From: Alan T. DeKok Date: Mon, 4 Jun 2012 12:44:44 +0000 (+0200) Subject: More bad user names X-Git-Tag: release_2_2_0~109 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af8fa0eb0ffa8fedbdd4de57b696b22be3777169;p=thirdparty%2Ffreeradius-server.git More bad user names --- diff --git a/raddb/policy.conf b/raddb/policy.conf index e92d18d19a3..7eeb25ad7a7 100644 --- a/raddb/policy.conf +++ b/raddb/policy.conf @@ -70,22 +70,80 @@ policy { # what constitutes a user name. # filter_username { - # spaces at the start: reject - if (User-Name =~ /^ /) { + # + # reject mixed case + # e.g. "UseRNaMe" + # + if (User-Name != "%{tolower:%{User-Name}}") { reject } - # spaces at the end: reject - if (User-Name =~ / $$/) { + # + # reject all whitespace + # e.g. "user@ site.com", or "us er", or " user", or "user " + # + if (User-Name =~ / /) { + update reply { + Reply-Message += "Rejected: Username contains whitespace" + } reject } - # Mixed case: reject - if (User-Name != "%{tolower:%{User-Name}}") { + # + # reject Multiple @'s + # e.g. "user@site.com@site.com" + # + if(User-Name =~ /@(.+)?@/i ) { + update reply { + Reply-Message += "Rejected: Multiple @ in username" + } reject } - } + # + # reject double dots + # e.g. "user@site..com" + # + if (User-Name =~ /\\.\\./ ) { + update reply { + Reply-Message += "Rejected: Username comtains ..s" + } + reject + } + + # + # must have at least 1 string-dot-string after @ + # e.g. "user@site.com" + # + if (User-Name !~ /@(.+)\\.(.+)$/) { + update reply { + Reply-Message += "Rejected: Realm does not have at least one dot seperator" + } + reject + } + + # + # Realm ends with a dot + # e.g. "user@site.com." + # + if (User-Name =~ /\\.$/) { + update reply { + Reply-Message += "Rejected: Realm ends with a dot" + } + reject + } + + # + # Realm begins with a dot + # e.g. "user@.site.com" + # + if (User-Name !~ /@\\./) { + update reply { + Reply-Message+ = "Rejected: Realm begins with a dot" + } + reject + } + } # # The following policies are for the Chargeable-User-Identity