Run-time variables
------------------
- The run-time variables defined by the server are:
-
- %{Attribute-Name} The value of the given Attribute-Name
- in the request packet
-
- %{request:Attribute-Name} The value of value the given
- Attribute-Name in the request packet
- %{reply:Attribute-Name} The value of the given Attribute-Name
- in the reply packet
- %{proxy-request:Attribute-Name} The value of the given Attribute-Name
- in the proxy request packet (if it exists)
- %{proxy-reply:Attribute-Name} The value of the given Attribute-Name
- in the proxy reply packet (if it exists)
-
- The above variable expansions also support the meta-attribute
-Packet-Type as well. See the RADIUS dictionary for details on its
-values.
-
- %{check:Attribute-Name} Corresponding value for Attribute-Name
- in check items for request
-
+ See "man unlang" for more complete documentation on the run-time
+variables. This file is here only for historical purposes.
+
+
+ The above variable expansions also support the following
+meta-attributes. These are not normal RADIUS attributes, but are
+created by the server to be used like them, for ease of use. They can
+only be queried, and cannot be assigned.
+
+ Packet-Type RADIUS packet type (Access-Request, etc.)
+
+ Packet-Src-IP-Address IP address from which the packet was sent
+
+ Packet-Dst-IP-Address IP address to which the packet was sent
+ This may be "0.0.0.0", if the server
+ was configured with "bind_address = *".
+
+ Packet-Src-Port UDP port from which the packet was sent
+
+ Packet-Dst-Port UDP port to which the packet was sent.
%{config:section.subsection.item} Corresponding value in 'radiusd.conf'
for the string value of that item.
may leak secret information from your RADIUS server, if you use them
in reply attributes to the NAS!
- If your system supports regular expressions, then regular expression
-matching defines other special variables, just like in Perl.
-
- %{0} What the regular expression matched
- %{1} The first group which matched
- %{2} The second group which matched
- ...
- %{8} The eight group which matched.
-
- These variables are defined during a regular expression match =~,
-and only when the expression matches. They are NOT defined for the
-operator !~, or when =~ doesn't match. Any use of =~ destroys all
-previous values of %{0}..%{8}, but the variables.
-
- Some examples.
-
- %{User-Name} The string value of the User-Name attribute.
- %{proxy-reply:Framed-Protocol} The string value of the Framed-Protocol
- attribute, from the proxy reply.
- %{config:modules.unix.passwd} The string value of the 'passwd' configuration
- item in the 'unix' module, in the 'modules'
- section of radiusd.conf.
DEFAULT User-Name =~ "^([^@]+)@(.*)"
All-That-Matched = `%{0}`
for examples.
- Conditional syntax
- --------------------
-
- Additionally, you can use conditional syntax similar to ${foo:-bar} as
-defined in 'sh'. For example:
-
- 1. %{Foo:-bar}
- When attribute Foo is set: returns value of Foo
- When attribute Foo is unset: returns literal string 'bar'
-
- 2. %{Foo:-%{Bar}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo is unset: returns value of attribute Bar (if any)
-
- 3. %{Foo:-%{Bar:-baz}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo is unset: returns value of attribute Bar (if any)
- When attribute Bar is unset: returns literal string 'baz'
-
-
- Multiple-valued attributes
- --------------------------
-
- %{Attribute-Name[index]}
- Reference the N'th occurance of the given attribute. The
- indexes start at zero. This feature is NOT available for
- non-attribute dynamic translations, like %{sql:...}.
-
- e.g. %{User-Name[0]} is the same as %{User-Name}
- e.g. %{Cisco-AVPair[2]} references the value of the *third*
- Cisco-AVPair attribute (if it exists) in the request
- packet,
-
-
Attributes as environment variables in executed programs
--------------------------------------------------------