Tuesday, July 23, 2013

Packetfence Guest Email Domains Check - Updated

So in my quest for latest version of Packetfence 4.0.x I am enabling the guest access. This is done so that guest account creation for wireless will be reduced to only the special cases. The user contact info is captured so I know who is on the network from a rough perspective.

Inside of Packetfence the guest module check the email against the local domain of the packetfence server so you can block your normal users from getting guest accounts. Since they expire in a short fashion and a limited network access it really does the trick.

I ran into a little problem, multiple email domains which need to be blocked. After a post to the listserv and a response that indicated to look in the guest.pm module here is what I did:

my $email_type = pf::Authentication::Source::EmailSource->meta->get_attribute('type')->default;
    my $source = &pf::authentication::getAuthenticationSourceByType($email_type);
    if ($source) {
        unless (isenabled($source->{allow_localdomain})) {
            # You should not register as a guest if you are part of the local network
            my $localdomain = $Config{'general'}{'domain'};

# Added explicated second domain for check below 

my $localdomain1 = ‘second domain name’;

            if ($cgi->param('email') =~ /[@.]$localdomain$/i) {
                return ($FALSE, $GUEST::ERROR_EMAIL_UNAUTHORIZED_AS_GUEST, [ $localdomain ]);
}

if ($cgi->param('email') =~ /[@.]$localdomain1$/i) {
                return ($FALSE, $GUEST::ERROR_EMAIL_UNAUTHORIZED_AS_GUEST, [ $localdomain1 ]);
            }
        }
    }

I added a second check for another explicitly defined domain $localdomain1 yes I could change that but it was quick and dirty. Added is the code in orange. 

Tested and this does exactly what I wanted it to. Just thought I would share.

Updated: 7-25-2013

On the advice of Inverse, I took the above code blob with the surrounding sub and transferred it to the custom.pm and changed the section to reference the pf::web::guest so that this new sub would take precedence.

Thanks again to the Inverse Team.