Anyone want complex conditions in radiusd.conf?

Chris Mikkelson cmikk at qwest.net
Tue May 22 03:52:59 CEST 2007


On Mon, May 21, 2007 at 04:14:18PM +0200, Alan Dekok wrote:
>  authorize {
> 	...
> 
> 	if (("%{User-Name}" == "bob") || (5 > 3)) {
> 		sql
> 		detail
> 		...
> 	}
> 
>  }
> 
>   Sound useful? :)

Yes, very.  It's very clean compared to the alternative
of setting Autz-Type, etc. in a users file (our
config uses that approach heavily, and it's somewhat
ugly; this info really *should* be in the .conf
file...).
 
>   The downside is that the existing checks in -pre0 for the return code
> of the previous module won't work e.g.
> 
>   if "handled|ok" {
> 	...
> 
>   will now be broken.  

I think this is a worthwhile tradeoff, since the return code
control flow is (at least partly) covered with the existing:

	foo { notfound=return }

syntax.

> If this is OK, I'll check in the new code.  With
> a little bit more work, I should be able to add the ability to check the
> return code of the modules, too.

-- 
Chris Mikkelson  |  Slashdot: because a million lemmings can't
cmikk at qwest.net  |  be wrong.



More information about the Freeradius-Devel mailing list