From: Scott Armitage <s.p.armitage@lboro.ac.uk>
Date: Sun, 21 Oct 2012 15:28:23 +0000 (+0100)
Subject: Changed cui policy. cui.authorize requires a flag is set in client definition.  This... 
X-Git-Tag: release_3_0_0_beta1~1656^2^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69887993251e529347d63d66ef0639b5b90fde7e;p=thirdparty%2Ffreeradius-server.git

Changed cui policy. cui.authorize requires a flag is set in client definition.  This allows cui request on a per client basis
---

diff --git a/raddb/policy.d/cui b/raddb/policy.d/cui
index 2b580b373c8..45222676e1a 100644
--- a/raddb/policy.d/cui
+++ b/raddb/policy.d/cui
@@ -15,16 +15,31 @@
 cui_hash_key = "some_hash_key"
 
 #
-#  The client indicates it can do CUI by sending a CUI attribute	
-#  containing one zero byte
+#  The client indicates it can do CUI by sending a CUI attribute
+#  containing one zero byte.
+#  A non-empty value in Operator-Name can be an additional requirement.
+#  Normally CUI support is turned on only for such requests.
+#  CUI support can be used for local clients which do not
+#  supports CUI themselves, the server can simulate a CUI request
+#  adding the missing NUL CUI value and the Operator-Name attribute.
+#  Clients which are supposed to get this treatment should
+#  be marked by add_cui flag in clients.conf
+#  We assume that local clients are marked in the client.conf with
+#  add_cui flag, e.g.
+#  client xxxx {
+#    ...
+#    add_cui = yes
+#  }
 #
 cui.authorize {
-	update request {
-		Chargeable-User-Identity:='\\000'
+	if ( "%{client:add-cui}" == "yes" ) {
+		update request {
+			Chargeable-User-Identity := '\\000'
+		}
 	}
 }
 
-#
+
 #  Add a CUI attribute based on the User-Name, and a secret key
 #  known only to this server.
 #