Setting different IDLE-TIMEOUTS based on IP Address

[Alan DeKok]

Matthew Newton wrote:
> It's down to the userparse() function in valuepair.c, which is
> used by many things including rlm_preprocess for huntgroups, but
> also rlm_files. So the bug also affects this in the users file
> (which I'm guessing won't be going away any time soon!):

  No.  But it could use some fixing.

> In contrast, for an "if" statement in unlang the expression is
> passed to radius_evaluate_condition() in evaluate.c, which parses
> it and passes what it thinks are regexes to getregex(). This has
> the entirely opposite behaviour - it refuses to recognise it as a
> regex *unless* it is bracketed with /'s. Then it returns just the
> bit inside the /'s for the regex comparison.

  Yes.  And that's getting fixed for 3.0, too.  The conditions will be
parsed when the config files are loaded.  They'll then be interpreted at
run time.

  i.e. no string checking at run time.  Much simpler.

> I have a bit of a love hate relationship with unlang. It's
> fantastic for conditionals and wierd logic, but it looks hideous
> if doing big lookups in the config.

  It's intended to *not* do that.  There should really be a "map"
function, something like the "passwd" module.  i.e. "map X to Y".

  Unlang is for policies.  Managing groups should be done elsewhere.

> If nothing else, moving huntgroups from rlm_preprocess into a new
> module rlm_huntgroups would probably make a lot more sense. It
> does tend to confuse people now as it's not too obvious where it's
> being looked up.

  Well... they don't need to edit the preprocess configuration.  Just
poke raddb/huntgroups.  That should be enough for most people.

  Alan DeKok.