First draft

Author: fdurand

conf/documentation.conf

@@ -1340,6 +1340,13 @@ description=<<EOT
 Use the information included in the accounting to update the iplog
 EOT
 
+[advanced.update_iplog_with_authentication]
+type=toggle
+options=enabled|disabled
+description=<<EOT
+Use the information included in the authentication to update the iplog
+EOT
+
 [advanced.update_iplog_with_external_portal_requests]
 type=toggle
 options=enabled|disabled

conf/pf.conf.defaults

@@ -997,6 +997,11 @@ pfperl_api_processes=8
 # Use the information included in the accounting to update the iplog
 update_iplog_with_accounting=disabled
 #
+# advanced.update_iplog_with_authentication
+#
+# Use the information included in the authentication to update the iplog
+update_iplog_with_authentication=disabled
+#
 # advanced.update_iplog_with_external_portal_requests
 #
 # Use the information included in the accounting to update the iplog

go/pfconfigdriver/structs.go

@@ -586,6 +586,7 @@ type PfConfAdvanced struct {
 	ScanOnAccounting                 string      `json:"scan_on_accounting"`
 	PffilterProcesses                string      `json:"pffilter_processes"`
 	UpdateIplogWithAccounting        string      `json:"update_iplog_with_accounting"`
+	UpdateIplogWithAuthentication    string      `json:"update_iplog_with_authentication"`
 	AdminCspSecurityHeaders          string      `json:"admin_csp_security_headers"`
 	Multihost                        string      `json:"multihost"`
 	SsoOnAccessReevaluation          string      `json:"sso_on_access_reevaluation"`

html/pfappserver/root/src/views/Configuration/advanced/_components/TheForm.vue

@@ -95,6 +95,13 @@
                                              disabled-value="disabled"
     />
 
+    <form-group-update-iplog-with-authentication namespace="update_iplog_with_authentication"
+                                             :column-label="$i18n.t('Update the iplog using the authentication')"
+                                             :text="$i18n.t('Use the information included in the authentication to update the iplog.')"
+                                             enabled-value="enabled"
+                                             disabled-value="disabled"
+    />
+
     <form-group-update-iplog-with-external-portal-requests
       namespace="update_iplog_with_external_portal_requests"
       :column-label="$i18n.t('Update the iplog using the external portal requests')"
@@ -196,6 +203,7 @@ import {
   FormGroupSourceToSendSmsWhenCreatingUsers,
   FormGroupTimingStatsLevel,
   FormGroupUpdateIplogWithAccounting,
+  FormGroupUpdateIplogWithAuthentication,
   FormGroupUpdateIplogWithExternalPortalRequests
 } from './'
 import {computed, toRefs} from '@vue/composition-api'
@@ -227,6 +235,7 @@ const components = {
   FormGroupSourceToSendSmsWhenCreatingUsers,
   FormGroupTimingStatsLevel,
   FormGroupUpdateIplogWithAccounting,
+  FormGroupUpdateIplogWithAuthentication,
   FormGroupUpdateIplogWithExternalPortalRequests
 }
 

html/pfappserver/root/src/views/Configuration/advanced/_components/index.js

@@ -15,30 +15,31 @@ import TheView from './TheView'
 export {
   BaseFormButtonBar as FormButtonBar,
 
-  BaseFormGroupIntervalUnit as FormGroupAccountingTimebucketSize,
-  BaseFormGroupSwitch as FormGroupActiveDirectoryOsJoinCheckBypass,
-  BaseFormGroupSwitch as FormGroupAdminCspSecurityHeaders,
-  BaseFormGroupIntervalUnit as FormGroupApiInactivityTimeout,
-  BaseFormGroupIntervalUnit as FormGroupApiMaxExpiration,
-  BaseFormGroupSwitch as FormGroupConfigurator,
-  BaseFormGroupChosenOne as FormGroupHashPasswords,
-  BaseFormGroupInput as FormGroupHashingCost,
-  BaseFormGroupChosenOne as FormGroupLanguage,
-  BaseFormGroupTextarea as FormGroupLdapAttributes,
-  BaseFormGroupSwitch as FormGroupLocationlogCloseOnAccountingStop,
-  BaseFormGroupSwitch as FormGroupMultihost,
-  BaseFormGroupSwitch as FormGroupNetflowOnAllNetworks,
+  BaseFormGroupIntervalUnit     as FormGroupAccountingTimebucketSize,
+  BaseFormGroupSwitch           as FormGroupActiveDirectoryOsJoinCheckBypass,
+  BaseFormGroupSwitch           as FormGroupAdminCspSecurityHeaders,
+  BaseFormGroupIntervalUnit     as FormGroupApiInactivityTimeout,
+  BaseFormGroupIntervalUnit     as FormGroupApiMaxExpiration,
+  BaseFormGroupSwitch           as FormGroupConfigurator,
+  BaseFormGroupChosenOne        as FormGroupHashPasswords,
+  BaseFormGroupInput            as FormGroupHashingCost,
+  BaseFormGroupChosenOne        as FormGroupLanguage,
+  BaseFormGroupTextarea         as FormGroupLdapAttributes,
+  BaseFormGroupSwitch           as FormGroupLocationlogCloseOnAccountingStop,
+  BaseFormGroupSwitch           as FormGroupMultihost,
+  BaseFormGroupSwitch           as FormGroupNetflowOnAllNetworks,
   BaseFormGroupOpenidAttributes as FormGroupOpenidAttributes,
-  BaseFormGroupInputNumber as FormGroupPffilterProcesses,
-  BaseFormGroupInputNumber as FormGroupPfperlApiProcesses,
-  BaseFormGroupInputNumber as FormGroupPfperlApiTimeout,
-  BaseFormGroupSwitch as FormGroupPortalCspSecurityHeaders,
-  BaseFormGroupInput as FormGroupPfupdateCustomScriptPath,
-  BaseFormGroupSwitch as FormGroupScanOnAccounting,
-  BaseFormGroupChosenOne as FormGroupSourceToSendSmsWhenCreatingUsers,
-  BaseFormGroupInputNumber as FormGroupTimingStatsLevel,
-  BaseFormGroupSwitch as FormGroupUpdateIplogWithAccounting,
-  BaseFormGroupSwitch as FormGroupUpdateIplogWithExternalPortalRequests,
+  BaseFormGroupInputNumber      as FormGroupPffilterProcesses,
+  BaseFormGroupInputNumber      as FormGroupPfperlApiProcesses,
+  BaseFormGroupInputNumber      as FormGroupPfperlApiTimeout,
+  BaseFormGroupSwitch           as FormGroupPortalCspSecurityHeaders,
+  BaseFormGroupInput            as FormGroupPfupdateCustomScriptPath,
+  BaseFormGroupSwitch           as FormGroupScanOnAccounting,
+  BaseFormGroupChosenOne        as FormGroupSourceToSendSmsWhenCreatingUsers,
+  BaseFormGroupInputNumber      as FormGroupTimingStatsLevel,
+  BaseFormGroupSwitch           as FormGroupUpdateIplogWithAccounting,
+  BaseFormGroupSwitch           as FormGroupUpdateIplogWithAuthentication,
+  BaseFormGroupSwitch           as FormGroupUpdateIplogWithExternalPortalRequests,
 
   BaseViewResource as BaseView,
   TheForm,

lib/pf/radius.pm

@@ -145,6 +145,16 @@ sub authorize {
     }
 
     Log::Log4perl::MDC->put( 'mac', $mac );
+
+    my $framed_ip = $radius_request->{"Framed-IP-Address"};
+    if (exists $radius_request->{"Framed-IP-Address"} && valid_ip($radius_request->{"Framed-IP-Address"})) {
+        if (isenabled($Config{advanced}{update_iplog_with_authentication})) {
+            my $client = pf::client::getClient();
+            $logger->debug("Updating iplog from authentication request");
+            $client->notify("update_ip4log", mac => $mac, ip => $radius_request->{"Framed-IP-Address"});
+        }
+    }
+
     my $connection = pf::Connection->new;
     $connection->identifyType($nas_port_type, $eap_type, $mac, $user_name, $switch, $radius_request);
     my $connection_type = $connection->attributesToBackwardCompatible;