Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/move pre process filter #6293

Merged
merged 6 commits into from Apr 29, 2021
Merged

Feature/move pre process filter #6293

merged 6 commits into from Apr 29, 2021

Conversation

fdurand
Copy link
Member

@fdurand fdurand commented Apr 15, 2021

Description

Added the ability to rewrite the username of the radius request based on the radius prePRocess filter.

Impacts

  • RADIUS authorize workflow

Delete branch after merge

YES

Checklist

  • Document the feature
  • Add unit tests
  • Add acceptance tests (TestLink)

NEWS file entries

Enhancements

  • Rewrite the username of the request from radius preProcess filter

@fdurand fdurand added this to the PacketFence-11.0 milestone Apr 15, 2021
@fdurand fdurand requested a review from nqb April 15, 2021 17:14
nqb
nqb suggested changes Apr 16, 2021
View reviewed changes
Copy link
Contributor

@nqb nqb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand the logic.

However, in current state, if you build a RADIUS attribute on the fly to use it as a username, you will have following behavior:

  • logic related to machine_account still use username detected before
  • logger will display wrong information (handling autz ..)

@nqb nqb self-assigned this Apr 21, 2021
nqb
nqb suggested changes Apr 26, 2021
View reviewed changes
lib/pf/radius.pm Show resolved Hide resolved
lib/pf/radius.pm Outdated Show resolved Hide resolved
lib/pf/Switch.pm Outdated Show resolved Hide resolved
@nqb
Copy link
Contributor

nqb commented Apr 26, 2021
edited

These changes allow us to rewrite username on the fly based on a RADIUS filter in preProcess scope.

However, it seems that it's not possible to modify RADIUS attributes in a RADIUS request and have them be taken into account by PacketFence later. I don't see a simple way to create a connection profile using an Advanced Filter to filter on RADIUS attributes.

@nqb
Copy link
Contributor

nqb commented Apr 26, 2021

@jrouzierinverse, is it possible to use an advanced filter like radius_request.Calling-Station-Id == 192.168.0.1 on a connection profile ?

@nqb nqb merged commit 1cbb40f into devel Apr 29, 2021
nqb added a commit that referenced this pull request Apr 29, 2021
@nqb
update NEWS for #6293
cf8e6fb
@nqb nqb deleted the feature/move_preProcess_filter branch April 29, 2021 14:25
fdurand pushed a commit that referenced this pull request Jul 27, 2021
@nqb @fdurand
update NEWS for #6293
dea42da
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nqb nqb nqb requested changes

Assignees

@nqb nqb

Labels
Priority: Medium Status: For review Type: Feature / Enhancement
Projects
None yet
Milestone
PacketFence-11.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@fdurand @nqb