diff options
author | Augustin-FL <Augustin-FL@users.noreply.github.com> | 2018-10-09 15:48:36 +0200 |
---|---|---|
committer | jim-p <jimp@netgate.com> | 2018-10-22 13:35:12 -0400 |
commit | bb90e3c57bec5ad24df5f9fdd51d9eadbf3792df (patch) | |
tree | 5d3f49d866267432ef6b4677662984c06f9daec2 /src/etc | |
parent | b950e9910993756ebff27d3a6370206fd63a32f1 (diff) | |
download | pfsense-bb90e3c57bec5ad24df5f9fdd51d9eadbf3792df.zip pfsense-bb90e3c57bec5ad24df5f9fdd51d9eadbf3792df.tar.gz |
Implement login fallback for RADIUS MAC authentication
(cherry picked from commit 774ff51ba07f944a39fdc6859ec7d258b95315bf)
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/captiveportal.inc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index ea4d8cc..3eab9e8 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -1619,10 +1619,9 @@ function captiveportal_authenticate_user(&$login = '', &$password = '', $clientm $msg = null; /* Radius MAC authentication */ - if ($cpcfg['auth_method'] === 'radmac' && $clientmac) { + if ($context === 'radmac' && $clientmac) { if ($authcfg['type'] === 'radius') { $login = mac_format($clientmac); - $password = $cpcfg['radmac_secret']; $status = "MACHINE LOGIN"; } else { /* Trying to perform a Radius MAC authentication on a non-radius server - shouldn't happen! - bail out */ @@ -1650,6 +1649,9 @@ function captiveportal_authenticate_user(&$login = '', &$password = '', $clientm $msg = gettext("Access Denied"); } } + if ($context === 'radmac' && $result === null && empty($attributes['reply_message'])) { + $msg = gettext("RADIUS MAC Authentication Failed."); + } if (empty($status)) { if ($result === true) { @@ -1661,7 +1663,7 @@ function captiveportal_authenticate_user(&$login = '', &$password = '', $clientm } } - if ($cpcfg['auth_method'] === 'radmac' && $login == mac_format($clientmac) || $authcfg['type'] === 'none' && empty($login)) { + if ($context === 'radmac' && $login == mac_format($clientmac) || $authcfg['type'] === 'none' && empty($login)) { $login = "unauthenticated"; } // We determine a flag |