3.0.x: check regex against multiple instances of attribute
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Jul 7 20:34:34 CEST 2014
On 7 Jul 2014, at 10:09, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> On 7 Jul 2014, at 08:42, Alan DeKok <aland at deployingradius.com> wrote:
>
>> Phil Mayers wrote:
>>> =~ used to do this i.e. loop over the attributes, but no longer does; I
>>> think it got lost in the great unlang rewrite.
>>
>> It should behave like the other comparison attributes. So that's
>> either consistent and correct, or inconsistent and wrong.
>
> That was bizarre behaviour and very wrong.
>
>>> You'll have to foreach over the attribute then regexp-compare against
>>> "%{Foreach-Variable-X}" - you do need to string-ify it, as it's not a
>>> real attribute.
>>
>> I've tried to figure out how to fix that... it's not obvious. Maybe
>> some bizarre internal hacks would do it.
>
> Could probably use the same mechanism as the ldap groupcmp stuff.
OK just checked the code to make sure. If you turn on group name caching,
regular expressions will work fine for group checks.
Just looking through the dynamic comparison code (the stuff that gets
run if caching hasn't been enabled), and it should be fairly trivial to
add regex comparisons there too.
There should probably be some warnings sprinkled around to say what
operators are supported for group comparisons.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140707/382d0984/attachment.pgp>
More information about the Freeradius-Users
mailing list