Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # |
| 2 | # Split User-Name in NAI format (RFC 4282) into components |
| 3 | # |
| 4 | # This policy writes the Username and Domain portions of the |
| 5 | # NAI into the Stripped-User-Name and Stripped-User-Domain |
| 6 | # attributes. |
| 7 | # |
| 8 | # The regular expression to do this is not strictly compliant |
| 9 | # with the standard, but it is not possible to write a |
| 10 | # compliant regexp without perl style regular expressions (or |
| 11 | # at least not a legible one). |
| 12 | # |
| 13 | nai_regexp = "^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$" |
| 14 | |
| 15 | split_username_nai { |
| 16 | if(User-Name =~ /${policy.nai_regexp}/){ |
| 17 | update request { |
| 18 | Stripped-User-Name := "%{1}" |
| 19 | Stripped-User-Domain = "%{3}" |
| 20 | } |
| 21 | |
| 22 | # If any of the expansions result in a null |
| 23 | # string, the update section may return |
| 24 | # something other than updated... |
| 25 | updated |
| 26 | } |
| 27 | else { |
| 28 | noop |
| 29 | } |
| 30 | } |
| 31 | |
| 32 | # |
| 33 | # If called in post-proxy we modify the proxy-reply message |
| 34 | # |
| 35 | split_username_nai.post-proxy { |
| 36 | if(proxy-reply:User-Name =~ /${policy.nai_regexp}/){ |
| 37 | update proxy-reply { |
| 38 | Stripped-User-Name := "%{1}" |
| 39 | Stripped-User-Domain = "%{3}" |
| 40 | } |
| 41 | updated |
| 42 | } |
| 43 | else { |
| 44 | noop |
| 45 | } |
| 46 | } |
| 47 | |
| 48 | # |
| 49 | # Normalize the MAC Addresses in the Calling/Called-Station-Id |
| 50 | # |
| 51 | mac-addr-regexp = ([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2}) |
| 52 | |
| 53 | # |
| 54 | # Add "rewrite_called_station_id" in the "authorize" and |
| 55 | # "preacct" sections. |
| 56 | # |
| 57 | rewrite_called_station_id { |
| 58 | if(Called-Station-Id =~ /^${policy.mac-addr-regexp}(:(.+))?$/i) { |
| 59 | update request { |
| 60 | Called-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" |
| 61 | } |
| 62 | |
| 63 | # SSID component? |
| 64 | if ("%{8}") { |
| 65 | update request { |
| 66 | Called-Station-SSID := "%{8}" |
| 67 | } |
| 68 | } |
| 69 | updated |
| 70 | } |
| 71 | else { |
| 72 | noop |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | # |
| 77 | # Add "rewrite_calling_station_id" in the "authorize" and |
| 78 | # "preacct" sections. |
| 79 | # |
| 80 | rewrite_calling_station_id { |
| 81 | if(Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i) { |
| 82 | update request { |
| 83 | Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" |
| 84 | } |
| 85 | updated |
| 86 | } |
| 87 | else { |
| 88 | noop |
| 89 | } |
| 90 | } |
| 91 | |