Merge pull request #6293 from inverse-inc/feature/move_preProcess_filter

Feature/move pre process filter
inverse-inc · Apr 29, 2021 · 1cbb40f · 1cbb40f
2 parents 07c6aa7 + baf0a2d
commit 1cbb40f
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/lib/pf/radius.pm b/lib/pf/radius.pm
@@ -202,11 +202,7 @@ sub authorize {
     my $options = {};
 
     # Handling machine auth detection
-    if ( defined($user_name) && $user_name =~ /^host\// ) {
-        $logger->info("is doing machine auth with account '$user_name'.");
-        $node_obj->machine_account($user_name);
-        $options->{'machine_account'} = $user_name;
-    }
+    $self->_machine_auth_detection($user_name,\$node_obj,\$options);
 
     if (defined($session_id)) {
         $node_obj->sessionid($session_id);
@@ -233,14 +229,20 @@ sub authorize {
     if ($rule) {
         my ($reply, $status) = $filter->handleAnswerInRule({%$rule, merge_answer => 'enabled' }, $args, $radius_request);
         %$radius_request = %$reply;
+        $args->{'user_name'} = $switch->parseRequestUsername($radius_request);
+        if ($user_name ne $args->{'user_name'}) {
+            $logger->info("Username has been changed from '$user_name' to ".$args->{'user_name'});
+	}
+        $args->{'username'} = $args->{'user_name'};
+        $self->_machine_auth_detection($args->{'user_name'},\$node_obj,\$options);
     }
     my $result = $role_obj->filterVlan('IsPhone',$args);
     # determine if we need to perform automatic registration
     # either the switch detects that this is a phone or we take the result from the vlan filters
     if (defined($result)) {
         $args->{'isPhone'} = $result;
     } elsif ($port) {
-       $args->{'isPhone'} =$switch->isPhoneAtIfIndex($mac, $port);
+        $args->{'isPhone'} =$switch->isPhoneAtIfIndex($mac, $port);
     } else {
         $args->{'isPhone'} = $FALSE;
     }
@@ -1176,6 +1178,16 @@ sub handleUnboundDPSK {
     }
 }
 
+sub _machine_auth_detection {
+    my ($self, $user_name, $node_obj, $options) = @_;
+    my $logger = get_logger;
+    if ( defined($user_name) && $user_name =~ /^host\// ) {
+        $logger->info("is doing machine auth with account '$user_name'.");
+        $$node_obj->machine_account($user_name);
+        $$options->{'machine_account'} = $user_name;
+    }
+}
+
 =back
 
 =head1 AUTHOR