Plug-in Question
Phil Mayers
p.mayers at imperial.ac.uk
Sun Jul 8 12:57:29 CEST 2007
On Sun, 2007-07-08 at 09:54 +0200, Alan DeKok wrote:
> Phil Mayers wrote:
> > In *fact* since sql_xlat function only support SELECT, there's no way of
> > executing an SQL modify (insert, update, delete) using %{sql:} syntax -
> > so you *have* to retain the sql post-auth logging function.
>
> int sql_xlat(...)
> {
> if (strncasecmp(string, "SELECT", 6) == 0) {
> do select...
> } else if (strncasecmp(string, "UPDATE", 6) == 0) {
> do update...
> }
> }
>
> That would work, wouldn't it?
Sure. Presumably you'd have to use some kind of dummy assign:
update control {
Tmp-String-0 = %{sql:insert into ...}
}
...not exactly intuitive. Don't know if you'd want to allow a bare
expansion though. Some kind of generalised "call" construct?
if (!%{sql:update thing set ...}) {
%{sql:insert into thing ...}
}
>
> > The unlang is nice, but lets not all lose sight of the proven, working
> > and tested mechanisms in the server.
>
> The modules are there to solve common problems with simple solutions.
> I'd prefer to keep modules than to ship the server with 3k lines of
> unlang policy.
We are in vigorous agreement.
>
> > And while we're on the subject - lets not get caught up in some comp.
> > sci. disagreement of what is authz versus authn. I agree that the 1.1.x
> > terminology is very slightly confusing, and a slightly less ambiguous
> > rename is good, but breaking working functionality at the same time is
> > just plain wrong.
>
> Almost all of the changes in 2.0 have some kind of backwards
> compatibility with 1.x. That will continue.
Good to hear (and I did not expect otherwise). I was just agreeing with
(I think) the comment from Peter that removing the post-auth method from
the "sql" module seemed pointless.
More information about the Freeradius-Users
mailing list