership Queries
	#######################################################################
	# group_membership_query - Check user group membership
	#######################################################################

	group_membership_query = "\
	SELECT GroupName \
	FROM ${usergroup_table} \
	WHERE UserName='%{SQL-User-Name}'"

	#######################################################################
	# Accounting and Post-Auth Queries
	#######################################################################
	# These queries insert/update accounting and authentication records.
	# The query to use is determined by the value of 'reference'.
	# This value is used as a configuration path and should resolve to one
	# or more 'query's. If reference points to multiple queries, and a query
	# fails, the next query is executed.
	#
	# Behaviour is identical to the old 1.x/2.x module, except we can now
	# fail between N queries, and query selection can be based on any
	# combination of attributes, or custom 'Acct-Status-Type' values.
	#######################################################################
	accounting {
	reference = "%{tolower:type.%{Acct-Status-Type}.query}"

	# Write SQL queries to a logfile. This is potentially useful for bulk inserts
	# when used with the rlm_sql_null driver.
	# logfile = ${logdir}/accounting.sql

	type {
	accounting-on {
	query = "\
	UPDATE ${....acct_table1} \
	SET \
	AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
	AcctSessionTime = round((TO_DATE('%S','yyyy-mm-dd hh24:mi:ss') - \
	TO_DATE(TO_CHAR(acctstarttime, 'yyyy-mm-dd hh24:mi:ss'),'yyyy-mm-dd hh24:mi:ss'))*86400), \
	AcctTerminateCause='%{%{Acct-Terminate-Cause}:-NAS-Reboot}', \
	AcctStopDelay = %{%{Acct-Delay-Time}:-0} \
	WHERE AcctStopTime IS NULL \
	AND NASIPAddress = '%{NAS-IP-Address}' \
	AND AcctStartTime <= TO_DATE('%S','yyyy-mm-dd hh24:mi:ss')"
	}

	accounting-off {
	query = "${..accounting-on.query}"
	}

	start {
	query = "\
	INSERT INTO ${....acct_table1} \
	(RadAcctId, AcctSessionId, AcctUniqueId, \
	UserName, Realm, NASIPAddress, \
	NASPortId, NASPortType, AcctStartTime, \
	AcctStopTime, AcctSessionTime, AcctAuthentic, \
	ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, \
	AcctOutputOctets, CalledStationId, CallingStationId, \
	AcctTerminateCause, ServiceType, FramedProtocol, \
	FramedIPAddress, AcctStartDelay, AcctStopDelay, \
	XAscendSessionSvrKey) \
	VALUES(\
	'', \
	'%{Acct-Session-Id}', \
	'%{Acct-Unique-Session-Id}', \
	'%{SQL-User-Name}', \
	'%{Realm}', \
	'%{NAS-IP-Address}', \
	'%{NAS-Port-Id}', \
	'%{NAS-Port-Type}', \
	TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
	NULL, \
	'0', \
	'%{Acct-Authentic}', \
	'%{Connect-Info}', \
	'', \
	'0', \
	'0', \
	'%{Called-Station-Id}', \
	'%{Calling-Station-Id}', \
	'', \
	'%{Service-Type}', \
	'%{Framed-Protocol}', \
	'%{Framed-IP-Address}', \
	'%{Acct-Delay-Time}', \
	'0', \
	'%{X-Ascend-Session-Svr-Key}')"

	query = "\
	UPDATE ${....acct_table1} \
	SET \
	AcctStartTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
	AcctStartDelay = '%{%{Acct-Delay-Time}:-0}', \
	ConnectInfo_start = '%{Connect-Info}' \
	WHERE AcctSessionId = '%{Acct-Session-Id}' \
	AND UserName = '%{SQL-User-Name}' \
	AND NASIPAddress = '%{NAS-IP-Address}' \
	AND AcctStopTime IS NULL"
	}

	interim-update {
	query = "\
	UPDATE ${....acct_table1} \
	SET \
	FramedIPAddress = NULLIF('%{Framed-IP-Address}', ''), \
	AcctSessionTime = '%{Acct-Session-Time}', \
	AcctInputOctets = '%{Acct-Input-Octets}' + \
	('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
	AcctOutputOctets = '%{Acct-Output-Octets}' + \
	('%{%{Acct-Output-Gigawords}:-0}' * 4294967296) \
	WHERE AcctSessionId = '%{Acct-Session-Id}' \
	AND UserName = '%{SQL-User-Name}' \
	AND NASIPAddress= '%{NAS-IP-Address}' \
	AND AcctStopTime IS NULL"

	query = "\
	INSERT into ${....acct_table1} \
	(RadAcctId, AcctSessionId, AcctUniqueId, \
	UserName, Realm, NASIPAddress, \
	NASPortId, NASPortType, AcctStartTime, \
	AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
	AcctInputOctets, AcctOutputOctets, CalledStationId, \
	CallingStationId, ServiceType, FramedProtocol, \
	FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey) \
	VALUES(\
	'', \
	'%{Acct-Session-Id}', \
	'%{Acct-Unique-Session-Id}', \
	'%{SQL-User-Name}', \
	'%{Realm}', \
	'%{NAS-IP-Address}', \
	'%{NAS-Port-Id}', \
	'%{NAS-Port-Type}', \
	NULL, \
	'%{Acct-Session-Time}', \
	'%{Acct-Authentic}', \
	'', \
	'%{Acct-Input-Octets}' + \
	('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
	'%{Acct-Output-Octets}' + \
	('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
	'%{Called-Station-Id}', \
	'%{Calling-Station-Id}', \
	'%{Service-Type}', \
	'%{Framed-Protocol}', \
	'%{Framed-IP-Address}', \
	'0', \
	'%{X-Ascend-Session-Svr-Key}')"
	}

	stop {
	query = "\
	UPDATE ${....acct_table2} \
	SET \
	AcctStopTime = TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
	AcctSessionTime = '%{Acct-Session-Time}', \
	AcctInputOctets = '%{Acct-Input-Octets}' + \
	('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
	AcctOutputOctets = '%{Acct-Output-Octets}' + \
	('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
	AcctTerminateCause = '%{Acct-Terminate-Cause}', \
	AcctStopDelay = '%{%{Acct-Delay-Time}:-0}', \
	ConnectInfo_stop = '%{Connect-Info}' \
	WHERE AcctSessionId = '%{Acct-Session-Id}' \
	AND UserName = '%{SQL-User-Name}' \
	AND NASIPAddress = '%{NAS-IP-Address}' \
	AND AcctStopTime IS NULL"

	query = "\
	INSERT into ${....acct_table2} \
	(RadAcctId, AcctSessionId, AcctUniqueId, \
	UserName, Realm, NASIPAddress, \
	NASPortId, NASPortType, AcctStartTime, \
	AcctStopTime, AcctSessionTime, AcctAuthentic, \
	ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, \
	AcctOutputOctets, CalledStationId, CallingStationId, \
	AcctTerminateCause, ServiceType, FramedProtocol, \
	FramedIPAddress, AcctStartDelay, AcctStopDelay) \
	VALUES(\
	'', \
	'%{Acct-Session-Id}', \
	'%{Acct-Unique-Session-Id}', \
	'%{SQL-User-Name}', \
	'%{Realm}', \
	'%{NAS-IP-Address}', \
	'%{NAS-Port-Id}', \
	'%{NAS-Port-Type}', \
	NULL, \
	TO_DATE('%S','yyyy-mm-dd hh24:mi:ss'), \
	'%{Acct-Session-Time}', \
	'%{Acct-Authentic}', \
	'', \
	'%{Connect-Info}', \
	'%{Acct-Input-Octets}' + \
	('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \
	'%{Acct-Output-Octets}' + \
	('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \
	'%{Called-Station-Id}', \
	'%{Calling-Station-Id}', \
	'%{Acct-Terminate-Cause}', \
	'%{Service-Type}', \
	'%{Framed-Protocol}', \
	'%{Framed-IP-Address}', \
	'0', \
	'%{%{Acct-Delay-Time}:-0}')"

	}
	}
	}

	#######################################################################
	# Authentication Logging Queries
	#######################################################################
	# postauth_query - Insert some info after authentication
	#######################################################################

	post-auth {
	# Write SQL queries to a logfile. This is potentially useful for bulk inserts
	# when used with the rlm_sql_null driver.
	# logfile = ${logdir}/post-auth.sql
	query = "\
	INSERT INTO ${..postauth_table} \
	(username, pass, reply, authdate) \
	VALUES (\
	'%{User-Name}', \
	'%{%{User-Password}:-%{Chap-Password}}', \
	'%{reply:Packet-Type}', \
	TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS'))"
	}