unlang question
Alan DeKok
aland at deployingradius.com
Thu Jul 5 12:04:41 CEST 2007
Enrik Berkhan wrote:
> But exactly adding the "ok = 1" makes it work. Have you tried it? May be
> it's a bug though ... :)
Hmm... then I'm not sure I understand what the code is doing.
...
> But it takes something from the child block after the unroll: label in
> modcall.c. That's why I have tried the above. Maybe this is not correct
> for if/elsif?
The if/elsif blocks should force the current return code to be the
last one used. I think it worked by accident, so it's good to fix the
code to make it work on purpose.
...
>> What you probably want here is:
...
> You are right, that's like I wanted it, but it didn't work. So may be
> the if-processing is still buggy then.
Hmm... putting "ok = 1" in an "if" section doesn't do *anything*.
It's accepted by the parser, but it doesn't do anything.
OK... after a bit of examination, what works is:
pap {
ok = 1
reject = 1
}
if (ok) {
update reply {
Reply-Message := "Welcome."
}
ok
}
elsif (reject) {
update reply {
Reply-Message := "Wrong PAP password."
}
reject # over-rides the "updated" flag.
}
It's not intuitive, but it works.
But really, all of that logic belongs in the "post-auth" section.
That's what it's there for. Use the "Post-Auth-Type Reject" section.
It's documented in radiusd.conf.
Alan DeKok.
More information about the Freeradius-Devel
mailing list