Alan DeKok schrieb:
Please try it again. You should not need the "always-ok" in the "if (ok)" block, or the "always-reject" in the "if (reject)" block.
Yes, now both examples work like "expected". Working authorize example:
modules {
always always-reject { rcode = reject }
}
server {
authorize {
# reject, but continue always-reject { reject = 1 }
if (ok) { update reply { Reply-Message := 'Hi, there!' } } elsif (reject) { update reply { Reply-Message := "Go away, %{User-Name:-unknown}!" } }
}
}
The elsif is taken always, as it should, and reject will be returned without further action. Of course, the if can't be tested in this setup. Working authenticate example, even if you don't like it :)
modules {
pap { auto_header = yes }
files { usersfile = ${confdir}/users acctusersfile = /dev/null preproxy_usersfile = /dev/null compat = no }
}
server {
authorize { files pap }
authenticate { Auth-Type PAP { # pap returns either fail or noop or ok or reject pap { # default for ok on authenticate would be to return ok = 1 # default for reject on authenticate would be to return reject = 1 } if (ok) { update reply { Reply-Message := "pap authenticate returned OK" } } elsif (reject) { update reply { Reply-Message := "pap authenticate returned REJECT" } } } }
Here, the if is taken if user/password is correct and ok will be propagated by the if block. The elsif is taken if the user is authorized but uses a wrong password and reject will be propagated by the elsif block. The reply is updated in both cases as expected. Thanks for the fix! Enrik