Captive portal API

[robx]

I'm trying to use the API to interface with the captive portal. I can't decide if I'm doing something wrong, or if this functionality hasn't been implemented yet.

I log into the captive portal. In the GUI I can see that a session has been established. It displays the client's IP, MAC address etc. However, calling '/api/captiveportal/session/list' returns an empty array. Actually, calling any of the captive portal related API functions returns an empty result.

Am I doing something wrong or does this API functionality not exist yet?

On a related note, I'd like to be able to perform a 'masquerade' login - ie tell OPNsense via the API "This user is now logged in from this IP. Let them through". Essentially I'm trying to have OPNsense linked to Active Directory so that when you log into AD it allows you to the Internet. I had a quick look and can't see that this functionality already exists. Presumably other people might find it of use and you'd be interested in a pull request?

[AdSchellevis]

Hi Robx,

Are you using the development version? it should dump all registered clients/hosts.
At the moment there is no function to add hosts dynamically, although it probably won't be very hard to implement it into the already existing controller.
You might want to add a feature request in GitHub (https://github.com/opnsense/core/issues/), although I can't promise when it will be in there.

Regards,

Ad

[robx]

Thanks. I'd completely overlooked the development version. I've now installed it and the captive portal API is working as I expect.

I've written a API function that enables the 'masquerade'/dynamic logon that I mentioned. However, it doesn't seem like AccessController.php is the place for this - since it bypasses authentication when called via the portal Lighttpd 'proxy' functionality. Consequently, it would be possible to call my function directly and bypass the portal authentication.

Also, I can't see how session restrictions defined at the zone level are populated into sessions. The code in logonAction() clearly copies a timeout from the authentication server. However, I can't see how to populate the 'acc_session_timeout' session property.

Also, thanks for forking pfsense and putting so much effort into making it look nice and making it what it should have been!

[franco]

Would you mind sharing a diff with us so that we can review? Github works too, it's actually better because we can comment inline if needed. :)

[AdSchellevis]

A short note (I'm in a bit of a hurry  :) ), the SessionController is the place for session data, the AccessController is the one accessed from the end user (which should always be able to authenticate).

[robx]

I've now implemented this and created a PR here: https://github.com/opnsense/core/pull/792

[fabian]

hello robx (@zvs44),

I changed your code and you forgot to add your copyright in the license so it is missing in my changes too.
Can you please add the information you would like to have to the new pull request so I can add it to the file?

Kind regards,

Fabian

[AdSchellevis]

Hi Fabian, robx,

Can we please first determine what functionality we are missing exactly, like I asked in the original pull request?
I have no objection in adding extra functionality in this area, it certainly looks useful, but a copy of our original class with some additions into a new one might not be the best solution here  ;)

Regards,

Ad

[robx]

Apologies for the significant (2 year) delay. I've now found a similar project that requires this functionality. I've raised a second pull-request (https://github.com/opnsense/core/pull/2823) that incorporates the comments from the first. Hope this meets with your approval.