Merge pull request #406 from miken32/nas-identifier

Support for custom NAS-Identifier
author: Ermal Luçi <eri@pfsense.org> 2013-02-12 00:56:36 -0800
committer: Ermal Luçi <eri@pfsense.org> 2013-02-12 00:56:36 -0800
commit: ec0ed17a5dc119527085537f610b70e6364b3cbe (patch)
tree: eaf3309ec453ed251ac2aaa27c3c0fd72457908a
parent: 044c5682e837a0209269db63eaaa597fb6757fd6 (diff)
parent: f9dc100c3c52323c326ae09591857d78cc5bd5c0 (diff)
download: pfsense-ec0ed17a5dc119527085537f610b70e6364b3cbe.zip
pfsense-ec0ed17a5dc119527085537f610b70e6364b3cbe.tar.gz
3 files changed, 66 insertions, 77 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index d090f1b..0872b46 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -1516,20 +1516,6 @@ function getVolume($ip) {
 }
 
 /**
- * Get the NAS-Identifier
- *
- * We will use our local hostname to make up the nas_id
- */
-function getNasID()
-{
-	$nasId = "";
-	exec("/bin/hostname", $nasId);
-	if(!$nasId[0])
-		$nasId[0] = "{$g['product_name']}";
-	return $nasId[0];
-}
-
-/**
  * Get the NAS-IP-Address based on the current wan address
  *
  * Use functions in interfaces.inc to find this out
diff --git a/etc/inc/radius.inc b/etc/inc/radius.inc
index 6aa6cfe..3039043 100644
--- a/etc/inc/radius.inc
+++ b/etc/inc/radius.inc
@@ -296,17 +296,22 @@ class Auth_RADIUS extends PEAR {
      */
     function putStandardAttributes()
     {
-	global $g;
+        global $config, $cpzone;
 
-	if (!function_exists("getNasIp"))
-		$ipaddr = "0.0.0.0";
-	else
-		$ipaddr = getNasIP();
+        if (!function_exists("getNasIp")) {
+            $ipaddr = "0.0.0.0";
+        } else {
+            $ipaddr = getNasIP();
+        }
         // Add support for sending NAS-IP-Address, set this explicitly as an ip_addr
         $this->putAttribute(RADIUS_NAS_IP_ADDRESS, $ipaddr, "addr");
 
         // Add support for sending NAS-Identifier
-	$nasId = php_uname("n");
+        if (empty($config["captiveportal"][$cpzone]["radiusnasid"])) {
+            $nasId = php_uname("n");
+        } else {
+            $nasId = $config["captiveportal"][$cpzone]["radiusnasid"];
+        }
         $this->putAttribute(RADIUS_NAS_IDENTIFIER, $nasId);
     }
 
diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php
index 8423d45..35616a2 100755
--- a/usr/local/www/services_captiveportal.php
+++ b/usr/local/www/services_captiveportal.php
@@ -135,6 +135,7 @@ if ($a_cp[$cpzone]) {
 	$pconfig['passthrumacaddusername'] = isset($a_cp[$cpzone]['passthrumacaddusername']);
 	$pconfig['radmac_format'] = $a_cp[$cpzone]['radmac_format'];
 	$pconfig['reverseacct'] = isset($a_cp[$cpzone]['reverseacct']);
+	$pconfig['radiusnasid'] = $a_cp[$cpzone]['radiusnasid'];
 	$pconfig['page'] = array();
 	if ($a_cp[$cpzone]['page']['htmltext'])
 		$pconfig['page']['htmltext'] = $a_cp[$cpzone]['page']['htmltext'];
@@ -307,6 +308,7 @@ if ($_POST) {
 		$newcp['passthrumacaddusername'] = $_POST['passthrumacaddusername'] ? true : false;
 		$newcp['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
 		$newcp['reverseacct'] = $_POST['reverseacct'] ? true : false;
+		$newcp['radiusnasid'] = trim($_POST['radiusnasid']);
 		if (!is_array($newcp['page']))
 			$newcp['page'] = array();
 
@@ -399,6 +401,7 @@ function enable_change(enable_change) {
 	document.iform.reauthenticateacct[1].disabled = radacct_dis;
 	document.iform.reauthenticateacct[2].disabled = radacct_dis;
 	document.iform.reverseacct.disabled = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change;
+	document.iform.radiusnasid.disabled = radius_endis;
 }
 //-->
 </script>
@@ -709,10 +712,7 @@ function enable_change(enable_change) {
 			  <td colspan="2" class="list" height="12"></td>
 			</tr>
 			<tr>
-				<td colspan="2" valign="top" class="listtopic">&nbsp;</td>
-			</tr>
-			<tr>
-				<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Accounting"); ?></td>
+				<td colspan="2" valign="top" class="listtopic"><?=gettext("Accounting"); ?></td>
 			</tr>
 			<tr>
 				<td class="vncell">&nbsp;</td>
@@ -729,16 +729,6 @@ function enable_change(enable_change) {
 			  <td colspan="2" class="list" height="12"></td>
 			</tr>
 			<tr>
-				<td colspan="2" valign="top" class="optsect_t2"><?=gettext("Reauthentication"); ?></td>
-			</tr>
-			<tr>
-				<td class="vncell">&nbsp;</td>
-				<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
-			  <strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br>
-			  <?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " .
-			  "logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?></td>
-			</tr>
-			<tr>
 			  <td class="vncell" valign="top"><?=gettext("Accounting updates"); ?></td>
 			  <td class="vtable">
 			  <input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> <?=gettext("no accounting updates"); ?><br>
@@ -750,27 +740,27 @@ function enable_change(enable_change) {
 			  <td colspan="2" class="list" height="12"></td>
 			</tr>
 			<tr>
-				<td colspan="2" valign="top" class="optsect_t2"><?=gettext("RADIUS MAC authentication"); ?></td>
+				<td colspan="2" valign="top" class="listtopic"><?=gettext("RADIUS options"); ?></td>
 			</tr>
 			<tr>
-				<td class="vncell">&nbsp;</td>
-				<td class="vtable">
+				<td class="vncell"><?=gettext("Reauthentication"); ?></td>
+				<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
+				<strong><?=gettext("Reauthenticate connected users every minute"); ?></strong><br>
+				<?=gettext("If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is " .
+				"logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately."); ?></td>
+			</tr>
+			<tr>
+				<td class=""><?=gettext("RADIUS MAC authentication"); ?></td>
+				<td class="">
 				<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong><?=gettext("Enable RADIUS MAC authentication"); ?></strong><br>
 				<?=gettext("If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password " .
 				"entered below to the RADIUS server."); ?></td>
 			</tr>
 			<tr>
-				<td class="vncell"><?=gettext("Shared secret"); ?></td>
+				<td class="vncell"><?=gettext("MAC authentication secret"); ?></td>
 				<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
 			</tr>
 			<tr>
-			  <td colspan="2" class="list" height="12"></td>
-			</tr>
-			<tr>
-				<td colspan="2" valign="top" class="listtopic"><?=gettext("RADIUS options"); ?></td>
-			</tr>
-
-			<tr>
 				<td class="vncell" valign="top"><?=gettext("RADIUS NAS IP attribute"); ?></td>
 				<td class="vtable">
 				<select name="radiussrcip_attribute" id="radiussrcip_attribute">
@@ -834,43 +824,51 @@ function enable_change(enable_change) {
 				<td class="vtable"><input name="reverseacct" type="checkbox" id="reverseacct" value="yes" <?php if ($pconfig['reverseacct']) echo "checked"; ?>><strong><?=gettext("Invert Acct-Input-Octets and Acct-Output-Octets"); ?></strong><br>
 				<?=gettext("When this is enabled, data counts for RADIUS accounting packets will be taken from the client perspective, not the NAS. Acct-Input-Octets will represent download, and Acct-Output-Octets will represent upload."); ?></td>
 			</tr>
+
+			<tr>
+				<td class="vncell" valign="top"><?=gettext("NAS Identifier"); ?></td>
+				<td class="vtable"><input name="radiusnasid" type="text" class="formfld unknown" id="radiusnasid" value="<?=htmlspecialchars($pconfig['radiusnasid']);?>"/><br/>
+				<?=gettext("Specify a NAS identifier to override the default value") . " " . php_uname("n"); ?></td>
+			</tr>
+			<tr>
+				<td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td>
+				<td class="vtable">
+					<select name="radmac_format" id="radmac_format">
+						<option value="default"><?php echo gettext("default"); ?></option>
+						<?php
+						$macformats = array("singledash","ietf","cisco","unformatted");
+						foreach ($macformats as $macformat) {
+							if ($pconfig['radmac_format'] == $macformat) {
+								echo "<option selected value=\"$macformat\">",gettext($macformat),"</option>\n";
+							} else {
+								echo "<option value=\"$macformat\">",gettext($macformat),"</option>\n";
+							}
+						}
+						?>
+					</select></br>
+					<?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?>
+					<?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br>
+					<?=gettext("default:"); ?> 00:11:22:33:44:55<br>
+					<?=gettext("singledash:"); ?> 001122-334455<br>
+					<?=gettext("ietf:"); ?> 00-11-22-33-44-55<br>
+					<?=gettext("cisco:"); ?> 0011.2233.4455<br>
+					<?=gettext("unformatted:"); ?> 001122334455
+				</td>
+			</tr>
 		</table>
 	</tr>
-    <tr>
-        <td class="vncell" valign="top"><?=gettext("MAC address format"); ?></td>
-        <td class="vtable">
-        <select name="radmac_format" id="radmac_format">
-        <option value="default"><?php echo gettext("default"); ?></option>
-        <?php
-        $macformats = array("singledash","ietf","cisco","unformatted");
-        foreach ($macformats as $macformat) {
-            if ($pconfig['radmac_format'] == $macformat)
-                echo "<option selected value=\"$macformat\">",gettext($macformat),"</option>\n";
-            else
-                echo "<option value=\"$macformat\">",gettext($macformat),"</option>\n";
-        }
-        ?>
-        </select></br>
-        <?=gettext("This option changes the MAC address format used in the whole RADIUS system. Change this if you also"); ?>
-        <?=gettext("need to change the username format for RADIUS MAC authentication."); ?><br>
-        <?=gettext("default:"); ?> 00:11:22:33:44:55<br>
-        <?=gettext("singledash:"); ?> 001122-334455<br>
-        <?=gettext("ietf:"); ?> 00-11-22-33-44-55<br>
-        <?=gettext("cisco:"); ?> 0011.2233.4455<br>
-        <?=gettext("unformatted:"); ?> 001122334455
-    </tr>
 	<tr>
-      <td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td>
-      <td class="vtable">
-        <input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
-        <strong><?=gettext("Enable HTTPS login"); ?></strong><br>
-    <?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name and certificate must also be specified below."); ?></td>
+		<td valign="top" class="vncell"><?=gettext("HTTPS login"); ?></td>
+		<td class="vtable">
+			<input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
+			<strong><?=gettext("Enable HTTPS login"); ?></strong><br>
+			<?=gettext("If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name and certificate must also be specified below."); ?></td>
 	</tr>
 	<tr>
-      <td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td>
-      <td class="vtable">
-        <input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
-	<?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> </td>
+		<td valign="top" class="vncell"><?=gettext("HTTPS server name"); ?> </td>
+		<td class="vtable">
+			<input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
+			<?php printf(gettext("This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on %s."), $g['product_name']);?> </td>
 	</tr>
 	<tr id="ssl_opts">
 		<td width="22%" valign="top" class="vncell"><?=gettext("SSL Certificate"); ?></td>
author	Ermal Luçi <eri@pfsense.org>	2013-02-12 00:56:36 -0800
committer	Ermal Luçi <eri@pfsense.org>	2013-02-12 00:56:36 -0800
commit	ec0ed17a5dc119527085537f610b70e6364b3cbe (patch)
tree	eaf3309ec453ed251ac2aaa27c3c0fd72457908a
parent	044c5682e837a0209269db63eaaa597fb6757fd6 (diff)
parent	f9dc100c3c52323c326ae09591857d78cc5bd5c0 (diff)
download	pfsense-ec0ed17a5dc119527085537f610b70e6364b3cbe.zip pfsense-ec0ed17a5dc119527085537f610b70e6364b3cbe.tar.gz