On Sun, 2007-07-08 at 09:54 +0200, Alan DeKok wrote:
Phil Mayers wrote:
In *fact* since sql_xlat function only support SELECT, there's no way of executing an SQL modify (insert, update, delete) using %{sql:} syntax - so you *have* to retain the sql post-auth logging function.
int sql_xlat(...) { if (strncasecmp(string, "SELECT", 6) == 0) { do select... } else if (strncasecmp(string, "UPDATE", 6) == 0) { do update... } }
That would work, wouldn't it?
Sure. Presumably you'd have to use some kind of dummy assign: update control { Tmp-String-0 = %{sql:insert into ...} } ...not exactly intuitive. Don't know if you'd want to allow a bare expansion though. Some kind of generalised "call" construct? if (!%{sql:update thing set ...}) { %{sql:insert into thing ...} }
The unlang is nice, but lets not all lose sight of the proven, working and tested mechanisms in the server.
The modules are there to solve common problems with simple solutions. I'd prefer to keep modules than to ship the server with 3k lines of unlang policy.
We are in vigorous agreement.
And while we're on the subject - lets not get caught up in some comp. sci. disagreement of what is authz versus authn. I agree that the 1.1.x terminology is very slightly confusing, and a slightly less ambiguous rename is good, but breaking working functionality at the same time is just plain wrong.
Almost all of the changes in 2.0 have some kind of backwards compatibility with 1.x. That will continue.
Good to hear (and I did not expect otherwise). I was just agreeing with (I think) the comment from Peter that removing the post-auth method from the "sql" module seemed pointless.