rlm_realm module, Realm attr value

Martin Stanislav ms at uakom.sk
Mon Jan 24 15:32:08 CET 2011 

G'day, 

FreeRADIUS rlm_realm module feeds the Realm attribute with a configured
value that matched the realm as entered by the user. There is one exception.
If the matched configured value is a regex, the realm as entered by the user
is used to feed the Realm attribute value.

There is one more case that could get this exception like treatment.
If the configured realm value is "DEFAULT", the realm as entered
by the user could be used to feed the Realm attribute value.
Attached diff file describes the code change.

Alternatively, unlang can be employed to get the details into the Realm 
attribute.  If placed within the authorize section after the realm module
instance call (the suffix instance and delimiter = '@' is assumed to be 
in use in this case): 

        if (Realm == "DEFAULT" && User-Name =~ /@(.*)$/) {
                update request {
                        Realm := "%{1}"
                }
        }

Kind regards, 

Martin

-------------- next part --------------
diff --git a/src/modules/rlm_realm/rlm_realm.c b/src/modules/rlm_realm/rlm_realm.c
index 6006769..2da7211 100644
--- a/src/modules/rlm_realm/rlm_realm.c
+++ b/src/modules/rlm_realm/rlm_realm.c
@@ -197,13 +197,16 @@ static int check_for_realm(void *instance, REQUEST *request, REALM **returnrealm
 
 	/*
 	 *	Add the realm name to the request.
-	 *	If the realm is a regex, the use the realm as entered
-	 *	by the user.  Otherwise, use the configured realm name,
-	 *	as realm name comparison is case insensitive.  We want
-	 *	to use the configured name, rather than what the user
+	 *	If the realm is a regex or DEFAULT, then use the realm
+	 *	as entered by the user.  Otherwise, use the configured
+	 *	realm name, as realm name comparison is case insensitive.
+	 *	We want to use the configured name, rather than what the user
 	 *	entered.
 	 */
-	if (realm->name[0] != '~') realmname = realm->name;
+	if (realm->name[0] != '~') {
+		if (strcmp(realm->name, "DEFAULT") != 0) 
+			realmname = realm->name;
+	}
 	pairadd(&request->packet->vps, pairmake("Realm", realmname,
 						T_OP_EQ));
 	RDEBUG2("Adding Realm = \"%s\"", realmname);

More information about the Freeradius-Users mailing list