From: Alan T. DeKok Date: Tue, 11 Jan 2011 12:22:09 +0000 (+0100) Subject: Added more sample policies X-Git-Tag: release_2_1_11~158 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abc96955;p=thirdparty%2Ffreeradius-server.git Added more sample policies --- diff --git a/raddb/policy.conf b/raddb/policy.conf index f89eb3f51b5..599a5804502 100644 --- a/raddb/policy.conf +++ b/raddb/policy.conf @@ -64,6 +64,29 @@ policy { handled } + # + # Force some sanity on User-Name. This helps to avoid issues + # issues where the back-end database is "forgiving" about + # what constitutes a user name. + # + filter_username { + # spaces at the start: reject + if (User-Name =~ /^ /) { + reject + } + + # spaces at the end: reject + if (User-Name =~ / $$/) { + reject + } + + # Mixed case: reject + if (User-Name != "%{lower:%{User-Name}}") { + reject + } + } + + # # The following policies are for the Chargeable-User-Identity # (CUI) configuration. @@ -131,4 +154,44 @@ policy { cui } } + + # + # Normalize the MAC Addresses in the Calling/Called-Station-Id + # + mac-addr = ([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2}) + + # Add "rewrite.called_station_id" in the "authorize" and "preacct" + # sections. + rewrite.called_station_id { + if((Called-Station-Id) && "%{Called-Station-Id}" =~ /^%{config:policy.mac-addr}(:(.+))?$/i) { + update request { + Called-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" + } + + # SSID component? + if ("%{7}") { + update request { + Called-Station-Id := "%{Called-Station-Id}:%{7}" + } + } + updated + } + else { + noop + } + } + + # Add "rewrite.calling_station_id" in the "authorize" and "preacct" + # sections. + rewrite.calling_station_id { + if((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) { + update request { + Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" + } + updated + } + else { + noop + } + } }