Splitting lines in config files (OPEN)

Thu Aug 22 23:18:11 UTC 2024

On Wed, 2024-08-21 at 17:14 +0100, Matthew Newton via Freeradius-Users wrote:
========================================= Authentication-result: fail =========================================

On 21/08/2024 07:44, Per Weisteen wrote:
         if ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/ST=Norway\/L=Oslo\/O=Telenor\ Norge\ AS\/OU=Internal\ Certificate\ Authority\/CN=Acme.*/) || ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/CN=Telenor\ Norge\ Internal\ Issuing\ CA\ ECDSA\ TEST.*/) || ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/OU=TEST\ ECDSA\/CN=TN\ Int\ 256\ Facilities\ CCTV\ ICA.*/) || ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/CN=Telenor\ Norge\ Internal\ Issuing\ CA.*/) {
                 update config {
                         &Auth-Type := Accept
                 }

I've tried to split the long if line into separate lines for each condition just to make it more readable but that doesn't seem to work.
Is splitting this if statement over several lines supposed to work?

Yes, use backslash to continue, as is normal:

if (&User-Name == "alice" || \
     &User-Name == "bob" || \
     &User-Name == "charlie") {
         update reply {
                 &Reply-Message := "hello"
         }
}

--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Backslash indicated line continuation is pretty much the standard in Linux config files (I think it is a BASHism and may well be a sh-ism).

For a really long line like yours, I suggest moving the backslashes into a single column to the right and also the ||.  I think it helps and I assume the parser will collapse the extra white space sensibly:

if ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/ST=Norway\/L=Oslo\/O=Telenor\ Norge\ AS\/OU=Internal\ Certificate\ Authority\/CN=Acme.*/) || \
   ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/CN=Telenor\ Norge\ Internal\ Issuing\ CA\ ECDSA\ TEST.*/) || \
   ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/OU=TEST\ ECDSA\/CN=TN\ Int\ 256\ Facilities\ CCTV\ ICA.*/) || \
   ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/CN=Telenor\ Norge\ Internal\ Issuing\ CA.*/)

{
          update config {
                        &Auth-Type := Accept
                }
        }

It looks like you are escaping spaces too which may not be necessary.  For example, see if this:

/\/C=NO\/O=Telenor Norge AS\/CN=Telenor Norge Internal Issuing CA.*/

works for the final clause.  If it does then do the same for the rest ie s/\\ / /    .... ! 8)  The simpler and more legible you can make it, the better.

Cheers
Jon