From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 27 Dec 2015 02:23:38 +0000 (-0500)
Subject: use filter_username inside of the tunnel, too
X-Git-Tag: release_3_0_11~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de44b79d8f5bacbf3687d6133a25067fd225974c;p=thirdparty%2Ffreeradius-server.git

use filter_username inside of the tunnel, too

Because spaces and multiple @'s are a bad idea.
---

diff --git a/raddb/sites-available/inner-tunnel b/raddb/sites-available/inner-tunnel
index 14df8ab13e6..7d6a6e29b0b 100644
--- a/raddb/sites-available/inner-tunnel
+++ b/raddb/sites-available/inner-tunnel
@@ -46,6 +46,15 @@ listen {
 #  Make *sure* that 'preprocess' comes before any realm if you
 #  need to setup hints for the remote radius server
 authorize {
+	#
+	#  Take a User-Name, and perform some checks on it, for spaces and other
+	#  invalid characters.  If the User-Name appears invalid, reject the
+	#  request.
+	#
+	#  See policy.d/filter for the definition of the filter_username policy.
+	#
+	filter_username
+
 	#
 	#  Do checks on outer / inner User-Name, so that users
 	#  can't spoof us by using incompatible identities