Add NAI policy for use in post-proxy

diff --git a/raddb/policy.conf b/raddb/policy.conf
index 8732e82f3426beddd4d1ee6834b4ab3252ba9b37..d83a532455f30411c266ead375430a502d038a1b 100644 (file)
--- a/raddb/policy.conf
+++ b/raddb/policy.conf
@@ -117,8 +117,11 @@ policy {
        #  but it is not possible to write a compliant regexp without perl style
        #  regular expressions (or at least not a legible one).
        #
+
+       nai_regexp = "^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$"    
+
        split_username_nai {
-               if(User-Name =~ /^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$/){
+               if(User-Name =~ /${policy.nai_regexp}/){
                        update request {
                                Stripped-User-Name := "%{1}"
                                Stripped-User-Domain = "%{3}"
@@ -132,6 +135,23 @@ policy {
                }
        }
 
+       #       
+       #  If called in post-proxy we modify the proxy-reply message
+       #
+
+       split_username_nai.post-proxy { 
+               if(proxy-reply:User-Name =~ /${policy.nai_regexp}/){
+                       update proxy-reply {
+                               Stripped-User-Name := "%{1}"
+                               Stripped-User-Domain = "%{3}"
+                       }
+                       updated
+               }
+               else{
+                       noop
+               }
+       }
+
        #
        #       Forbid all attempts to login via realms.
        #