Question on Unlang

[Olivier CALVANO]

Thanks brian for your answer ;=)

but for me not a big difference between my actual config and regular
expressions.
all line ar very very long

he don't have other solution ?



2017-03-25 12:25 GMT+01:00 Brian Candler <b.candler at pobox.com>:

> On 25/03/2017 06:07, Olivier CALVANO wrote:
>
>> SubRealm_Exclude {
>>       network.local
>>       admin.local
>>       wifi.local
>> }
>>
>> and after put in if condition :
>>
>>          if ((Tunnel-Server-Endpoint:0[0] != '172.16.1.1') && (User-Name
>> =~
>> /\\.local/) && (User-Name !~ SubRealm_Exclude) &&
>> ("%{Packet-Src-IP-Address}" == "192.168.20.1")) {
>>                  update reply {
>>                            <...>
>>                  }
>>          }
>>
>
> Regular expressions are your friend:
>
>         if (Tunnel-Server-Endpoint:0[0] != '172.16.1.1' && User-Name =~
> /\\.local$/ && User-Name !~ /(network|admin|wifi)\\.local$/i) && ...
>
> A couple of notes:
>
> - add '$' to match at the end of string only, otherwise a username like
> foo.local at bar.com would match
>
> - add /i flag to do case-insensitive match; otherwise foo at network.local
> would be blocked but foo at Network.local would be permitted.
>
> And if you're using freeradius 3.x then it's better to use the newer
> attribute reference syntax (&) instead of string expansion:
>
>         if (&Tunnel-Server-Endpoint:0[0] != 172.16.1.1 && &User-Name =~
> /\\.local$/ && &User-Name !~ /(network|admin|wifi)\\.local$/i) && ...
>
> This means the IP address is compared as an IP address, not as a string of
> characters.
>
> HTH,
>
> Brian.
>
>