2 # Sample of a policy language.
3 # There's no documentation other than this file.
4 # The syntax is odd, but it works.
5 # It's not intended for production use.
6 # Use it if you want obscure error messages and possibly server crashes.
10 # Debugging statements
12 #debug print_tokens # as we're parsing this file
13 debug print_policy # once the file has been parsed
14 debug evaluate # print limited information during evaluation
20 if (Time-Of-Day < "15:00") {
22 # Use ARAP-Password for testing because it's an attribute
24 ARAP-Password = "< 15:00"
31 # A named policy, executed during the "authorize" phase,
32 # because it's named "authorize".
36 if (!(CHAP-Challenge)) {
37 print "Adding CHAP-Challenge = %{request:Packet-Authentication-Vector}\n"
40 # Append all attributes to the specified list.
41 # The per-attribute operators MUST be '='
44 CHAP-Challenge = "%{request:Packet-Authentication-Vector}"
49 # Use per-attribute operators to do override, replace, etc.
50 # It's "control", not "check items", because "check items"
51 # is a hold-over from the "users" file, and we no longer like that.
59 # This could just as well be "%{ldap: query...}" =~ ...
61 # if ("%{User-Name}" =~ "^(b)") {
63 # Arap-Password = "Hello, %{1}"
68 # Execute "3pm", as if it was in-line here.