From: Arran Cudbard-Bell Date: Sun, 3 Jul 2011 17:10:59 +0000 (+0200) Subject: Add 'relaxed' option to rlm_attr_filter, when 'yes' attributes which do not explicitl... X-Git-Tag: release_2_1_12~79 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c869c4082b49318486bcab5835a07ffb318e5f0;p=thirdparty%2Ffreeradius-server.git Add 'relaxed' option to rlm_attr_filter, when 'yes' attributes which do not explicitly match any filter rules are still copied. --- diff --git a/man/man5/rlm_attr_filter.5 b/man/man5/rlm_attr_filter.5 index dd115c9c1b5..ce4116865b9 100644 --- a/man/man5/rlm_attr_filter.5 +++ b/man/man5/rlm_attr_filter.5 @@ -111,6 +111,9 @@ the NAS. Usually %{Realm} (the default). Can also be %{User-Name}, or other attribute that exists in the request. Note that the module always keys off of attributes in the request, and NOT in any other packet. +.IP relaxed +If set to 'yes', then attributes which do not match any filter rules +explicitly, will also be allowed. The default is 'no'. .PP .SH SECTIONS .IP preacct diff --git a/src/modules/rlm_attr_filter/rlm_attr_filter.c b/src/modules/rlm_attr_filter/rlm_attr_filter.c index ba5e53c4631..b4dbd04db09 100644 --- a/src/modules/rlm_attr_filter/rlm_attr_filter.c +++ b/src/modules/rlm_attr_filter/rlm_attr_filter.c @@ -41,9 +41,10 @@ RCSID("$Id$") * be used as the instance handle. */ struct attr_filter_instance { - char *attrsfile; + char *attrsfile; char *key; - PAIR_LIST *attrs; + int relaxed; + PAIR_LIST *attrs; }; static const CONF_PARSER module_config[] = { @@ -51,6 +52,8 @@ static const CONF_PARSER module_config[] = { offsetof(struct attr_filter_instance,attrsfile), NULL, "${raddbdir}/attrs" }, { "key", PW_TYPE_STRING_PTR, offsetof(struct attr_filter_instance,key), NULL, "%{Realm}" }, + { "relaxed", PW_TYPE_BOOLEAN, + offsetof(struct attr_filter_instance,relaxed), NULL, "no" }, { NULL, -1, 0, NULL, NULL } }; @@ -287,8 +290,12 @@ static int attr_filter_common(void *instance, REQUEST *request, } } - /* only move attribute if it passed all rules */ - if (fail == 0 && pass > 0) { + /* + * Only move attribute if it passed all rules, + * or if the config says we should copy unmatched + * attributes ('relaxed' mode). + */ + if (fail == 0 && (pass > 0 || inst->relaxed)) { *output_tail = paircopyvp(vp); if (!*output_tail) { pairfree(&output);