diff --git a/feeds/tip/certificates/files/etc/init.d/certificates b/feeds/tip/certificates/files/etc/init.d/certificates index 67c5680da..bbb6f4d35 100755 --- a/feeds/tip/certificates/files/etc/init.d/certificates +++ b/feeds/tip/certificates/files/etc/init.d/certificates @@ -10,6 +10,7 @@ copy_certificates() { chown root.network /etc/ucentral/*.pem chmod 0440 root.network /etc/ucentral/*.pem chmod 0400 /etc/ucentral/dev-id + [ -f /certificates/restrictions.json ] && cp /certificates/restrictions.json /etc/ucentral/ exit 0 } diff --git a/feeds/ucentral/uspot/files/usr/share/uspot/common.uc b/feeds/ucentral/uspot/files/usr/share/uspot/common.uc index a289a295c..ecdbd3b4b 100644 --- a/feeds/ucentral/uspot/files/usr/share/uspot/common.uc +++ b/feeds/ucentral/uspot/files/usr/share/uspot/common.uc @@ -147,11 +147,28 @@ return { }, radius_call: function(ctx, payload) { - let cfg = fs.open('/tmp/auth' + ctx.mac + '.json', 'w'); + let type = payload.acct ? 'acct' : 'auth'; + let cfg = fs.open('/tmp/' + type + ctx.mac + '.json', 'w'); cfg.write(payload); cfg.close(); - return this.fs_popen('/usr/bin/radius-client /tmp/auth' + ctx.mac + '.json'); + return this.fs_popen('/usr/bin/radius-client /tmp/' + type + ctx.mac + '.json'); + }, + + uam_url: function(ctx, res) { + let uam_url = this.config.uam.uam_server + + '?res=' + res + + '&uamip=' + ctx.env.SERVER_ADDR + + '&uamport=' + this.config.uam.uam_port + + '&challenge=' + this.uam.md5(this.config.uam.challenge, ctx.format_mac) + + '&mac=' + ctx.format_mac + + '&ip=' + ctx.env.REMOTE_ADDR + + '&called=' + this.config.uam.nasmac + + '&nasid=' + this.config.uam.nasid + + '&ssid=' + ctx.ssid; + if (this.config.uam.uam_secret) + uam_url += '&md=' + this.uam.md5(ctx.redir_location, this.config.uam.uam_secret); + return uam_url; }, handle_request: function(env, uam) { diff --git a/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc b/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc index 9e533975c..d4bb21fee 100644 --- a/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc +++ b/feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc @@ -12,7 +12,7 @@ function auth_client(ctx) { let password; let payload = portal.radius_init(ctx); - payload.logoff_url = sprintf('http://%s:3990/logoff', ctx.env.SERVER_ADDR); + payload.logoff_url = sprintf('http://%s:3990/', ctx.env.SERVER_ADDR); if (ctx.query_string.username && ctx.query_string.response) { let challenge = uam.md5(portal.config.uam.challenge, ctx.format_mac); @@ -30,6 +30,8 @@ function auth_client(ctx) { let radius = portal.radius_call(ctx, payload); if (radius['access-accept']) { + if (portal.config.uam.final_redirect_url == 'uam') + ctx.query_string.userurl = portal.uam_url(ctx, 'success'); portal.allow_client(ctx, { radius: { reply: radius.reply, request: payload } } ); payload = portal.radius_init(ctx, payload.acct_session); @@ -39,7 +41,11 @@ function auth_client(ctx) { portal.radius_call(ctx, payload); return; } - include('error.uc', ctx); + + if (portal.config.uam.final_redirect_url == 'uam') + include('redir.uc', { redir_location: portal.uam_url(ctx, 'reject') }); + else + include('error.uc', ctx); } // disconnect client diff --git a/feeds/ucentral/uspot/files/usr/share/uspot/handler.uc b/feeds/ucentral/uspot/files/usr/share/uspot/handler.uc index a629b9aa4..0fff13147 100644 --- a/feeds/ucentral/uspot/files/usr/share/uspot/handler.uc +++ b/feeds/ucentral/uspot/files/usr/share/uspot/handler.uc @@ -19,18 +19,7 @@ function request_start(ctx) { include('radius.uc', ctx); return; case 'uam': - ctx.redir_location = portal.config.uam.uam_server + - '?res=notyet' + - '&uamip=' + ctx.env.SERVER_ADDR + - '&uamport=' + portal.config.uam.uam_port + - '&challenge=' + portal.uam.md5(portal.config.uam.challenge, ctx.format_mac) + - '&mac=' + ctx.format_mac + - '&ip=' + ctx.env.REMOTE_ADDR + - '&called=' + portal.config.uam.nasmac + - '&nasid=' + portal.config.uam.nasid + - '&ssid=' + ctx.ssid; - if (portal.config.uam.uam_secret) - ctx.redir_location += '&md=' + portal.uam.md5(ctx.redir_location, portal.config.uam.uam_secret); + ctx.redir_location = portal.uam_url(ctx, 'notyet'); include('redir.uc', ctx); return; default: