doc/variables.rst

   1 Run-time variables
   2 ==================
   3
   4 See "man unlang" for more complete documentation on the run-time
   5 variables.  This file is here only for historical purposes.
   6
   7 The above variable expansions also support the following
   8 meta-attributes.  These are not normal RADIUS attributes, but are
   9 created by the server to be used like them, for ease of use.  They can
  10 only be queried, and cannot be assigned.
  11
  12 +-----------------------+-------------------------------------------------+
  13 | Packet-Type           | RADIUS packet type (Access-Request, etc.)       |
  14 +-----------------------+-------------------------------------------------+
  15 | Packet-Src-IP-Address | IP address from which the packet was sent       |
  16 +-----------------------+-------------------------------------------------+
  17 | Packet-Dst-IP-Address | IP address to which the packet was sent.        |
  18 |                       | This may be "0.0.0.0", if the server            |
  19 |                       | was configured with ``bind_address = *``.       |
  20 +-----------------------+-------------------------------------------------+
  21 | Packet-Src-Port       | UDP port from which the packet was sent         |
  22 +-----------------------+-------------------------------------------------+
  23 | Packet-Dst-Port       | UDP port to which the packet was sent.          |
  24 +-----------------------+-------------------------------------------------+
  25
  26 ``%{config:section.subsection.item}``
  27   Corresponding value in ``radiusd.conf`` for the string value of that item.
  28
  29 The ``%{config:...}`` variables should be used VERY carefully, as they
  30 may leak secret information from your RADIUS server, if you use them
  31 in reply attributes to the NAS!
  32
  33 ::
  34
  35   DEFAULT  User-Name =~ "^([^@]+)@(.*)"
  36            All-That-Matched = `%{0}`
  37            Just-The-User-Name = `%{1}`
  38            Just-The-Realm-Name = `%{2}`
  39
  40
  41 The variables are used in dynamically translated strings.  Most of the
  42 configuration entries in ``radiusd.conf`` (and related files) will do
  43 dynamic string translation.  To do the same dynamic translation in a
  44 RADIUS attribute (when pulling it from a database, or "users" file),
  45 you must put the string into an back-quoted string:
  46
  47 ::
  48
  49   Session-Timeout = `%{expr: 2 + 3}`
  50
  51 To do the dynamic translation in the ``radiusd.conf`` (or some other
  52 configuration files), just use the variable as-is.  See
  53 ``radiusd.conf`` for examples.
  54
  55
  56 Attributes as environment variables in executed programs
  57 --------------------------------------------------------
  58
  59 When calling an external program (e.g. from ``rlm_exec`` module), these
  60 variables can be passed on the command line to the program. In
  61 addition, the server places all of the attributes in the RADIUS
  62 request into environment variables for the external program. The
  63 variables are renamed under the following rules:
  64
  65   #. All letters are made upper-case.
  66   #. All hyphens '-' are turned into underscores '_'
  67
  68 so the attribute ``User-Name`` can be passed on the command line to the
  69 program as ``%{User-Name}``, or used inside the program as the environment
  70 variable ``USER_NAME`` (or ``$USER_NAME`` for shell scripts).
  71
  72 If you want to see the list of all of the variables, try adding a line
  73 ``printenv > /tmp/exec-program-wait`` to the script.  Then look in the
  74 file for a complete list of variables.
  75
  76 One-character variables
  77 -----------------------
  78
  79 The following one-character variables are also defined.  However, they
  80 are duplicates of the previous general cases, and are only provided
  81 for backwards compatibility.  They WILL BE removed in a future
  82 release.  They also do NOT permit the use of conditional syntax
  83 (i.e. ``:-``, as described above.
  84
  85 +-----------+---------------------------+-----------------------+
  86 | Variable  | Description               | Proper Equivalent     |
  87 +===========+===========================+=======================+
  88 |%a         |Protocol (SLIP/PPP)        |%{Framed-Protocol}     |
  89 +-----------+---------------------------+-----------------------+
  90 |%c         |Callback-Number            |%{Callback-Number}     |
  91 +-----------+---------------------------+-----------------------+
  92 |%d         |request day (DD)           |                       |
  93 +-----------+---------------------------+-----------------------+
  94 |%f         |Framed IP address          |%{Framed-IP-Address}   |
  95 +-----------+---------------------------+-----------------------+
  96 |%i         |Calling Station ID         |%{Calling-Station-Id}  |
  97 +-----------+---------------------------+-----------------------+
  98 |%l         |request timestamp          |                       |
  99 +-----------+---------------------------+-----------------------+
 100 |%m         |request month (MM)         |                       |
 101 +-----------+---------------------------+-----------------------+
 102 |%n         |NAS IP address             |%{NAS-IP-Address}      |
 103 +-----------+---------------------------+-----------------------+
 104 |%p         |Port number                |%{NAS-Port}            |
 105 +-----------+---------------------------+-----------------------+
 106 |%s         |Speed (PW_CONNECT_INFO)    |%{Connect-Info}        |
 107 +-----------+---------------------------+-----------------------+
 108 |%t         |request in ctime format    |                       |
 109 +-----------+---------------------------+-----------------------+
 110 |%u         |User name                  |%{User-Name}           |
 111 +-----------+---------------------------+-----------------------+
 112 |%A         |radacct_dir                |%{config:radacctdir}   |
 113 +-----------+---------------------------+-----------------------+
 114 |%C         |clientname                 |                       |
 115 +-----------+---------------------------+-----------------------+
 116 |%D         |request date (YYYYMMDD)    |                       |
 117 +-----------+---------------------------+-----------------------+
 118 |%H         |request hour               |                       |
 119 +-----------+---------------------------+-----------------------+
 120 |%L         |radlog_dir                 |%{config:logdir}       |
 121 +-----------+---------------------------+-----------------------+
 122 |%M         |MTU                        |%{Framed-MTU}          |
 123 +-----------+---------------------------+-----------------------+
 124 |%R         |radius_dir                 |%{config:raddbdir}     |
 125 +-----------+---------------------------+-----------------------+
 126 |%S         |request timestamp          |                       |
 127 |           |in SQL format              |                       |
 128 +-----------+---------------------------+-----------------------+
 129 |%T         |request timestamp          |                       |
 130 |           |in database format         |                       |
 131 +-----------+---------------------------+-----------------------+
 132 |%U         |Stripped User name         |%{Stripped-User-Name}  |
 133 +-----------+---------------------------+-----------------------+
 134 |%V         |Request-Authenticator      |                       |
 135 |           |(Verified/None)            |                       |
 136 +-----------+---------------------------+-----------------------+
 137 |%Y         |request year (YYYY)        |                       |
 138 +-----------+---------------------------+-----------------------+
 139 |%Z         |All request attributes     |                       |
 140 |           |except password            |                       |
 141 |           |(must have a big buffer)   |                       |
 142 +-----------+---------------------------+-----------------------+
 143
 144
 145  $Id$