From abc96955654a8ca3edd207b7c1ed7b1faa6fb331 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Tue, 11 Jan 2011 13:22:09 +0100 Subject: [PATCH] Added more sample policies --- raddb/policy.conf | 63 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/raddb/policy.conf b/raddb/policy.conf index f89eb3f51b5..599a5804502 100644 --- a/raddb/policy.conf +++ b/raddb/policy.conf @@ -64,6 +64,29 @@ policy { handled } + # + # Force some sanity on User-Name. This helps to avoid issues + # issues where the back-end database is "forgiving" about + # what constitutes a user name. + # + filter_username { + # spaces at the start: reject + if (User-Name =~ /^ /) { + reject + } + + # spaces at the end: reject + if (User-Name =~ / $$/) { + reject + } + + # Mixed case: reject + if (User-Name != "%{lower:%{User-Name}}") { + reject + } + } + + # # The following policies are for the Chargeable-User-Identity # (CUI) configuration. @@ -131,4 +154,44 @@ policy { cui } } + + # + # Normalize the MAC Addresses in the Calling/Called-Station-Id + # + mac-addr = ([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2}) + + # Add "rewrite.called_station_id" in the "authorize" and "preacct" + # sections. + rewrite.called_station_id { + if((Called-Station-Id) && "%{Called-Station-Id}" =~ /^%{config:policy.mac-addr}(:(.+))?$/i) { + update request { + Called-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" + } + + # SSID component? + if ("%{7}") { + update request { + Called-Station-Id := "%{Called-Station-Id}:%{7}" + } + } + updated + } + else { + noop + } + } + + # Add "rewrite.calling_station_id" in the "authorize" and "preacct" + # sections. + rewrite.calling_station_id { + if((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) { + update request { + Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" + } + updated + } + else { + noop + } + } } -- 2.47.3