Update the ip4log on radius authentication request (if Framed-Ip-Addr…

…ess exists) (#8521) * First draft * Removed useless frame_ip variable
inverse-inc · Jan 28, 2025 · ca6c454 · ca6c454
1 parent be994ee
commit ca6c454
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 26 deletions.
diff --git a/conf/documentation.conf b/conf/documentation.conf
@@ -1354,6 +1354,13 @@ description=<<EOT
 Use the information included in the accounting to update the iplog
 EOT
 
+[advanced.update_iplog_with_authentication]
+type=toggle
+options=enabled|disabled
+description=<<EOT
+Use the information included in the authentication to update the iplog
+EOT
+
 [advanced.update_iplog_with_external_portal_requests]
 type=toggle
 options=enabled|disabled

diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults
@@ -1011,6 +1011,11 @@ pfperl_api_processes=8
 # Use the information included in the accounting to update the iplog
 update_iplog_with_accounting=disabled
 #
+# advanced.update_iplog_with_authentication
+#
+# Use the information included in the authentication to update the iplog
+update_iplog_with_authentication=disabled
+#
 # advanced.update_iplog_with_external_portal_requests
 #
 # Use the information included in the accounting to update the iplog

diff --git a/go/pfconfigdriver/structs.go b/go/pfconfigdriver/structs.go
@@ -585,6 +585,7 @@ type PfConfAdvanced struct {
 	ScanOnAccounting                 string      `json:"scan_on_accounting"`
 	PffilterProcesses                string      `json:"pffilter_processes"`
 	UpdateIplogWithAccounting        string      `json:"update_iplog_with_accounting"`
+	UpdateIplogWithAuthentication    string      `json:"update_iplog_with_authentication"`
 	AdminCspSecurityHeaders          string      `json:"admin_csp_security_headers"`
 	Multihost                        string      `json:"multihost"`
 	SsoOnAccessReevaluation          string      `json:"sso_on_access_reevaluation"`

diff --git a/html/pfappserver/root/src/views/Configuration/advanced/_components/TheForm.vue b/html/pfappserver/root/src/views/Configuration/advanced/_components/TheForm.vue
@@ -116,6 +116,13 @@
                                              disabled-value="disabled"
     />
 
+    <form-group-update-iplog-with-authentication namespace="update_iplog_with_authentication"
+                                             :column-label="$i18n.t('Update the iplog using the authentication')"
+                                             :text="$i18n.t('Use the information included in the authentication to update the iplog.')"
+                                             enabled-value="enabled"
+                                             disabled-value="disabled"
+    />
+
     <form-group-update-iplog-with-external-portal-requests
       namespace="update_iplog_with_external_portal_requests"
       :column-label="$i18n.t('Update the iplog using the external portal requests')"
@@ -220,6 +227,7 @@ import {
   FormGroupSsoOnDhcp,
   FormGroupTimingStatsLevel,
   FormGroupUpdateIplogWithAccounting,
+  FormGroupUpdateIplogWithAuthentication,
   FormGroupUpdateIplogWithExternalPortalRequests
 } from './'
 import {computed, toRefs} from '@vue/composition-api'
@@ -254,6 +262,7 @@ const components = {
   FormGroupSsoOnDhcp,
   FormGroupTimingStatsLevel,
   FormGroupUpdateIplogWithAccounting,
+  FormGroupUpdateIplogWithAuthentication,
   FormGroupUpdateIplogWithExternalPortalRequests
 }
 

diff --git a/html/pfappserver/root/src/views/Configuration/advanced/_components/index.js b/html/pfappserver/root/src/views/Configuration/advanced/_components/index.js
@@ -15,33 +15,34 @@ import TheView from './TheView'
 export {
   BaseFormButtonBar as FormButtonBar,
 
-  BaseFormGroupIntervalUnit as FormGroupAccountingTimebucketSize,
-  BaseFormGroupSwitch as FormGroupActiveDirectoryOsJoinCheckBypass,
-  BaseFormGroupSwitch as FormGroupAdminCspSecurityHeaders,
-  BaseFormGroupIntervalUnit as FormGroupApiInactivityTimeout,
-  BaseFormGroupIntervalUnit as FormGroupApiMaxExpiration,
-  BaseFormGroupSwitch as FormGroupConfigurator,
-  BaseFormGroupChosenOne as FormGroupHashPasswords,
-  BaseFormGroupInput as FormGroupHashingCost,
-  BaseFormGroupChosenOne as FormGroupLanguage,
-  BaseFormGroupTextarea as FormGroupLdapAttributes,
-  BaseFormGroupSwitch as FormGroupLocationlogCloseOnAccountingStop,
-  BaseFormGroupSwitch as FormGroupMultihost,
-  BaseFormGroupSwitch as FormGroupNetflowOnAllNetworks,
+  BaseFormGroupIntervalUnit     as FormGroupAccountingTimebucketSize,
+  BaseFormGroupSwitch           as FormGroupActiveDirectoryOsJoinCheckBypass,
+  BaseFormGroupSwitch           as FormGroupAdminCspSecurityHeaders,
+  BaseFormGroupIntervalUnit     as FormGroupApiInactivityTimeout,
+  BaseFormGroupIntervalUnit     as FormGroupApiMaxExpiration,
+  BaseFormGroupSwitch           as FormGroupConfigurator,
+  BaseFormGroupChosenOne        as FormGroupHashPasswords,
+  BaseFormGroupInput            as FormGroupHashingCost,
+  BaseFormGroupChosenOne        as FormGroupLanguage,
+  BaseFormGroupTextarea         as FormGroupLdapAttributes,
+  BaseFormGroupSwitch           as FormGroupLocationlogCloseOnAccountingStop,
+  BaseFormGroupSwitch           as FormGroupMultihost,
+  BaseFormGroupSwitch           as FormGroupNetflowOnAllNetworks,
   BaseFormGroupOpenidAttributes as FormGroupOpenidAttributes,
-  BaseFormGroupInputNumber as FormGroupPffilterProcesses,
-  BaseFormGroupInputNumber as FormGroupPfperlApiProcesses,
-  BaseFormGroupInputNumber as FormGroupPfperlApiTimeout,
-  BaseFormGroupSwitch as FormGroupPortalCspSecurityHeaders,
-  BaseFormGroupInput as FormGroupPfupdateCustomScriptPath,
-  BaseFormGroupSwitch as FormGroupScanOnAccounting,
-  BaseFormGroupChosenOne as FormGroupSourceToSendSmsWhenCreatingUsers,
-  BaseFormGroupSwitch as FormGroupSsoOnAccessReevaluation,
-  BaseFormGroupSwitch as FormGroupSsoOnAccounting,
-  BaseFormGroupSwitch as FormGroupSsoOnDhcp,
-  BaseFormGroupInputNumber as FormGroupTimingStatsLevel,
-  BaseFormGroupSwitch as FormGroupUpdateIplogWithAccounting,
-  BaseFormGroupSwitch as FormGroupUpdateIplogWithExternalPortalRequests,
+  BaseFormGroupSwitch           as FormGroupSsoOnAccessReevaluation,
+  BaseFormGroupSwitch           as FormGroupSsoOnAccounting,
+  BaseFormGroupSwitch           as FormGroupSsoOnDhcp,
+  BaseFormGroupInputNumber      as FormGroupPffilterProcesses,
+  BaseFormGroupInputNumber      as FormGroupPfperlApiProcesses,
+  BaseFormGroupInputNumber      as FormGroupPfperlApiTimeout,
+  BaseFormGroupSwitch           as FormGroupPortalCspSecurityHeaders,
+  BaseFormGroupInput            as FormGroupPfupdateCustomScriptPath,
+  BaseFormGroupSwitch           as FormGroupScanOnAccounting,
+  BaseFormGroupChosenOne        as FormGroupSourceToSendSmsWhenCreatingUsers,
+  BaseFormGroupInputNumber      as FormGroupTimingStatsLevel,
+  BaseFormGroupSwitch           as FormGroupUpdateIplogWithAccounting,
+  BaseFormGroupSwitch           as FormGroupUpdateIplogWithAuthentication,
+  BaseFormGroupSwitch           as FormGroupUpdateIplogWithExternalPortalRequests,
 
   BaseViewResource as BaseView,
   TheForm,

diff --git a/lib/pf/radius.pm b/lib/pf/radius.pm
@@ -145,6 +145,15 @@ sub authorize {
     }
 
     Log::Log4perl::MDC->put( 'mac', $mac );
+
+    if (exists $radius_request->{"Framed-IP-Address"} && valid_ip($radius_request->{"Framed-IP-Address"})) {
+        if (isenabled($Config{advanced}{update_iplog_with_authentication})) {
+            my $client = pf::client::getClient();
+            $logger->debug("Updating iplog from authentication request");
+            $client->notify("update_ip4log", mac => $mac, ip => $radius_request->{"Framed-IP-Address"});
+        }
+    }
+
     my $connection = pf::Connection->new;
     $connection->identifyType($nas_port_type, $eap_type, $mac, $user_name, $switch, $radius_request);
     my $connection_type = $connection->attributesToBackwardCompatible;