Unmatched ( or \(, and, more broadly, setting Stripped-User-Name

Thu Jul 14 14:49:56 CEST 2011

On 14 Jul 2011, at 03:42, Alexander Clouter wrote:

> In article <795D5EE4-7536-431E-926A-98E70EFA1771 at vt.edu> you wrote:
> Although to prevent down the road severe levels of pain when enabling
> eduroam you should be using something like 'dawson at hokies.vt.edu', could
> you not just use 'ntdomain' (a built in module that will do this for
> you)?  'ntdomain' should create Realm and Stripped-User-Name in the
> manner you want.
Are you suggesting that using a prefix domain like that will cause problems, or that I should be using the realms module?
I have no problem with using the module, as it's worked well for the proxying side of things, but I need to be able to authorize the users on our domain, and that means I need to get a stripped username and pass it to the DB.  I'll poke at it and see if I can get that side working.

> 
> I was going to ask why you were not doing the perl stuff in unlang. :)
> 
It seemed like a good idea at the time.

>> (1)    ? elsif ("%{User-Name}" =~ /^(.*\\)(.*)$/)
>> (1)     expand: %{User-Name} -> hokies\dawson
>> ERROR: Failed compiling regular expression: Unmatched ( or \(
>> (1)   - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated
>> 
>> where the relevant part of sites-enabled/default authorize section 
> looks thus:
>> 
>> elsif("%{User-Name}" =~ /^(.*\\)(.*)$/){
>>  update request{
>>    Stripped-User-Name := "%{$`}"
>>  }
>> }
>> 
> $' and $` is a perlism.  You want something like (look at policy.conf
> rewrite.calling_station_id and rewrite.called_station_id as an example):
> ----
> if (User-Name =~ /^[^\\]\\?(.*)$/) {
>  update request {
>    Stripped-User-Name := "%{1}"
>  }
> }
> ----
> 
> Untested, but hopefully you get the idea.  :)
This works a little better:
elsif("%{User-Name}" =~ /^(.*)\\\\?(.*)$/){
                        update request{
                                Stripped-User-Name := "%{2}"
                        }
                }

But gives this:
(5) ? Evaluating ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) -> TRUE
(5)    ? elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) -> TRUE
(5)     elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) {
(5)    - entering elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) {...}
(5)     update request {
(5) 	expand: %{2} -> 
(5)     } # update request = updated
(5)    - elsif ("%{User-Name}" =~ /^(.*)\\\\?(.*)$/) returns updated
(5)   - if ("%{User-Name}" !~ /^.*\/.*$/) returns updated
....
(5) sql : 	expand: %{Stripped-User-Name} -> 
(5) sql : sql_set_user escaped user --> ''

Not sure what I should be doing there.  Changed it to %{0} and also to %{1} and both gave me hokies\dawson, which was at least successfully written into Stripped-User-Name.

Would love some more insight into how unlang handles these things, as I'm sure we'll run into a use for it in the future, even if I manage a realms-based solution to this.

Thanks much,
 - Jacob