diff options
author | jim-p <jimp@pfsense.org> | 2017-05-08 11:19:46 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-05-08 11:19:46 -0400 |
commit | d4e42c54a2b7d9c955b11ad3034a186a73159f1a (patch) | |
tree | c95a029b3e0edb99cb835a4608e7f0f73d92fd0e /src | |
parent | 1ba646755d1d62ad7ca1aa75b9c7e5adee7d1260 (diff) | |
download | pfsense-d4e42c54a2b7d9c955b11ad3034a186a73159f1a.zip pfsense-d4e42c54a2b7d9c955b11ad3034a186a73159f1a.tar.gz |
Only cache CP RADIUS Auth credentials when reauthentication is enabled. Fixes #7528
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/captiveportal.inc | 2 | ||||
-rw-r--r-- | src/usr/local/www/services_captiveportal.php | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index e3c7b7b..22138fe 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -2301,7 +2301,7 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri $safe_username = SQLite3::escapeString($username); /* encode password in Base64 just in case it contains commas */ - $bpassword = base64_encode($password); + $bpassword = (isset($config['captiveportal'][$cpzone]['reauthenticate'])) ? base64_encode($password) : ''; $insertquery = "INSERT INTO captiveportal (allow_time, pipeno, ip, mac, username, sessionid, bpassword, session_timeout, idle_timeout, session_terminate_time, interim_interval, radiusctx) "; $insertquery .= "VALUES ({$allow_time}, {$pipeno}, '{$clientip}', '{$clientmac}', '{$safe_username}', '{$sessionid}', '{$bpassword}', "; $insertquery .= "{$session_timeout}, {$idle_timeout}, {$session_terminate_time}, {$interim_interval}, '{$radiusctx}')"; diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index 3141c88..d486b70 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -928,7 +928,9 @@ $section->addInput(new Form_Checkbox( 'Reauthenticate connected users every minute', $pconfig['reauthenticate'] ))->setHelp('If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is logged in every minute. ' . - 'If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.'); + 'If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately. ' . + 'Reauthentication requires user credentials to be cached in the captive portal database while a user is logged in; ' . + 'The cached credentials are necessary for the portal to perform automatic reauthentication requests.'); $section->addInput(new Form_Checkbox( 'radmac_enable', |