Accessing %{client:...} in C custom module
Alan DeKok
aland at deployingradius.com
Wed Mar 2 14:17:25 CET 2016
On Mar 2, 2016, at 2:52 AM, Boris Lytochkin <lytboris at yandex-team.ru> wrote:
> Tried using %{client:group} in radiusd.conf:
> ====
> server default {
> ...
> # Authorization.
> authorize {
> preprocess
> auth_log
> reply_log
> suffix
> if (%{client:group} == "8021X") {
That syntax is wrong.
> ====
> running radiusd -X will result in
> ====
> ...
> (7) if (%{client:group} == "8021X") {
> (7) if (%{client:group} == "8021X") -> FALSE
> ...
> ====
> And I am more than sure that `group` attribute is defined for this client.
That may be so. But the syntax is wrong. See "man unlang".
> Additionally, you can not check for attribute existence:
> /usr/local/etc/raddb/radiusd.conf[250]: Parse error in condition
> /usr/local/etc/raddb/radiusd.conf[250]: (%{client:group}) {
> /usr/local/etc/raddb/radiusd.conf[250]: ^ Expected a module return code
>
> Is this expected? I am playing with 3.0.10.
Yes, it's expected. It's documented.
String expansions are done by using double quotes around the string to be expanded. All of the documentation and examples do this.
I'll add another check and a WARNING message to catch this case, and explain what's wrong about it.
You MUST use quotes:
if ("%{client:group}" == "8021X") {
Alan DeKok
More information about the Freeradius-Devel
mailing list