JavaScript Initialization Files
Steel-Belted Radius Carrier scripts are contained in JavaScript initialization (.jsi) files, which are similar in format to other Steel-Belted Radius Carrier configuration files. Each .jsi file consists of a number of section headers and associated configuration settings. The JavaScript text itself appears in a separate [Script] section within the file. With minor exceptions, the .jsi file headers and settings are the same for all script types.
Script settings for the LDAP authentication plug-in are embedded directly in the ldapauth.aut file. Except where noted, this guide applies equally to both ldapauth.aut and .jsi file types. For information about configuring other LDAP authentication plug-in settings, see LDAP Authentication File in the SBR Carrier Reference Guide.
Each .jsi file can contain these sections:
[Settings]
[Script]
[ScriptTrace] (optional)
[Failure] (optional)
[Settings] Section
[Settings] Section
The [Settings] section (Table 124) contains parameters that control logging and debugging of your script.
The LogLevel parameter sets the default level assigned to log messages produced by calls to the SbrWriteToLog() and SbrTrace() API functions. To determine if the message appears in the log, Steel-Belted Radius Carrier compares the message log level to the server log level (configured by the LogLevel parameter in radius.ini). If the server log level is greater than or equal to the message log level, the message is written to the Steel-Belted Radius Carrier log. If server log level is less than the message log level, the message is not written to the Steel-Belted Radius Carrier log.
Note You can override the script file LogLevel parameter when calling SbrWriteToLog() and SbrTrace() using the optional LogLevel function argument. For more details, see SbrWriteToLog() and SbrTrace and ScriptTraceLevel.
The ScriptTraceLevel parameter controls the amount of line-by-line debugging information that is produced automatically or under program control by the script. At the lowest level, no tracing is performed, and at the highest level, a trace is written to the log for every JavaScript statement that is executed. See Debugging Scripts for more information about script debugging.
The MaxScriptSteps parameter limits the number of branch callbacks that a script can perform in a single invocation. A branch callback is a backwards branch in the script code (for example, what occurs in a for loop), or a return from a function call. If the limit is reached, the script is automatically terminated with a runtime exception.
Table 124: [Settings] Section Parameters
Parameter
Function
LogLevel
Specifies the default log level at which messages are produced by calls to SbrWriteToLog() and SbrTrace(). The value must be less than or equal to the LogLevel value in the radius.ini file for messages to appear. The parameter can be overridden by supplying a LogLevel argument in the function calls.
Default value is 0.
ScriptTraceLevel
Controls the generation of line-by-line script trace information in the log.
At Level 0, no traces are logged.
At Level 1, traces are logged only when the SbrTrace() function is executed by the script.
At Level 2, a trace is generated for every line executed by the script.
Default value is 0.
MaxScriptSteps
Limits the number of branch callbacks that can be executed during a single script invocation. If the limit is reached, the script automatically terminates with a runtime exception.
Default value is 10000.
[Script] Section
[Script] Section
The [Script] section contains the body of your script. Unlike other configuration file sections, where parameters appear on individual lines, the script is entered as multi-line blocks of text. The script is processed until a line is encountered that begins with a left bracket (“[”) or the end of the file is reached.
This example shows a simple [Script] section containing code that writes a message to the server log.
[ScriptTrace] Section
[ScriptTrace] Section
The [ScriptTrace] section (Table 125) is optional. You can use the [ScriptTrace] section to select specific data values to print in the script trace logs. If you enable script tracing but do not specify any parameters in the [ScriptTrace] section, the trace frames contain statement and line number information but no script data values.
Each line in the [ScriptTrace] section specifies a type string and an argument. The type string selects the type of data value to be traced and the argument specifies its name.
These types are supported:
var—The argument is the name of a local or global script variable.
attr—The argument is the name of an LDAP variable table entry (ldapauth.aut only).
Table 125: [ScriptTrace] Section Parameters
Parameter
Function
var
Declares the name of a local or global JavaScript variable that appears in script trace logs.
attr
Declares the name of an LDAP variable table entry that appears in script trace logs (ldapauth.aut only).
[ScriptTrace]var = countvar = useridattr = User-Name (ldapauth.aut only)attr = Service-Type (ldapauth.aut only)
In this example, the identifiers count and userid refer to the JavaScript variables in the script execution context. The identifiers User-Name and Service-Type refer to entries in the LDAP variable tables and takes effect only when declared in an ldapauth.aut script file.
[Failure] Section
[Failure] Section
The [Failure] section is optional. It specifies a string value that is ultimately returned by a script if the script first returns SCRIPT_RET_FAILURE.
For LDAP authentication scripts, the value of the [Failure] section has a more complex interpretation. For details about the [Failure] section of the ldapauth.aut file, see LDAP Authentication File in the SBR Carrier Reference Guide.
For realm selection scripts, the value of the [Failure] section specifies the name of the realm to be returned if the script execution fails.
For attribute filter scripts, the value of the [Failure] section specifies the name of a static attribute filter to execute if the script execution fails.