#
acct_unique {
#
- # If we have a class attribute, it'll have a local value (defined by populate_class),
- # this ensures uniqueness and suitability.
+ # If we have a class attribute in the format 'auth_id:[0-9a-f]{32}' it'll have a local
+ # value (defined by insert_acct_class), this ensures uniquenes and suitability.
+ #
# We could just use the Class attribute as Acct-Unique-Session-Id, but this may cause
# problems with NAS that carry Class values across between multiple linked sessions.
# So we rehash class with Acct-Session-ID to provide a truely unique session identifier.
}
}
+ #
+ # Split User-Name in NAI format (RFC 4282) into components
+ #
+ # This policy writes the Username and Domain portions of the NAI into the
+ # Stripped-User-Name and Stripped-User-Domain attributes.
+ #
+ # The regular expression to do this is not strictly compliant with the standard,
+ # but it is not possible to write a compliant regexp without perl style
+ # regular expressions (or at least not a legible one).
+ #
+ split_username_nai {
+ if(User-Name =~ /^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$/){
+ update request {
+ Stripped-User-Name := "%{1}"
+ Stripped-User-Domain = "%{3}"
+ }
+ }
+ else{
+ noop
+ }
+ }
+
#
# Forbid all attempts to login via realms.
#
projects / thirdparty / freeradius-server.git / commitdiff
