From: nolade Date: Thu, 13 Mar 2025 20:09:18 +0000 (-0400) Subject: Remove & from the reference directory docs (manual change) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e85bf0061afbbfa89d047c67f945c5455d32a8ae;p=thirdparty%2Ffreeradius-server.git Remove & from the reference directory docs (manual change) --- diff --git a/doc/antora/modules/reference/nav.adoc b/doc/antora/modules/reference/nav.adoc index b2a7e7a8166..6075a8b02f3 100644 --- a/doc/antora/modules/reference/nav.adoc +++ b/doc/antora/modules/reference/nav.adoc @@ -243,7 +243,6 @@ **** xref:raddb/sites-available/doc/tacacs.adoc[TACACS+] ***** xref:raddb/sites-available/tacacs.adoc[Virtual Server] **** xref:raddb/sites-available/tls.adoc[TLS] -***** xref:raddb/sites-available/tls-cache.adoc[TLS Cache] **** xref:raddb/sites-available/vmps.adoc[VMPS] **** xref:raddb/sites-available/dynamic-clients.adoc[Dynamic Clients] diff --git a/doc/antora/modules/reference/pages/raddb/mods-config/files/users.adoc b/doc/antora/modules/reference/pages/raddb/mods-config/files/users.adoc index c82b8c26f08..000d00ee26b 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-config/files/users.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-config/files/users.adoc @@ -210,7 +210,7 @@ Care should be taken when using `+=` with structural attributes. Unlike the xre The solution instead is to use `:=` when referring to structural attributes by name, or instead using the name of a leaf attribute (e.g. `Vendor-Specific.Cisco.AVPair`), and then using `+=` on the leaf. -In most situations, the simplest approach for structural data types is to just create the leaf attributes. e.g. `&foo.bar.baz := 5`. If any parent attribute is missing, it will be automatically created. That is, operations on leaf types will just "do the right thing" most of the time, so there is no need to explicitly refer to a structural data type by name. +In most situations, the simplest approach for structural data types is to just create the leaf attributes. e.g. `foo.bar.baz := 5`. If any parent attribute is missing, it will be automatically created. That is, operations on leaf types will just "do the right thing" most of the time, so there is no need to explicitly refer to a structural data type by name. There are some situations where it is useful to refer to structural attributes by name, as given in the examples below. @@ -219,10 +219,10 @@ Structural attributes can be copied from another attribute. Both source and des .Copying a Structural Attribute by Name ---- bob Password.Cleartext := "hello" - Vendor-Specific.Cisco := &control.Vendor-Specific.Cisco + Vendor-Specific.Cisco := control.Vendor-Specific.Cisco ---- -This example copies the `Vendor-Specific.Cisco` group from the `&control` list. If the attribute does not exist in the control list, nothing is done. +This example copies the `Vendor-Specific.Cisco` group from the `control` list. If the attribute does not exist in the control list, nothing is done. Structural attributes can be created from a string, as with the xref:reference:unlang/edit.adoc[edit] functionality. Note that the string should not contain brackets such as `"{ AVPair = 'hello' }"`. @@ -328,9 +328,9 @@ If the value does not pass the filter comparison, its value is replaced with the === Item Values -The values for items can be a simple value such as `192.0.2.1`, an xref:reference:xlat/index.adoc[xlat] string to expand such as `"Hello %{User-Name}"`, or an xref:reference:unlang/attr.adoc[attribute reference] such as `&request.Filter-Id`. +The values for items can be a simple value such as `192.0.2.1`, an xref:reference:xlat/index.adoc[xlat] string to expand such as `"Hello %{User-Name}"`, or an xref:reference:unlang/attr.adoc[attribute reference] such as `request.Filter-Id`. -The attribute references should have an `&` prefix, to more clearly separate them from enumeration values such as `Service-Type := Framed-User`. +The attribute references don't require an `&` prefix, to more clearly separate them from enumeration values such as `Service-Type := Framed-User`. References can be to an attribute which has a different data type than the attribute named on the left-hand side of the check item or reply item. In which case the values will be automatically cast to the correct type, as documented in the xref:reference:unlang/condition/cmp.adoc[conditional comparison] and xref:reference:unlang/edit.adoc[edit] pages. @@ -343,7 +343,7 @@ References can be to an attribute which has a different data type than the attri # bob NAS-IP-Address == 192.0.2.1, Password.Cleartext := "hello" Reply-Message := "Hello %{User-Name}", - Framed-IP-Address := &request.Framed-IP-Address + Framed-IP-Address := request.Framed-IP-Address ---- // Copyright (C) 2023 Network RADIUS SAS. Licenced under CC-by-NC 4.0. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc index d46cca8435e..b396efd0e65 100755 --- a/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc @@ -354,7 +354,6 @@ server. * xref:raddb/sites-available/status.adoc[status] * xref:raddb/sites-available/tacacs.adoc[tacacs] * xref:raddb/sites-available/tls.adoc[tls] -* xref:raddb/sites-available/tls-cache.adoc[tls cache] * xref:raddb/sites-available/virtual.example.com.adoc[virtual example com] * xref:raddb/sites-available/vmps.adoc[vmps] diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/proxy.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/proxy.adoc deleted file mode 100644 index 77892c23cdb..00000000000 --- a/doc/antora/modules/reference/pages/raddb/sites-available/proxy.adoc +++ /dev/null @@ -1,50 +0,0 @@ -``` -server proxy { - namespace = radius - - listen { - type = Access-Request - - transport = udp - - udp { - ipaddr = * - port = 2812 - } - } - -``` - -## Packet Processing sections - -The sections below are called when a RADIUS packet has been -received. - - * recv Access-Request - for authorization and authentication - * recv Status-Server - for checking the server is responding - - - -### Receive Access-Request packets - -``` -recv Access-Request { - update control { - &Auth-Type := proxy - } -} - -authenticate proxy { - radius -} - -} -``` - -== Default Configuration - -``` -``` - -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. -// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/tls-cache.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/tls-cache.adoc deleted file mode 100755 index 651daf52909..00000000000 --- a/doc/antora/modules/reference/pages/raddb/sites-available/tls-cache.adoc +++ /dev/null @@ -1,141 +0,0 @@ - -This virtual server controls caching of TLS sessions. - -When a TLS session is used, the server will automatically create -the following attributes in the session-state list. These attributes -are the ones for the *server* certificate. - - -If a client certificate is required (e.g. EAP-TLS or sometimes PEAP / TTLS), -the following attributes are also created in the session-state list: - - - - - - -This section can be run to verify a client certificate if -additional checks need to be performed beyond standard -checks verification against a trust chain, CRLs and OCSP. - -Attributes extracted from the certificates forming the -client certificate chain will be in the session state list. - -Returning 'ok', 'updated' or 'noop' will cause the verification -to succeed. Other return codes will cause the verification -to fail. - - - -This section is run whenever the server needs to read an -entry from the TLS session cache. - -It should read the attribute &session-state.TLS-Session-Data -from the cache, along with any other attributes which -were in the cache - -On success it should return 'ok' or 'updated'. - -The return code has no real effect on session processing -and will just cause the server to emit a warning. - - - - -This section is run whenever the server needs to write an -entry to the TLS session cache. - -It should write the attribute &session-state.Session-Data -to the cache, along with any other attributes which -need to be cached. - -On success it should return 'ok' or 'updated'. - -The return code has no real effect on session processing -and will just cause the server to emit a warning. - - - - -This section is run whenever the server needs to delete an -entry from the TLS session cache. - -On success it should return 'ok', 'updated', 'noop' or 'notfound' - -The return code has no real effect on session processing -and will just cause the server to emit a warning. - - - - -This section is run after certificate attributes are added -to the request list, and before performing OCSP validation. - -It should read the attribute &control.TLS-OCSP-Cert-Valid -from the cache. - -On success it should return 'ok', 'updated', 'noop' or 'notfound' -To force OCSP validation failure, it should return 'reject'. - - - - -This section is run after OCSP validation has completed. - -It should write the attribute &reply.TLS-OCSP-Cert-Valid -to the cache. - -On success it should return 'ok' or 'updated'. - -The return code has no real effect on session processing -and will just cause the server to emit a warning. - - - -== Default Configuration - -``` -# TLS-Cert-Serial -# TLS-Cert-Expiration -# TLS-Cert-Subject -# TLS-Cert-Issuer -# TLS-Cert-Common-Name -# TLS-Cert-Subject-Alt-Name-Email -# TLS-Client-Cert-Serial -# TLS-Client-Cert-Expiration -# TLS-Client-Cert-Subject -# TLS-Client-Cert-Issuer -# TLS-Client-Cert-Common-Name -# TLS-Client-Cert-Subject-Alt-Name-Email -server tls-cache { - namespace = tls - verify certificate { - ok - } - load session { - &control.Cache-Allow-Insert := no - cache_tls_session - } - store session { - &control.Cache-TTL := 0 - cache_tls_session - } - clear session { - &control.Cache-TTL := 0 - &control.Cache-Allow-Insert := no - cache_tls_session - } - load ocsp-state { - &control.Cache-Allow-Insert := no - cache_ocsp - } - store ocsp-state { - &control.Cache-TTL := "%{&reply.TLS-OCSP-Next-Update * -1}" - &control.Cache-Allow-Merge := no - cache_ocsp - } -} -``` - -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. -// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/unlang/attr.adoc b/doc/antora/modules/reference/pages/unlang/attr.adoc index 1fbced8b483..cfa0ec2d164 100644 --- a/doc/antora/modules/reference/pages/unlang/attr.adoc +++ b/doc/antora/modules/reference/pages/unlang/attr.adoc @@ -1,4 +1,4 @@ -= &Attribute References += Attribute References .Syntax [source,unlang] @@ -84,7 +84,7 @@ uint32 foo foo = 2 -EAP-Message[&foo] +EAP-Message[foo] ---- The `` can also be an expression which is calculated at run time. The expression _must_ not cause the server to call an external database, script, etc. The main purpose of these expressions is to calculated an index without first placing it into another attribute. diff --git a/doc/antora/modules/reference/pages/unlang/call.adoc b/doc/antora/modules/reference/pages/unlang/call.adoc index 9e9d251e4bf..5331bb4e4a4 100644 --- a/doc/antora/modules/reference/pages/unlang/call.adoc +++ b/doc/antora/modules/reference/pages/unlang/call.adoc @@ -35,7 +35,7 @@ Processing the contents of a DHCPv6 relay-message by using a subrequest and recursively calling the DHCPv6 virtual server. [source,unlang] ---- -subrequest &Packet-Type &Relay-Message reply.Relay-Message { +subrequest Packet-Type Relay-Message reply.Relay-Message { call dhcpv6 {} } ---- diff --git a/doc/antora/modules/reference/pages/unlang/condition/and.adoc b/doc/antora/modules/reference/pages/unlang/condition/and.adoc index 97ba4dd3d0d..6e40ace219e 100644 --- a/doc/antora/modules/reference/pages/unlang/condition/and.adoc +++ b/doc/antora/modules/reference/pages/unlang/condition/and.adoc @@ -14,7 +14,7 @@ returns `true` is _condition-2_ evaluated and its result returned. .Examples [source,unlang] ---- -if (User-Name && &EAP-Message) { ... +if (User-Name && EAP-Message) { ... ---- // Copyright (C) 2021 Network RADIUS SAS. Licenced under CC-by-NC 4.0. diff --git a/doc/antora/modules/reference/pages/unlang/condition/cmp.adoc b/doc/antora/modules/reference/pages/unlang/condition/cmp.adoc index 634325cb93a..93f4e0e6a39 100644 --- a/doc/antora/modules/reference/pages/unlang/condition/cmp.adoc +++ b/doc/antora/modules/reference/pages/unlang/condition/cmp.adoc @@ -8,7 +8,7 @@ lhs OP rhs The most common use-case for conditions is to perform comparisons. The `lhs` and `rhs` of a conditional comparison can be -xref:unlang/attr.adoc[&Attribute-Name] or xref:type/index.adoc[data]. The +xref:unlang/attr.adoc[Attribute-Name] or xref:type/index.adoc[data]. The the `OP` is an operator, commonly `==` or `\<=`. It is used to control how the two other portions of the condition are compared. diff --git a/doc/antora/modules/reference/pages/unlang/condition/index.adoc b/doc/antora/modules/reference/pages/unlang/condition/index.adoc index 5fbbd2fdc8c..47cdeccc7ec 100644 --- a/doc/antora/modules/reference/pages/unlang/condition/index.adoc +++ b/doc/antora/modules/reference/pages/unlang/condition/index.adoc @@ -17,7 +17,7 @@ Conditions are expressed using the following syntax: [options="header"] |===== | Syntax | Description -| xref:unlang/attr.adoc[&Attribute-Name] | Check for attribute existence. +| xref:unlang/attr.adoc[Attribute-Name] | Check for attribute existence. | xref:unlang/return_codes.adoc[rcode] | Check return code of a previous module. | xref:unlang/condition/operands.adoc[data] | Check value of data. | xref:unlang/condition/cmp.adoc[lhs OP rhs] | Compare two kinds of data. diff --git a/doc/antora/modules/reference/pages/unlang/condition/operands.adoc b/doc/antora/modules/reference/pages/unlang/condition/operands.adoc index c8a4d417e9e..21fec654ac5 100644 --- a/doc/antora/modules/reference/pages/unlang/condition/operands.adoc +++ b/doc/antora/modules/reference/pages/unlang/condition/operands.adoc @@ -10,7 +10,7 @@ integer `back-quoted string` ---- -Any text not matching xref:unlang/attr.adoc[&Attribute-Name] or a +Any text not matching xref:unlang/attr.adoc[Attribute-Name] or a xref:unlang/condition/return_codes.adoc[return code] is interpreted as a value for a particular xref:type/index.adoc[data type]. diff --git a/doc/antora/modules/reference/pages/unlang/condition/regex.adoc b/doc/antora/modules/reference/pages/unlang/condition/regex.adoc index 9e4b11f9da0..c168becc353 100644 --- a/doc/antora/modules/reference/pages/unlang/condition/regex.adoc +++ b/doc/antora/modules/reference/pages/unlang/condition/regex.adoc @@ -28,7 +28,7 @@ The regular expression comparison is performed on the _string representation_ of the left side of the comparison. That is, if the left side is an xref:type/numb.adoc[integer], the regular expression will behave as if the value `0` was the literal string `"0"`. Similarly, if the left side is an -xref:unlang/attr.adoc[&Attribute-Name], then the regular expression will behave +xref:unlang/attr.adoc[Attribute-Name], then the regular expression will behave as if the attribute was printed to a string, and the match was performed on the resulting string. diff --git a/doc/antora/modules/reference/pages/unlang/edit.adoc b/doc/antora/modules/reference/pages/unlang/edit.adoc index 9c140a8b4e2..c47c199da30 100644 --- a/doc/antora/modules/reference/pages/unlang/edit.adoc +++ b/doc/antora/modules/reference/pages/unlang/edit.adoc @@ -14,7 +14,7 @@ attribute += attribute -= ... -list1 := &list2 +list1 := list2 list1 += { attribute = value, ... } list1 += " attribute = value, ... " ... diff --git a/doc/antora/modules/reference/pages/unlang/filter.adoc b/doc/antora/modules/reference/pages/unlang/filter.adoc index 77dc2711e76..73cc62a5f50 100644 --- a/doc/antora/modules/reference/pages/unlang/filter.adoc +++ b/doc/antora/modules/reference/pages/unlang/filter.adoc @@ -16,9 +16,9 @@ group { # # Enforce it # - large <= &small + large <= small - # &large now has value '10' + # large now has value '10' } ---- diff --git a/doc/antora/modules/reference/pages/unlang/foreach.adoc b/doc/antora/modules/reference/pages/unlang/foreach.adoc index 3f8a3acf09b..a7a6f705817 100644 --- a/doc/antora/modules/reference/pages/unlang/foreach.adoc +++ b/doc/antora/modules/reference/pages/unlang/foreach.adoc @@ -148,8 +148,8 @@ In this example, we have to explicitly give a data type `string`. The data type .Example of Looping over children of a structural type. [source,unlang] ---- -foreach string child (&TLV-Thing.[*]) { - out += &child +foreach string child (TLV-Thing.[*]) { + out += child out += " " } ---- @@ -162,7 +162,7 @@ examined, but cannot be changed. This is a limitation of the current interprete [source,unlang] ---- foreach thing (Tmp-TLV-0[*]) { - out += &thing.c + out += thing.c out += " " } ---- diff --git a/doc/antora/modules/reference/pages/unlang/local.adoc b/doc/antora/modules/reference/pages/unlang/local.adoc index 3a737059ba4..c568a77282b 100644 --- a/doc/antora/modules/reference/pages/unlang/local.adoc +++ b/doc/antora/modules/reference/pages/unlang/local.adoc @@ -71,7 +71,7 @@ if (User-Name == "bob") { uint32 len # this test ALWAYS fails, as "len" has not been assigned a value - if (&len) { + if (len) { ... } diff --git a/doc/antora/modules/reference/pages/unlang/switch.adoc b/doc/antora/modules/reference/pages/unlang/switch.adoc index ea33fc009ec..eaee8d550b2 100644 --- a/doc/antora/modules/reference/pages/unlang/switch.adoc +++ b/doc/antora/modules/reference/pages/unlang/switch.adoc @@ -17,7 +17,7 @@ switch { ---- A `switch` statement causes the server to evaluate __, -which can be an xref:unlang/attr.adoc[&Attribute-Name] or +which can be an xref:unlang/attr.adoc[Attribute-Name] or xref:unlang/condition/operands.adoc[data]. The result is compared against __ and __, etc. in order to find a match. If no match is found, then the server looks for the `default` @@ -125,7 +125,7 @@ switch User-Name { .Switch over IP prefixes [source,unlang] ---- -switch &Framed-IP-Address { +switch Framed-IP-Address { case 192.168/16 { accept } diff --git a/doc/antora/modules/reference/pages/xlat/deprecated.adoc b/doc/antora/modules/reference/pages/xlat/deprecated.adoc index dcdf76b48d6..449e77c853d 100644 --- a/doc/antora/modules/reference/pages/xlat/deprecated.adoc +++ b/doc/antora/modules/reference/pages/xlat/deprecated.adoc @@ -46,7 +46,7 @@ It is easier to just use casting and string append: [source,unlang] ---- -reply.Class := (octets) &Framed-IP-Address + (octets) NAS-IP-Address. +reply.Class := (octets) Framed-IP-Address + (octets) NAS-IP-Address. ---- == %string(...) diff --git a/doc/antora/modules/reference/pages/xlat/interpreter.adoc b/doc/antora/modules/reference/pages/xlat/interpreter.adoc index d52f9c3b814..5587fa73b6f 100644 --- a/doc/antora/modules/reference/pages/xlat/interpreter.adoc +++ b/doc/antora/modules/reference/pages/xlat/interpreter.adoc @@ -17,7 +17,7 @@ Dynamically change the debug level to something high, recording the old level. [source,unlang] ---- recv Access-Request { - if (&request.User-Name == "bob") { + if (request.User-Name == "bob") { "%debug(4)" } else { "%debug(0)" @@ -31,12 +31,12 @@ recv Access-Request { ``` ... (0) recv Access-Request { -(0) if (&request.User-Name == "bob") { +(0) if (request.User-Name == "bob") { (0) EXPAND %debug(4) (0) --> 2 -(0) } # if (&request.User-Name == "bob") (...) +(0) } # if (request.User-Name == "bob") (...) (0) filter_username { -(0) if (&State) { +(0) if (State) { (0) ... (0) } ... @@ -54,7 +54,7 @@ expands to a zero-length string. [source,unlang] ---- recv Access-Request { - if (&request.User-Name == "bob") { + if (request.User-Name == "bob") { "%debug_attr(request[*])" } ... @@ -66,15 +66,15 @@ recv Access-Request { ``` ... (0) recv Access-Request { -(0) if (&request.User-Name == "bob") { +(0) if (request.User-Name == "bob") { (0) Attributes matching "request[*]" -(0) &request.User-Name = bob -(0) &request.User-Password = hello -(0) &request.NAS-IP-Address = 127.0.1.1 -(0) &request.NAS-Port = 1 -(0) &request.Message-Authenticator = 0x9210ee447a9f4c522f5300eb8fc15e14 +(0) request.User-Name = bob +(0) request.User-Password = hello +(0) request.NAS-IP-Address = 127.0.1.1 +(0) request.NAS-Port = 1 +(0) request.Message-Authenticator = 0x9210ee447a9f4c522f5300eb8fc15e14 (0) EXPAND %debug_attr(request[*]) -(0) } # if (&request.User-Name == "bob") (...) +(0) } # if (request.User-Name == "bob") (...) ... ```