Semantics of !~ operator
Gerald Vogt
vogt at spamcop.net
Fri Apr 24 15:33:15 CEST 2015
On 24.04.15 14:45, Alan DeKok wrote:
> On Apr 24, 2015, at 8:20 AM, Gerald Vogt <vogt at spamcop.net> wrote:
>> I am using regexes a lot in my users file. What would be the indented
>> way to do the same without regexes? I currently use regexes to check the
>> realm if it is my own "Realm =~ example.com|NULL" and also to check for
>> the SSID to which a user connects to on my wifi: e.g.,
>> "Called-Station-Id =~ "[-A-Fa-f0-9]+:eduroam$" as the controller puts
>> the MAC address of the access point before the SSID.
>>
>> So how do I check that instead now without regexes in the users file?
>
> $ man unlang
>
> The "users" file contains *simple* policies. Unlang can do policies of any complexity.
I know that. I just would like to have an experts opinion on what the
best approach would be.
>From the top of my head I could think of either rewriting the whole
users file in unlang and put everything into the authorize sections of
the default and inner-tunnel and wherever else "files" was referenced.
That, however, seems like the overkill.
So, it would seem more reasonable to keep the users file and instead
extract the SSID from the Called-Station-Id and create a "local
variable" which holds the SSID and also a flag whether the realm is
"local" (i.e. my domain or none aka NULL). However, if I understand the
unlang man page correctly, there is nothing like a "local variable" but
only attributes defined in dictionaries and either "abusing" an existing
attribute or defining my own attribute seems rather odd to me.
Thus, conceptionally: what would be the best approach to get those
policies working again the way they worked in v2?
Thanks,
Gerald
More information about the Freeradius-Users
mailing list