[PATCH] policy module controlling where attributes are inserted into the reply

Joe Maimon jmaimon at ttec.com
Sun Nov 27 19:37:07 CET 2005 

The attached patch (tested to varying degrees in different points of its 
lifetime, compiles and performs as expected on my system) adds the 
ability to perform these operations

Also attached is a patch that uses pairxlatmove instead of pairmove, 
which is the way I actually use it.

The patch adds these operations

reply ^= {
}

reply ^== () {
}

reply ^. {
}

reply ^.= () {
}

reply $= {
}

reply $== () {

}

reply $. {
}

reply $.= () {
}

========================================
reply ^= {
  Attribute1 += "Value1"
}


Will insert the attribute at the top of the list.

reply ^== ( Attribute2 == "Value2" ) {
	Attribute1 += "Value1"
}

Will insert attribute1 before Attribute2 if found, otherwise it behaves 
like ^=


^. and ^.= have the same difference as .= and =

namely they call pairadd instead of pairmove

Otherwise they are the same.

Likewise provided are $= , $. , $== and $.= which insert AFTER the 
attribute.

IOW $= and $. are synonymous with = and .= but are provided for 
completeness. $== and $.= are quite usefull in and of themselves.

==========================================


Motivation:

Cisco NAS's will kick users who assign a VRF after assigning an IP 
address. The VRF must come first.

This allows this form in my policy.txt file.

====cut here=========
policy add_inter_vrf {

         reply ^== ( reply:Cisco-Avpair =~ "lcp:interface-config") {
                 Cisco-Avpair    += "lcp:interface-config=ip vrf 
forwarding CHL-PRIVATE"
         }

         if (!(reply:Cisco-Avpair =~ "lcp:interface-config=ip address.*")) {
                 reply $== (reply:Cisco-AVpair == 
"lcp:interface-config=ip vrf forwarding CHL-PRIVATE") {
                         Cisco-Avpair    += "lcp:interface-config=ip 
unnumbered l10"
                 }
         }

         if (!(reply:Framed-IP-Address =* "")) {
                 reply = {
                         Cisco-Avpair    += "ip:addr-pool=privatepool"
                 }
         }
}
====cut here=========




Enjoy!


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 240-before-after-where-head-tail.dpatch
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20051127/e698f0ea/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 245-policy-xlat.dpatch
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20051127/e698f0ea/attachment-0001.ksh>

More information about the Freeradius-Devel mailing list