From: Alan T. DeKok Date: Sun, 28 Mar 2021 14:35:45 +0000 (-0400) Subject: add more WARNINGs so that people who read them will be enlightened. X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=57cc97408997afb8b0724911dccfb5fab834aed4;p=thirdparty%2Ffreeradius-server.git add more WARNINGs so that people who read them will be enlightened. Manual port of commit e26b9f8e14f --- diff --git a/src/process/radius/base.c b/src/process/radius/base.c index 7b020c7ae44..1f84b7363b0 100644 --- a/src/process/radius/base.c +++ b/src/process/radius/base.c @@ -517,12 +517,27 @@ RESUME_NO_RCTX(access_accept) PROCESS_TRACE; vp = fr_pair_find_by_da(&request->request_pairs, attr_module_success_message); - if (vp){ + if (vp) { auth_message(&inst->auth, request, true, "Login OK (%pV)", &vp->data); } else { auth_message(&inst->auth, request, true, "Login OK"); } + /* + * Check that there is a name which can be used to + * identify the user. The configuration depends on + * User-Name or Stripped-User-Name existing, and being + * (mostly) unique to that user. + */ + if (!request->parent && + ((vp = fr_pair_find_by_da(&request->request_pairs, attr_user_name)) != NULL) && + (vp->vp_strvalue[0] == '@') && + !fr_pair_find_by_da(&request->request_pairs, attr_stripped_user_name)) { + RWDEBUG("User-Name is anonymized, and no Stripped-User-Name exists."); + RWDEBUG("It may be difficult or impossible to identify the user."); + RWDEBUG("Please update Stripped-User-Name with information which identifies the user."); + } + fr_state_discard(inst->auth.state_tree, request); RETURN_MODULE_OK; }