Correct realm regex examples, and creation of REALM for them

The old examples were wrong.  The old code created the Realm
attribute with value of the regex... rather than the actual realm name.

Closes bug #40

diff --git a/raddb/proxy.conf b/raddb/proxy.conf
index 54ecba6..f557426 100644 (file)
--- a/raddb/proxy.conf
+++ b/raddb/proxy.conf
@@ -739,13 +739,13 @@ realm LOCAL {
 #    3) If no realm is found, return the DEFAULT realm, if any.
 #
 #  The order of the realms matters in step (2).  For example, defining
-#  two realms "*.example.com" and "*.test.example.com" will result in
+#  two realms ".*\.example.net$" and ".*\.test\.example\.net$" will result in
 #  the second realm NEVER matching.  This is because all of the realms
 #  which match the second regex also match the first one.  Since the
 #  first regex matches, it is returned.
 #
 #  The solution is to list the realms in the opposite order,. e.g.
-#  "*.test.example.com", followed by "*.example.com".
+#  ".*\.test\.example.net$", followed by ".*\.example\.net$".
 #
 #
 #  Some helpful rules:
@@ -760,28 +760,26 @@ realm LOCAL {
 #     regular expressions.  That may be fixed in a future release.
 #
 #   - use two back-slashes '\\' whenever you need one backslash in the
-#     regex.  e.g. "~*\\.example\\.com", and not "~*\.example\.com".
+#     regex.  e.g. "~.*\\.example\\.net$", and not "~\.example\.net$".
 #     This is because the regex is in a double-quoted string, and normal
 #     rules apply for double-quoted strings.
 #
 #   - If you are matching domain names, use two backslashes in front of
 #     every '.' (dot or period).  This is because '.' has special meaning
 #     in a regular expression: match any character.  If you do not do this,
-#     then "~*.example.com" will match "fooXexampleYcom", which is likely
+#     then "~.*.example.net$" will match "fooXexampleYnet", which is likely
 #     not what you want
 #
 #   - If you are matching domain names, put a '$' at the end of the regex
 #     that matches the domain name.  This tells the regex matching code
 #     that the realm ENDS with the domain name, so it does not match
-#     realms with the domain name in the middle.  e.g. "~*\\.example\\.com"
-#     will match "test.example.comFOO", which is likely not what you want.
-#     Using "~*\\.example\\.com$" is better.
+#     realms with the domain name in the middle.  e.g. "~.*\\.example\\.net"
+#     will match "test.example.netFOO", which is likely not what you want.
+#     Using "~.*\\.example\\.net$" is better.
 #
 #  The more regex realms that are defined, the more time it takes to
 #  process them.  You should define as few regex realms as possible
 #  in order to maximize server performance.
 #
-#realm "~*\\.example\\.com$" {
-#      authhost = LOCAL             # not strictly necessary
-#      accthost = LOCAL             # not strictly necessary
+#realm "~.*\\.example\\.net$" {
 #}

diff --git a/src/modules/rlm_realm/rlm_realm.c b/src/modules/rlm_realm/rlm_realm.c
index a893267..6d6640e 100644 (file)
--- a/src/modules/rlm_realm/rlm_realm.c
+++ b/src/modules/rlm_realm/rlm_realm.c
@@ -195,10 +195,16 @@ static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
 
        /*
         *      Add the realm name to the request.
+        *      If the realm is a regex, the use the realm as entered
+        *      by the user.  Otherwise, use the configured realm name,
+        *      as realm name comparison is case insensitive.  We want
+        *      to use the configured name, rather than what the user
+        *      entered.
         */
-       pairadd(&request->packet->vps, pairmake("Realm", realm->name,
+       if (realm->name[0] != '~') realmname = realm->name;
+       pairadd(&request->packet->vps, pairmake("Realm", realmname,
                                                T_OP_EQ));
-       RDEBUG2("Adding Realm = \"%s\"", realm->name);
+       RDEBUG2("Adding Realm = \"%s\"", realmname);
 
        /*
         *      Figure out what to do with the request.