very long regular expression...[unclas]

[Ranner, Frank MR]

> -----Original Message-----
> From: 
> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
eradius.org [mailto:freeradius-users->
bounces+frank.ranner=defence.gov.au at lists.freeradius.org] On 
> Behalf Of Norbert Grochal
> Sent: Saturday, 25 November 2006 00:13
> To: FreeRadius users mailing list
> Subject: Re: very long regular expression...
> 
> > Do something like:
> >
> > modules {
> >    passwd mac2ok {
> >      filename = /etc/raddb/mac2ok
> >      format = "*Calling-Station-Id:~My-Local-String"
> >      hashsize = 100
> >    }
> >
> >    # other modules
> > }
> >
> > authorize {
> >    preprocess
> >    mac2ok
> >    files
> >    # other modules
> > }
> >
> > Make "/etc/raddb/mac2ok" read:
> >
> > 008012323244:ok
> > 002938475473:ok
> >
> > ...then in "users" put:
> >
> > DEFAULT My-Local-String != "ok", Auth-Type := Reject 
> Reply-Message = 
> > "calling station id not allowed", Fall-Through = No
> >
> > # Other config items
> >
> > Depending on the version of the server, you might need the 
> following 
> > in
> > /etc/raddb/dictionary:
> >
> > ATTRIBUTE My-Local-String 3000 string
> 
> OK, It almost works fine, but if there is no mac in my mac2ok 
> file then users file doesn't put REJECT into Auth-Type.
> I have added that line at the begining of users file:
> 
> DEFAULT Auth-Type := REJECT, My-Local-String !* "a"
> 

Try:

DEFAULT	My-Local-String !* "a", Auth-Type := REJECT
	Reply-Message = "No calling station id provided"

If the first part is false, the second part does not get tested, 
which means Auth-Type doesn't get set. When tests have side effects
(like assignment) testing order matters.

Also, why not test positive instead of negative:

DEFAULT	My-Local-String == "ok", Auth-Type := ACCEPT
	Reply-Message = "%u logged on",
	Other-Attribute = "somevalue"

# other reasons for allowing access
DEFAULT	foo == "bar"
	...

# reject all others
DEFAULT	Auth-Type := REJECT
	Reply-Message = "Access denied"