Hello Adrian,
i did the patch based on the devel branch.
Here a new one based on packetfence 8.3.
Regards
Fabrice
Le 19-02-08 à 04 h 13, Adrian Dessaigne via PacketFence-users a écrit :
Hi, I've done the patch and I got one error for Switch.pm
############################################################################
Below is the result of my patch command:
[root@pfcen7 pf]# patch -p1 --dry-run < ./multiples_attributes.diff
(Stripping trailing CRs from patch; use --binary to disable.)
checking file lib/pf/Switch.pm
Hunk #1 FAILED at 3035.
1 out of 1 hunk FAILED
(Stripping trailing CRs from patch; use --binary to disable.)
checking file lib/pf/api.pm
Hunk #1 succeeded at 1297 (offset 3 lines).
(Stripping trailing CRs from patch; use --binary to disable.)
checking file lib/pf/radius/rest.pm
#############################################################################
The second commande is returning my this:
[root@pfcen7 pf]# patch -p1 < ./multiples_attributes.diff
(Stripping trailing CRs from patch; use --binary to disable.)
patching file lib/pf/Switch.pm
Hunk #1 FAILED at 3035.
1 out of 1 hunk FAILED -- saving rejects to file lib/pf/Switch.pm.rej
(Stripping trailing CRs from patch; use --binary to disable.)
patching file lib/pf/api.pm
Hunk #1 succeeded at 1297 (offset 3 lines).
(Stripping trailing CRs from patch; use --binary to disable.)
patching file lib/pf/radius/rest.pm
#############################################################################
Here is the content of " lib/pf/Switch.pm.rej ":
--- lib/pf/Switch.pm
+++ lib/pf/Switch.pm
@@ -3035,9 +3035,16 @@
sub parseRequest {
my ( $self, $radius_request ) = @_;
- my $client_mac = ref($radius_request->{'Calling-Station-Id'}) eq
'ARRAY'
- ?
clean_mac($radius_request->{'Calling-Station-Id'}[0])
- :
clean_mac($radius_request->{'Calling-Station-Id'});
+ my $client_mac;
+ if (ref($radius_request->{'Calling-Station-Id'}) eq 'ARRAY') {
+ foreach my $callingStationId
(@{$radius_request->{'Calling-Station-Id'}}) {
+ if (valid_mac($callingStationId)) {
+ $client_mac = clean_mac($callingStationId);
+ }
+ }
+ } else {
+ $client_mac = clean_mac($radius_request->{'Calling-Station-Id'});
+ }
my $user_name = $radius_request->{'TLS-Client-Cert-Subject-Alt-Name-Upn'}
|| $radius_request->{'TLS-Client-Cert-Common-Name'} ||
$radius_request->{'User-Name'};
my $nas_port_type = ( defined($radius_request->{'NAS-Port-Type'}) ?
$radius_request->{'NAS-Port-Type'} : ( defined($radius_request->{'Called-Station-SSID'}) ?
"Wireless-802.11" : undef ) );
my $port = $radius_request->{'NAS-Port'};
Is there any other information you need ?
Regards,
Adrian
----- Mail original -----
De: "packetfence-users" <[email protected]>
À: "packetfence-users" <[email protected]>
Cc: "Durand fabrice" <[email protected]>
Envoyé: Vendredi 8 Février 2019 02:54:11
Objet: Re: [PacketFence-users] Can't link PacketFence with AD Server.
Hello Adrian,
if the switch send two Calling-Station-Id then it's a bug on the switch
side.
But i made a patch in order to test if there is multiple attributes and
test if one of them is a mac address.
So go in /usr/local/pf
patch -p1 --dry-run < ./mulpiples_attributes.diff
if there is no error:
patch -p1 < ./mulpiples_attributes.diff
Let me know if it helps.
Regards
Fabrice
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
diff --git a/lib/pf/Switch.pm b/lib/pf/Switch.pm
index 74fe95c4aa..cb99692cea 100644
--- a/lib/pf/Switch.pm
+++ b/lib/pf/Switch.pm
@@ -3035,9 +3035,17 @@ User-Name
sub parseRequest {
my ( $self, $radius_request ) = @_;
- my $client_mac = ref($radius_request->{'Calling-Station-Id'}) eq 'ARRAY'
- ? clean_mac($radius_request->{'Calling-Station-Id'}[0])
- : clean_mac($radius_request->{'Calling-Station-Id'});
+ my $client_mac;
+ if (ref($radius_request->{'Calling-Station-Id'}) eq 'ARRAY') {
+ foreach my $callingStationId (@{$radius_request->{'Calling-Station-Id'}}) {
+ if (valid_mac($callingStationId)) {
+ $client_mac = clean_mac($callingStationId);
+ }
+ }
+ } else {
+ $client_mac = clean_mac($radius_request->{'Calling-Station-Id'});
+ }
+
my $user_name = $radius_request->{'PacketFence-UserNameAttribute'} || $radius_request->{'TLS-Client-Cert-Subject-Alt-Name-Upn'} || $radius_request->{'TLS-Client-Cert-Common-Name'} || $radius_request->{'User-Name'};
my $nas_port_type = ( defined($radius_request->{'NAS-Port-Type'}) ? $radius_request->{'NAS-Port-Type'} : ( defined($radius_request->{'Called-Station-SSID'}) ? "Wireless-802.11" : undef ) );
my $port = $radius_request->{'NAS-Port'};
diff --git a/lib/pf/api.pm b/lib/pf/api.pm
index a96c04cb74..95dad8837a 100644
--- a/lib/pf/api.pm
+++ b/lib/pf/api.pm
@@ -1297,7 +1297,13 @@ sub radius_rest_authorize :Public :RestPath(/radius/rest/authorize) {
my $return;
- if (pf::util::valid_mac($remapped_radius_request{'Calling-Station-Id'})) {
+ if (ref($remapped_radius_request{'Calling-Station-Id'})) eq 'ARRAY') {
+ foreach my $callingStationId (@{$remapped_radius_request{'Calling-Station-Id'}}) {
+ if (pf::util::valid_mac($callingStationId)) {
+ $return = $class->radius_authorize(%remapped_radius_request);
+ }
+ }
+ } elsif (pf::util::valid_mac($remapped_radius_request{'Calling-Station-Id'})) {
$return = $class->radius_authorize(%remapped_radius_request);
} else {
$return = $class->radius_switch_access(%remapped_radius_request);
diff --git a/lib/pf/radius/rest.pm b/lib/pf/radius/rest.pm
index a81a2e3cc5..0b6216aea3 100644
--- a/lib/pf/radius/rest.pm
+++ b/lib/pf/radius/rest.pm
@@ -67,7 +67,7 @@ sub format_request {
my ($request) = @_;
# transform the request according to what radius_authorize expects
my %remapped_radius_request = map {
- $_ => $request->{$_}->{value}->[0];
+ (@{$request->{$_}->{value}} > 1) ? ($_ => $request->{$_}->{value}) : ($_ => $request->{$_}->{value}[0]);
} keys %{$request};
return \%remapped_radius_request;
}
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
