Add 'relaxed' option to rlm_attr_filter, when 'yes' attributes which do not explicitl...

author Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Sun, 3 Jul 2011 17:10:59 +0000 (19:10 +0200)

committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Sun, 3 Jul 2011 17:19:50 +0000 (19:19 +0200)
author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Sun, 3 Jul 2011 17:10:59 +0000 (19:10 +0200)
committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Sun, 3 Jul 2011 17:19:50 +0000 (19:19 +0200)
diff --git a/man/man5/rlm_attr_filter.5 b/man/man5/rlm_attr_filter.5

index dd115c9c1b5c899f6f22d39ce61f25f26e2d4b4f..ce4116865b93826e2f5f7ea298bb41a7c138d86b 100644 (file)
--- a/man/man5/rlm_attr_filter.5
+++ b/man/man5/rlm_attr_filter.5
@@ -111,6 +111,9 @@ the NAS.
  Usually %{Realm} (the default).  Can also be %{User-Name}, or other
  attribute that exists in the request.  Note that the module always
  keys off of attributes in the request, and NOT in any other packet.
+.IP relaxed
+If set to 'yes', then attributes which do not match any filter rules
+explicitly, will also be allowed. The default is 'no'.
  .PP
  .SH SECTIONS
  .IP preacct
diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c

index ba5e53c4631f29d5966a765df86184c7b6656927..b4dbd04db09a092e9ef4a3fa191697ab0edd5882 100644 (file)
--- a/src/modules/rlm_attr_filter/rlm_attr_filter.c
+++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c
@@ -41,9 +41,10 @@ RCSID("$Id$")
   *     be used as the instance handle.
   */
  struct attr_filter_instance {
-        char *attrsfile;
+       char *attrsfile;
         char *key;
-        PAIR_LIST *attrs;
+       int relaxed;
+       PAIR_LIST *attrs;
  };
  
  static const CONF_PARSER module_config[] = {
@@ -51,6 +52,8 @@ static const CONF_PARSER module_config[] = {
           offsetof(struct attr_filter_instance,attrsfile), NULL, "${raddbdir}/attrs" },
         { "key",     PW_TYPE_STRING_PTR,
           offsetof(struct attr_filter_instance,key), NULL, "%{Realm}" },
+       { "relaxed",    PW_TYPE_BOOLEAN,
+               offsetof(struct attr_filter_instance,relaxed), NULL, "no" },
         { NULL, -1, 0, NULL, NULL }
  };
  
@@ -287,8 +290,12 @@ static int attr_filter_common(void *instance, REQUEST *request,
                                 }
                         }
  
-                       /* only move attribute if it passed all rules */
-                       if (fail == 0 && pass > 0) {
+                       /*  
+                        *  Only move attribute if it passed all rules,
+                        *  or if the config says we should copy unmatched
+                        *  attributes ('relaxed' mode).
+                        */
+                       if (fail == 0 && (pass > 0 || inst->relaxed)) {
                                 *output_tail = paircopyvp(vp);
                                 if (!*output_tail) {
                                         pairfree(&output);
author	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Sun, 3 Jul 2011 17:10:59 +0000 (19:10 +0200)
committer	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Sun, 3 Jul 2011 17:19:50 +0000 (19:19 +0200)
man/man5/rlm_attr_filter.5		patch \| blob \| blame \| history
src/modules/rlm_attr_filter/rlm_attr_filter.c		patch \| blob \| blame \| history