From f37d1824671ba4fd1cab421770678b680d761987 Mon Sep 17 00:00:00 2001
From: jdegraeve <jdegraeve@e36fee2c-cc09-0410-a7cc-ebac5c6737de>
Date: Tue, 16 May 2006 11:32:05 +0000
Subject: [PATCH] Add support to Captive Portal for different MAC format styles

git-svn-id: https://svn.m0n0.ch/wall/trunk@136 e36fee2c-cc09-0410-a7cc-ebac5c6737de
---
 CHANGELOG                               |  1 +
 captiveportal/index.php                 |  3 ++-
 captiveportal/radius_accounting.inc     |  6 ++++--
 captiveportal/radius_authentication.inc |  3 ++-
 phpconf/inc/util.inc                    | 26 +++++++++++++++++++++++++
 webgui/services_captiveportal.php       | 26 +++++++++++++++++++++++++
 6 files changed, 61 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index a07a87c..b59825c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,6 +8,7 @@ $Id$
 
 - changes in Captive portal (jdegraeve):
   - Fixes a bug in the way we handle authentication mechanism. (Potentially allowing double logins and faulty locking)
+  - Add support for different MAC formatting styles.
 
 1.22
 ----
diff --git a/captiveportal/index.php b/captiveportal/index.php
index 829f9f5..4e5d6eb 100755
--- a/captiveportal/index.php
+++ b/captiveportal/index.php
@@ -224,7 +224,8 @@ function portal_mac_radius($clientmac,$clientip) {
     $radmac_secret = $config['captiveportal']['radmac_secret'];
 
     /* authentication against the radius server */
-    $auth_list = radius($clientmac,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN");
+    $username = mac_format($clientmac);
+    $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN");
     if ($auth_list['auth_val'] == 2) {
         return TRUE;
     }
diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc
index 9f9064d..61b4f9e 100644
--- a/captiveportal/radius_accounting.inc
+++ b/captiveportal/radius_accounting.inc
@@ -48,7 +48,8 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp
     global $config;
 
     $retvalue = array();
-    $nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
+    $nas_mac = mac_format(get_interface_mac($config['interfaces']['wan']['if']));
+    $clientmac = mac_format($clientmac);
     $nas_port = $ruleno - 10000;
     $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
 
@@ -154,7 +155,8 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
     global $config;
 
     $retvalue = array();
-    $nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
+    $nas_mac = mac_format(get_interface_mac($config['interfaces']['wan']['if']));
+    $clientmac = mac_format($clientmac);
     $nas_port = $ruleno - 10000;
     $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
     $stop_time = (empty($stop_time)) ? time() : $stop_time;
diff --git a/captiveportal/radius_authentication.inc b/captiveportal/radius_authentication.inc
index c1c5bc7..8439e02 100644
--- a/captiveportal/radius_authentication.inc
+++ b/captiveportal/radius_authentication.inc
@@ -47,7 +47,8 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli
     global $config;
 
     $retvalue = array();
-    $nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
+    $nas_mac = mac_format(get_interface_mac($config['interfaces']['wan']['if']));
+    $clientmac = mac_format($clientmac);
     $nas_port = $ruleno - 10000;
     $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
     // Do we even need to set it to NULL?
diff --git a/phpconf/inc/util.inc b/phpconf/inc/util.inc
index 9a5eb4c..a1fa5f2 100644
--- a/phpconf/inc/util.inc
+++ b/phpconf/inc/util.inc
@@ -424,4 +424,30 @@ function arp_get_mac_by_ip($ip) {
 	return false;
 }
 
+function mac_format($clientmac) {
+    $mac =explode(":", $clientmac);
+
+    global $config;
+
+    $mac_format = $config['captiveportal']['radmac_format'] ? $config['captiveportal']['radmac_format'] : false;
+
+    switch($mac_format) {
+
+        case 'singledash':
+        return "$mac[0]$mac[1]$mac[2]-$mac[3]$mac[4]$mac[5]";
+
+        case 'ietf':
+        return "$mac[0]-$mac[1]-$mac[2]-$mac[3]-$mac[4]-$mac[5]";
+
+        case 'cisco':
+        return "$mac[0]$mac[1].$mac[2]$mac[3].$mac[4]$mac[5]";
+
+        case 'unformatted':
+        return "$mac[0]$mac[1]$mac[2]$mac[3]$mac[4]$mac[5]";
+
+        default:
+        return $clientmac;
+    }
+}
+
 ?>
diff --git a/webgui/services_captiveportal.php b/webgui/services_captiveportal.php
index 4138a31..66b9d00 100755
--- a/webgui/services_captiveportal.php
+++ b/webgui/services_captiveportal.php
@@ -75,6 +75,7 @@ $pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
 $pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
 $pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
 $pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
+$pconfig['radmac_format'] = $config['captiveportal']['radmac_format'];
 
 if ($_POST) {
 
@@ -172,6 +173,7 @@ if ($_POST) {
 		$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
 		$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
 		$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
+        $config['captiveportal']['radmac_format'] = $_POST['radmac_format'] ? $_POST['radmac_format'] : false;
 		
 		/* file upload? */
 		if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
@@ -217,6 +219,7 @@ function enable_change(enable_change) {
 	document.iform.auth_method[1].disabled = endis;
 	document.iform.auth_method[2].disabled = endis;
 	document.iform.radmac_enable.disabled = radius_endis;
+	document.iform.radmac_format.disabled = radius_endis;
 	document.iform.httpslogin_enable.disabled = endis;
 	document.iform.httpsname.disabled = endis;
 	document.iform.cert.disabled = endis;
@@ -481,6 +484,29 @@ to access after they've authenticated.</td>
 				If RADIUS type is set to Cisco, in RADIUS requests (Authentication/Accounting) the value of Calling-Station-Id will be set to the client's IP address and
 				the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = m0n0wall's WAN MAC address.</td>
 			</tr>
+            <tr>
+                <td class="vncell">MAC address format</td>
+                <td class="vtable">
+                <select name="radmac_format" id="radmac_format">
+                <option>default</option>
+                <?php
+                $macformats = array("singledash","ietf","cisco","unformatted");
+                foreach ($macformats as $macformat) {
+                    if ($pconfig['radmac_format'] == $macformat)
+                        echo "<option selected value=\"$macformat\">$macformat</option>\n";
+                    else
+                        echo "<option value=\"$macformat\">$macformat</option>\n";
+                }
+                ?>
+                </select></br>
+                This option changes the MAC address format used in the whole RADIUS system. Change this if you also
+                need to change the username format for RADIUS MAC authentication.<br>
+                default: 00:11:22:33:44:55<br>
+                singledash: 001122-334455<br>
+                ietf: 00-11-22-33-44-55<br>
+                cisco: 0011.2233.4455<br>
+                unformatted: 001122334455
+            </tr>
 		</table>
 	</tr>
 	<tr>
-- 
2.25.1