Change RAD_REPLY item in rlm_perl, not add a new pair

Kenneth Marshall ktm at is.rice.edu
Tue Jun 20 18:05:07 CEST 2006


On Tue, Jun 20, 2006 at 11:05:04AM +0200, Bj?rn Mork wrote:
> Kenneth Marshall <ktm at is.rice.edu> writes:
> 
> > I am trying to use rlm_perl to append a number to one
> > member of the reply packet using rlm_perl and the %RAD_REPLY
> > hash. I am running freeradius-1.1.1.
> 
> I don't think you can do that with rlm_perl.  The inability to specify
> operator is limiting.
> 
> rlm_perl will choose T_OP_ADD if the hash value is an array reference.
> Otherwise it defaults to T_OP_EQ when creating the lists of vps out of
> the %RAD_REPLY and %RAD_CHECK hashes.  There is no way to specify  
> T_OP_SET, which is the functionality you need.
> 
> I would really love to improve this, but I can't think of any nice way
> to do it.  If one were to add operators to the perl hashes, how could
> that be done?  Adding an additional set of hashes, mapping attribute
> names to operators?  Adding "magic" operator strings to either key or
> value of the current hashes?
> 
> I'm afraid that noen of these will be backwards compatible with
> existing perl scripts using rlm_perl.
> 
> Another possibility would be to let rlm_perl assume T_OP_SET for
> modified attributes (unless they are array references).  This makes
> sense to me (and to you it seems, since that's what you expected :-).
> But I dont't know of an effecient way to implement this.  You'd
> probably have to walk through the lists, comparing the values of all
> attributes.  Unless you tie the hashes to some class implementing the
> necessarry logic in its STORE function?  That might be a possibilty...
> 
I agree with you. It makes more sense to modify attributes that are
changed instead of appending a new pair which will be discarded in most
cases. Is there an easy way to tie a "modified" flag to each attribute
that could be changed to indicate a modification. Or use something
like a composite key "attribute+operator" with a missing operator
defaulting to current behavior. This would allow people to use ":="
when needed and old code should still work correctly.

Ken



More information about the Freeradius-Users mailing list