Revision bb90e3c5
Added by A FL almost 7 years ago
| src/etc/inc/captiveportal.inc | ||
|---|---|---|
| 1619 | 1619 |
$msg = null; |
| 1620 | 1620 |
|
| 1621 | 1621 |
/* Radius MAC authentication */ |
| 1622 |
if ($cpcfg['auth_method'] === 'radmac' && $clientmac) {
|
|
| 1622 |
if ($context === 'radmac' && $clientmac) {
|
|
| 1623 | 1623 |
if ($authcfg['type'] === 'radius') {
|
| 1624 | 1624 |
$login = mac_format($clientmac); |
| 1625 |
$password = $cpcfg['radmac_secret']; |
|
| 1626 | 1625 |
$status = "MACHINE LOGIN"; |
| 1627 | 1626 |
} else {
|
| 1628 | 1627 |
/* Trying to perform a Radius MAC authentication on a non-radius server - shouldn't happen! - bail out */ |
| ... | ... | |
| 1650 | 1649 |
$msg = gettext("Access Denied");
|
| 1651 | 1650 |
} |
| 1652 | 1651 |
} |
| 1652 |
if ($context === 'radmac' && $result === null && empty($attributes['reply_message'])) {
|
|
| 1653 |
$msg = gettext("RADIUS MAC Authentication Failed.");
|
|
| 1654 |
} |
|
| 1653 | 1655 |
|
| 1654 | 1656 |
if (empty($status)) {
|
| 1655 | 1657 |
if ($result === true) {
|
| ... | ... | |
| 1661 | 1663 |
} |
| 1662 | 1664 |
} |
| 1663 | 1665 |
|
| 1664 |
if ($cpcfg['auth_method'] === 'radmac' && $login == mac_format($clientmac) || $authcfg['type'] === 'none' && empty($login)) {
|
|
| 1666 |
if ($context === 'radmac' && $login == mac_format($clientmac) || $authcfg['type'] === 'none' && empty($login)) {
|
|
| 1665 | 1667 |
$login = "unauthenticated"; |
| 1666 | 1668 |
} |
| 1667 | 1669 |
// We determine a flag |
| src/usr/local/captiveportal/index.php | ||
|---|---|---|
| 184 | 184 |
|
| 185 | 185 |
} elseif ($_POST['accept'] || $cpcfg['auth_method'] === 'radmac') {
|
| 186 | 186 |
|
| 187 |
if (!empty($_POST['auth_user2'])) {
|
|
| 187 |
if ($cpcfg['auth_method'] === 'radmac' && !isset($_POST['accept'])) {
|
|
| 188 |
$user = $clientmac; |
|
| 189 |
$passwd = $cpcfg['radmac_secret']; |
|
| 190 |
$context = 'radmac'; // Radius MAC authentication |
|
| 191 |
} elseif (!empty($_POST['auth_user2'])) {
|
|
| 188 | 192 |
$user = $_POST['auth_user2']; |
| 189 | 193 |
$passwd = $_POST['auth_pass2']; |
| 190 | 194 |
$context = 'second'; // Assume users to use the first context if auth_user2 is empty/does not exist |
| ... | ... | |
| 232 | 236 |
|
| 233 | 237 |
captiveportal_logportalauth($user, $clientmac, $clientip, $auth_result['login_status'], $replymsg); |
| 234 | 238 |
|
| 235 |
/*Radius MAC authentication. */ |
|
| 236 |
if ($cpcfg['auth_method'] === 'radmac' && $type !== 'redir') {
|
|
| 237 |
echo gettext("RADIUS MAC Authentication Failed.");
|
|
| 238 |
ob_flush(); |
|
| 239 |
exit(); |
|
| 239 |
/* Radius MAC authentication. */ |
|
| 240 |
if ($context === 'radmac' && $type !== 'redir' && !isset($cpcfg['radmac_fallback'])) {
|
|
| 241 |
echo $replymsg; |
|
| 240 | 242 |
} else {
|
| 241 | 243 |
portal_reply_page($redirurl, $type, $replymsg); |
| 242 | 244 |
} |
| src/usr/local/www/services_captiveportal.php | ||
|---|---|---|
| 158 | 158 |
$pconfig['radacct_server'] = $a_cp[$cpzone]['radacct_server']; |
| 159 | 159 |
$pconfig['radacct_enable'] = isset($a_cp[$cpzone]['radacct_enable']); |
| 160 | 160 |
$pconfig['radmac_secret'] = $a_cp[$cpzone]['radmac_secret']; |
| 161 |
$pconfig['radmac_fallback'] = isset($a_cp[$cpzone]['radmac_fallback']); |
|
| 161 | 162 |
$pconfig['reauthenticate'] = isset($a_cp[$cpzone]['reauthenticate']); |
| 162 | 163 |
$pconfig['reauthenticateacct'] = $a_cp[$cpzone]['reauthenticateacct']; |
| 163 | 164 |
$pconfig['httpslogin_enable'] = isset($a_cp[$cpzone]['httpslogin']); |
| ... | ... | |
| 361 | 362 |
$newcp['radacct_enable'] = $_POST['radacct_enable'] ? true : false; |
| 362 | 363 |
$newcp['reauthenticate'] = $_POST['reauthenticate'] ? true : false; |
| 363 | 364 |
$newcp['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false; |
| 365 |
$newcp['radmac_fallback'] = $_POST['radmac_fallback'] ? true : false; |
|
| 364 | 366 |
$newcp['reauthenticateacct'] = $_POST['reauthenticateacct']; |
| 365 | 367 |
if ($_POST['httpslogin_enable']) {
|
| 366 | 368 |
$newcp['httpslogin'] = true; |
| ... | ... | |
| 955 | 957 |
$pconfig['radmac_secret'] |
| 956 | 958 |
))->setHelp('RADIUS MAC will automatically try to authenticate devices with their MAC address as username, and the password entered below as password. Devices will still need to make one HTTP request to get connected, throught.');
|
| 957 | 959 |
|
| 960 |
$section->addInput(new Form_Checkbox( |
|
| 961 |
'radmac_fallback', |
|
| 962 |
'Login page Fallback', |
|
| 963 |
'Display the login page as fallback if RADIUS MAC authentication failed.', |
|
| 964 |
$pconfig['radmac_fallback'] |
|
| 965 |
))->setHelp('When enabled, users will be redirected to the captive portal login page when RADIUS MAC authentication failed.');
|
|
| 966 |
|
|
| 958 | 967 |
$section->addInput(new Form_Checkbox( |
| 959 | 968 |
'radiussession_timeout', |
| 960 | 969 |
'Session timeout', |
| ... | ... | |
| 1230 | 1239 |
hideCheckbox('reauthenticate', false);
|
| 1231 | 1240 |
hideClass('auth_server', false);
|
| 1232 | 1241 |
hideInput('radmac_secret', true);
|
| 1242 |
hideCheckbox('radmac_fallback', true);
|
|
| 1233 | 1243 |
$('.auth_server .vouchers_helptext').removeClass('hidden');
|
| 1234 | 1244 |
} |
| 1235 | 1245 |
else if(auth_method.indexOf("radmac") === 0) {
|
| ... | ... | |
| 1244 | 1254 |
hideCheckbox('reauthenticate', false);
|
| 1245 | 1255 |
hideClass('auth_server', false);
|
| 1246 | 1256 |
hideInput('radmac_secret', false);
|
| 1257 |
hideCheckbox('radmac_fallback', false);
|
|
| 1247 | 1258 |
$('.auth_server .vouchers_helptext').addClass('hidden');
|
| 1248 | 1259 |
} else {
|
| 1249 | 1260 |
// if "none" is selected : we hide most of authentication settings |
| ... | ... | |
| 1251 | 1262 |
hideCheckbox('reauthenticate', true);
|
| 1252 | 1263 |
hideClass('auth_server', true);
|
| 1253 | 1264 |
hideInput('radmac_secret', true);
|
| 1265 |
hideCheckbox('radmac_fallback', true);
|
|
| 1254 | 1266 |
} |
| 1255 | 1267 |
|
| 1256 | 1268 |
|
Also available in: Unified diff
Implement login fallback for RADIUS MAC authentication
(cherry picked from commit 774ff51ba07f944a39fdc6859ec7d258b95315bf)