Re: [Help-gnu-radius] problems getting rewrite hook right

[Charles Sprickman]

On Thu, 2 Nov 2006, Sergey Poznyakoff wrote:

> Charles Sprickman <address@hidden> wrote:
>
> > This gets me what I want in the domain part of the query, but the
> > username still comes up as "foo%foo.com".
>
> I didn't know it should:) Than, the domain_split can be rewritten to
> modify User-Name, as a side effect, like this:

This is perfect!  I tried something similar myself, but I screwed 
something up.  Can you help me understand how this works?

> string
> domain_split(string name)

so we're working on a string, the function we're creating is 
"domain_split" and the variable holding the username that's passed to the 
rewrite rule is "name", right?

> {
>        integer a;

What's "a"?

>          string localpart;
>        string domainpart;

Again, just declaring two variables that will be used later, right?

>          domainpart = "bway.net"; /* provide the default value */
>         if (name =~ "\(.*\)@\(.*\)") {
>                 localpart = \1;
>                 domainpart = \2;

Look for an "@" in the "name" variable.  If it exists, the part to the 
left of "@" goes in the variable "localpart" and the part on the right 
goes into the "domainpart" variable.

In the bigger picture, I assume whenever we do a match in this rewrite 
language that each match is available as "\1", "\2", "\3", etc., right?

>          } else {
>                 localpart = name;
>          }

No "@" in the "name" string, so "domainpart" remains bway.net as it was 
assigned above and the localpart takes the value of "name" as passed to 
this function.

>         if (localpart =~ "\(.*\)%\(.*\)") {
>                 localpart = \1;
>                 domainpart = \2;
>         }

Now we're looking to see if there's a "%" in "localpart" after the above 
processing.  If there is, split at the "%" and assign "localpart" and 
"domainpart" to the results of the split.

>          %[User-Name] = localpart;

I get this, but can you verify that in a rewrite rule I can basically 
alter any dictionary value I want to using this method?  And all the 
possible values to alter are found in the dictionary file, correct?  Even 
ones I've added to the stock dictionary?

>         return domainpart;
> }

Very basic question that indicates I dont' understand the language very 
well...  Why do I need the "return" statement?  Why don't I need it for 
"%[User-Name]"?

This is some really powerful stuff.  I haven't seen a radius server this 
flexible since I used Radiator 
(http://www.digitalpoint.com/products/radiator/).

> The test run gives:

Again, the test shell is really cool.

Thanks so much!

Charles

> ** TEST SHELL **
> (radiusd) source /home/gray/1.rw
> 0
> (radiusd) r domain_split("username%domain.com")
> domain.com
> (radiusd) rp
>    User-Name = (STRING) username
> (radiusd) r domain_split("address@hidden")
> domain.com
> (radiusd) rp
>    User-Name = (STRING) user
> (radiusd) r domain_split("address@hidden")
> domain.com
> (radiusd) rp
>    User-Name = (STRING) username
> (radiusd) r domain_split("username")
> bway.net
> (radiusd) rp
>    User-Name = (STRING) username
>
>
> Regards,
> Sergey