# what constitutes a user name.
#
filter_username {
- # spaces at the start: reject
- if (User-Name =~ /^ /) {
+ #
+ # reject mixed case
+ # e.g. "UseRNaMe"
+ #
+ if (User-Name != "%{tolower:%{User-Name}}") {
reject
}
- # spaces at the end: reject
- if (User-Name =~ / $$/) {
+ #
+ # reject all whitespace
+ # e.g. "user@ site.com", or "us er", or " user", or "user "
+ #
+ if (User-Name =~ / /) {
+ update reply {
+ Reply-Message += "Rejected: Username contains whitespace"
+ }
reject
}
- # Mixed case: reject
- if (User-Name != "%{tolower:%{User-Name}}") {
+ #
+ # reject Multiple @'s
+ # e.g. "user@site.com@site.com"
+ #
+ if(User-Name =~ /@(.+)?@/i ) {
+ update reply {
+ Reply-Message += "Rejected: Multiple @ in username"
+ }
reject
}
- }
+ #
+ # reject double dots
+ # e.g. "user@site..com"
+ #
+ if (User-Name =~ /\\.\\./ ) {
+ update reply {
+ Reply-Message += "Rejected: Username comtains ..s"
+ }
+ reject
+ }
+
+ #
+ # must have at least 1 string-dot-string after @
+ # e.g. "user@site.com"
+ #
+ if (User-Name !~ /@(.+)\\.(.+)$/) {
+ update reply {
+ Reply-Message += "Rejected: Realm does not have at least one dot seperator"
+ }
+ reject
+ }
+
+ #
+ # Realm ends with a dot
+ # e.g. "user@site.com."
+ #
+ if (User-Name =~ /\\.$/) {
+ update reply {
+ Reply-Message += "Rejected: Realm ends with a dot"
+ }
+ reject
+ }
+
+ #
+ # Realm begins with a dot
+ # e.g. "user@.site.com"
+ #
+ if (User-Name !~ /@\\./) {
+ update reply {
+ Reply-Message+ = "Rejected: Realm begins with a dot"
+ }
+ reject
+ }
+ }
#
# The following policies are for the Chargeable-User-Identity
projects / thirdparty / freeradius-server.git / commitdiff
