!= and !~ operators

Joe Maimon jmaimon at ttec.com
Sun Nov 6 02:55:01 CET 2005

Wouldnt it make more sense if these operators matched if no attributes 
were present that matched or that no attributes were present at all?

After all, == and =~ DONT match if there is no attribute present.

If one wanted to check that the attribute was present but did not 
contain value X, they would use

	Attribute =* "", Attribute != "X"

Fixing the other problems mentioned below while keeping the questioned 
behavior would seem to require keeping track that the auth_item was ever 
not null in some other variable before the "goto try_again;"

The attached patch for src/main/valuepair.c changes the behavior of 
paircompare() in these ways

* if !* matched, no further check attributes were tried

* if !* or != or !~ operators and the attribute is not found, consider 
that a successfull match and try the next check attribute

* if =* and we find the attribute in the request there is no need to 
actually compare the value

* It should be considered an error condition to have matching case 
statements for !* or =* after the call to compare_pair(), since they 
should have been handled already.

* != and !~ are considered successfull as soon as there is an attribute 
in the request that does not match. If there was an attribute that 
matched, and then another one that didnt (or vice versa), it would 
succeed. The patch changes that

If check != request try next one
If check == request return -1 for not match

I have tested it to an extent and would appreciate feedback.


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 200-fix-valuepair-cmp-true-ne-regne.patch
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20051105/dad47066/attachment.ksh>

More information about the Freeradius-Devel mailing list