perl -p -i -e 's/&([^\s]+\s+(=|.=))/$1/g' $(git grep -lE '^&|[^&]&[a-zA-Z]' doc/antora/modules | egrep -v 'raddb|developers|interpreter.adoc|assets')
# You can make this condition as complex as you like, to
# include additional subdomains just concatenate the conditions
# with &&.
- if (&Stripped-User-Domain != "${operator_name}") {
+ if (Stripped-User-Domain != "${operator_name}") {
update {
control:Load-Balance-Key := &Calling-Station-ID
control:Proxy-To-Realm := 'eduroam_flr'
# the domain portion of the outer and inner identities must match.
split_username_nai
if (noop || (&Stripped-User-Domain && \
- (&outer.Stripped-User-Domain != &Stripped-User-Domain))) {
+ (outer.Stripped-User-Domain != &Stripped-User-Domain))) {
reject
}
# it in the outer server.
if (&outer.session-state:)
update {
- &outer.session-state:Stripped-User-Name := &Stripped-User-Name
+ outer.session-state:Stripped-User-Name := &Stripped-User-Name
}
}
authorize {
if (!&session-state:) {
update session-state {
- &Tmp-String-1 := "request"
+ Tmp-String-1 := "request"
}
linelog
}
post-auth {
...
update outer.session-state {
- &User-Name := &User-Name
+ User-Name := &User-Name
}
Post-Auth-Type REJECT {
...
update outer.session-state {
- &User-Name := &User-Name
+ User-Name := &User-Name
}
}
}
post-auth {
...
update session-state {
- &Tmp-String-1 := "accept"
+ Tmp-String-1 := "accept"
}
linelog
Post-Auth-Type REJECT {
...
update session-state {
- &Tmp-String-1 := "reject"
+ Tmp-String-1 := "reject"
}
linelog
}
[source,unlang]
----
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
update reply {
- &Reply-Message := "Hello, %{User-Name}"
+ Reply-Message := "Hello, %{User-Name}"
}
}
----
[source,unlang]
----
-if (&User-Name == "bob") {
- &reply.Reply-Message := "Hello, %{User-Name}"
+if (User-Name == "bob") {
+ reply.Reply-Message := "Hello, %{User-Name}"
}
----
```
reply += {
- &Reply-Message = "foo"
+ Reply-Message = "foo"
}
```
```
update reply {
- &Framed-IP-Address := "%{sql:SELECT ...}"
+ Framed-IP-Address := "%{sql:SELECT ...}"
}
```
[source,unlang]
----
update reply {
- &Reply-Message := "%{User-Name}"
+ Reply-Message := "%{User-Name}"
}
...
...
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
...
}
----
(0) CHAP-Password = 0x3549a4e40fc76e876499badf736712c951
...
(0) chap - Creating &CHAP-Challenge from request authenticator
-(0) chap - Setting &control.Auth-Type = chap
+(0) chap - Setting control.Auth-Type = chap
(0) chap (ok)
...
(0) Found "known good" password in &control.Password.Cleartext
(0) ldap - Waiting for search result...
(0) ldap - User object found at DN "uid=john,ou=people,dc=example,dc=com"
(0) ldap - Processing user attributes
-(0) ldap - &control.Password.With-Header += password
+(0) ldap - control.Password.With-Header += password
(0) ldap - Released connection (0)
(0) ldap (updated)
...
(0) pap - No {...} in &Password.With-Header, re-writing to Password.Cleartext
(0) pap - Normalized &control.Password.With-Header -> &control.Password.Cleartext
(0) pap - Removing &control.Password.With-Header
-(0) pap - Setting &control.Auth-Type = pap
+(0) pap - Setting control.Auth-Type = pap
(0) pap (updated)
(0) } # recv Access-Request (updated)
(0) Running 'authenticate pap' from file /usr/local/etc/raddb/sites-enabled/default
----
-ldap
if ((ok || updated) && &User-Password) {
- &control.Auth-Type := ldap
+ control.Auth-Type := ldap
}
----
** FreeRADIUS is now configured to attempt to LDAP bind if the `ldap` module finds a user and the RADIUS request contains a `User-Password` RADIUS attribute
(0) ldap - Released connection (0)
(0) ldap (ok)
(0) if ((ok || updated) && &User-Password) {
-(0) &control.Auth-Type := ldap
+(0) control.Auth-Type := ldap
(0) } # if ((ok || updated) && &User-Password) (noop)
(0) expiration (noop)
(0) pap - WARNING: No "known good" password found for the user. Not setting Auth-Type
[source,unlang]
----
if (%ldap.group("cn=foo,ou=groups,dc=example,dc=com") == true) {
- &reply.Reply-Message := "Welcome member of group 'foo'"
+ reply.Reply-Message := "Welcome member of group 'foo'"
}
----
[source,unlang]
----
if (%ldap.group("foo") == true) {
- &reply.Reply-Message := "Welcome member of group 'foo'"
+ reply.Reply-Message := "Welcome member of group 'foo'"
}
----
recv Access-Request {
ldap
if (ok || updated) {
- &control.Auth-Type := ldap
+ control.Auth-Type := ldap
}
}
(0) ldap - Waiting for search result...
(0) ldap - User object found at DN "uid=john,ou=people,dc=example,dc=com"
(0) ldap - Processing user attributes
-(0) ldap - &control:Password-With-Header += password
+(0) ldap - control:Password-With-Header += password
(0) ldap - Released connection (0)
(0) ldap (updated)
...
(0) pap - No {...} in &Password-With-Header, re-writing to Cleartext-Password
(0) pap - Normalized &control:Password-With-Header -> &control:Cleartext-Password
(0) pap - Removing &control:Password-With-Header
-(0) pap - Setting &control:Auth-Type = pap
+(0) pap - Setting control:Auth-Type = pap
(0) pap (updated)
(0) } # recv Access-Request (updated)
(0) Running 'authenticate pap' from file /usr/local/etc/raddb/sites-enabled/default
-ldap
if ((ok || updated) && &User-Password) {
update {
- &control:Auth-Type := ldap
+ control:Auth-Type := ldap
}
}
----
(0) ldap (ok)
(0) if ((ok || updated) && &User-Password) {
(0) update {
-(0) &control:Auth-Type := ldap
+(0) control:Auth-Type := ldap
(0) } # update (noop)
(0) } # if ((ok || updated) && &User-Password) (noop)
(0) expiration (noop)
...
recv Access-Request {
if (&User-Password) {
- &control.Auth-Type := rest
+ control.Auth-Type := rest
}
}
noop = return
}
# On failure for any reason, reject
- &reply += {
+ reply += {
Reply-Message = Module-Failure-Message
}
reject
----
send Access-Accept {
...
- &control.IP-Pool.Name := 'internet'
+ control.IP-Pool.Name := 'internet'
sqlippool
...
}
----
dhcp_common {
update reply {
- &DHCP-Domain-Name-Server := 8.8.8.8
- &DHCP-Domain-Name-Server += 8.8.4.4
- &DHCP-Subnet-Mask := 255.255.255.0
- &DHCP-Router-Address := 192.0.2.1
+ DHCP-Domain-Name-Server := 8.8.8.8
+ DHCP-Domain-Name-Server += 8.8.4.4
+ DHCP-Subnet-Mask := 255.255.255.0
+ DHCP-Router-Address := 192.0.2.1
...
}
}
[source,unlang]
----
update control {
- &Pool-Name := "local"
+ Pool-Name := "local"
}
dhcp_sqlippool
----
----
if (&DHCP-User-Class && "%{substring:&DHCP-User-Class 0 4}" == "iPXE") {
update reply {
- &DHCP-Boot-Filename := "http://my.web.server/boot_script.php"
+ DHCP-Boot-Filename := "http://my.web.server/boot_script.php"
}
} else {
update reply {
- &DHCP-Boot-Filename := "undionly.kpxe"
+ DHCP-Boot-Filename := "undionly.kpxe"
}
}
----
if (&DHCP-Client-Identifier && \
"%{string:DHCP-Client-Identifier}" =~ /^RAS([0-9])-site([A-Z])$/) {
update reply {
- &DHCP-Boot-Filename := "rasboot-%{1}-%{2}.kpxe"
+ DHCP-Boot-Filename := "rasboot-%{1}-%{2}.kpxe"
}
}
----
[source,unlang]
----
update control {
- &DHCP-SQL-Option-Context := "by-mac"
- &DHCP-SQL-Option-Identifier := &request:DHCP-Client-Hardware-Address
+ DHCP-SQL-Option-Context := "by-mac"
+ DHCP-SQL-Option-Identifier := &request:DHCP-Client-Hardware-Address
}
dhcp_sql.authorize
----
[source,unlang]
----
update control {
- &DHCP-SQL-Option-Context := "class-vendor"
- &DHCP-SQL-Option-Identifier := \
+ DHCP-SQL-Option-Context := "class-vendor"
+ DHCP-SQL-Option-Identifier := \
"%{substring:%{hex:&DHCP-Client-Hardware-Address} 0 6}"
}
dhcp_sql.authorize
[source,unlang]
----
update reply {
- &DHCP-Your-IP-Address := 1.2.3.4
+ DHCP-Your-IP-Address := 1.2.3.4
}
----
authorize {
update control {
- &Proxy-To-Realm := tls
+ Proxy-To-Realm := tls
}
handled
...
...
preacct {
update control {
- &Proxy-To-Realm := tls
+ Proxy-To-Realm := tls
}
handled
...
[source,unlang]
----
foreach &Class {
- if (&Foreach-Variable-0 == 0xabcdef) {
+ if (Foreach-Variable-0 == 0xabcdef) {
break
}
- &reply += {
+ reply += {
Reply-Message = "Contains %{Foreach-Variable-0}"
}
}
[source,unlang]
----
caller dhcpv4 {
- &reply += {
- &Filter-Id = &parent.request.Client-Identifier
+ reply += {
+ Filter-Id = &parent.request.Client-Identifier
}
}
----
.Example
[source,unlang]
----
-(ipaddr)&Class == 127.0.0.1
+(ipaddr)Class == 127.0.0.1
----
In this example, the `Class` attribute is treated as if it was an IPv4
.Examples
[source,unlang]
----
-if ( &User-Name == "bob" ) {
+if ( User-Name == "bob" ) {
...
}
-if ( &Framed-IP-Address == 127.0.0.1 ) {
+if ( Framed-IP-Address == 127.0.0.1 ) {
...
}
-if ( &Calling-Station-Id == "%sql("SELECT ...") ) {
+if ( Calling-Station-Id == "%sql("SELECT ...") ) {
...
}
----
.Simplified Example
[source,unlang]
----
-if (&Framed-IP-Address == 192.0.2.1) {
+if (Framed-IP-Address == 192.0.2.1) {
...
}
----
====
[source,unlang]
----
-if (&User-Name =~ /@example\.com$/) {
+if (User-Name =~ /@example\.com$/) {
...
}
----
====
[source,unlang]
----
-if (&User-Name =~ /^(.*)@example\.com$/) {
- &reply += {
+if (User-Name =~ /^(.*)@example\.com$/) {
+ reply += {
Reply-Message = "Hello %{1}"
}
}
}
}
-if (&Stripped-User-Name =~ /^%{pattern}$/) {
+if (Stripped-User-Name =~ /^%{pattern}$/) {
...
}
----
====
[source,unlang]
----
-if (&User-Name =~ /^@%{Tmp-String-0}$/) {
+if (User-Name =~ /^@%{Tmp-String-0}$/) {
...
}
----
====
[source,unlang]
----
-if (&User-Name =~ /^@(%{Tmp-String-0}|%{Tmp-String-1})$/) {
+if (User-Name =~ /^@(%{Tmp-String-0}|%{Tmp-String-1})$/) {
...
}
----
[source,unlang]
----
subrequest Disconnect-Request {
- &User-Name := &parent.request.User-Name
- &NAS-IP-Address := &parent.request.NAS-IP-Address
- &NAS-Port := &parent.request.NAS-Port
- &Acct-Session-Id := &parent.request.Acct-Session-Id
+ User-Name := &parent.request.User-Name
+ NAS-IP-Address := &parent.request.NAS-IP-Address
+ NAS-Port := &parent.request.NAS-Port
+ Acct-Session-Id := &parent.request.Acct-Session-Id
detach
radius
[source,unlang]
----
subrequest Disconnect-Request {
- &User-Name := &parent.request.User-Name
- &NAS-IP-Address := &parent.request.NAS-IP-Address
- &NAS-Port := &parent.request.NAS-Port
- &Acct-Session-Id := &parent.request.Acct-Session-Id
+ User-Name := &parent.request.User-Name
+ NAS-IP-Address := &parent.request.NAS-IP-Address
+ NAS-Port := &parent.request.NAS-Port
+ Acct-Session-Id := &parent.request.Acct-Session-Id
- &control.Request-Lifetime := 60
+ control.Request-Lifetime := 60
detach
radius
...
list1 := &list2
-list1 += { &attribute = value, ... }
+list1 += { attribute = value, ... }
list1 += " attribute = value, ... "
...
----
[source,unlang]
----
reply += {
- &Filter-Id = "foo"
+ Filter-Id = "foo"
}
----
====
[source,unlang]
----
reply := {
- &Filter-Id = "foo"
+ Filter-Id = "foo"
}
----
====
[source,unlang]
----
reply -= {
- &Filter-Id == "bar"
+ Filter-Id == "bar"
}
----
====
.Example
[source,unlang]
----
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
reject
}
else {
.Example
[source,unlang]
----
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
reject
}
-elsif (&User-Name == "doug") {
+elsif (User-Name == "doug") {
ok
}
----
.Expression in a Condition
[source,unlang]
----
-(&NAS-Port == 1 + 2)
+(NAS-Port == 1 + 2)
----
.Expression in an assignment
[source,unlang]
----
-NAS-Port = 5 + (&User-Name == "bob")
+NAS-Port = 5 + (User-Name == "bob")
----
This expression will return `6` if the users name is `bob`, and `5` otherwise.
uint32 small
uint32 large
- &large = 10000
- &small = 10
+ large = 10000
+ small = 10
#
# Enforce it
#
- &large <= &small
+ large <= &small
# &large now has value '10'
Tmp-Integer-0 := { 1, 3, 5, 11 }
foreach self (&Tmp-Integer-0) {
- &self += 19
+ self += 19
}
----
[source,unlang]
----
foreach string child (&TLV-Thing.[*]) {
- &out += &child
- &out += " "
+ out += &child
+ out += " "
}
----
[source,unlang]
----
foreach thing (&Tmp-TLV-0[*]) {
- &out += &thing.c
- &out += " "
+ out += &thing.c
+ out += " "
}
----
.Example
[source,unlang]
----
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
reject
}
----
.Example With Brackets
[source,unlang]
----
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
reject
}
----
.Example Without Brackes
[source,unlang]
----
-if &User-Name == "bob" {
+if User-Name == "bob" {
reject
}
----
.Example With Brackets
[source,unlang]
----
-if (&User-Name ==
+if (User-Name ==
"bob") {
reject
}
.Example
[source,unlang]
----
-if ((&User-Name == "bob") && (&Calling-Station-Id == "00:01:03:04:05")) {
+if ((User-Name == "bob") && (Calling-Station-Id == "00:01:03:04:05")) {
...
}
----
[source,unlang]
----
reply += {
- &Framed-IP-Address = 192.0.2.4
- &Session-Timeout = 5
- &Reply-Message = "hello"
+ Framed-IP-Address = 192.0.2.4
+ Session-Timeout = 5
+ Reply-Message = "hello"
}
----
# followed by condition which checks that the User-Name
# attribute has value "bob"
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
# followed by instructions to add the Reply-Message
# attribute to the "reply" list, with contents
# "Hello, bob"
- &reply.Reply-Message := "Hello, bob"
+ reply.Reply-Message := "Hello, bob"
}
----
.Example
[source,unlang]
----
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
uint32 len
- &len := %length(%{User-Name})
+ len := %length(%{User-Name})
- &Reply-Message := "Length of %{User-Name} is %{len}"
+ Reply-Message := "Length of %{User-Name} is %{len}"
}
----
.Local variables exist on only if they have been created
[source,unlang]
----
-if (&User-Name == "bob") {
+if (User-Name == "bob") {
# declare "len" as ALLOWED to be used
uint32 len
}
# "len" is created, and can now be used
- &len := %length(%{User-Name})
+ len := %length(%{User-Name})
- &Reply-Message := "Length of %{User-Name} is %{len}"
+ Reply-Message := "Length of %{User-Name} is %{len}"
}
----
[source,unlang]
----
map sql "SELECT column1, column2, column3 from table WHERE user=%{User-Name}" {
- &reply.Framed-IP-Address := 'column1'
- &reply.Filter-Id := 'column2'
- &reply.Reply-Message := 'column3'
+ reply.Framed-IP-Address := 'column1'
+ reply.Filter-Id := 'column2'
+ reply.Reply-Message := 'column3'
}
----
----
sql
if (notfound) {
- &reply += {
- &Reply-Message = "We don't know who you are"
+ reply += {
+ Reply-Message = "We don't know who you are"
}
reject
}
[source,unlang]
----
if (!&User-Name) {
- &reply += {
- &Reply-Message = "We don't know who you are"
+ reply += {
+ Reply-Message = "We don't know who you are"
}
reject
}
radius1
if (fail) {
linelog1
- &parent.reply += {
- &Reply-Message = "radius1 failed"
+ parent.reply += {
+ Reply-Message = "radius1 failed"
}
}
}
radius2
if (fail) {
linelog2
- &parent.reply += {
- &Reply-Message = "radius2 failed"
+ parent.reply += {
+ Reply-Message = "radius2 failed"
}
}
}
----
parallel empty {
group {
- &request := {
- &User-Name = "%{&parent.request.User-Name}@example.org"
- &User-Password = "hello"
+ request := {
+ User-Name = "%{&parent.request.User-Name}@example.org"
+ User-Password = "hello"
}
radius1
}
group {
- &request := {
- &User-Name = "%{&parent.request.User-Name}@example.com"
- &User-Password = &parent.request.User-Password
+ request := {
+ User-Name = "%{&parent.request.User-Name}@example.com"
+ User-Password = &parent.request.User-Password
}
radius2
}
[source,unlang]
----
sql
-if (&reply.Filter-Id == "hello") {
+if (reply.Filter-Id == "hello") {
return
}
...
[source,unlang]
----
subrequest ::Disconnect-Request {
- &User-Name := &parent.request.User-Name
- &NAS-IP-Address := &parent.request.NAS-IP-Address
- &NAS-Port := &parent.request.NAS-Port
- &Acct-Session-Id := &parent.request.Acct-Session-Id
+ User-Name := &parent.request.User-Name
+ NAS-IP-Address := &parent.request.NAS-IP-Address
+ NAS-Port := &parent.request.NAS-Port
+ Acct-Session-Id := &parent.request.Acct-Session-Id
radius
}
[source,unlang]
----
subrequest @dhcpv4::Discover {
- &Your-IP-Address := &parent.request.Framed-IP-Address
+ Your-IP-Address := &parent.request.Framed-IP-Address
...
}
[source,unlang]
----
subrequest ::Disconnect-Request {
- &User-Name := &parent.request.User-Name
- &NAS-IP-Address := &parent.request.NAS-IP-Address
- &NAS-Port := &parent.request.NAS-Port
- &Acct-Session-Id := &parent.request.Acct-Session-Id
+ User-Name := &parent.request.User-Name
+ NAS-IP-Address := &parent.request.NAS-IP-Address
+ NAS-Port := &parent.request.NAS-Port
+ Acct-Session-Id := &parent.request.Acct-Session-Id
detach
radius
[source,unlang]
----
transaction {
- &reply.Filter-Id := %sql("SELECT ...")
- &reply.Framed-IP-Address := 192.0.2.1
+ reply.Filter-Id := %sql("SELECT ...")
+ reply.Framed-IP-Address := 192.0.2.1
}
----
[source,unlang]
----
update request {
- &User-Name += "foo"
- &Filter-Id += "bar"
- &NAS-IP-Address += 127.0.0.1
- &NAS-Port += 5
+ User-Name += "foo"
+ Filter-Id += "bar"
+ NAS-IP-Address += 127.0.0.1
+ NAS-Port += 5
}
----
[source,unlang]
----
request += {
- &User-Name = "foo"
- &Filter-Id = "bar"
- &NAS-IP-Address = 127.0.0.1
- &NAS-Por = 5
+ User-Name = "foo"
+ Filter-Id = "bar"
+ NAS-IP-Address = 127.0.0.1
+ NAS-Por = 5
}
----
[source,unlang]
----
update request {
- &User-Name := "foo"
- &Filter-Id := "bar"
+ User-Name := "foo"
+ Filter-Id := "bar"
}
----
[source,unlang]
----
request := {
- &User-Name = "foo"
- &Filter-Id = "bar"
+ User-Name = "foo"
+ Filter-Id = "bar"
}
----
=== Conditionally Over-writing attributes in a list: =
[source,unlang]
----
update request {
- &User-Name = "foo"
- &Filter-Id = "bar"
+ User-Name = "foo"
+ Filter-Id = "bar"
}
----
Framed-IP-Address := 192.0.2.1
reply += {
- &Reply-Message = "The length of %{control.Tmp-String-0} is %length(&control.Tmp-String-0)"
- &Reply-Message = "The length of %{control.Framed-IP-Address} is %length(&control.Framed-IP-Address)"
+ Reply-Message = "The length of %{control.Tmp-String-0} is %length(&control.Tmp-String-0)"
+ Reply-Message = "The length of %{control.Framed-IP-Address} is %length(&control.Framed-IP-Address)"
}
----
[source,unlang]
----
-if (&User-Name == "bob") {
- &request.Tmp-String-0 := "&User-Name"
+if (User-Name == "bob") {
+ request.Tmp-String-0 := "&User-Name"
} else {
- &request.Tmp-String-0 := "not bob!"
+ request.Tmp-String-0 := "not bob!"
}
reply.Reply-Message := "%eval(&request.Tmp-String-0}"
date tomorrow
time_delta time_of_day
- &now := %time('request')
+ now := %time('request')
# We are this many seconds into one day
- &time_of_day := &now % (time_delta) 1d
+ time_of_day := &now % (time_delta) 1d
# calculate the start of today, and then add one day to that
- &tomorrow := &now - &time_of_day + (time_delta) 1d
+ tomorrow := &now - &time_of_day + (time_delta) 1d
}
----
date tomorrow
time_delta time_of_day
- &now := %time('request')
+ now := %time('request')
# We are this many seconds into one day
- &time_of_day := &now % (time_delta) 1d
+ time_of_day := &now % (time_delta) 1d
# calculate the start of today, and then add one day to that
- &tomorrow := &now - &time_of_day + (time_delta) 1d
+ tomorrow := &now - &time_of_day + (time_delta) 1d
# add in the time zone offset
- &tomorrow += %time('offset')
+ tomorrow += %time('offset')
}
----
[source,unlang]
----
control += {
- &Tmp-String-0 = "aaa"
- &Tmp-String-0 = "bb"
- &Tmp-String-0 = "c"
+ Tmp-String-0 = "aaa"
+ Tmp-String-0 = "bb"
+ Tmp-String-0 = "c"
}
reply += {
- &Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ', ')"
- &Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ',')"
+ Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ', ')"
+ Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ',')"
}
----
----
control.Tmp-String-0 := "http://example.org/"
reply += {
- &Reply-Message = "The urlquote of %{control.Tmp-String-0} is %urlquote(%{control.Tmp-String-0})"
+ Reply-Message = "The urlquote of %{control.Tmp-String-0} is %urlquote(%{control.Tmp-String-0})"
}
----
----
control.Tmp-String-0 := "http%%3A%%2F%%2Fexample.org%%2F" # Attention for the double %.
reply += {
- &Reply-Message = "The urlunquote of %{control.Tmp-String-0} is %urlunquote(%{control.Tmp-String-0})"
+ Reply-Message = "The urlunquote of %{control.Tmp-String-0} is %urlunquote(%{control.Tmp-String-0})"
}
----
[source,unlang]
----
control += {
- &Tmp-String-0 = "aaa"
- &Tmp-String-0 = "bb"
- &Tmp-String-0 = "c"
+ Tmp-String-0 = "aaa"
+ Tmp-String-0 = "bb"
+ Tmp-String-0 = "c"
}
reply += {
- &Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ', ')"
- &Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ',')"
+ Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ', ')"
+ Reply-Message = "%concat(%{control.Tmp-String-0[*]}, ',')"
}
----
.Example
[source,unlang]
----
-if (&User-Name == %md5(&NAS-Identifier)) {
+if (User-Name == %md5(&NAS-Identifier)) {
reject
}
----
reply.control.Tmp-Octets-0 := "%hmacmd5(%{control.Tmp-String-0} %{control.Tmp-String-1})"
reply += {
- &Reply-Message = "The HMAC-MD5 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}"
- &Reply-Message = "The HMAC-MD5 of %{control.Tmp-String-1} in hex is %hex(control.Tmp-Octets-0)"
+ Reply-Message = "The HMAC-MD5 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}"
+ Reply-Message = "The HMAC-MD5 of %{control.Tmp-String-1} in hex is %hex(control.Tmp-Octets-0)"
}
----
control.Tmp-Octets-0 := "%hmacsha1(%{control.Tmp-String-0}, %{control.Tmp-String-1})"
reply += {
- &Reply-Message = "The HMAC-SHA1 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}"
- &Reply-Message = "The HMAC-SHA1 of %{control.Tmp-String-1} in hex is %hex(control.Tmp-Octets-0}"
+ Reply-Message = "The HMAC-SHA1 of %{control.Tmp-String-1} in octets is %{control.Tmp-Octets-0}"
+ Reply-Message = "The HMAC-SHA1 of %{control.Tmp-String-1} in hex is %hex(control.Tmp-Octets-0}"
}
----
----
control.Tmp-String-0 := "Caipirinha"
reply += {
- &Reply-Message = "md5 of %{control.Tmp-String-0} is octal=%md5(%{control.Tmp-String-0})"
- &Reply-Message = "md5 of %{control.Tmp-String-0} is hex=%hex(%md5(%{control.Tmp-String-0}))"
+ Reply-Message = "md5 of %{control.Tmp-String-0} is octal=%md5(%{control.Tmp-String-0})"
+ Reply-Message = "md5 of %{control.Tmp-String-0} is hex=%hex(%md5(%{control.Tmp-String-0}))"
}
----
----
control.Tmp-String-0 := "Caipirinha"
reply += {
- &Reply-Message = "The md5 of %{control.Tmp-String-0} in octal is %md5(%{control.Tmp-String-0}}"
- &Reply-Message = "The md5 of %{control.Tmp-String-0} in hex is %hex(%md5(%{control.Tmp-String-0}}}"
+ Reply-Message = "The md5 of %{control.Tmp-String-0} in octal is %md5(%{control.Tmp-String-0}}"
+ Reply-Message = "The md5 of %{control.Tmp-String-0} in hex is %hex(%md5(%{control.Tmp-String-0}}}"
}
----
.Output
```
-Relay-Agent-Information.Circuit-Id = 0xabcdef, &Relay-Agent-Information.Remote-Id = 0x010203040506
+Relay-Agent-Information.Circuit-Id = 0xabcdef, Relay-Agent-Information.Remote-Id = 0x010203040506
User-Name = "ABCD"
```
[source,unlang]
----
-%dhcpv4.encode("&Relay-Agent-Information.Circuit-Id = 0xabcdef, &Relay-Agent-Information.Remote-Id = 0x010203040506")
-%radius.encode("&User-Name = 'ABCD'")
+%dhcpv4.encode("Relay-Agent-Information.Circuit-Id = 0xabcdef, Relay-Agent-Information.Remote-Id = 0x010203040506")
+%radius.encode("User-Name = 'ABCD'")
Tmp-Octets-1 := %dhcpv4.encode(&request.Relay-Agent-Information.[*])
----
------------------------------------------------
a_policy {
- if (&User-Name =~ /@([\w.+])/) {
- &reply.Reply-Message := "Hello remote %{User-Name}"
+ if (User-Name =~ /@([\w.+])/) {
+ reply.Reply-Message := "Hello remote %{User-Name}"
}
}
------------------------------------------------
}
authorize {
- &control.Clearext-Password := "hello"
+ control.Clearext-Password := "hello"
pap
}
projects / thirdparty / freeradius-server.git / commitdiff
