Skip to content

Commit d8aee28

Browse files
ndptechndptech
committed
Remove & from policy files
1 parent 23c9821 commit d8aee28

File tree

10 files changed

+112
-112
lines changed

10 files changed

+112
-112
lines changed

raddb/policy.d/accounting

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -57,8 +57,8 @@ acct_unique {
5757
# initial authentication session (Common in a
5858
# wireless environment).
5959
#
60-
if ("%{Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
61-
&request.Acct-Unique-Session-Id := %hex(%md5("%{1}%{Acct-Session-ID}"))
60+
if (Class =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
61+
request.Acct-Unique-Session-Id := %hex(%md5("%{1}%{Acct-Session-ID}"))
6262
}
6363

6464
#
@@ -68,15 +68,15 @@ acct_unique {
6868
# is not included
6969
#
7070
else {
71-
&request.Acct-Unique-Session-Id := %hex(%md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{&NAS-IPv6-Address || &NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
71+
request.Acct-Unique-Session-Id := %hex(%md5("%{User-Name},%{Acct-Multi-Session-ID},%{Acct-Session-ID},%{&NAS-IPv6-Address || &NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}"))
7272
}
7373
}
7474

7575
#
7676
# Insert a (hopefully unique) value into class
7777
#
7878
insert_acct_class {
79-
&reply.Class = '${policy.class_value_prefix}' + %hex(%md5("%t%I%{Net.Src.Port}%{Net.Src.IP}%{NAS-IP-Address}%{Calling-Station-ID}%{User-Name}"))
79+
reply.Class = '${policy.class_value_prefix}' + %hex(%md5("%t%I%{Net.Src.Port}%{Net.Src.IP}%{NAS-IP-Address}%{Calling-Station-ID}%{User-Name}"))
8080
}
8181

8282
#
@@ -85,17 +85,17 @@ insert_acct_class {
8585
# If the &Attr-Foo doesn't exist, it's value is taken as zero.
8686
#
8787
acct_counters64 {
88-
if (!&Acct-Input-Gigawords) {
89-
&request.Acct-Input-Octets64 := %{&Acct-Input-Octets || 0}
88+
if (!Acct-Input-Gigawords) {
89+
request.Acct-Input-Octets64 := %{Acct-Input-Octets || 0}
9090
}
9191
else {
92-
&request.Acct-Input-Octets64 = (((uint64) &Acct-Input-Gigawords) << 32) | (uint64) &Acct-Input-Octets
92+
request.Acct-Input-Octets64 = (((uint64) Acct-Input-Gigawords) << 32) | (uint64) Acct-Input-Octets
9393
}
94-
if (!&Acct-Output-Gigawords) {
95-
&request.Acct-Output-Octets64 := %{&Acct-Output-Octets || 0}
94+
if (!Acct-Output-Gigawords) {
95+
request.Acct-Output-Octets64 := %{Acct-Output-Octets || 0}
9696
}
9797
else {
98-
&request.Acct-Output-Octets64 = (((uint64) &Acct-Output-Gigawords) << 32) | (uint64) &Acct-Output-Octets
98+
request.Acct-Output-Octets64 = (((uint64) Acct-Output-Gigawords) << 32) | (uint64) Acct-Output-Octets
9999
}
100100
}
101101

raddb/policy.d/canonicalisation

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,15 @@
1717
nai_regexp = '^([^@]*)(@([-[:alnum:]]+\.[-[:alnum:].]+))?$'
1818

1919
split_username_nai {
20-
if (&User-Name && (&User-Name =~ /${policy.nai_regexp}/)) {
21-
&request.Stripped-User-Name := "%{1}"
20+
if (User-Name && (User-Name =~ /${policy.nai_regexp}/)) {
21+
request.Stripped-User-Name := "%{1}"
2222

2323

2424
# Only add the Stripped-User-Domain attribute if
2525
# we have a domain. This means presence checks
2626
# for Stripped-User-Domain work.
2727
if ("%{3}" != '') {
28-
&request.Stripped-User-Domain = "%{3}"
28+
request.Stripped-User-Domain = "%{3}"
2929
}
3030

3131
# If any of the expansions result in a null
@@ -51,12 +51,12 @@ mac-addr-regexp = '([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^
5151
# be provided by 802.1X authenticators.
5252
#
5353
rewrite_called_station_id {
54-
if (&Called-Station-Id && (&Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
55-
&request.Called-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
54+
if (Called-Station-Id && (Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
55+
request.Called-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
5656

5757
# SSID component?
5858
if ("%{8}") {
59-
&request.Called-Station-SSID := "%{8}"
59+
request.Called-Station-SSID := "%{8}"
6060
}
6161
updated
6262
}
@@ -73,8 +73,8 @@ rewrite_called_station_id {
7373
# be provided by 802.1X authenticators.
7474
#
7575
rewrite_calling_station_id {
76-
if (&Calling-Station-Id && (&Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
77-
&request.Calling-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
76+
if (Calling-Station-Id && (Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
77+
request.Calling-Station-Id := "%toupper(%{1}-%{2}-%{3}-%{4}-%{5}-%{6})"
7878

7979
updated
8080
}

raddb/policy.d/control

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# then use the "do_not_respond" policy.
44
#
55
do_not_respond {
6-
&reply.Packet-Type := ::Do-Not-Respond
6+
reply.Packet-Type := ::Do-Not-Respond
77

88
handled
99
}
@@ -12,7 +12,7 @@ do_not_respond {
1212
# Send Access-Accept immediately
1313
#
1414
accept {
15-
&reply.Packet-Type := ::Access-Accept
15+
reply.Packet-Type := ::Access-Accept
1616

1717
handled
1818
}
@@ -21,7 +21,7 @@ accept {
2121
# Send Access-Challenge immediately
2222
#
2323
challenge {
24-
&reply.Packet-Type := ::Access-Challenge
24+
reply.Packet-Type := ::Access-Challenge
2525

2626
handled
2727
}
@@ -30,7 +30,7 @@ challenge {
3030
# Send an Accounting-Response immediately
3131
#
3232
acct_response {
33-
&reply.Packet-Type := ::Accounting-Response
33+
reply.Packet-Type := ::Accounting-Response
3434

3535
handled
3636
}
@@ -42,8 +42,8 @@ acct_response {
4242
# include the original packet code in the reply.
4343
#
4444
protocol_error {
45-
&reply.Packet-Type := Accounting-Response
46-
&reply.Original-Packet-Code := "%{Packet-Type}"
45+
reply.Packet-Type := ::Accounting-Response
46+
reply.Original-Packet-Code := Packet-Type
4747

4848
handled
4949
}
@@ -52,7 +52,7 @@ protocol_error {
5252
# Discard the packet without replying
5353
#
5454
discard {
55-
&reply.Packet-Type := ::Do-Not-Respond
55+
reply.Packet-Type := ::Do-Not-Respond
5656

5757
handled
5858
}

raddb/policy.d/cui

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ cui_require_operator_name = "no"
4040
#
4141
cui.authorize {
4242
if ("%client(add_cui)" == 'yes') {
43-
&request.Chargeable-User-Identity := 0x00
43+
request.Chargeable-User-Identity := 0x00
4444
}
4545
}
4646

@@ -52,9 +52,9 @@ cui.authorize {
5252
# use_tunneled_reply parameter MUST be set to yes
5353
#
5454
cui.post-auth {
55-
if (!&control.Proxy-To-Realm && &Chargeable-User-Identity && !&reply.Chargeable-User-Identity &&
56-
(&Operator-Name || ('${policy.cui_require_operator_name}' != 'yes')) ) {
57-
&reply.Chargeable-User-Identity = "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{&Operator-Name || ''}))"
55+
if (!control.Proxy-To-Realm && Chargeable-User-Identity && !reply.Chargeable-User-Identity &&
56+
(Operator-Name || ('${policy.cui_require_operator_name}' != 'yes')) ) {
57+
reply.Chargeable-User-Identity = "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{Operator-Name || ''}))"
5858
}
5959

6060
#
@@ -65,19 +65,19 @@ cui.post-auth {
6565
# If your NAS can do CUI based accounting themselves or you do not care about
6666
# accounting, comment out the 'cuisql' line below.
6767
#
68-
if (&reply.Chargeable-User-Identity) {
68+
if (reply.Chargeable-User-Identity) {
6969
# Force User-Name to be the User-Name from the request
70-
&reply.User-Name := &request.User-Name
70+
reply.User-Name := &request.User-Name
7171

7272
cuisql
7373
}
7474
}
7575

7676

7777
cui-inner.post-auth {
78-
if (&outer.request.Chargeable-User-Identity && \
79-
(&outer.request.Operator-Name || ('${policy.cui_require_operator_name}' != 'yes'))) {
80-
&reply.Chargeable-User-Identity := "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{&outer.request.Operator-Name || ''}))"
78+
if (outer.request.Chargeable-User-Identity && \
79+
(outer.request.Operator-Name || ('${policy.cui_require_operator_name}' != 'yes'))) {
80+
reply.Chargeable-User-Identity := "%sha1(${policy.cui_hash_key}%tolower(%{User-Name}%{outer.request.Operator-Name || ''}))"
8181
}
8282
}
8383

@@ -92,8 +92,8 @@ cui.accounting {
9292
# If the CUI isn't in the packet, see if we can find it
9393
# in the DB.
9494
#
95-
if (!&Chargeable-User-Identity) {
96-
&request.Chargeable-User-Identity := %cuisql(\
95+
if (!Chargeable-User-Identity) {
96+
request.Chargeable-User-Identity := %cuisql(\
9797
SELECT cui FROM cui \
9898
WHERE clientipaddress = '%{Net.Src.IP}' \
9999
AND callingstationid = '%{Calling-Station-Id}' \
@@ -104,7 +104,7 @@ cui.accounting {
104104
# If it exists now, then write out when we last saw
105105
# this CUI.
106106
#
107-
if (&Chargeable-User-Identity && (&Chargeable-User-Identity != '')) {
107+
if (Chargeable-User-Identity && (Chargeable-User-Identity != '')) {
108108
cuisql
109109
}
110110
}

raddb/policy.d/dhcp

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,11 @@ dhcp_common {
33
# The contents here are invented. Change them!
44
# Lease time is referencing the lease time set in the
55
# named module instance configuration
6-
&reply.Domain-Name-Server = 127.0.0.1
7-
&reply.Domain-Name-Server = 127.0.0.2
8-
&reply.Subnet-Mask = 255.255.255.0
9-
&reply.Router-Address = 192.0.2.1
10-
&reply.IP-Address-Lease-Time = 7200
11-
# &reply.IP-Address-Lease-Time = "${modules.sqlippool[sqlippool].lease_duration}"
12-
&reply.Server-Identifier = &control.Server-Identifier
6+
reply.Domain-Name-Server = 127.0.0.1
7+
reply.Domain-Name-Server = 127.0.0.2
8+
reply.Subnet-Mask = 255.255.255.0
9+
reply.Router-Address = 192.0.2.1
10+
reply.IP-Address-Lease-Time = 7200
11+
# reply.IP-Address-Lease-Time = "${modules.sqlippool[sqlippool].lease_duration}"
12+
reply.Server-Identifier = &control.Server-Identifier
1313
}

raddb/policy.d/eap

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# into the "recv Access-Request" section.
44
#
55
forbid_eap {
6-
if (&EAP-Message) {
6+
if (EAP-Message) {
77
reject
88
}
99
}
@@ -12,12 +12,12 @@ forbid_eap {
1212
# Forbid all non-EAP types outside of an EAP tunnel.
1313
#
1414
permit_only_eap {
15-
if (!&EAP-Message) {
15+
if (!EAP-Message) {
1616
# We MAY be inside of a TTLS tunnel.
1717
# PEAP and EAP-FAST require EAP inside of
1818
# the tunnel, so this check is OK.
1919
# If so, then there MUST be an outer EAP message.
20-
if (!&outer.request || !&outer.request.EAP-Message) {
20+
if (!outer.request || !outer.request.EAP-Message) {
2121
reject
2222
}
2323
}
@@ -30,8 +30,8 @@ permit_only_eap {
3030
# not be present in the same response.
3131
#
3232
remove_reply_message_if_eap {
33-
if (&reply.EAP-Message && &reply.Reply-Message) {
34-
&reply -= &Reply-Message[*]
33+
if (reply.EAP-Message && reply.Reply-Message) {
34+
reply -= &Reply-Message[*]
3535
}
3636
else {
3737
noop
@@ -46,8 +46,8 @@ remove_reply_message_if_eap {
4646
# to copy now have to be explicitly listed.
4747
#
4848
copy_request_to_tunnel {
49-
&request.Calling-Station-Id = &outer.request.Calling-Station-Id
50-
&request.Called-Station-Id = &outer.request.Called-Station-Id
49+
request.Calling-Station-Id = outer.request.Calling-Station-Id
50+
request.Called-Station-Id = outer.request.Called-Station-Id
5151
}
5252

5353
#
@@ -62,7 +62,7 @@ use_tunneled_reply {
6262
# These attributes are for the inner-tunnel only,
6363
# and MUST NOT be copied to the outer reply.
6464
#
65-
&reply -= &User-Name[*]
65+
reply -= &User-Name[*]
6666

6767
#
6868
# Copy the remaining inner reply attributes to the outer
@@ -73,6 +73,6 @@ use_tunneled_reply {
7373
# 'send Access-Accept' policy in sites-available/default will
7474
# copy the outer session-state list to the final reply.
7575
#
76-
&outer.session-state += &reply
76+
outer.session-state += reply
7777
}
7878

0 commit comments

Comments
 (0)