Update mac canonicalization policy

raddb/policy.d/canonicalization

@@ -10,7 +10,7 @@
 #  compliant regexp without perl style regular expressions (or
 #  at least not a legible one).
 #
-nai_regexp = "^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$"
+nai_regexp = '^([^@]*)(@([-[:alnum:]]+\\.[-[:alnum:].]+))?$'
 
 split_username_nai {
 	if (&User-Name && (&User-Name =~ /${policy.nai_regexp}/)){
@@ -48,16 +48,19 @@ split_username_nai.post-proxy {
 #
 #  Normalize the MAC Addresses in the Calling/Called-Station-Id
 #
-mac-addr-regexp = ([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})
+mac-addr-regexp = '([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})"
 
 #
 #  Add "rewrite_called_station_id" in the "authorize" and
 #  "preacct" sections.
 #
+#  Makes Called-Station-ID conform to what RFC3580 says should
+#  be provided by 802.1X authenticators.
+#
 rewrite_called_station_id {
-	if (&Called-Station-Id && (&Called-Station-Id =~ /^${policy.mac-addr-regexp}(:(.+))?$/i)) {
+	if (&Called-Station-Id && (&Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
 		update request {
-			&Called-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
+			&Called-Station-Id := "%{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
 		}
 
 		# SSID component?
@@ -77,10 +80,13 @@ rewrite_called_station_id {
 #  Add "rewrite_calling_station_id" in the "authorize" and
 #  "preacct" sections.
 #
+#  Makes Calling-Station-ID conform to what RFC3580 says should
+#  be provided by 802.1X authenticators.
+#
 rewrite_calling_station_id {
 	if (&Calling-Station-Id && (&Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
 		update request {
-			&Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
+			&Calling-Station-Id := "%{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
 		}
 		updated
 	}