More additions to unlang

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri May 17 00:08:59 CEST 2013


On 16 May 2013, at 17:51, Alan DeKok <aland at deployingradius.com> wrote:

>  The changes in today add "compile-time" validation, and evaluation of
> static values.  For example:
> 
> 	if (Session-Timeout < blue) {
> 
>  In v2, the server will start, and give run-time errors.
> 
>  In v3, the server will refuse to start, as "blue" is not a valid number.
> 
>  Even better, parts of the virtual servers can now be removed at start
> time:
> 
> 	if (0) {
> 		sql
> 		ldap
> 	}
> 
>  When the contents of a condition are statically equivalent to false
> (e.g. 0), then the contents of the "if" block are completely ignored.
> It lets you have conditional parts of the configuration, which have zero
> run-time CPU or memory cost.

The idea being that you can reference other things in your conditions
like environmental variables, or other configuration items and enable
or disable blocks of policy code.

Regular expressions should work too, as should all of the casting 
previously discussed.

The idea is to allow something like:

if (<cidr>$ENV{HOSTNAME} == 192.168/24) {
	// slight variation in policy
} else if (<cidr>$ENV{hostname} == 172.0/24) {
	// other slight variation in policy
}

or

if ($ENV{HOSTNAME} =~ /*.[.]cluster_x.example.org$/) {
	// slight variation in policy
} else if ($ENV{hostname} =~ /*.[.]cluster_y.example.org$/) {
	// other slight variation in policy
}

So if you're deploying the same OS image to multiple virtual machines
or multiple clusters, and require slight variations in policy, you can
now do that extremely efficiently.

HUP will cause the config to be re-read, re-parsed and so re-evaluate
all the pre-evaluated conditions.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Devel mailing list