!= and !~ operators
jmaimon at ttec.com
Sun Nov 6 02:55:01 CET 2005
Wouldnt it make more sense if these operators matched if no attributes
were present that matched or that no attributes were present at all?
After all, == and =~ DONT match if there is no attribute present.
If one wanted to check that the attribute was present but did not
contain value X, they would use
Attribute =* "", Attribute != "X"
Fixing the other problems mentioned below while keeping the questioned
behavior would seem to require keeping track that the auth_item was ever
not null in some other variable before the "goto try_again;"
The attached patch for src/main/valuepair.c changes the behavior of
paircompare() in these ways
* if !* matched, no further check attributes were tried
* if !* or != or !~ operators and the attribute is not found, consider
that a successfull match and try the next check attribute
* if =* and we find the attribute in the request there is no need to
actually compare the value
* It should be considered an error condition to have matching case
statements for !* or =* after the call to compare_pair(), since they
should have been handled already.
* != and !~ are considered successfull as soon as there is an attribute
in the request that does not match. If there was an attribute that
matched, and then another one that didnt (or vice versa), it would
succeed. The patch changes that
If check != request try next one
If check == request return -1 for not match
I have tested it to an extent and would appreciate feedback.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Freeradius-Devel