New parsing of "unlang" conditions.
I've pushed a change to the git "master" branch. It does more in-deptg parsing of conditions in "unlang", when the server starts. ./raddb//sites-enabled/default[214]: Parse error in condition ERROR: if (foo =~ "fpp") { ERROR: ^Expected regex '/' Or: ERROR: if (foo =~ /fpp/ X) { ERROR: ^Unexpected text etc. This works for normal conditions, too, and not just regexes. The next step is to integrate the xlat parser with the conditional parser. This will allow the server to produce *very* descriptive erros when it starts. i.e. ERROR: if (foo == "%{User-Foo}") { ERROR: ^Unknown attribute There are some caveats, of course. But it should work. As always, please check it out. I've done a number of tests, but there's always the possibility that something was missed. Alan DeKok.
Hi,
I've pushed a change to the git "master" branch. It does more in-deptg parsing of conditions in "unlang", when the server starts.
hmmm, /etc/raddb/sites-enabled/default[67]: Invalid location for 'if' Errors reading or parsing /etc/raddb/radiusd.conf authorize { preprocess if (User-Name == "testuser" && Huntgroup-Name == "testNAS") { files { ok = return } } <snip> thats the failed 'if' on line 67.... alan
A.L.M.Buxey@lboro.ac.uk wrote:
/etc/raddb/sites-enabled/default[67]: Invalid location for 'if' Errors reading or parsing /etc/raddb/radiusd.conf
You don't have that in a "server" section. That's why. I suggest fixing that. The use of a bare "authorize" will get deleted from the code before 3.0. It was in 2.x *only* to be backwards compatible with 1.x. There's no longer any reason to use it.
authorize {
preprocess
if (User-Name == "testuser" && Huntgroup-Name == "testNAS") { files { ok = return } } ... thats the failed 'if' on line 67....
The "if" parsing works fine once it's in a "server" section. The additional checks are there to catch people who do: module { ldap { if (...) { } } } It doesn't work, and it never has worked. But until this change, it loaded fine. Fixing that is a Good Thing. Alan DeKok.
Hi, the default config has the following: # Auth-Type eap { # eap { # handled = 1 # } # if (handled && (Response-Packet-Type == Access-Challenge)) { # attr_filter.access_challenge.post-auth # handled # override the "updated" code from attr_filter # } # } near the end of post-auth however, when uncommented, this now fails due to the unlang checking server default { # from file /etc/raddb/sites-enabled/default # Loading authenticate {...} /etc/raddb/sites-enabled/default[482]: Failed to parse "attr_filter.access_challenge.post-auth" entry. /etc/raddb/sites-enabled/default[481]: Failed to parse "if" subsection. (last entries all in red) alan
A.L.M.Buxey@lboro.ac.uk wrote:
/etc/raddb/sites-enabled/default[67]: Invalid location for 'if' Errors reading or parsing /etc/raddb/radiusd.conf
You don't have that in a "server" section. That's why.
I suggest fixing that. The use of a bare "authorize" will get deleted from the code before 3.0. It was in 2.x *only* to be backwards compatible with 1.x. There's no longer any reason to use it.
authorize {
preprocess
if (User-Name == "testuser" && Huntgroup-Name == "testNAS") { files { ok = return } } ... thats the failed 'if' on line 67....
The "if" parsing works fine once it's in a "server" section.
The additional checks are there to catch people who do:
module { ldap { if (...) {
}
}
}
It doesn't work, and it never has worked. But until this change, it loaded fine. Fixing that is a Good Thing.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
A.L.M.Buxey@lboro.ac.uk wrote:
however, when uncommented, this now fails due to the unlang checking
server default { # from file /etc/raddb/sites-enabled/default # Loading authenticate {...} /etc/raddb/sites-enabled/default[482]: Failed to parse "attr_filter.access_challenge.post-auth" entry. /etc/raddb/sites-enabled/default[481]: Failed to parse "if" subsection.
$ git pull Minor tweaks to the module loading code. Alan DeKok.
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok