authorize {
  preprocess
  sql
  pap
}

authenticate {
  Auth-Type PAP {
    pap

#   Check MAC
    if ("%{sql:SELECT free_mac FROM ip WHERE username='%{User-Name}'}" == "y") {
      ok
    }
    elsif ("%{control:Calling-Station-Id}" == "") {

      %{sql:UPDATE radcheck SET value='%{Calling-Station-Id}' WHERE username='%{User-Name}' AND attribute='Calling-Station-Id'}
      %{sql:UPDATE ip SET mac='%{Calling-Station-Id}' WHERE username='%{User-Name}'}
      ok
    }
    elsif ("%{request:Calling-Station-Id}" == "%{control:Calling-Station-Id}") {
      ok
    }
    else {
      reject
    }
  }
}

preacct {
  preprocess
  acct_unique
}

accounting {
  sql
}

session {
}

post-auth {
  sqlippool
  Post-Auth-Type REJECT {
    attr_filter.access_reject
  }
}
