FreeRADIUS 2.X.X small functionality extensions

Herwin Weststrate herwin at quarantainenet.nl
Wed Jun 4 16:19:07 CEST 2014


There are often more ways to reach a goal, I think this e-mail is a nice
example of this.

On 04-06-14 15:39, Kostas Zorbadelos wrote:
> One of our requirements in authentication/authorization is DSLAM port
> checking. The port info comes in NAS-Port-Id in our case and can be
> extracted in a normalized form with a regular expression. The problem
> was that FreeRADIUS provided in variables only the first 8 matching
> groups in %{0}..%{8}, whereas in our setup we needed up until %{12} to
> get the port information.

The standard trick to do this (often used with mod_rewrite in the Apache
HTTP server) is to do the rewriting in multiple steps. Disadvantage here
is that unlang doesn't have a while-statement, so we'd have to know
beforehand how many matches we expect.

> - make available a new xlat function tonumber() to translate strings as
>   numbers   
> 
> In our case the port info coming from the regular expression is a string
> of the form 15243:1/1/02/04 and we want to transform it to
> 15243:1/1/2/4. 

This is about the same as matching (.*?)0*(\d+)(.*) and overwriting the
value with "%{1}%{2}%{3}".

When more flexibility is required, it's pretty easy to do a call to
rlm_perl (rlm_python works probably just as good, but I've never tried
that). It's pretty easy to work them up from the examples that are given
in the default config.


-- 
Herwin Weststrate


More information about the Freeradius-Users mailing list