uspot: add final-redirect-url

Signed-off-by: John Crispin <john@phrozen.org>

feeds/tip/certificates/files/etc/init.d/certificates

@@ -10,6 +10,7 @@ copy_certificates() {
 	chown root.network /etc/ucentral/*.pem
 	chmod 0440 root.network /etc/ucentral/*.pem
 	chmod 0400 /etc/ucentral/dev-id
+	[ -f /certificates/restrictions.json ] && cp /certificates/restrictions.json /etc/ucentral/
 	exit 0
 }
 

feeds/ucentral/uspot/files/usr/share/uspot/common.uc

@@ -147,11 +147,28 @@ return {
 	},
 
 	radius_call: function(ctx, payload) {
-		let cfg = fs.open('/tmp/auth' + ctx.mac + '.json', 'w');
+		let type = payload.acct ? 'acct' : 'auth';
+		let cfg = fs.open('/tmp/' + type + ctx.mac + '.json', 'w');
 		cfg.write(payload);
 		cfg.close();
 
-		return this.fs_popen('/usr/bin/radius-client /tmp/auth' + ctx.mac + '.json');
+		return this.fs_popen('/usr/bin/radius-client /tmp/' + type + ctx.mac + '.json');
+	},
+
+	uam_url: function(ctx, res) {
+		let uam_url = this.config.uam.uam_server +
+			'?res=' + res +
+			'&uamip=' + ctx.env.SERVER_ADDR +
+			'&uamport=' + this.config.uam.uam_port +
+			'&challenge=' + this.uam.md5(this.config.uam.challenge, ctx.format_mac) +
+			'&mac=' + ctx.format_mac +
+			'&ip=' + ctx.env.REMOTE_ADDR +
+			'&called=' + this.config.uam.nasmac +
+			'&nasid=' + this.config.uam.nasid +
+			'&ssid=' + ctx.ssid;
+		if (this.config.uam.uam_secret)
+			uam_url += '&md=' + this.uam.md5(ctx.redir_location, this.config.uam.uam_secret);
+		return uam_url;
 	},
 
 	handle_request: function(env, uam) {

feeds/ucentral/uspot/files/usr/share/uspot/handler-uam.uc

@@ -12,7 +12,7 @@ function auth_client(ctx) {
 	let password;
 	let payload = portal.radius_init(ctx);
 
-	payload.logoff_url = sprintf('http://%s:3990/logoff', ctx.env.SERVER_ADDR);
+	payload.logoff_url = sprintf('http://%s:3990/', ctx.env.SERVER_ADDR);
 	if (ctx.query_string.username && ctx.query_string.response) {
 		let challenge = uam.md5(portal.config.uam.challenge, ctx.format_mac);
 
@@ -30,6 +30,8 @@ function auth_client(ctx) {
 
         let radius = portal.radius_call(ctx, payload);
 	if (radius['access-accept']) {
+		if (portal.config.uam.final_redirect_url == 'uam')
+			ctx.query_string.userurl = portal.uam_url(ctx, 'success');
 		portal.allow_client(ctx, { radius: { reply: radius.reply, request: payload } } );
 
 		payload = portal.radius_init(ctx, payload.acct_session);
@@ -39,7 +41,11 @@ function auth_client(ctx) {
 		portal.radius_call(ctx, payload);
 		return;
 	}
-	include('error.uc', ctx);
+
+	if (portal.config.uam.final_redirect_url == 'uam')
+		include('redir.uc', { redir_location: portal.uam_url(ctx, 'reject') });
+	else
+		include('error.uc', ctx);
 }
 
 // disconnect client

feeds/ucentral/uspot/files/usr/share/uspot/handler.uc

@@ -19,18 +19,7 @@ function request_start(ctx) {
 		include('radius.uc', ctx);
 		return;
 	case 'uam':
-		ctx.redir_location = portal.config.uam.uam_server +
+		ctx.redir_location = portal.uam_url(ctx, 'notyet');
-			'?res=notyet' +
-			'&uamip=' + ctx.env.SERVER_ADDR +
-			'&uamport=' + portal.config.uam.uam_port +
-			'&challenge=' + portal.uam.md5(portal.config.uam.challenge, ctx.format_mac) +
-			'&mac=' + ctx.format_mac +
-			'&ip=' + ctx.env.REMOTE_ADDR +
-			'&called=' + portal.config.uam.nasmac +
-			'&nasid=' + portal.config.uam.nasid +
-			'&ssid=' + ctx.ssid;
-		if (portal.config.uam.uam_secret)
-			ctx.redir_location += '&md=' + portal.uam.md5(ctx.redir_location, portal.config.uam.uam_secret);
 		include('redir.uc', ctx);
 		return;
 	default: