New parsing of "unlang" conditions.
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Apr 15 21:36:30 CEST 2013
Hi,
the default config has the following:
# Auth-Type eap {
# eap {
# handled = 1
# }
# if (handled && (Response-Packet-Type == Access-Challenge)) {
# attr_filter.access_challenge.post-auth
# handled # override the "updated" code from attr_filter
# }
# }
near the end of post-auth
however, when uncommented, this now fails due to the unlang checking
server default { # from file /etc/raddb/sites-enabled/default
# Loading authenticate {...}
/etc/raddb/sites-enabled/default[482]: Failed to parse "attr_filter.access_challenge.post-auth" entry.
/etc/raddb/sites-enabled/default[481]: Failed to parse "if" subsection.
(last entries all in red)
alan
> A.L.M.Buxey at lboro.ac.uk wrote:
> > /etc/raddb/sites-enabled/default[67]: Invalid location for 'if'
> > Errors reading or parsing /etc/raddb/radiusd.conf
>
> You don't have that in a "server" section. That's why.
>
> I suggest fixing that. The use of a bare "authorize" will get deleted
> from the code before 3.0. It was in 2.x *only* to be backwards
> compatible with 1.x. There's no longer any reason to use it.
>
> > authorize {
> >
> >
> > preprocess
> >
> > if (User-Name == "testuser" && Huntgroup-Name == "testNAS") {
> > files {
> > ok = return
> > }
> > }
> ...
> > thats the failed 'if' on line 67....
>
> The "if" parsing works fine once it's in a "server" section.
>
> The additional checks are there to catch people who do:
>
> module {
> ldap {
> if (...) {
>
> }
>
> }
>
> }
>
> It doesn't work, and it never has worked. But until this change, it
> loaded fine. Fixing that is a Good Thing.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
More information about the Freeradius-Devel
mailing list