From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 28 Nov 2011 10:44:43 +0000 (+0100)
Subject: Minor reformatting for 80-col widths
X-Git-Tag: release_3_0_0_beta0~472
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=912bd29e02ecb779b1ade5fc1229926fb9a99f33;p=thirdparty%2Ffreeradius-server.git

Minor reformatting for 80-col widths
---

diff --git a/raddb/policy.conf b/raddb/policy.conf
index 46851620229..3955429e046 100644
--- a/raddb/policy.conf
+++ b/raddb/policy.conf
@@ -19,36 +19,52 @@
 #  If policy A calls policy B, then B MUST be defined before A.
 #
 policy {
-	# We check for this prefix to determine whether the class value was generated by the server.
+	# We check for this prefix to determine whether the class
+	# value was generated by this server.  It should be changed
+	# so that it is globally unique.
 	class_value_prefix = 'ai:'
+
 	#
-	# 	Overload the default acct_unique module, it's not smart enough
+	# 	Overload the default acct_unique module, it's not
+	# 	smart enough.
 	#
 	acct_unique {
 		#
-		#  If we have a class attribute in the format 'auth_id:[0-9a-f]{32}' it'll have a local
-		#  value (defined by insert_acct_class), this ensures uniquenes and suitability.
+		#  If we have a class attribute in the format
+		#  'auth_id:[0-9a-f]{32}' it'll have a local value
+		#  (defined by insert_acct_class), this ensures
+		#  uniqueness and suitability.
 		#
-		#  We could just use the Class attribute as Acct-Unique-Session-Id, but this may cause
-		#  problems with NAS that carry Class values across between multiple linked sessions.
-		#  So we rehash class with Acct-Session-ID to provide a truely unique session identifier.
+		#  We could just use the Class attribute as
+		#  Acct-Unique-Session-Id, but this may cause problems
+		#  with NAS that carry Class values across between
+		#  multiple linked sessions.  So we rehash class with
+		#  Acct-Session-ID to provide a truely unique session
+		#  identifier.
 		#
-		#  Using a Class/Session-ID combination is more robust than using elements in the
-		#  Accounting-Request, which may be subject to change, such as NAS-IP-Address,
-		#  Client-IP-Address and NAS-Port-ID/NAS-Port.
+		#  Using a Class/Session-ID combination is more robust
+		#  than using elements in the Accounting-Request,
+		#  which may be subject to change, such as
+		#  NAS-IP-Address, Client-IP-Address and
+		#  NAS-Port-ID/NAS-Port.
 		#
-		#  This policy should ensure that session data is not affected if NAS IP addresses change,
-		#  or the client roams to a different 'port' whilst maintaining its initial authentication
-		#  session (Common in a wireless environment).
+		#  This policy should ensure that session data is not
+		#  affected if NAS IP addresses change, or the client
+		#  roams to a different 'port' whilst maintaining its
+		#  initial authentication session (Common in a
+		#  wireless environment).
 		#	 
 		if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
 			update request {
 				Acct-Unique-Session-Id := "%{md5:%{1}%{Acct-Session-ID}}"
 			}
 		}	 
+
 		#
-		#  Not All devices respect RFC 2865 when dealing with the class attribute,
-		#  so be prepared to use the older style of hashing scheme if a class attribute is not included 
+		#  Not All devices respect RFC 2865 when dealing with
+		#  the class attribute, so be prepared to use the
+		#  older style of hashing scheme if a class attribute
+		#  is not included
 		#
 		else {
 			update request {
@@ -67,7 +83,8 @@ policy {
 	}
 
 	#
-	#	Forbid all EAP types.
+	#	Forbid all EAP types.  Enable this by putting "forbid_eap"
+	#	into the "authorize" section.
 	#
 	forbid_eap {
 		if (EAP-Message) {
@@ -110,14 +127,15 @@ policy {
 	#
 	#	Split User-Name in NAI format (RFC 4282) into components
 	#
-	#  This policy writes the Username and Domain portions of the NAI into the 
-	#  Stripped-User-Name and Stripped-User-Domain attributes.
+	#  This policy writes the Username and Domain portions of the
+	#  NAI into the Stripped-User-Name and Stripped-User-Domain
+	#  attributes.
 	#
-	#  The regular expression to do this is not strictly compliant with the standard, 
-	#  but it is not possible to write a compliant regexp without perl style
-	#  regular expressions (or at least not a legible one).
+	#  The regular expression to do this is not strictly compliant
+	#  with the standard, but it is not possible to write a
+	#  compliant regexp without perl style regular expressions (or
+	#  at least not a legible one).
 	#
-
 	nai_regexp = "^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$"	
 
 	split_username_nai {
@@ -126,11 +144,13 @@ policy {
 				Stripped-User-Name := "%{1}"
 				Stripped-User-Domain = "%{3}"
 			}
-			# If any of the expansions result in a null string, the update
-			# section may return something other than updated...
+
+			# If any of the expansions result in a null
+			# string, the update section may return
+			# something other than updated...
 			updated
 		}
-		else{
+		else {
 			noop
 		}
 	}
@@ -138,7 +158,6 @@ policy {
 	#	
 	#  If called in post-proxy we modify the proxy-reply message
 	#
-
 	split_username_nai.post-proxy { 
 		if(proxy-reply:User-Name =~ /${policy.nai_regexp}/){
 			update proxy-reply {
@@ -147,13 +166,14 @@ policy {
 			}
 			updated
 		}
-		else{
+		else {
 			noop
 		}
 	}
 
 	#
-	#	Forbid all attempts to login via realms.
+	#	Example of forbidding all attempts to login via
+	#	realms.
 	#
 	deny_realms {
 		if (User-Name =~ /@|\\/) {
@@ -202,8 +222,8 @@ policy {
 	#  The following policies are for the Chargeable-User-Identity
 	#  (CUI) configuration.
 	#
-	#  The policies below can be called as just 'cui' (not cui.authorize etc..)
-	#  from the various  config sections.	
+	#  The policies below can be called as just 'cui' (not
+	#  cui.authorize etc..)  from the various config sections.
 	#
 
 	#
@@ -276,7 +296,8 @@ policy {
 	mac-addr-regexp = ([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
 	
 	#
-	#  Add "rewrite_called_station_id" in the "authorize" and "preacct" sections.
+	#  Add "rewrite_called_station_id" in the "authorize" and
+	#  "preacct" sections.
 	#
 	rewrite_called_station_id {
 		if(Called-Station-Id =~ /^${policy.mac-addr-regexp}(:(.+))?$/i) {
@@ -298,7 +319,8 @@ policy {
 	}
 
 	#
-	#  Add "rewrite_calling_station_id" in the "authorize" and "preacct" sections.
+	#  Add "rewrite_calling_station_id" in the "authorize" and
+	#  "preacct" sections.
 	#
 	rewrite_calling_station_id {
 		if(Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i) {