hints file based rewrite does not work (migration from freeradius 1.1.x to 3.0.x)

Bernd bernd at kroenchenstadt.de
Tue Oct 13 14:12:40 CEST 2015


Am 2015-10-12 17:30, schrieb Herwin Weststrate:
> On 12-10-15 17:12, Bernd wrote:
>> The code itself seems to work, thanks a lot! However, it still sends a
>> "=25" (which originates from the forbidden character "%" regarding its
>> use within a MySQL setup) to the MySQL:
>> 
>> (20) if (&User-Name =~ /@\\./)
>> (20) if (&User-Name =~ /@\\./) -> FALSE
>> (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/)
>> (20) EXPAND bla-bla/([^%%]+)%%kroenchenstadt.de
>> (20) --> bla-bla/([^%]+)%kroenchenstadt.de
>> (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) -> TRUE
>> (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) {
>> (20) update control {
>> (20) EXPAND %{1}@kroenchenstadt.de
>> (20) --> 20082105 at kroenchenstadt.de
>> (20) User-Name := "20082105 at kroenchenstadt.de"
>> (20) } # update control = noop
>> (20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) = 
>> noop
>> ...
>> (20) sql : EXPAND %{User-Name}
>> (20) sql : --> bla-bla/20082105%kroenchenstadt.de
>> (20) sql : SQL-User-Name set to 'bla-bla/20082105%kroenchenstadt.de'
>> rlm_sql (sql): Reserved connection (4)
> 
> It changes control:User-Name to "20082105 at kroenchenstadt.de", the
> expansion in the second part used User-Name without a list prefix, 
> which
> defaults to request:User-Name. Update on of these two statements and
> you're fine.

Updated to 'request:User-Name' which perfectly does what I need.

Thank you a lot!!

>> So, filter in policy.d doesn't really *apply* it as I get from
>> 
>> (20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) = 
>> noop
>> (20) } # filter_username filter_username = noop
>> 
>> That makes no sense to me because I didn't tell it to noop.
> 
> noop is a kind of return value used in unlang. You could add a more
> explicit value by specifying it:
> 
>   if (User-Name =~ /bla-bla\/([^%%]+)%%kroenchenstadt.de/) {
>     ... update control block
>     updated
>   }
> 
> Using this will make it show as "updated". But as long as there is no
> direct check for the return value, they're not that useful and can be
> safely omitted.

Okay, I see. Didn't recognize it as return value but rather as kind of 
'result of command', which seemed a bit weird given that a few lines up 
it said to have rewritten that string it should rewrite. Thanks for 
clarification.

Best,

Bernd


More information about the Freeradius-Users mailing list