From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Mon, 11 Jul 2011 10:34:39 +0000 (+0200)
Subject: Add NAI policy for use in post-proxy
X-Git-Tag: release_3_0_0_beta0~705
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76c4f871fe3d0a922c94df40013869db63c91e06;p=thirdparty%2Ffreeradius-server.git

Add NAI policy for use in post-proxy
---

diff --git a/raddb/policy.conf b/raddb/policy.conf
index 8732e82f342..d83a532455f 100644
--- a/raddb/policy.conf
+++ b/raddb/policy.conf
@@ -117,8 +117,11 @@ policy {
 	#  but it is not possible to write a compliant regexp without perl style
 	#  regular expressions (or at least not a legible one).
 	#
+
+	nai_regexp = "^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$"	
+
 	split_username_nai {
-		if(User-Name =~ /^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$/){
+		if(User-Name =~ /${policy.nai_regexp}/){
 			update request {
 				Stripped-User-Name := "%{1}"
 				Stripped-User-Domain = "%{3}"
@@ -132,6 +135,23 @@ policy {
 		}
 	}
 
+	#	
+	#  If called in post-proxy we modify the proxy-reply message
+	#
+
+	split_username_nai.post-proxy { 
+		if(proxy-reply:User-Name =~ /${policy.nai_regexp}/){
+			update proxy-reply {
+				Stripped-User-Name := "%{1}"
+				Stripped-User-Domain = "%{3}"
+			}
+			updated
+		}
+		else{
+			noop
+		}
+	}
+
 	#
 	#	Forbid all attempts to login via realms.
 	#