gradient.texi

gnu 的radius服务器很好用的

@end deftp

Instructions of type @code{grad_instr_call} instruct the engine to
@dfn{call} the given subprogram. The engine pushes the current
instruction @FIXME{definition of current instruction or pc?} to the return
point stack @FIXME{definition of this?} and branches to instruction
@code{entry}. Execution of the subprogram ends when the engine
encounters an instruction of one of the following types:
@code{grad_instr_return}, @code{grad_instr_reply} or @code{grad_instr_proxy}.

If @code{grad_instr_return} is encountered, the engine pops the
instruction from the top of the return point stack and makes it
current instruction, then it branches to the @code{next} node.

If @code{grad_instr_reply} or @code{grad_instr_proxy} is encountered,
the engine, after executing corresponding actions, finishes executing
the program.

@subheading RPL representation

@deffn {RPL defun} CALL @var{list}
@deffnx {RPL defun} CALL @var{defun-name}
In the first form, the argument @var{list} is the RPL
subprogram to be executed.

In the second form @var{defun-name} is a name of the RPL subprogram
defined by @code{defun}.
@end deffn

@subheading Examples

First form:

@smalllisp
(CALL (ACTION "myfun(%[User-Name])")
      (REPLY Access-Reject
             ("Reply-Message" . "Access Denied")))
@end smalllisp

@noindent
Second form:

@smalllisp
(CALL process_users)
@end smalllisp

@node grad_instr_return
@subsection grad_instr_return
@UNREVISED{}

An instruction of type @code{grad_instr_return} indicates a return point from
the subprogram. If encountered in a subprogram (i.e. a program entered by
@code{grad_instr_call} node), it indicates return to the calling
subprogram (see the previous subsection). Otherwise, if
@code{grad_instr_return} is encountered within the main trunk, it
ends evaluating of the program.

Instructions of this type have no data associated with them in union @code{v}.

@subheading RPL representation
@deffn {RPL defun} RETURN
@end deffn

@subheading Examples

@smalllisp
(RETURN)
@end smalllisp

@node grad_instr_action
@subsection grad_instr_action
@UNREVISED{}

@deftp Instruction grad_instr_reply_t expr
@smallexample
@group
struct grad_instr_action @{
       grad_entry_point_t expr;    /* Entry point to the compiled
                                      Rewrite expression */
@};
typedef struct grad_instr_action grad_instr_reply_t;
@end group
@end smallexample
@end deftp

The machine executes a Rewrite expression with entry point
@code{expr}. Any return value from the expression is ignored.
@FIXME{Should the expression receive any arguments? If so,
what arguments? I'd say it should take at least the
request being processed and the reply pairs collected so far.}

@subheading RPL representation
@deffn {RPL defun} ACTION @var{expr}
@deffnx {RPL defun} ACTION @var{entry-point}
@FIXME{Description}
@end deffn

@subheading Examples

@smalllisp
(ACTION "%[NAS-IP-Address] = request_source_ip()")
@end smalllisp

@node grad_instr_reply
@subsection grad_instr_reply
@UNREVISED{}

@deftp Instruction grad_instr_reply_t return_code
@smallexample
@group
struct grad_instr_reply @{
       u_char reply_code;         /* Radius request code */
@};
typedef struct grad_instr_reply grad_instr_reply_t;
@end group
@end smallexample
@end deftp

@code{grad_instr_reply} instructs @command{radiusd} to send to the
requesting @NAS{} a reply with code @code{reply_code}. Any reply
pairs collected while executing the program are attached to
the reply.

After executing @code{grad_instr_reply} instruction, the engine
stops executing of the program.

Any execution path will usually end with this instruction.

@subheading RPL representation

@deffn {RPL defun} REPLY @var{reply-code} [@var{attr-list}]

Arguments:
@table @var
@item reply-code
Radius reply code.
@item attr-list
List of @AVP{}s to be added to the reply. Each @AVP{} is represented
as a @code{cons}: @code{(@var{name-or-number} . @var{value})}.
@end table
@end deffn

@subheading Example

@smalllisp
(REPLY Access-Accept
       ("Service-Type" . "Framed-User")
       ("Framed-Protocol" . "PPP"))
@end smalllisp

@node grad_instr_proxy
@subsection grad_instr_proxy
@UNREVISED{}

@deftp Instruction grad_instr_proxy_t realm    
@smallexample
@group
struct grad_instr_proxy
@{
  grad_realm_t realm;
@};
typedef struct grad_instr_proxy grad_instr_proxy_t;
@end group
@end smallexample
@end deftp

This instruction tells radius to proxy the request to the server defined
in @code{realm}. In other words, the engine executes
@code{proxy_send}. Further processing of the program is stopped.

@subheading RPL representation

@deffn {RPL defun} PROXY @var{realm-name}
@var{Realm-name} is name of the realm as defined in
@file{raddb/realms}. @FIXME{No, no. That's senseless. I must
get rid of @file{raddb/*}!}
@end deffn

@subheading Examples
@FIXME{Fix the above definition, then provide an example}.

@node grad_instr_forward
@subsection grad_instr_forward
@UNREVISED{}

@deftp Instruction grad_instr_forward_t server_list
@smallexample
@group
struct grad_instr_forward
@{
  grad_list_t server_list; 
@};
typedef struct grad_instr_forward grad_instr_forward_t;
@end group
@end smallexample
@end deftp

This node @dfn{forwards} the request to each servers from
@code{server_list}. Forwarding differs from proxying
in that the requests are sent to the remote servers @emph{and} processed
locally. The remote server is not expected to
reply. @xref{auth,forwarding}, for more information on this subject.

In contrast to @code{grad_instr_proxy}, this instruction type does not
cause the execution to stop.

Elements of @code{server_list} are of type @code{grad_server_t}.

Currently forwarding is performed by @code{forward_request} function
(@file{forward.c}), which could be used with little modifications.
Namely, it will be rewritten to get server list as argument, instead
of using static variable @code{forward_list}. Consequently, the
functions responsible for creating and initializing this static
variable will disappear along with the variable itself. @FIXME{Ok, but
what shall we do with @code{forward} statement in @file{raddb/config}?
I should address this issue in the section dedicated to backward
compatibility}.

@subsection RPL representation
@deffn {RPL defun} FORWARD @var{server-list}
@FIXME{What's in @var{server-list}?}
@end deffn

@node New Rewrite
@section Changes to Rewrite Language
@UNREVISED{}

@node Traditional Configuration
@section Support for Traditional Configuration Files.
@UNREVISED{}

Within the new configuration system, the traditional ``trio''
@file{hints-huntgroups-users} will be translated to the following
program:

@smalllisp
(defprog main
 (CALL hints)
 (CALL huntgroups)
 (COND "request_code() == Access-Request"
       (CALL users))
 (REPLY Access-Reject
        (Reply-Message . "\nAccess denied\n")))
@end smalllisp

For example, consider the following configuration:

@smallexample
# raddb/hints:
DEFAULT Prefix = "PPP" Hint = PPP
@end smallexample

This will produce the following program:

@smalllisp
(defprog hints
 (COND "%[Prefix] == \"PPP\"")
       (ACTION "%[Hint] = \"PPP\""))
@end smalllisp
 

@smallexample
#raddb/huntgroups
DEFAULT NAS-IP-Address = 10.10.4.1      Suffix = "staff"
DEFAULT NAS-IP-Address = 10.10.4.2      Huntgroup-Name = "second"
@end smallexample

Will produce

@smalllisp
(defprog huntgroups
 (COND "%[NAS-IP-Address] == 10.10.4.1 && !(%[Suffix] == \"staff\")"
       (REPLY Access-Reject
              ("Reply-Message" . "Access Denied by Huntgroup")))
 (COND "%[NAS-IP-Address] == 10.10.4.2"
       (ACTION "%[Huntgroup-Name] = \"second\"")))
@end smalllisp

Finally, @file{users}:

@smallexample
#raddb/users
DEFAULT Hint = "PPP",
               Auth-Type = PAM
        Service-Type = Framed-User,
               Framed-Protocol = PPP

DEFAULT Huntgroup-Name = "second",
               Auth-Type = PAM
        Service-Type = "Authenticate-Only",
               Reply-Message = "Authentity Confirmed"
@end smallexample                                              

@noindent
will produce

@smalllisp
(defprog users
 (COND "%[Hint] == "PPP" && authorize(PAM)"
       (REPLY Access-Accept
             (Service-Type . Framed-User)
             (Framed-Protocol . PPP))
       (REPLY Access-Reject
             (Reply-Message . "Access Denied")))
 (COND "%[Huntgroup-Name] == \"second\" && authorize(PAM)"
       (REPLY Access-Accept
              (Service-Type . "Authenticate-Only")
              (Reply-Message . "Authentity Confirmed"))))
@end smalllisp
        

@node New Configuration
@section New Configuration Files
@UNREVISED{}