Removing attributes from a reply

Joe Maimon jmaimon at ttec.com
Mon Oct 10 20:45:40 CEST 2005 


Alan DeKok wrote:

> Joe Maimon <jmaimon at ttec.com> wrote:
> 
>>If I have the Framed-IP-Address attribute, I need to remove any attribute of
>>
>>Cisco-AVPair -~ "ip:addr-pool.*"
> 
> 
>   rlm_attr_filter?  I think that might work.
> 

I only want to to remove the Cisco-AVPair ~= "ip:addr-pool.*" attrbute 
(that is added before the proxy request is sent) IF the proxy reply 
contains the Framed-IP-Address attribute.

> 
>>I have been assuming I would need the new CVS head policy feature for this.
> 
> 
>   Maybe.  Then again, the module isn't quite finished.
> 
>   Alan DeKok.

Yeah I can tell...I have been working with it a bit and so far I have 
managed to get it to parse the below, but it goes into an endless loop

debug print_tokens     # as we're parsing this file
debug print_policy      # once the file has been parsed
debug evaluate          # print limited information during evaluation

----------------cut here--------------
policy pool {

         if ( (Framed-IP-Address =* "") && (Cisco-Avpair =~ 
"ip:addr-pool.*")) {
                 reply .= {
                         Cisco-Avpair -~ "ip:addr-pool.*"
                 }
         }
}


policy post-proxy {

         pool()
}

-------------cut here------------------


I had to add code to parse.c, rlm_policy.h to recognize those attributes 
(not sure I did it right) and I changed the calls to pairmove() to 
pairxlatmove() <-- untested.

The loop is here evaluate.c:360

-----------cut here--------------------
static int policy_stack_pop(policy_state_t *state, const policy_item_t 
**pitem)
{
         rad_assert(pitem != NULL);
         rad_assert(state->depth >= 0);

redo:
         if (state->depth == 0) {
                 *pitem = NULL;
                 return 0;
         }

         *pitem = state->stack[state->depth - 1];

         /*
          *      Named policies are on the stack for catching recursion.
          */
         if ((*pitem)->type == POLICY_TYPE_NAMED_POLICY) {
                 goto redo;
-----------cut here-------------------

Changed it to *pitem = state->stack[state->depth--]; caused the server 
to exist at
"*pitem = state->stack[state->depth - 1];"

Thats the best I can tell, because I have not figured out yet to get gdb 
to break anywhere  in the rlm_policy

Thanks,

Joe


> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
>

More information about the Freeradius-Devel mailing list