From: Alan T. DeKok Date: Fri, 17 Apr 2009 13:12:30 +0000 (+0200) Subject: Allow operations OTHER than == to work for Packet-Src-IP-Address X-Git-Tag: release_2_1_7~209 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f714299515bbe84a4a60a8d2f1d69a6bc78e828;p=thirdparty%2Ffreeradius-server.git Allow operations OTHER than == to work for Packet-Src-IP-Address ... and associated virtual attributes. The issue is that the paircompare_register'd functions return 0 for match, and 1 for didn't match. This is wrong. They should just return the results of the comparison. And then radius_callback_compare should check the results of the comparison against the operators, to see if the CONDITION succeeded or failed. --- diff --git a/src/modules/rlm_expr/paircmp.c b/src/modules/rlm_expr/paircmp.c index 2dbb69747d1..092fc51fc97 100644 --- a/src/modules/rlm_expr/paircmp.c +++ b/src/modules/rlm_expr/paircmp.c @@ -220,9 +220,32 @@ static int genericcmp(void *instance UNUSED, snprintf(name, sizeof(name), "%%{%s}", check->name); rcode = radius_xlat(value, sizeof(value), name, req, NULL); - vp = pairmake(check->name, value, T_OP_EQ); + vp = pairmake(check->name, value, check->operator); - rcode = radius_compare_vps(req, check, vp); + /* + * Paircmp returns 0 for failed comparison, + * 1 for succeeded. + */ + rcode = paircmp(check, vp); + + /* + * We're being called from radius_callback_compare, + * which wants 0 for success, and 1 for fail (sigh) + * + * We should really fix the API so that it is + * consistent. i.e. the comparison callbacks should + * return ONLY the resut of comparing A to B. + * The radius_callback_cmp function should then + * take care of using the operator to see if the + * condition (A OP B) is true or not. + * + * This would also allow "<", etc. to work in the + * callback functions... + * + * See rlm_ldap, ...groupcmp() for something that + * returns 0 for matched, and 1 for didn't match. + */ + rcode = !rcode; pairfree(&vp); return rcode;