Change RAD_REPLY item in rlm_perl, not add a new pair

Boian Jordanov bjordanov at orbitel.bg
Thu Jun 22 08:58:54 CEST 2006


On Tuesday 20 June 2006 19:05, Kenneth Marshall wrote:
> On Tue, Jun 20, 2006 at 11:05:04AM +0200, Bj?rn Mork wrote:
> > Kenneth Marshall <ktm at is.rice.edu> writes:
> > > I am trying to use rlm_perl to append a number to one
> > > member of the reply packet using rlm_perl and the %RAD_REPLY
> > > hash. I am running freeradius-1.1.1.
> >
> > I don't think you can do that with rlm_perl.  The inability to specify
> > operator is limiting.
> >
> > rlm_perl will choose T_OP_ADD if the hash value is an array reference.
> > Otherwise it defaults to T_OP_EQ when creating the lists of vps out of
> > the %RAD_REPLY and %RAD_CHECK hashes.  There is no way to specify
> > T_OP_SET, which is the functionality you need.
> >
> > I would really love to improve this, but I can't think of any nice way
> > to do it.  If one were to add operators to the perl hashes, how could
> > that be done?  Adding an additional set of hashes, mapping attribute
> > names to operators?  Adding "magic" operator strings to either key or
> > value of the current hashes?
> >
> > I'm afraid that noen of these will be backwards compatible with
> > existing perl scripts using rlm_perl.
> >
> > Another possibility would be to let rlm_perl assume T_OP_SET for
> > modified attributes (unless they are array references).  This makes
> > sense to me (and to you it seems, since that's what you expected :-).
> > But I dont't know of an effecient way to implement this.  You'd
> > probably have to walk through the lists, comparing the values of all
> > attributes.  Unless you tie the hashes to some class implementing the
> > necessarry logic in its STORE function?  That might be a possibilty...
>
> I agree with you. It makes more sense to modify attributes that are
> changed instead of appending a new pair which will be discarded in most
> cases. Is there an easy way to tie a "modified" flag to each attribute
> that could be changed to indicate a modification. Or use something
> like a composite key "attribute+operator" with a missing operator
> defaulting to current behavior. This would allow people to use ":="
> when needed and old code should still work correctly.

Maybe passing a HASH ref for hash which contains the Operator key and the vp 
item too will be a good idea. For example

$hash{'Tunnel-Id'} = "visitor";
$hash{'Operator'} = ":=";
$RAD_REPLY{'Tunnel-Id'} = \%hash;
  
This way we will not change existing behavior. 

-- 
Best Regards,
Boian Jordanov
SNE
Orbitel - Next Generation Telecom
tel. +359 2 4004 723
tel. +359 2 4004 002



More information about the Freeradius-Users mailing list