On 24.04.15 14:45, Alan DeKok wrote:
On Apr 24, 2015, at 8:20 AM, Gerald Vogt <vogt@spamcop.net> wrote:
I am using regexes a lot in my users file. What would be the indented way to do the same without regexes? I currently use regexes to check the realm if it is my own "Realm =~ example.com|NULL" and also to check for the SSID to which a user connects to on my wifi: e.g., "Called-Station-Id =~ "[-A-Fa-f0-9]+:eduroam$" as the controller puts the MAC address of the access point before the SSID.
So how do I check that instead now without regexes in the users file?
$ man unlang
The "users" file contains *simple* policies. Unlang can do policies of any complexity.
I know that. I just would like to have an experts opinion on what the best approach would be.
From the top of my head I could think of either rewriting the whole users file in unlang and put everything into the authorize sections of the default and inner-tunnel and wherever else "files" was referenced. That, however, seems like the overkill.
So, it would seem more reasonable to keep the users file and instead extract the SSID from the Called-Station-Id and create a "local variable" which holds the SSID and also a flag whether the realm is "local" (i.e. my domain or none aka NULL). However, if I understand the unlang man page correctly, there is nothing like a "local variable" but only attributes defined in dictionaries and either "abusing" an existing attribute or defining my own attribute seems rather odd to me. Thus, conceptionally: what would be the best approach to get those policies working again the way they worked in v2? Thanks, Gerald