Select the first device that match the MFA method (#8400)

* Try to find the device that match the method

* Added message in the radius reply

* Fixed indentation

* Log MFA status in radius reply

lib/pf/Switch/Aruba.pm

@@ -630,6 +630,7 @@ sub returnAuthorizeWrite {
    my $status;
    $radius_reply_ref->{'Class'} = 'root';
    $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -650,6 +651,7 @@ sub returnAuthorizeRead {
    my $status;
    $radius_reply_ref->{'Class'} = 'read-only';
    $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Aruba/5400.pm

@@ -79,6 +79,7 @@ sub returnAuthorizeWrite {
    my $status;
    $radius_reply_ref->{'Service-Type'} = 'Administrative-User';
    $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -99,6 +100,7 @@ sub returnAuthorizeRead {
    my $status;
    $radius_reply_ref->{'Service-Type'} = 'NAS-Prompt-User';
    $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Aruba/ArubaOS_CX_10_x.pm

@@ -85,6 +85,7 @@ sub returnAuthorizeWrite {
    my $status;
    $radius_reply_ref->{'Service-Type'} = 'Administrative-User';
    $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -105,6 +106,7 @@ sub returnAuthorizeRead {
    my $status;
    $radius_reply_ref->{'Service-Type'} = 'NAS-Prompt-User';
    $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Avaya.pm

@@ -652,6 +652,7 @@ sub returnAuthorizeRead {
     my $status;
     $radius_reply_ref->{'Service-Type'} = '7';
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);
@@ -672,6 +673,7 @@ sub returnAuthorizeWrite {
     my $status;
     $radius_reply_ref->{'Service-Type'} = '6';
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);

lib/pf/Switch/Brocade.pm

@@ -317,6 +317,7 @@ sub returnAuthorizeWrite {
    my $status;
    $radius_reply_ref->{'Foundry-Privilege-Level'} = '0';
    $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -338,6 +339,7 @@ sub returnAuthorizeRead {
    my $status;
    $radius_reply_ref->{'Foundry-Privilege-Level'} = '5';
    $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Cisco.pm

@@ -1599,6 +1599,7 @@ sub returnAuthorizeWrite {
     my $status;
     $radius_reply_ref->{'Cisco-AVPair'} = 'shell:priv-lvl=15';
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -1620,6 +1621,7 @@ sub returnAuthorizeRead {
     my $status;
     $radius_reply_ref->{'Cisco-AVPair'} = 'shell:priv-lvl=3';
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Cisco/ASA.pm

@@ -157,6 +157,7 @@ sub returnAuthorizeVPN {
     my $status = shift @super_reply;
     my %radius_reply = @super_reply;
     my $radius_reply_ref = \%radius_reply;
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'} if exists $args->{'message'};
     return [$status, %$radius_reply_ref] if($status == $RADIUS::RLM_MODULE_USERLOCK);
     my $role;
 

lib/pf/Switch/Cisco/Cisco_WLC_AireOS.pm

@@ -363,6 +363,7 @@ sub returnAuthorizeWrite {
     my $status;
     $radius_reply_ref->{'Service-Type'} = 'Administrative-User';
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -384,6 +385,7 @@ sub returnAuthorizeRead {
     my $status;
     $radius_reply_ref->{'Service-Type'} = 'NAS-Prompt-User';
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Dell/N1500.pm

@@ -123,6 +123,7 @@ sub returnAuthorizeWrite {
     my $status;
     $radius_reply_ref->{'Cisco-AVPair'} = 'shell:priv-lvl=15';
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -144,6 +145,7 @@ sub returnAuthorizeRead {
     my $status;
     $radius_reply_ref->{'Cisco-AVPair'} = 'shell:priv-lvl=3';
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Extreme.pm

@@ -1535,6 +1535,7 @@ sub returnAuthorizeRead {
     my $status;
     $radius_reply_ref->{'Service-Type'} = '0';
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);
@@ -1555,6 +1556,7 @@ sub returnAuthorizeWrite {
     my $status;
     $radius_reply_ref->{'Service-Type'} = '6';
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);

lib/pf/Switch/F5.pm

@@ -176,6 +176,7 @@ sub returnAuthorizeVPN {
 
 
     my $radius_reply_ref = {};
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'} if exists $args->{'message'};
     my $status;
     # should this node be kicked out?
     my $kick = $self->handleRadiusDeny($args);

lib/pf/Switch/Fortinet/FortiGate.pm

@@ -271,6 +271,7 @@ sub returnAuthorizeVPN {
 
 
     my $radius_reply_ref = {};
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'} if exists $args->{'message'};
     my $status;
     # should this node be kicked out?
     my $kick = $self->handleRadiusDeny($args);

lib/pf/Switch/Generic.pm

@@ -47,6 +47,7 @@ sub returnAuthorizeWrite {
     my $radius_reply_ref;
     my $status;
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -67,6 +68,7 @@ sub returnAuthorizeRead {
     my $radius_reply_ref;
     my $status;
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/GenericVPN.pm

@@ -78,6 +78,7 @@ sub returnAuthorizeVPN {
 
 
     my $radius_reply_ref = {};
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'} if exists $args->{'message'};
     my $status;
     # should this node be kicked out?
     my $kick = $self->handleRadiusDeny($args);

lib/pf/Switch/H3C.pm

@@ -200,6 +200,7 @@ sub returnAuthorizeWrite {
     my $radius_reply_ref;
     my $status;
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -220,6 +221,7 @@ sub returnAuthorizeRead {
     my $radius_reply_ref;
     my $status;
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/HP.pm

@@ -524,6 +524,7 @@ sub returnAuthorizeWrite {
    my $status;
    $radius_reply_ref->{'Service-Type'} = 'Administrative-User';
    $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -544,6 +545,7 @@ sub returnAuthorizeRead {
    my $status;
    $radius_reply_ref->{'Service-Type'} = 'NAS-Prompt-User';
    $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Juniper.pm

@@ -73,6 +73,7 @@ sub returnAuthorizeWrite {
    my $status;
    $radius_reply_ref->{'Juniper-Local-User-Name'} = 'super-user';
    $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -93,6 +94,7 @@ sub returnAuthorizeRead {
    my $status;
    $radius_reply_ref->{'Juniper-Local-User-Name'} = 'read-only';
    $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+   $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
    $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
    my $filter = pf::access_filter::radius->new;
    my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/OpenVPN.pm

@@ -98,6 +98,7 @@ sub returnAuthorizeVPN {
 
 
     my $radius_reply_ref = {};
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'} if exists $args->{'message'};
     my $status;
     # should this node be kicked out?
     my $kick = $self->handleRadiusDeny($args);

lib/pf/Switch/Template.pm

@@ -570,6 +570,7 @@ sub returnCliAuthorize {
         %radius_reply = @$attrs;
     } else {
         $radius_reply{'Reply-Message'} = "Switch $accessType access granted by PacketFence";
+        $radius_reply{'Reply-Message'} = $args->{'message'}." . ".$radius_reply{'Reply-Message'} if exists $args->{'message'};
     }
 
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with $accessType access");

lib/pf/Switch/Ubiquiti/EdgeSwitch.pm

@@ -110,6 +110,7 @@ sub returnAuthorizeWrite {
     my $status;
     $radius_reply_ref->{'Cisco-AVPair'} = 'shell:priv-lvl=15';
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -131,6 +132,7 @@ sub returnAuthorizeRead {
     my $status;
     $radius_reply_ref->{'Cisco-AVPair'} = 'shell:priv-lvl=3';
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);

lib/pf/Switch/Xirrus.pm

@@ -299,6 +299,7 @@ sub returnAuthorizeWrite {
     my $status;
     $radius_reply_ref->{'Xirrus-Admin-Role'} = 'read-write';
     $radius_reply_ref->{'Reply-Message'} = "Switch enable access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with write access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeWrite', $args);
@@ -320,6 +321,7 @@ sub returnAuthorizeRead {
     my $status;
     $radius_reply_ref->{'Xirrus-Admin-Role'} = 'read-only';
     $radius_reply_ref->{'Reply-Message'} = "Switch read access granted by PacketFence";
+    $radius_reply_ref->{'Reply-Message'} = $args->{'message'}." . ".$radius_reply_ref->{'Reply-Message'} if exists $args->{'message'};
     $logger->info("User $args->{'user_name'} logged in $args->{'switch'}{'_id'} with read access");
     my $filter = pf::access_filter::radius->new;
     my $rule = $filter->test('returnAuthorizeRead', $args);