depot/ops/nixos/bvm-radius/raddb/policy.d/cuirecv

46 lines
1.3 KiB
Text

#
# The following policies are for the Chargeable-User-Identity
# (CUI) configuration.
#
# The policies below can be called as just 'cui' (not
# cui.authorize etc..) from the various config sections.
#
## This is a limited configuration for Visited-only sites.
#
# The client indicates it can do CUI by sending a CUI attribute
# containing one zero byte.
# A non-empty value in Operator-Name can be an additional requirement.
# Normally CUI support is turned on only for such requests.
# CUI support can be used for local clients which do not
# supports CUI themselves, the server can simulate a CUI request
# adding the missing NUL CUI value and the Operator-Name attribute.
# Clients which are supposed to get this treatment should
# be marked by add_cui flag in clients.conf
# We assume that local clients are marked in the client.conf with
# add_cui flag, e.g.
# client xxxx {
# ...
# add_cui = yes
# }
#
cui.authorize {
if ("%{client:add_cui}" == 'yes') {
update request {
&Chargeable-User-Identity := 0x00
}
}
}
#
# Before proxing an Access-Request to a remote server, a NUL CUI
# attribute should be added, unless it is already present in the request.
#
cui.pre-proxy {
if (("%{request:Packet-Type}" == 'Access-Request') && ("%{client:add_cui}" == 'yes')) {
update proxy-request {
&Chargeable-User-Identity = 0x00
}
}
}