Fixup all lingering instances of old style expansion

FreeRADIUS · Mar 27, 2014 · 431e82e · 431e82e
1 parent 78936ea
commit 431e82e
Show file tree

Hide file tree

Showing 10 changed files with 40 additions and 40 deletions.
diff --git a/doc/modules/ldap_howto.rst b/doc/modules/ldap_howto.rst
@@ -981,7 +981,7 @@ An example is listed below::
     #this is the basedn to do searches on a user
     basedn = ou=users,ou=radius,dc=mydomain,dc=com
     #notice the username is the stripped user-name or user-name
-    filter = (uid=%{Stripped-User-Name:-{User-Name}})
+    filter = (uid=%{%{Stripped-User-Name}:-%{User-Name}})
     start_tls = no
     tls_mode = no
     #this maps ldap attributetypes to radius attributes
@@ -1000,7 +1000,7 @@ An example is listed below::
     #with --with-edir option.
     #edir_account_policy_check=no
     groupname_attribute = radiusGroupName
-    groupmembership_filter = (&(uid=%{Stripped-User-Name:-%{User-Name}})
+    groupmembership_filter = (&(uid=%{%{Stripped-User-Name}:-%{User-Name}})
     (objectclass=radiusprofile))
     groupmembership_attribute = radiusGroupName
     timeout = 3
@@ -1517,7 +1517,7 @@ edit radiusd.conf::
             identity = "uid=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com"
             password = example
             basedn = "ou=users,ou=radius,dc=mydomain,dc=com"
-            filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})
+            filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})
     (objectclass=radiusprofile)"
             start_tls = no
             tls_mode = no
@@ -1530,7 +1530,7 @@ edit radiusd.conf::
             #password_header = "{clear}"
             password_attribute = userPassword
             groupname_attribute = radiusGroupName
-            groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}}))
+            groupmembership_filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))
     (objectclass=radiusProfile)"
             groupmembership_attribute = radiusGroupName
             timeout = 3

diff --git a/man/man5/rlm_files.5 b/man/man5/rlm_files.5
@@ -35,7 +35,7 @@ The default is 'no'.  If you need to parse an old style Cistron
 file, set this option to 'cistron'.
 .IP key
 This option lets you set the attribute to use as a key to find
-entries.  The default is "%{Stripped-User-Name:-%{User-Name}}".  Note
+entries.  The default is "%{%{Stripped-User-Name}:-%{User-Name}}".  Note
 that the key MUST supply real data.  Dynamic attributes like "Group"
 will not work, because the "Group" attribute can only be used as a
 comparison, to see if a user is in a Unix group.  It will not return
@@ -67,7 +67,7 @@ modules {
 .br
     compat = no
 .br
-    key = %{Stripped-User-Name:-%{User-Name}}
+    key = %{%{Stripped-User-Name}:-%{User-Name}}
 .br
   }
 .br

diff --git a/raddb/mods-available/files b/raddb/mods-available/files
@@ -12,7 +12,7 @@ files {
 	# The default key attribute to use for matches.  The content
 	# of this attribute is used to match the "name" of the
 	# entry.
-	#key = "%{Stripped-User-Name:-%{User-Name}}"
+	#key = "%{%{Stripped-User-Name}:-%{User-Name}}"
 
 	# Sets a common file for all sections which do not have
 	# specific files configured. It's recommended that

diff --git a/raddb/mods-available/radutmp b/raddb/mods-available/radutmp
@@ -24,7 +24,7 @@ radutmp {
 	#  characters, so that will limit the possible choices
 	#  of keys.
 	#
-	#  You may want instead: %{Stripped-User-Name:-%{User-Name}}
+	#  You may want instead: %{%{Stripped-User-Name}:-%{User-Name}}
 	username = %{User-Name}
 
 

diff --git a/raddb/mods-config/files/accounting b/raddb/mods-config/files/accounting
@@ -20,4 +20,4 @@
 #  Replace the User-Name with the Stripped-User-Name, if it exists.
 #
 #DEFAULT
-#	User-Name := "%{Stripped-User-Name:-%{User-Name}}"
+#	User-Name := "%{%{Stripped-User-Name}:-%{User-Name}}"
diff --git a/raddb/mods-config/files/pre-proxy b/raddb/mods-config/files/pre-proxy
@@ -28,4 +28,4 @@
 #  User-Name from the original request.
 #
 #DEFAULT
-#	User-Name := `%{Stripped-User-Name:-%{User-Name}}`
+#	User-Name := `%{%{Stripped-User-Name}:-%{User-Name}}`
diff --git a/raddb/mods-config/sql/main/mssql/queries.conf b/raddb/mods-config/sql/main/mssql/queries.conf
@@ -22,7 +22,7 @@
 #    Use Stripped-User-Name, if it's there.
 #    Else use User-Name, if it's there,
 #    Else use hard-coded string "none" as the user name.
-#sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name:-none}}"
+#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}"
 #
 sql_user_name = "%{User-Name}"
 
@@ -111,7 +111,7 @@ accounting {
 					AcctSessionTime=unix_timestamp('%S') - \
 						unix_timestamp(AcctStartTime), \
 					AcctTerminateCause='%{Acct-Terminate-Cause}', \
-					AcctStopDelay = %{Acct-Delay-Time:-0} \
+					AcctStopDelay = %{%{Acct-Delay-Time}:-0} \
 				WHERE AcctStopTime = 0 \
 				AND NASIPAddress = '%{NAS-IP-Address}' \
 				AND AcctStartTime <= '%S'"
@@ -161,7 +161,7 @@ accounting {
 				UPDATE ${....acct_table1} \
 				SET \
 					AcctStartTime = '%S', \
-					AcctStartDelay = '%{Acct-Delay-Time:-0}', \
+					AcctStartDelay = '%{%{Acct-Delay-Time}:-0}', \
 					ConnectInfo_start = '%{Connect-Info}' \
 				WHERE AcctSessionId = '%{Acct-Session-Id}' \
 				AND UserName = '%{SQL-User-Name}' \
@@ -219,7 +219,7 @@ accounting {
 					AcctInputOctets = '%{Acct-Input-Octets}', \
 					AcctOutputOctets = '%{Acct-Output-Octets}', \
 					AcctTerminateCause = '%{Acct-Terminate-Cause}', \
-					AcctStopDelay = '%{Acct-Delay-Time:-0}', \
+					AcctStopDelay = '%{%{Acct-Delay-Time}:-0}', \
 					ConnectInfo_stop = '%{Connect-Info}' \
 				WHERE AcctSessionId = '%{Acct-Session-Id}' \
 				AND UserName = '%{SQL-User-Name}' \
@@ -258,7 +258,7 @@ accounting {
 					'%{Framed-Protocol}', \
 					'%{Framed-IP-Address}', \
 					'0', \
-					'%{Acct-Delay-Time:-0}')"
+					'%{%{Acct-Delay-Time}:-0}')"
 		}
 	}
 }

diff --git a/raddb/mods-config/sql/main/oracle/queries.conf b/raddb/mods-config/sql/main/oracle/queries.conf
@@ -17,7 +17,7 @@
 #    Use Stripped-User-Name, if it's there.
 #    Else use User-Name, if it's there,
 #    Else use hard-coded string "DEFAULT" as the user name.
-#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
+#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
 #
 sql_user_name = "%{User-Name}"
 

diff --git a/raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf b/raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf
@@ -20,7 +20,7 @@
 	#    Else use User-Name, if it's there,
 	#    Else use hard-coded string "none" as the user name.
 	#
-	#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-none}}"
+	#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}"
 	#
 	sql_user_name = "%{User-Name}"
 
@@ -40,7 +40,7 @@
 					VALUES(\
 						'${radius_server_name}', '%{SQL-User-Name}', \
 						'%{NAS-IP-Address}', now(), '%{Called-Station-Id}', \
-						'%{Calling-Station-Id}', '%{Acct-Delay-Time:-0}', '%{h323-gw-id}', \
+						'%{Calling-Station-Id}', '%{%{Acct-Delay-Time}:-0}', '%{h323-gw-id}', \
 						'%{h323-call-origin}', strip_dot('%{h323-setup-time}'), \
 						strip_dot('%{h323-connect-time}'), pick_id('%{h323-conf-id}', \
 						'%{call-id}'))"
@@ -55,10 +55,10 @@
 					 	 h323disconnectcause, h323disconnecttime, h323gwid, h323setuptime) \
 					VALUES(\
 						'${radius_server_name}', '%{SQL-User-Name}', '%{NAS-IP-Address}', \
-					 	NOW(),  '%{Acct-Session-Time:-0}', \
-						'%{Acct-Input-Octets:-0}', '%{Acct-Output-Octets:-0}', \
+					 	NOW(),  '%{%{Acct-Session-Time}:-0}', \
+						'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Octets}:-0}', \
 						'%{Called-Station-Id}', '%{Calling-Station-Id}', \
-						'%{Acct-Delay-Time:-0}', NULLIF('%{h323-remote-address}', '')::inet, \
+						'%{%{Acct-Delay-Time}:-0}', NULLIF('%{h323-remote-address}', '')::inet, \
 						NULLIF('%{h323-voice-quality}','')::integer, \
 						NULLIF('%{Cisco-NAS-Port}', ''), \
 						'%{h323-call-origin}', pick_id('%{h323-conf-id}', '%{call-id}'), \

diff --git a/src/tests/eapsim-03/radiusd-example.txt b/src/tests/eapsim-03/radiusd-example.txt
@@ -246,9 +246,9 @@ log_auth_goodpass = no
 #
 usercollide = no
 
-# lower_user / lower_pass:  
+# lower_user / lower_pass:
 # Lower case the username/password "before" or "after"
-# attempting to authenticate.  
+# attempting to authenticate.
 #
 #  If "before", the server will first modify the request and then try
 #  to auth the user.  If "after", the server will first auth using the
@@ -324,7 +324,7 @@ security {
 	#  Normally this should be set to "no", because they're useless.
 	#  See: http://www.freeradius.org/rfc/rfc2865.html#Keep-Alives
 	#
-	#  However, certain NAS boxes may require them.	
+	#  However, certain NAS boxes may require them.
 	#
 	#  When sent a Status-Server message, the server responds with
 	#  and Access-Accept packet, containing a Reply-Message attribute,
@@ -356,7 +356,7 @@ $INCLUDE  ${confdir}/proxy.conf
 
 # CLIENTS CONFIGURATION
 #
-#  Client configuration is defined in "clients.conf".  
+#  Client configuration is defined in "clients.conf".
 #
 
 #  The 'clients.conf' file contains all of the information from the old
@@ -576,7 +576,7 @@ modules {
 
 	#  Extensible Authentication Protocol
 	#
-	#  For all EAP related authentications 
+	#  For all EAP related authentications
 	eap {
 		#  Invoke the default supported EAP type when
 		#  EAP-Identity response is received.
@@ -612,7 +612,7 @@ modules {
 		leap {
 		}
 
-		## EAP-TLS is highly experimental EAP-Type at the moment.  
+		## EAP-TLS is highly experimental EAP-Type at the moment.
 		#	Please give feedback on the mailing list.
 		#tls {
 		#	private_key_password = password
@@ -665,7 +665,7 @@ modules {
 		# to overwrite (or add) Auth-Type during
 		# authorization. Normally should be MS-CHAP
 		authtype = MS-CHAP
-		
+
 		# if use_mppe is not set to no mschap will
 		# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
 		# MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
@@ -685,14 +685,14 @@ modules {
 	#  This module definition allows you to use LDAP for
 	#  authorization and authentication (Auth-Type := LDAP)
 	#
-	#  See doc/rlm_ldap for description of configuration options 
-	#  and sample authorize{} and authenticate{} blocks 
+	#  See doc/rlm_ldap for description of configuration options
+	#  and sample authorize{} and authenticate{} blocks
 	ldap {
 		server = "ldap.your.domain"
 		# identity = "cn=admin,o=My Org,c=UA"
 		# password = mypass
 		basedn = "o=My Org,c=UA"
-		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
+		filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
 
 		# set this to 'yes' to use TLS encrypted connections
 		# to the LDAP database by using the StartTLS extended
@@ -748,7 +748,7 @@ modules {
 	#   ignore_nislike - ignore NIS-related records
 	#   delimiter - symbol to use as a field separator in passwd file,
 	#            for format ':' symbol is always used. '\0', '\n' are
-        #	     not allowed 
+        #	     not allowed
 	#
 
 	#  An example configuration for using /etc/smbpasswd.
@@ -806,7 +806,7 @@ modules {
 		format = suffix
 		delimiter = "%"
 	}
-	
+
 	# Preprocess the incoming RADIUS request, before handing it off
 	# to other modules.
 	#
@@ -957,7 +957,7 @@ modules {
 		#  If we want to believe the 'utmp' file, then this
 		#  configuration entry can be set to 'no'.
 		#
-		check_with_nas = yes		
+		check_with_nas = yes
 
 		# Set the file permissions, as the contents of this file
 		# are usually private.
@@ -1117,8 +1117,8 @@ modules {
 	#  If you wish to execute an external program in more than
 	#  one section (e.g. 'authorize', 'pre_proxy', etc), then it
 	#  is probably best to define a different instance of the
-	#  'exec' module for every section.	
-	#	
+	#  'exec' module for every section.
+	#
 	exec echo {
 		#
 		#  Wait for the program to finish.
@@ -1273,7 +1273,7 @@ instantiate {
 #  The order of the realm modules will determine the order that
 #  we try to find a matching realm.
 #
-#  Make *sure* that 'preprocess' comes before any realm if you 
+#  Make *sure* that 'preprocess' comes before any realm if you
 #  need to setup hints for the remote radius server
 authorize {
 	#
@@ -1286,7 +1286,7 @@ authorize {
 	#
 	#  It also adds a Client-IP-Address attribute to the request.
 	preprocess
-	
+
 	#
 	#  The chap module will set 'Auth-Type := CHAP' if we are
 	#  handling a CHAP request and Auth-Type has not already been set
@@ -1390,7 +1390,7 @@ authenticate {
 	#  module checks the users password.  Note that packets
 	#  containing CHAP-Password attributes CANNOT be authenticated
 	#  against /etc/passwd!  See the FAQ for details.
-	#  
+	#
 	unix
 
 	# Uncomment it if you want to use ldap for authentication
@@ -1457,7 +1457,7 @@ accounting {
 }
 
 
-#  Session database, used for checking Simultaneous-Use. Either the radutmp 
+#  Session database, used for checking Simultaneous-Use. Either the radutmp
 #  or rlm_sql module can handle this.
 #  The rlm_sql module is *much* faster
 session {