From: Scott Armitage <s.p.armitage@lboro.ac.uk>
Date: Sun, 21 Oct 2012 15:58:19 +0000 (+0100)
Subject: Changed cui policy. Added settings to (optionally) make requirement of operator name... 
X-Git-Tag: release_3_0_0_beta1~1656^2^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=785950755dab19fa7dd3671da1fbc1c591b43ae4;p=thirdparty%2Ffreeradius-server.git

Changed cui policy. Added settings to (optionally) make requirement of operator name a pre-requisite for cui generation
---

diff --git a/raddb/policy.d/cui b/raddb/policy.d/cui
index 6dc53acd8d1..d3faf67c72f 100644
--- a/raddb/policy.d/cui
+++ b/raddb/policy.d/cui
@@ -14,6 +14,13 @@
 #
 cui_hash_key = "some_hash_key"
 
+#
+# cui_require_operator_name switch
+# If this is set to nonzero value then CUI will only be added
+# when a non-empty Operator-Name value is present in the request
+#
+cui_require_operator_name = 0
+
 #
 #  The client indicates it can do CUI by sending a CUI attribute
 #  containing one zero byte.
@@ -52,24 +59,34 @@ cui.pre-proxy {
 }
                                                                         
 
+#
 #  Add a CUI attribute based on the User-Name, and a secret key
 #  known only to this server.
+#  For EAP-TTLS and EAP-PEAP methods
+#  use_tunneled_reply parameter MUST be set to yes
 #
 cui.post-auth {
-	if (FreeRadius-Proxied-To == 127.0.0.1) {
-		if (outer.request:Chargeable-User-Identity) {
-			update outer.reply {
-				Chargeable-User-Identity:="%{md5:%{config:cui_hash_key}%{User-Name}}"
-			}
-		}
-	}
-	else {
-		if (Chargeable-User-Identity) {
-			update reply {
-				Chargeable-User-Identity="%{md5:%{config:cui_hash_key}%{User-Name}}"
-			}
-		}
-	}
+	if (Freeradius-Proxied-To == 127.0.0.1) {
+                if (outer.request:Chargeable-User-Identity && \
+                    (outer.request:Operator-Name || !("${policy.cui_require_operator_name}"))) {
+                        update reply {
+                                Chargeable-User-Identity:="%{md5:${policy.cui_hash_key}%{User-Name}%{outer.request:Operator-Name:-}}"
+                        }
+                }
+        }
+        else {
+                if (!("%{control:Proxy-To-Realm}") && \
+                    Chargeable-User-Identity && \
+                    !(reply:Chargeable-User-Identity) && \
+                    (Operator-Name || !("${policy.cui_require_operator_name}")) ) {
+                        update reply {
+                                Chargeable-User-Identity="%{md5:${policy.cui_hash_key}%{User-Name}%{%{Operator-Name}:-}}"
+                        }
+                }
+                update reply {
+                        User-Name-="%{reply:User-Name}"
+                }
+	}	
 }