-.TH rlm_attr_filter 5 "3 February 2004" "" "FreeRADIUS Module"
+.TH rlm_attr_filter 5 "12 February 2008" "" "FreeRADIUS Module"
.SH NAME
rlm_attr_filter \- FreeRADIUS Module
.SH DESCRIPTION
optionally be applied using another attribute, by editing the
\fIkey\fP configuration for this module.
.PP
+In 2.0.1 and earlier versions, the "accounting" section filtered the
+Accounting-Request, even though it was documented as filtering the
+response. This issue has been fixed in version 2.0.2 and later
+versions. The "preacct" section may now be used to filter
+Accounting-Request packets. The "accounting" section now filters
+Accounting-Response packets. Administrators using "attr_filter" in
+the "accounting" section SHOULD move the reference to "attr_filter"
+from "accounting" to "preacct".
+.PP
The file that defines the attribute filtering rules follows a similar
syntax to the \fIusers\fP file. There are a few differences however:
.PP
keys off of attributes in the request, and NOT in any other packet.
.PP
.SH SECTIONS
-.BR accounting,
-.BR pre-proxy,
-.BR post-proxy,
-.BR post-auth
+.IP preacct
+Filters Accounting-Request packets.
+.IP accounting
+Filters Accounting-Response packets.
+.IP pre-proxy
+Filters Accounting-Request or Access-Request packets prior to proxying
+them.
+.IP post-proxy
+Filters Accounting-Response, Access-Accept, Access-Reject, or
+Access-Challenge responses from a home server.
+.IP authorize
+Filters Access-Request packets.
+.IP post-auth
+Filters Access-Accept or Access-Reject packets.
.PP
.SH FILES
.I /etc/raddb/radiusd.conf
return RLM_MODULE_UPDATED;
}
-static int attr_filter_accounting(void *instance, REQUEST *request)
+static int attr_filter_preacct(void *instance, REQUEST *request)
{
return attr_filter_common(instance, request, &request->packet->vps);
}
+static int attr_filter_accounting(void *instance, REQUEST *request)
+{
+ return attr_filter_common(instance, request, &request->reply->vps);
+}
+
static int attr_filter_preproxy(void *instance, REQUEST *request)
{
return attr_filter_common(instance, request, &request->proxy->vps);
return attr_filter_common(instance, request, &request->reply->vps);
}
+static int attr_filter_authorize(void *instance, REQUEST *request)
+{
+ return attr_filter_common(instance, request, &request->packet->vps);
+}
+
/* globally exported name */
module_t rlm_attr_filter = {
attr_filter_detach, /* detach */
{
NULL, /* authentication */
- NULL, /* authorization */
- NULL, /* preaccounting */
+ attr_filter_authorize, /* authorization */
+ attr_filter_preacct, /* pre-acct */
attr_filter_accounting, /* accounting */
NULL, /* checksimul */
attr_filter_preproxy, /* pre-proxy */