# # Check NAI compliance - RFC 4282 # check_nai_compliance { # # Reject if username doesn't have an @ e.g. user # if( User-Name !~ /@/ ) { update reply { Reply-Message = "missing @ , so no realm" } reject } # # reject whitespace e.g. user@ site.com # if (User-Name =~ / /) { update reply { Reply-Message = "misconfigured client. Username/realm contains whitespace" } reject } # # reject Multiple @'s e.g. user@site.com@site.com # if(User-Name =~ /@(.+)?@/i ) { update reply { Reply-Message = "rejected multiple @ in username" } reject } # # reject double dots e.g. user@site..com # if (User-Name =~ /\\.\\./ ) { update reply { Reply-Message = "misconfigured client. Username/realm comtains double dots" } reject } # # must have at least 1 string-dot-string after @ e.g. user@site.com # if (User-Name !~ /@(.+)\\.(.+)$/) { update reply { Reply-Message = "misconfigured client, Realm doesn't have at least one dot seperator" } reject } # # Realm ends with a dot e.g. user@site.com. # if (User-Name =~ /\\.$/) { update reply { Reply-Message = "misconfigured client. Realm ends with a dot" } reject } # # Realm begins with a dot e.g. user@.site.com # if (User-Name !~ /@\\./) { update reply { Reply-Message = "misconfigured client. Realm begins with a dot" } reject } # end of check_nai_compliance }