depot/ops/nixos/bvm-radius/raddb/mods-available/expr

147 lines
4.3 KiB
Text
Raw Normal View History

# -*- text -*-
#
# $Id: 43dbea35e41698f8ced22c1cf4ad128b08dee7ca $
#
# This module performs mathematical calculations:
#
# Attribute-Name = "%{expr:2 + 3 + &NAS-Port}"
#
# It supports the following operators (in order of precedence)
#
# & binary AND
# | binary OR
# << left shift
# >> right shift
# + addition
# - subtraction
# * multiply
# / divide
# %% remainder
# ^ exponentiation
# (...) sub-expression
#
# Operator precedence follows the normal rules.
# Division by zero means that the entire expression is invalid.
#
# Note that in versions before 3.0.5, the expression
# was parsed strictly left to right, and ignored operator
# precedence.
#
# It also allows unary negation: -1
# And twos complement: ~1
#
# All calculations are done on signed 63-bit integers.
# e.g. int64_t. This should be sufficient for all normal
# purposes.
#
# Hex numbers are supported: 0xabcdef
#
# As with all string expansions, you can nest the expansions:
#
# %{expr: %{NAS-Port} + 1}
# %{expr: %{sql:SELECT ... } + 1}
#
# Attribute references are supported for integer attributes.
# e.g. &NAS-Port. The benefit of using attribute references
# is that the expression is calculated directly on the
# attribute. It skips the step of "print to string, and then
# parse to number". This means it's a little faster.
#
# Otherwise, all numbers are decimal.
#
#
# The module also registers a few paircompare functions, and
# many string manipulation functions, including:
#
# rand get random number from 0 to n-1
# "%{rand:10}" == "9"
#
# randstr get random string built from character classes:
# c lowercase letters
# C uppercase letters
# n numbers
# a alphanumeric
# ! punctuation
# . alphanumeric + punctuation
# s alphanumeric + "./"
# o characters suitable for OTP (easily confused removed)
# h binary data as lowercase hex
# H binary data as uppercase hex
#
# "%{randstr:CCCC!!cccnnn}" == "IPFL>{saf874"
# "%{randstr:oooooooo}" == "rfVzyA4y"
# "%{randstr:hhhh}" == "68d60de3"
#
# urlquote quote special characters in URI
# "%{urlquote:http://example.org/}" == "http%3A%47%47example.org%47"
#
# urlunquote unquote URL special characters
# "%{urlunquote:http%%3A%%47%%47example.org%%47}" == "http://example.org/"
#
# escape escape string similar to rlm_sql safe_characters
# "%{escape:<img>foo.jpg</img>}" == "=60img=62foo.jpg=60/img=62"
#
# unescape reverse of escape
# "%{unescape:=60img=62foo.jpg=60/img=62}" == "<img>foo.jpg</img>"
#
# tolower convert to lowercase
# "%{tolower:Bar}" == "bar"
#
# toupper convert to uppercase
# "%{toupper:Foo}" == "FOO"
#
# md5 get md5sum hash
# "%{md5:foo}" == "acbd18db4cc2f85cedef654fccc4a4d8"
#
# sha1 get sha1 hash
# "%{sha1:foo}" == "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33"
#
# sha256 get sha256 hash
# "%{sha256:foo}" == "2c26b46b68ffc68ff99b453c1d30413413422d706..."
#
# sha512 get sha512 hash
# "%{sha512:foo}" == "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae29838..."
#
# hmacmd5 generate HMAC-MD5 of string
# "%{hmacmd5:foo bar}" == "31b6db9e5eb4addb42f1a6ca07367adc"
#
# hmacsha1 generate HMAC-SHA1 of string
# "%{hmacsha1:foo bar}" == "85d155c55ed286a300bd1cf124de08d87e914f3a"
#
# crypt encrypt with a salt: %{crypt:salt:password}
# "%{crypt:aa:foo}" == "aaKNIEDOaueR6"
# "%{crypt:$1$abcdefgh:foo}" == "$1$abcdefgh$XxzGe9Muun7wTYbZO4sdr0"
# "%{crypt:$5$%{randstr:aaaaaaaaaaaaaaaa}:foo}" == "$1$fu4P2fcAdo9gM..."
#
# pairs serialize attributes as comma-delimited string
# "%{pairs:request:}" == "User-Name = 'foo', User-Password = 'bar', ..."
#
# base64 encode string as base64
# "%{base64:foo}" == "Zm9v"
#
# base64tohex convert base64 to hex
# "%{base64tohex:Zm9v}" == "666f6f"
#
# explode split an attribute into multiple new attributes based on a delimiter
# "%{explode:&ref <delim>}"
#
# nexttime calculate number of seconds until next n hour(s), day(s), week(s), year(s)
# if it were 16:18, %{nexttime:1h} would expand to 2520
#
# lpad left-pad a string
# if User-Name is "foo": "%{lpad:&User-Name 6 x}" == "xxxfoo"
#
# rpad right-pad a string
# if User-Name is "foo": "%{rpad:&User-Name 5 -}" == "foo--"
#
expr {
#
# Characters that will not be encoded by the %{escape}
# xlat function.
#
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}