Initial support of Multi Valued Attributes operators
Olivier Beytrison
olivier at heliosnet.org
Mon Mar 25 19:37:42 CET 2013
On 25.03.2013 18:35, Brian Candler wrote:
> I don't think freeradius will currently let you select the list directly:
>
> if (control:Tmp-String-0 =~ /foo/) { ... nope
As phil said, it does. at least in HEAD
>
> Another idea along these lines:
>
> update {
> control:Tmp-String-1 += "bar"
> reply:Reply-Message += "Wibble"
> }
This is also already the case
> and finally:
>
> update {
> /* copy _all_ instances of the attribute to another attribute */
> reply:Reply-Message ++= control:Tmp-String-0
> }
This has already been implemented in rlm_cache, and Arran made it so we can reuse the logic (attrmap) in other modules.
Another example of the operator in function :
post-auth {
if (reply:HESSO-Role-Raw =~ /STD/) {
noop
}
if (reply:HESSO-Role-Raw |=~ /STD/) {
noop
}
}
gives
(9) ? if (reply:HESSO-Role-Raw =~ /STD/)
(9) ? Evaluating (reply:HESSO-Role-Raw =~ /STD/) -> FALSE
(9) ? if (reply:HESSO-Role-Raw =~ /STD/) -> FALSE
(9) ? if (reply:HESSO-Role-Raw |=~ /STD/)
(9) ? Evaluating 31935762-440774439#RORG-HEFR-EIFR-INTR-INFO#EMP#COL |=~ STD -> FALSE
(9) ? Evaluating 31935762-440774439#RORG-HEFR-EIFR-INTR-INFO#STD# |=~ STD -> TRUE
(9) ? Evaluating (reply:HESSO-Role-Raw |=~ /STD/) -> TRUE
(9) ? if (reply:HESSO-Role-Raw |=~ /STD/) -> TRUE
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Devel
mailing list