regexregex-groupfreeradiusradius

FreeRadius Configuration (radiusd.conf) - Regex-Problem unlang


I am currently facing a problem within my Radius configuration and wanted to ask you for help.

I'am using the FreeRadius-Version 3.0.23

Within the authorize section in radiusd.conf I am trying to create the following unlang expression.

I have users in the following format:

super1
super2
...
user1
user2

NAS-Identifier:

SUP-A
SUP-B
SUP-C
SUP-D

I want to extract something from the NAS identifier using a regex and append to the user.

=> super1-A
=> super2-D

However, it doesn't work with the following expression because the extracted value is no longer available in the second IF statement.

if ( NAS-Identifier =~ /^SUP\\-([ABCD])/ ) {

=> The extracted value is only available at this point
=> Or is it possible to define a local variable with the value?

    if ( "%{User-Name}" !~ /^super\\d+/ )
            update request {                                                                                                         
                User-Name := "%{User-Name}-%{1}"   (However, I need the value here)                                                                                                                                                                                     
            }                                                                                                                        
        }
    }

This is my workaround:

if ( "%{User-Name}" !~ /^super\\d+/ && NAS-Identifier =~ /^SUP\\-([ABCD])/ ) {
            update request {                                                                                                         
                User-Name := "%{User-Name}-%{1}"                                                                                                                                                                                        
            }                                                                                                                        
        }

I would really appreciate your help as I couldn't find anything in the FreeRadius documentation.

Thanks in advance.


Solution

  • According to the FreeRadius documentation:

    Every time a regular expression is evaluated, whether it matches or not, the capture group values will be cleared.

    So, in your case, you can reverse the order of conditions:

    if ( "%{User-Name}" !~ /^super\\d+/ ) {
      if ( NAS-Identifier =~ /^SUP-([ABCD])/ ) {
        update request {                                                                                                         
          User-Name := "%{User-Name}-%{1}" 
        }                                                                                                                        
      }
    }
    

    Note that the - char is not any special regex metacharacter when used outside character classes, no need to escape it here.