unlang question

[Alan DeKok]

Enrik Berkhan wrote:
> I figured out the following setup for an unlang if-else construct
> matching on a module return. I'm just wondering if this is the most
> elegant solution currently possible. Comments welcome.

  You can *match* on a module return code.  You can only change the
return code by using the method in "doc/configurable_failover".  Note
that *that* method works only with modules, and *not* inside of an
"unlang" block.
...
>>       pap {
>>         ok = 1          # don't stop processing

  This will work: pap is a module.

>>         reject = 1  
>>       }
>>       if (reject) {
>>         ok = 1          # preserve PAP result in case the if-clause evaluates to false

  This will not work: "if" is not a module.  The comment is also wrong.
 The contents of the "if" block are evaluated ONLY if the "if" evaluates
to true.  So setting "ok = 1" (even if it worked) would happen only when
the "if" evaluates to true.

  On top of that, "if", "else", and "elsif" don't modify the module
return code.  Ever.  The module return code is changed only by modules,
*or* by the "update" command, which sets the return code to "updated".

  What you probably want here is:

  pap {
	ok = 1
	reject = 1
  }
  if (ok) {
	update reply {
           Reply-Message := "Welcome."
         }

  }
  elsif (reject) {
	update reply {
           Reply-Message := "Wrong PAP password."
         }
	reject  # over-rides the "updated" flag.
  }
....

  Hmm... there should probably be a flag to the "update" command to tell
it to *not* change the module return code.  Or, better yet, the "update"
command shouldn't change the module return code.  That can be done with
the "always" module.

  There should also probably be a flag to tell it to delete all of the
attributes in a list.  Maybe:

  update -reply {
	...
  }

  Alan DeKok.