Remove & from policy files

diff --git a/raddb/policy.d/accounting b/raddb/policy.d/accounting
index 0227aaff4e8f0ab39d896b3e12b1e77237ea2518..19f6c75755606d377e3b923bb3c77f61748de690 100644 (file)
--- a/raddb/policy.d/accounting
+++ b/raddb/policy.d/accounting
@@ -57,8 +57,8 @@ acct_unique {
        #  initial authentication session (Common in a
        #  wireless environment).
        #
-       if ("%{Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
-               &request.Acct-Unique-Session-Id := %hex(%md5("%{1}%{Acct-Session-ID}"))
+       if (Class =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
+               request.Acct-Unique-Session-Id := %hex(%md5("%{1}%{Acct-Session-ID}"))
        }
 
        #
@@ -68,7 +68,7 @@ acct_unique {
        #  is not included
        #
        else {
-               &request.Acct-Unique-Session-Id := %hex(%md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{&NAS-IPv6-Address || &NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
+               request.Acct-Unique-Session-Id := %hex(%md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{&NAS-IPv6-Address || &NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
        }
 }
 
@@ -76,7 +76,7 @@ acct_unique {
 #      Insert a (hopefully unique) value into class
 #
 insert_acct_class {
-       &reply.Class = '${policy.class_value_prefix}' + %hex(%md5("%t%I%{Net.Src.Port}%{Net.Src.IP}%{NAS-IP-Address}%{Calling-Station-ID}%{User-Name}"))
+       reply.Class = '${policy.class_value_prefix}' + %hex(%md5("%t%I%{Net.Src.Port}%{Net.Src.IP}%{NAS-IP-Address}%{Calling-Station-ID}%{User-Name}"))
 }
 
 #
@@ -85,17 +85,17 @@ insert_acct_class {
 #      If the &Attr-Foo doesn't exist, it's value is taken as zero.
 #
 acct_counters64 {
-       if (!&Acct-Input-Gigawords) {
-               &request.Acct-Input-Octets64 := %{&Acct-Input-Octets || 0}
+       if (!Acct-Input-Gigawords) {
+               request.Acct-Input-Octets64 := %{Acct-Input-Octets || 0}
        }
        else {
-               &request.Acct-Input-Octets64 =  (((uint64) &Acct-Input-Gigawords) << 32) | (uint64) &Acct-Input-Octets
+               request.Acct-Input-Octets64 =  (((uint64) Acct-Input-Gigawords) << 32) | (uint64) Acct-Input-Octets
        }
-       if (!&Acct-Output-Gigawords) {
-               &request.Acct-Output-Octets64 := %{&Acct-Output-Octets || 0}
+       if (!Acct-Output-Gigawords) {
+               request.Acct-Output-Octets64 := %{Acct-Output-Octets || 0}
        }
        else {
-               &request.Acct-Output-Octets64 = (((uint64) &Acct-Output-Gigawords) << 32) | (uint64) &Acct-Output-Octets
+               request.Acct-Output-Octets64 = (((uint64) Acct-Output-Gigawords) << 32) | (uint64) Acct-Output-Octets
        }
 }
 

diff --git a/raddb/policy.d/canonicalisation b/raddb/policy.d/canonicalisation
index ae6955797e78b25cb527a45733d5634ba12e268b..7ab2c3b89cbf4c82872f92ce0270929a6fb0e41b 100644 (file)
--- a/raddb/policy.d/canonicalisation
+++ b/raddb/policy.d/canonicalisation
@@ -17,15 +17,15 @@
 nai_regexp = '^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$'
 
 split_username_nai {
-       if (&User-Name && (&User-Name =~ /${policy.nai_regexp}/)) {
-               &request.Stripped-User-Name := "%{1}"
+       if (User-Name && (User-Name =~ /${policy.nai_regexp}/)) {
+               request.Stripped-User-Name := "%{1}"
 
 
                # Only add the Stripped-User-Domain attribute if
                # we have a domain. This means presence checks
                # for Stripped-User-Domain work.
                if ("%{3}" != '') {
-                       &request.Stripped-User-Domain = "%{3}"
+                       request.Stripped-User-Domain = "%{3}"
                }
 
                # If any of the expansions result in a null
@@ -51,12 +51,12 @@ mac-addr-regexp = '([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^
 #  be provided by 802.1X authenticators.
 #
 rewrite_called_station_id {
-       if (&Called-Station-Id && (&Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
-               &request.Called-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
+       if (Called-Station-Id && (Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
+               request.Called-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
 
                # SSID component?
                if ("%{8}") {
-                       &request.Called-Station-SSID := "%{8}"
+                       request.Called-Station-SSID := "%{8}"
                }
                updated
        }
@@ -73,8 +73,8 @@ rewrite_called_station_id {
 #  be provided by 802.1X authenticators.
 #
 rewrite_calling_station_id {
-       if (&Calling-Station-Id && (&Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
-               &request.Calling-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
+       if (Calling-Station-Id && (Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
+               request.Calling-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
 
                updated
        }

diff --git a/raddb/policy.d/control b/raddb/policy.d/control
index d4a9a25e0397db67c05e1b5c32a27c0bfd850358..b1bfce21993d8200908c872813a9a03467b1523e 100644 (file)
--- a/raddb/policy.d/control
+++ b/raddb/policy.d/control
@@ -3,7 +3,7 @@
 #  then use the "do_not_respond" policy.
 #
 do_not_respond {
-       &reply.Packet-Type := ::Do-Not-Respond
+       reply.Packet-Type := ::Do-Not-Respond
 
        handled
 }
@@ -12,7 +12,7 @@ do_not_respond {
 #  Send Access-Accept immediately
 #
 accept {
-       &reply.Packet-Type := ::Access-Accept
+       reply.Packet-Type := ::Access-Accept
 
        handled
 }
@@ -21,7 +21,7 @@ accept {
 #  Send Access-Challenge immediately
 #
 challenge {
-       &reply.Packet-Type := ::Access-Challenge
+       reply.Packet-Type := ::Access-Challenge
 
        handled
 }
@@ -30,7 +30,7 @@ challenge {
 #  Send an Accounting-Response immediately
 #
 acct_response {
-       &reply.Packet-Type := ::Accounting-Response
+       reply.Packet-Type := ::Accounting-Response
 
        handled
 }
@@ -42,8 +42,8 @@ acct_response {
 #  include the original packet code in the reply.
 #
 protocol_error {
-       &reply.Packet-Type := Accounting-Response
-       &reply.Original-Packet-Code := "%{Packet-Type}"
+       reply.Packet-Type := ::Accounting-Response
+       reply.Original-Packet-Code := Packet-Type
 
        handled
 }
@@ -52,7 +52,7 @@ protocol_error {
 #  Discard the packet without replying
 #
 discard {
-       &reply.Packet-Type := ::Do-Not-Respond
+       reply.Packet-Type := ::Do-Not-Respond
 
        handled
 }

diff --git a/raddb/policy.d/cui b/raddb/policy.d/cui
index c70952d92f1e680c7a46382f307434fbef45e14a..78fbf9ae0c87985624a2a38d8e2ff8133e5233be 100644 (file)
--- a/raddb/policy.d/cui
+++ b/raddb/policy.d/cui
@@ -40,7 +40,7 @@ cui_require_operator_name = "no"
 #
 cui.authorize {
        if ("%client(add_cui)" == 'yes') {
-               &request.Chargeable-User-Identity := 0x00
+               request.Chargeable-User-Identity := 0x00
        }
 }
 
@@ -52,9 +52,9 @@ cui.authorize {
 #  use_tunneled_reply parameter MUST be set to yes
 #
 cui.post-auth {
-       if (!&control.Proxy-To-Realm && &Chargeable-User-Identity && !&reply.Chargeable-User-Identity &&
-           (&Operator-Name || ('${policy.cui_require_operator_name}' != 'yes')) ) {
-               &reply.Chargeable-User-Identity = "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{&Operator-Name || ''}))"
+       if (!control.Proxy-To-Realm && Chargeable-User-Identity && !reply.Chargeable-User-Identity &&
+           (Operator-Name || ('${policy.cui_require_operator_name}' != 'yes')) ) {
+               reply.Chargeable-User-Identity = "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{Operator-Name || ''}))"
        }
 
        #
@@ -65,9 +65,9 @@ cui.post-auth {
        #  If your NAS can do CUI based accounting themselves or you do not care about
        #  accounting, comment out the 'cuisql' line below.
        #
-       if (&reply.Chargeable-User-Identity) {
+       if (reply.Chargeable-User-Identity) {
                # Force User-Name to be the User-Name from the request
-               &reply.User-Name := &request.User-Name
+               reply.User-Name := &request.User-Name
 
                cuisql
        }
@@ -75,9 +75,9 @@ cui.post-auth {
 
 
 cui-inner.post-auth {
-       if (&outer.request.Chargeable-User-Identity && \
-           (&outer.request.Operator-Name || ('${policy.cui_require_operator_name}' != 'yes'))) {
-               &reply.Chargeable-User-Identity := "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{&outer.request.Operator-Name || ''}))"
+       if (outer.request.Chargeable-User-Identity && \
+           (outer.request.Operator-Name || ('${policy.cui_require_operator_name}' != 'yes'))) {
+               reply.Chargeable-User-Identity := "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{outer.request.Operator-Name || ''}))"
        }
 }
 
@@ -92,8 +92,8 @@ cui.accounting {
        #  If the CUI isn't in the packet, see if we can find it
        #  in the DB.
        #
-       if (!&Chargeable-User-Identity) {
-               &request.Chargeable-User-Identity := %cuisql(\
+       if (!Chargeable-User-Identity) {
+               request.Chargeable-User-Identity := %cuisql(\
                                SELECT cui FROM cui \
                                WHERE clientipaddress = '%{Net.Src.IP}' \
                                AND callingstationid = '%{Calling-Station-Id}' \
@@ -104,7 +104,7 @@ cui.accounting {
        #  If it exists now, then write out when we last saw
        #  this CUI.
        #
-       if (&Chargeable-User-Identity && (&Chargeable-User-Identity != '')) {
+       if (Chargeable-User-Identity && (Chargeable-User-Identity != '')) {
                cuisql
        }
 }

diff --git a/raddb/policy.d/dhcp b/raddb/policy.d/dhcp
index 12548fdce0dde1ca5cc9af04b4b539c808f43f8b..bca5b7ff18352d7e32b30e0e6714410637247b11 100644 (file)
--- a/raddb/policy.d/dhcp
+++ b/raddb/policy.d/dhcp
@@ -3,11 +3,11 @@ dhcp_common {
        #  The contents here are invented.  Change them!
        #  Lease time is referencing the lease time set in the
        #  named module instance configuration
-       &reply.Domain-Name-Server = 127.0.0.1
-       &reply.Domain-Name-Server = 127.0.0.2
-       &reply.Subnet-Mask = 255.255.255.0
-       &reply.Router-Address = 192.0.2.1
-       &reply.IP-Address-Lease-Time = 7200
-#      &reply.IP-Address-Lease-Time = "${modules.sqlippool[sqlippool].lease_duration}"
-       &reply.Server-Identifier = &control.Server-Identifier
+       reply.Domain-Name-Server = 127.0.0.1
+       reply.Domain-Name-Server = 127.0.0.2
+       reply.Subnet-Mask = 255.255.255.0
+       reply.Router-Address = 192.0.2.1
+       reply.IP-Address-Lease-Time = 7200
+#      reply.IP-Address-Lease-Time = "${modules.sqlippool[sqlippool].lease_duration}"
+       reply.Server-Identifier = &control.Server-Identifier
 }

diff --git a/raddb/policy.d/eap b/raddb/policy.d/eap
index 31faa8d4d0e152484a468fc0491f635d26c3c6b2..990508b8a2c80290f72e1ab31092076a5403d197 100644 (file)
--- a/raddb/policy.d/eap
+++ b/raddb/policy.d/eap
@@ -3,7 +3,7 @@
 #       into the "recv Access-Request" section.
 #
 forbid_eap {
-       if (&EAP-Message) {
+       if (EAP-Message) {
                reject
        }
 }
@@ -12,12 +12,12 @@ forbid_eap {
 #       Forbid all non-EAP types outside of an EAP tunnel.
 #
 permit_only_eap {
-       if (!&EAP-Message) {
+       if (!EAP-Message) {
                #  We MAY be inside of a TTLS tunnel.
                #  PEAP and EAP-FAST require EAP inside of
                #  the tunnel, so this check is OK.
                #  If so, then there MUST be an outer EAP message.
-               if (!&outer.request || !&outer.request.EAP-Message) {
+               if (!outer.request || !outer.request.EAP-Message) {
                        reject
                }
        }
@@ -30,8 +30,8 @@ permit_only_eap {
 #  not be present in the same response.
 #
 remove_reply_message_if_eap {
-       if (&reply.EAP-Message && &reply.Reply-Message) {
-               &reply -= &Reply-Message[*]
+       if (reply.EAP-Message && reply.Reply-Message) {
+               reply -= &Reply-Message[*]
        }
        else {
                noop
@@ -46,8 +46,8 @@ remove_reply_message_if_eap {
 #      to copy now have to be explicitly listed.
 #
 copy_request_to_tunnel {
-       &request.Calling-Station-Id = &outer.request.Calling-Station-Id
-       &request.Called-Station-Id = &outer.request.Called-Station-Id
+       request.Calling-Station-Id = outer.request.Calling-Station-Id
+       request.Called-Station-Id = outer.request.Called-Station-Id
 }
 
 #
@@ -62,7 +62,7 @@ use_tunneled_reply {
        #  These attributes are for the inner-tunnel only,
        #  and MUST NOT be copied to the outer reply.
        #
-       &reply -= &User-Name[*]
+       reply -= &User-Name[*]
 
        #
        #  Copy the remaining inner reply attributes to the outer
@@ -73,6 +73,6 @@ use_tunneled_reply {
        #  'send Access-Accept' policy in sites-available/default will
        #  copy the outer session-state list to the final reply.
        #
-       &outer.session-state += &reply
+       outer.session-state += reply
 }
 

diff --git a/raddb/policy.d/filter b/raddb/policy.d/filter
index 54441a3e28ad97ad5ee7429bf02866a89975a460..f67202b562b3a74a44c717f8a3882aefb51bca5b 100644 (file)
--- a/raddb/policy.d/filter
+++ b/raddb/policy.d/filter
@@ -3,7 +3,7 @@
 #      realms.
 #
 deny_realms {
-       if (&User-Name && (&User-Name =~ /@|\\/)) {
+       if (User-Name && (User-Name =~ /@|\\/)) {
                reject
        }
 }
@@ -16,28 +16,28 @@ deny_realms {
 #  what constitutes a user name.
 #
 filter_username {
-       if (&State) {
-               if (&User-Name) {
-                       if (!&session-state.Session-State-User-Name) {
-                               &request += {
-                                       &Module-Failure-Message = "No cached session-state.Session-State-User-Name"
+       if (State) {
+               if (User-Name) {
+                       if (!session-state.Session-State-User-Name) {
+                               request += {
+                                       Module-Failure-Message = "No cached session-state.Session-State-User-Name"
                                }
                                reject
                        }
 
-                       if (&User-Name != &session-state.Session-State-User-Name) {
-                               &request += {
-                                       &Module-Failure-Message = "User-Name does not match cached session-state.Session-State-User-Name"
+                       if (User-Name != session-state.Session-State-User-Name) {
+                               request += {
+                                       Module-Failure-Message = "User-Name does not match cached session-state.Session-State-User-Name"
                                }
                                reject
                        }
                }
        }
-       elsif (&User-Name) {
+       elsif (User-Name) {
                #
                #  reject mixed case e.g. "UseRNaMe"
                #
-               #if (&User-Name != "%tolower(%{User-Name}}") {
+               #if (User-Name != "%tolower(%{User-Name}}") {
                #       reject
                #}
 
@@ -45,9 +45,9 @@ filter_username {
                #  reject all whitespace
                #  e.g. "user@ site.com", or "us er", or " user", or "user "
                #
-               if (&User-Name =~ / /) {
-                       &request += {
-                               &Module-Failure-Message = "User-Name contains whitespace"
+               if (User-Name =~ / /) {
+                       request += {
+                               Module-Failure-Message = "User-Name contains whitespace"
                        }
                        reject
                }
@@ -56,9 +56,9 @@ filter_username {
                #  reject Multiple @'s
                #  e.g. "user@site.com@site.com"
                #
-               if (&User-Name =~ /@[^@]*@/ ) {
-                       &request += {
-                               &Module-Failure-Message = "Multiple @ in User-Name"
+               if (User-Name =~ /@[^@]*@/ ) {
+                       request += {
+                               Module-Failure-Message = "Multiple @ in User-Name"
                        }
                        reject
                }
@@ -67,9 +67,9 @@ filter_username {
                #  reject double dots
                #  e.g. "user@site..com"
                #
-               if (&User-Name =~ /\.\./ ) {
-                       &request += {
-                               &Module-Failure-Message = "User-Name contains multiple dots (e.g. user@site..com)"
+               if (User-Name =~ /\.\./ ) {
+                       request += {
+                               Module-Failure-Message = "User-Name contains multiple dots (e.g. user@site..com)"
                        }
                        reject
                }
@@ -78,9 +78,9 @@ filter_username {
                #  must have at least 1 string-dot-string after @
                #  e.g. "user@site.com"
                #
-               if ((&User-Name =~ /@/) && (&User-Name !~ /@[^.]+(\.[^.]+)+$/))  {
-                       &request += {
-                               &Module-Failure-Message = "Realm does not have at least one dot separator"
+               if ((User-Name =~ /@/) && (User-Name !~ /@[^.]+(\.[^.]+)+$/))  {
+                       request += {
+                               Module-Failure-Message = "Realm does not have at least one dot separator"
                        }
                        reject
                }
@@ -89,9 +89,9 @@ filter_username {
                #  Realm ends with a dot
                #  e.g. "user@site.com."
                #
-               if (&User-Name =~ /\.$/)  {
-                       &request += {
-                               &Module-Failure-Message = "Realm ends with a dot"
+               if (User-Name =~ /\.$/)  {
+                       request += {
+                               Module-Failure-Message = "Realm ends with a dot"
                        }
                        reject
                }
@@ -100,14 +100,14 @@ filter_username {
                #  Realm begins with a dot
                #  e.g. "user@.site.com"
                #
-               if (&User-Name =~ /@\./)  {
-                       &request += {
-                               &Module-Failure-Message = "Realm begins with a dot"
+               if (User-Name =~ /@\./)  {
+                       request += {
+                               Module-Failure-Message = "Realm begins with a dot"
                        }
                        reject
                }
 
-               &session-state.Session-State-User-Name := &User-Name
+               session-state.Session-State-User-Name := User-Name
        }
 }
 
@@ -118,17 +118,17 @@ filter_username {
 #  This policy filters them out.
 #
 filter_password {
-       if &User-Password {
+       if User-Password {
                group tmp
                octets delim
 
                #
                #  Because "\000" yields "zero length delimiter is not allowed"
                #
-               &delim = 0x00
-               &tmp.User-Password := %explode(%{User-Password}, "%{delim}")
+               delim = 0x00
+               tmp.User-Password := %explode(%{User-Password}, "%{delim}")
 
-               &User-Password := &tmp.User-Password[0]
+               User-Password := tmp.User-Password[0]
        }
 }
 
@@ -136,9 +136,9 @@ filter_inner_identity {
        #
        #  No names, reject.
        #
-       if (!&outer.request.User-Name || !&User-Name) {
-               &request += {
-                       &Module-Failure-Message = "User-Name is required for tunneled authentication"
+       if (!outer.request.User-Name || !User-Name) {
+               request += {
+                       Module-Failure-Message = "User-Name is required for tunneled authentication"
                }
                reject
        }
@@ -150,12 +150,12 @@ filter_inner_identity {
        #  If the NAIs are the same, it violates user privacy,
        #  but is allowed.
        #
-       if (&outer.request.User-Name != &User-Name) {
+       if (outer.request.User-Name != User-Name) {
                #
                #  Get the outer realm.
                #
-               if (&outer.request.User-Name =~ /@([^@]+)$/) {
-                       &request.Outer-Realm-Name = %{1}
+               if (outer.request.User-Name =~ /@([^@]+)$/) {
+                       request.Outer-Realm-Name = %{1}
 
                        #
                        #  When we have an outer realm name, the user portion
@@ -164,9 +164,9 @@ filter_inner_identity {
                        #  We don't check for the full "anonymous", because
                        #  some vendors don't follow the standards.
                        #
-                       if (&outer.request.User-Name !~ /^(anon|@)/) {
-                               &request += {
-                                       &Module-Failure-Message = "User-Name is not anonymized"
+                       if (outer.request.User-Name !~ /^(anon|@)/) {
+                               request += {
+                                       Module-Failure-Message = "User-Name is not anonymized"
                                }
                                reject
                        }
@@ -179,9 +179,9 @@ filter_inner_identity {
                #  Otherwise, you could log in as outer "bob", and inner "doug",
                #  and we'd have no idea which one was correct.
                #
-               elsif (&outer.request.User-Name !~ /^anon/) {
-                       &request += {
-                               &Module-Failure-Message = "User-Name is not anonymized"
+               elsif (outer.request.User-Name !~ /^anon/) {
+                       request += {
+                               Module-Failure-Message = "User-Name is not anonymized"
                        }
                        reject
                }
@@ -189,8 +189,8 @@ filter_inner_identity {
                #
                #  Get the inner realm.
                #
-               if (&User-Name =~ /@([^@]+)$/) {
-                       &request.Inner-Realm-Name = %{1}
+               if (User-Name =~ /@([^@]+)$/) {
+                       request.Inner-Realm-Name = %{1}
 
                        #
                        #  Note that we do EQUALITY checks for realm names.
@@ -203,11 +203,11 @@ filter_inner_identity {
                        #  If the inner realm isn't the same as the outer realm,
                        #  the inner realm MUST be a subdomain of the outer realm.
                        #
-                       if (&Outer-Realm-Name && \
-                           (&Inner-Realm-Name != &Outer-Realm-Name) && \
-                           (&Inner-Realm-Name !~ /\.%{Outer-Realm-Name}$/)) {
-                               &request += {
-                                       &Module-Failure-Message = "Inner realm '%{Inner-Realm-Name}' and outer realm '%{Outer-Realm-Name}' are not from the same domain."
+                       if (Outer-Realm-Name && \
+                           (Inner-Realm-Name != Outer-Realm-Name) && \
+                           (Inner-Realm-Name !~ /\.%{Outer-Realm-Name}$/)) {
+                               request += {
+                                       Module-Failure-Message = "Inner realm '%{Inner-Realm-Name}' and outer realm '%{Outer-Realm-Name}' are not from the same domain."
                                }
                                reject
                        }

diff --git a/raddb/policy.d/operator-name b/raddb/policy.d/operator-name
index 467d770f14a99955fdbcff6993c48bf9b4e4febf..8fff08761a80f3fc6de5822834cf47331afea38f 100644 (file)
--- a/raddb/policy.d/operator-name
+++ b/raddb/policy.d/operator-name
@@ -27,6 +27,6 @@
 #
 operator-name.authorize {
        if ("%client(Operator-Name)") {
-               &request.Operator-Name = "%client(Operator-Name)"
+               request.Operator-Name = "%client(Operator-Name)"
        }
 }

diff --git a/raddb/policy.d/time b/raddb/policy.d/time
index 2dbec4cbada3025211a1740f55eb78e66427e544..45b5f3d8530a48d5a2a0ad92e692bc264d5eb445 100644 (file)
--- a/raddb/policy.d/time
+++ b/raddb/policy.d/time
@@ -2,19 +2,19 @@
 # Handles the Expiration attribute
 #
 expiration {
-       if (&control.Expiration) {
+       if (control.Expiration) {
                time_delta when
 
                #
                #  %l is "when the server received the request"
                #
-               if (&control.Expiration < %l) {
+               if (control.Expiration < %l) {
                        disallow
                        return
                }
 
-               &when = &control.Expiration - %l
+               &when = control.Expiration - %l
 
-               &reply.Session-Timeout <= &when
+               reply.Session-Timeout <= &when
        }
 }

diff --git a/raddb/policy.d/vendor b/raddb/policy.d/vendor
index 8cb0da4b7e9b018aa2f90ecaaf71c6538f7d459b..8b99b0909b135a1f2aa43afc0dc346086dce09c6 100644 (file)
--- a/raddb/policy.d/vendor
+++ b/raddb/policy.d/vendor
@@ -7,7 +7,7 @@
 broadsoft-decode {
        foreach value ( BroadSoft-Attr-255 ) {
                if (value =~ /^([0-9]+)=(.*)$/) {
-                               "&request.BroadSoft-Attr-%{1}" += "%{2}"
+                       "request.BroadSoft-Attr-%{1}" += "%{2}"
                }
        }