Repeatable problem with Client-Shortname

Phil Mayers p.mayers at imperial.ac.uk
Thu Jun 23 22:46:50 CEST 2011


On 06/23/2011 07:25 PM, Brian Candler wrote:
> On Thu, Jun 23, 2011 at 06:04:33PM +0200, Alan DeKok wrote:
>> Brian Candler wrote:
>>> Here's a strange problem: the Client-Shortname attribute won't match a
>>> regexp unless it's inside a string expansion.  Simple example:
>>
>>    It isn't a real attribute.  You can use real attributes by name.
>> "Fake" attributes like (insert list here), you need to use string expansion.
>
> What's the definition of "Fake" here? Client-IP-Address doesn't seem any
> more real...

The difference is that "%{Client-Shortname}" runs through xlat.c and 
eventually xlat_packet, which "knows" about magic attributes.

"if (Client-Shortname == ...)" runs through modcall.c and evaluate.c, 
ending up in radius_do_cmp. This doesn't know about special attributes; 
only real ones, or anything with a paircompare() registered e.g. LDAP-Group.

How, then, does Client-IP-Address work? Ah - rlm_expr registers a 
paircompare() for this!

It is confusing.



More information about the Freeradius-Devel mailing list