From 608317fc0e4c9d4ca1419dad66b65950ff46f1ba Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 30 Dec 2015 19:38:05 -0500
Subject: [PATCH] filter_username applies only if there is a User-Name

---
 raddb/policy.d/filter | 124 +++++++++++++++++++++++++-------------------------
 1 file changed, 61 insertions(+), 63 deletions(-)

diff --git a/raddb/policy.d/filter b/raddb/policy.d/filter
index 080b4ff..9bdee4c 100644
--- a/raddb/policy.d/filter
+++ b/raddb/policy.d/filter
@@ -16,81 +16,79 @@ deny_realms {
 #  what constitutes a user name.
 #
 filter_username {
-	if (!&User-Name) {
-		noop
-	}
-
-	#
-	#  reject mixed case e.g. "UseRNaMe"
-	#
-	#if (&User-Name != "%{tolower:%{User-Name}}") {
-	#	reject
-	#}
+	if (&User-Name) {
+		#
+		#  reject mixed case e.g. "UseRNaMe"
+		#
+		#if (&User-Name != "%{tolower:%{User-Name}}") {
+		#	reject
+		#}
 
-	#
-	#  reject all whitespace
-	#  e.g. "user@ site.com", or "us er", or " user", or "user "
-	#
-	if (&User-Name =~ / /) {
-		update reply {
-			&Reply-Message += 'Rejected: Username contains whitespace'
+		#
+		#  reject all whitespace
+		#  e.g. "user@ site.com", or "us er", or " user", or "user "
+		#
+		if (&User-Name =~ / /) {
+			update reply {
+				&Reply-Message += 'Rejected: Username contains whitespace'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  reject Multiple @'s
-	#  e.g. "user@site.com@site.com"
-	#
-	if (&User-Name =~ /@[^@]*@/ ) {
-		update reply {
-			&Reply-Message += 'Rejected: Multiple @ in username'
+		#
+		#  reject Multiple @'s
+		#  e.g. "user@site.com@site.com"
+		#
+		if (&User-Name =~ /@[^@]*@/ ) {
+			update reply {
+				&Reply-Message += 'Rejected: Multiple @ in username'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  reject double dots
-	#  e.g. "user@site..com"
-	#
-	if (&User-Name =~ /\.\./ ) {
-		update reply {
-			&Reply-Message += 'Rejected: Username contains ..s'
+		#
+		#  reject double dots
+		#  e.g. "user@site..com"
+		#
+		if (&User-Name =~ /\.\./ ) {
+			update reply {
+				&Reply-Message += 'Rejected: Username contains ..s'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  must have at least 1 string-dot-string after @
-	#  e.g. "user@site.com"
-	#
-	if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
-		update reply {
-			&Reply-Message += 'Rejected: Realm does not have at least one dot separator'
+		#
+		#  must have at least 1 string-dot-string after @
+		#  e.g. "user@site.com"
+		#
+		if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
+			update reply {
+				&Reply-Message += 'Rejected: Realm does not have at least one dot separator'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  Realm ends with a dot
-	#  e.g. "user@site.com."
-	#
-	if (&User-Name =~ /\.$/)  {
-		update reply {
-			&Reply-Message += 'Rejected: Realm ends with a dot'
+		#
+		#  Realm ends with a dot
+		#  e.g. "user@site.com."
+		#
+		if (&User-Name =~ /\.$/)  {
+			update reply {
+				&Reply-Message += 'Rejected: Realm ends with a dot'
+			}
+			reject
 		}
-		reject
-	}
 
-	#
-	#  Realm begins with a dot
-	#  e.g. "user@.site.com"
-	#
-	if (&User-Name =~ /@\./)  {
-		update reply {
-			&Reply-Message += 'Rejected: Realm begins with a dot'
+		#
+		#  Realm begins with a dot
+		#  e.g. "user@.site.com"
+		#
+		if (&User-Name =~ /@\./)  {
+			update reply {
+				&Reply-Message += 'Rejected: Realm begins with a dot'
+			}
+			reject
 		}
-		reject
 	}
 }
 
-- 
2.1.4