Matching a prefix in huntgroups file

Alan DeKok aland at deployingradius.com
Fri Nov 11 14:42:13 CET 2016 

On Nov 11, 2016, at 8:26 AM, Brian Candler <b.candler at pobox.com> wrote:
> On "input" in what context? Are you thinking of something like this?
> 
>    Framed-IP-Address := foo.example.com

  That's exactly what I'm saying.  Also, your examples of comparing IP addresses / net masks.  Host names can go there, too.
> 
>>> Put another way: how is a hostname distinct from a string? Is there any location in unlang where you would want to use a bare hostname, where you couldn't enclose it in double-quotes to make it a string?
>>   Sure, if you want to treat host names as *strings*, and not have them converted to addresses.
>> 
>>   i.e. hostnames *are* addresses after they're parsed.
> 
> To be pedantic, hostnames become addresses after they're resolved. It doesn't necessarily follow that they're resolved at the time they're parsed.

  That is a distinctly unhelpful response.  You ignored the point of my argument, and instead talked about something different.

  How do you know that a particular string is a host name, *before* it's parsed?

Me: It's hard.

You: it's easy!

Me: OK, how?

You: it's EASY!!!!!!

  <sigh>  Just stop.  Please.

  If the LHS is an attribute of type "ipaddr", yes, you can parse the RHS as an IP address or host name.  If the LHS is cast to an IP address, it's possible, too.  But what about this:

	if (host.name.example.com == host.b.example.org) 

  Do you do a string comparison?  Do you resolve them as IP addresses, and compare the addresses?

  What about:

	if (localhost == foo.example.com) 

  The LHS could be an IP address, or it could be just a string.  Until the admin *tells* the parser what it is, the parser CANNOT GUESS.  Because the guesses are likely to be wrong.

  And no, I don't want answers to those questions.  I want you to *think* about the problem before coming up with trivial, but unhelpful suggestions.

> The server *can* choose to resolve them at parse time, with some consequences (e.g. having to restart server if data in DNS changes).  But it could delay resolution until the time of use.

  You don't understand *why* it's hard, and instead are arguing about irrelevant details.

  Go learn more to understand *why* it's hard.  I'm done arguing with someone who thinks it's trivial, but won't do the research to see why it isn't trivial.

  Alan DeKok.

More information about the Freeradius-Users mailing list