Anyone want complex conditions in radiusd.conf?
Chris Mikkelson
cmikk at qwest.net
Tue May 22 03:52:59 CEST 2007
On Mon, May 21, 2007 at 04:14:18PM +0200, Alan Dekok wrote:
> authorize {
> ...
>
> if (("%{User-Name}" == "bob") || (5 > 3)) {
> sql
> detail
> ...
> }
>
> }
>
> Sound useful? :)
Yes, very. It's very clean compared to the alternative
of setting Autz-Type, etc. in a users file (our
config uses that approach heavily, and it's somewhat
ugly; this info really *should* be in the .conf
file...).
> The downside is that the existing checks in -pre0 for the return code
> of the previous module won't work e.g.
>
> if "handled|ok" {
> ...
>
> will now be broken.
I think this is a worthwhile tradeoff, since the return code
control flow is (at least partly) covered with the existing:
foo { notfound=return }
syntax.
> If this is OK, I'll check in the new code. With
> a little bit more work, I should be able to add the ability to check the
> return code of the modules, too.
--
Chris Mikkelson | Slashdot: because a million lemmings can't
cmikk at qwest.net | be wrong.
More information about the Freeradius-Devel
mailing list