-.TH rlm_realm 5 "5 February 2004" "" "FreeRADIUS Module"
+.TH rlm_realm 5 "14 March 2004" "" "FreeRADIUS Module"
.SH NAME
rlm_realm \- FreeRADIUS Module
.SH DESCRIPTION
.IP delimiter
A single character in quotes, which is used as the delimiting
character that separates the Realm and User sections of the string.
+.IP ignore_default
+This is set to either 'yes' or 'no'. If set to 'yes', this will
+prevent the module instance from matching a realm against the DEFAULT
+entry. This may be useful if you have multiple realm module instances.
+The default is 'no'.
+.IP ignore_null
+This is set to either 'yes' or 'no'. If set to 'yes', this will
+prevent the module instance from matching a realm against the NULL
+entry. This may be useful if you have multiple realm module instances.
+The default is 'no'.
.PP
This module parses the realm from the User-Name attrbiute according
to the instance configuration, and then performs a lookup to find a
# search order is defined the order in the authorize and
# preacct blocks after the module config block.
#
- # Two config options:
- # format - must be 'prefix' or 'suffix'
- # delimiter - must be a single character
+ # Four config options:
+ # format - must be 'prefix' or 'suffix'
+ # delimiter - must be a single character
+ # ignore_default - set to 'yes' or 'no'
+ # ignore_null - set to 'yes' or 'no'
+ #
+ # ignore_default and ignore_null can be set to 'yes' to prevent
+ # the module from matching against DEFAULT or NULL realms. This
+ # may be useful if you have have multiple realm module instances.
+ # They both default to 'no'.
+ #
# 'realm/username'
#
realm IPASS {
format = prefix
delimiter = "/"
+ ignore_default = no
+ ignore_null = no
}
# 'username@realm'
realm suffix {
format = suffix
delimiter = "@"
+ ignore_default = no
+ ignore_null = no
}
# 'username%realm'
realm realmpercent {
format = suffix
delimiter = "%"
+ ignore_default = no
+ ignore_null = no
}
# rewrite arbitrary packets. Useful in accounting and authorization.
int format;
char *formatstring;
char *delim;
+ int ignore_default;
+ int ignore_null;
} realm_config_t;
static CONF_PARSER module_config[] = {
offsetof(realm_config_t,formatstring), NULL, "suffix" },
{ "delimiter", PW_TYPE_STRING_PTR,
offsetof(realm_config_t,delim), NULL, "@" },
+ { "ignore_default", PW_TYPE_BOOLEAN,
+ offsetof(realm_config_t,ignore_default), NULL, "no" },
+ { "ignore_null", PW_TYPE_BOOLEAN,
+ offsetof(realm_config_t,ignore_null), NULL, "no" },
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
DEBUG2(" rlm_realm: Looking up realm \"%s\" for User-Name = \"%s\"",
realmname, request->username->strvalue);
} else {
+ if( inst->ignore_null ) {
+ DEBUG2(" rlm_realm: No '%c' in User-Name = \"%s\", skipping NULL due to config.",
+ inst->delim[0], request->username->strvalue);
+ return NULL;
+ }
DEBUG2(" rlm_realm: No '%c' in User-Name = \"%s\", looking up realm NULL",
inst->delim[0], request->username->strvalue);
}
/*
- * Allow NULL realms.
+ * Allow DEFAULT realms unless told not to.
*/
realm = realm_find(realmname, (request->packet->code == PW_ACCOUNTING_REQUEST));
if (!realm) {
(realmname == NULL) ? "NULL" : realmname);
return NULL;
}
+ if( inst->ignore_default &&
+ (strcmp(realm->realm, "DEFAULT")) == 0) {
+ DEBUG2(" rlm_realm: Found DEFAULT, but skipping due to config.");
+ return NULL;
+ }
+
+
DEBUG2(" rlm_realm: Found realm \"%s\"", realm->realm);
/*