From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 31 Dec 2015 00:38:05 +0000 (-0500)
Subject: filter_username applies only if there is a User-Name
X-Git-Tag: release_3_0_11~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=608317fc0e4c9d4ca1419dad66b65950ff46f1ba;p=thirdparty%2Ffreeradius-server.git

filter_username applies only if there is a User-Name
---

diff --git a/raddb/policy.d/filter b/raddb/policy.d/filter
index 080b4ff6139..9bdee4c50e0 100644
--- a/raddb/policy.d/filter
+++ b/raddb/policy.d/filter
@@ -16,81 +16,79 @@ deny_realms {
 #  what constitutes a user name.
 #
 filter_username {
-	if (!&User-Name) {
-		noop
-	}
-
-	#
-	#  reject mixed case e.g. "UseRNaMe"
-	#
-	#if (&User-Name != "%{tolower:%{User-Name}}") {
-	#	reject
-	#}
+	if (&User-Name) {
+		#
+		#  reject mixed case e.g. "UseRNaMe"
+		#
+		#if (&User-Name != "%{tolower:%{User-Name}}") {
+		#	reject
+		#}
 
-	#
-	#  reject all whitespace
-	#  e.g. "user@ site.com", or "us er", or " user", or "user "
-	#
-	if (&User-Name =~ / /) {
-		update reply {
-			&Reply-Message += 'Rejected: Username contains whitespace'
+		#
+		#  reject all whitespace
+		#  e.g. "user@ site.com", or "us er", or " user", or "user "
+		#
+		if (&User-Name =~ / /) {
+			update reply {
+				&Reply-Message += 'Rejected: Username contains whitespace'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  reject Multiple @'s
-	#  e.g. "user@site.com@site.com"
-	#
-	if (&User-Name =~ /@[^@]*@/ ) {
-		update reply {
-			&Reply-Message += 'Rejected: Multiple @ in username'
+		#
+		#  reject Multiple @'s
+		#  e.g. "user@site.com@site.com"
+		#
+		if (&User-Name =~ /@[^@]*@/ ) {
+			update reply {
+				&Reply-Message += 'Rejected: Multiple @ in username'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  reject double dots
-	#  e.g. "user@site..com"
-	#
-	if (&User-Name =~ /\.\./ ) {
-		update reply {
-			&Reply-Message += 'Rejected: Username contains ..s'
+		#
+		#  reject double dots
+		#  e.g. "user@site..com"
+		#
+		if (&User-Name =~ /\.\./ ) {
+			update reply {
+				&Reply-Message += 'Rejected: Username contains ..s'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  must have at least 1 string-dot-string after @
-	#  e.g. "user@site.com"
-	#
-	if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
-		update reply {
-			&Reply-Message += 'Rejected: Realm does not have at least one dot separator'
+		#
+		#  must have at least 1 string-dot-string after @
+		#  e.g. "user@site.com"
+		#
+		if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
+			update reply {
+				&Reply-Message += 'Rejected: Realm does not have at least one dot separator'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  Realm ends with a dot
-	#  e.g. "user@site.com."
-	#
-	if (&User-Name =~ /\.$/)  {
-		update reply {
-			&Reply-Message += 'Rejected: Realm ends with a dot'
+		#
+		#  Realm ends with a dot
+		#  e.g. "user@site.com."
+		#
+		if (&User-Name =~ /\.$/)  {
+			update reply {
+				&Reply-Message += 'Rejected: Realm ends with a dot'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  Realm begins with a dot
-	#  e.g. "user@.site.com"
-	#
-	if (&User-Name =~ /@\./)  {
-		update reply {
-			&Reply-Message += 'Rejected: Realm begins with a dot'
+		#
+		#  Realm begins with a dot
+		#  e.g. "user@.site.com"
+		#
+		if (&User-Name =~ /@\./)  {
+			update reply {
+				&Reply-Message += 'Rejected: Realm begins with a dot'
+			}
+			reject
 		}
-		reject
 	}
 }