Updated

diff --git a/man/man5/unlang.5 b/man/man5/unlang.5
index c2494e1..a845f1d 100644 (file)
--- a/man/man5/unlang.5
+++ b/man/man5/unlang.5
@@ -9,7 +9,8 @@ complicated than what is described here, we suggest using the Perl or
 Python modules rlm_perl, or rlm_python.
 
 The goal of the language is to allow simple policies to be written
-with minimal effort.
+with minimal effort.  Those policies are then applied when a request
+is being processed.
 .SH KEYWORDS
 The keywords for the language are a combination of pre-defined
 keywords, and references to loadable module names.  We document only
@@ -23,7 +24,10 @@ from the start of the list to the end.  Actions are executed
 per-keyword.
 .IP module-name
 A reference to the named module.  When processing reaches this point,
-the pre-compiled module is called.
+the pre-compiled module is called.  The module may succeed or fail,
+and will return a status to "unlang" if so.  This status can be tested
+in a condition.  See the "Simple Conditions" text in the CONDITIONS
+section, and MODULE RETURN CODES, below.
 
 .DS
        chap  # call the CHAP module
@@ -232,31 +236,10 @@ non-zero number.  Note that the language is not typed, so the string
 avoided by comparings strings to an empty string, rather than by
 evaluating the string by itself.
 
-If the text is not quoted, then it is parsed as one of the module
-return codes.  The condition evaluates to true if the most recent
-module return code matches the name given here.  Valid module return
-codes are:
-
-.br
-.DS
-       notfound        informatation was not found
-.br
-       noop            the module did nothing
-.br
-       ok              the module succeeded
-.br
-       updated         the module updated the request
-.br
-       fail            the module failed
-.br
-       reject          the module rejected the request
-.br
-       userlock        the user was locked out
-.br
-       invalid         the configuration was invalid
-.br
-       handled         the module has handled the request itself
-.DE
+If the text is not quoted, then it is used as a test for one of the
+module return codes.  The condition evaluates to true if the most
+recent module return code matches the name given here.  Valid module
+return codes are given in MODULE RETURN CODES, below.
 .IP Negation
 .DS
        (!foo)
@@ -560,6 +543,32 @@ keyword can be used to over-ride earlier failures, if the local
 administrator determines that the faiures are not catastrophic.
 .IP reject
 Causes the request to be immediately rejected
+.SH MODULE RETURN CODES
+When a module is called, it returns one of the following codes to
+"unlang", with the following meaning.
+
+.DS
+       notfound        information was not found
+.br
+       noop            the module did nothing
+.br
+       ok              the module succeeded
+.br
+       updated         the module updated the request
+.br
+       fail            the module failed
+.br
+       reject          the module rejected the request
+.br
+       userlock        the user was locked out
+.br
+       invalid         the configuration was invalid
+.br
+       handled         the module has handled the request itself
+.DE
+
+These return codes can be tested for in a condition, as described
+above in the CONDITIONS section.
 .SH FILES
 /etc/raddb/vmpsd.conf,
 /etc/raddb/radiusd.conf