From bad2f6d073055ed0a7ca12af0596ee2e684d7960 Mon Sep 17 00:00:00 2001
From: Evgeniy Zakharochkin <gonzo@tyz.ru>
Date: Thu, 18 Oct 2018 20:41:14 +0300
Subject: [PATCH] ability to add NAS Identifier header to radius request
 (#5465)

---
 builtin/credential/radius/path_config.go | 14 ++++++++++++++
 builtin/credential/radius/path_login.go  |  3 +++
 ui/app/models/auth-config/radius.js      |  6 +++++-
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/builtin/credential/radius/path_config.go b/builtin/credential/radius/path_config.go
index 4a3f72e33b91..be31877d71ed 100644
--- a/builtin/credential/radius/path_config.go
+++ b/builtin/credential/radius/path_config.go
@@ -46,6 +46,11 @@ func pathConfig(b *backend) *framework.Path {
 				Default:     10,
 				Description: "RADIUS NAS port field (default: 10)",
 			},
+			"nas_identifier": &framework.FieldSchema{
+				Type:        framework.TypeString,
+				Default:     "",
+				Description: "RADIUS NAS Identifier field (optional)",
+				},
 		},
 
 		ExistenceCheck: b.configExistenceCheck,
@@ -110,6 +115,7 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *f
 			"dial_timeout":               cfg.DialTimeout,
 			"read_timeout":               cfg.ReadTimeout,
 			"nas_port":                   cfg.NasPort,
+			"nas_identifier":             cfg.NasIdentifier,
 		},
 	}
 	return resp, nil
@@ -190,6 +196,13 @@ func (b *backend) pathConfigCreateUpdate(ctx context.Context, req *logical.Reque
 		cfg.NasPort = d.Get("nas_port").(int)
 	}
 
+	nasIdentifier, ok := d.GetOk("nas_identifier")
+	if ok {
+		cfg.NasIdentifier = nasIdentifier.(string)
+	} else if req.Operation == logical.CreateOperation {
+		cfg.NasIdentifier = d.Get("nas_identifier").(string)
+	}
+
 	entry, err := logical.StorageEntryJSON("config", cfg)
 	if err != nil {
 		return nil, err
@@ -209,6 +222,7 @@ type ConfigEntry struct {
 	DialTimeout              int      `json:"dial_timeout" structs:"dial_timeout" mapstructure:"dial_timeout"`
 	ReadTimeout              int      `json:"read_timeout" structs:"read_timeout" mapstructure:"read_timeout"`
 	NasPort                  int      `json:"nas_port" structs:"nas_port" mapstructure:"nas_port"`
+	NasIdentifier            string   `json:"nas_identifier" structs:"nas_identifier" mapstructure:"nas_identifier"`
 }
 
 const pathConfigHelpSyn = `
diff --git a/builtin/credential/radius/path_login.go b/builtin/credential/radius/path_login.go
index ef0c185d88f4..2cf2fa2f61bf 100644
--- a/builtin/credential/radius/path_login.go
+++ b/builtin/credential/radius/path_login.go
@@ -144,6 +144,9 @@ func (b *backend) RadiusLogin(ctx context.Context, req *logical.Request, usernam
 	packet := radius.New(radius.CodeAccessRequest, []byte(cfg.Secret))
 	UserName_SetString(packet, username)
 	UserPassword_SetString(packet, password)
+	if cfg.NasIdentifier != "" {
+		NASIdentifier_AddString(packet, cfg.NasIdentifier)
+	}
 	packet.Add(5, radius.NewInteger(uint32(cfg.NasPort)))
 
 	client := radius.Client{
diff --git a/ui/app/models/auth-config/radius.js b/ui/app/models/auth-config/radius.js
index c47351f3d591..d88088a3f408 100644
--- a/ui/app/models/auth-config/radius.js
+++ b/ui/app/models/auth-config/radius.js
@@ -27,13 +27,17 @@ export default AuthConfig.extend({
     label: 'NAS Port',
   }),
 
+  nasIdentifier: attr('string', {
+    label: 'NAS Identifier',
+  }),
+
   fieldGroups: computed(function() {
     const groups = [
       {
         default: ['host', 'secret'],
       },
       {
-        'RADIUS Options': ['port', 'nasPort', 'dialTimeout', 'unregisteredUserPolicies'],
+        'RADIUS Options': ['port', 'nasPort', 'nasIdentifier', 'dialTimeout', 'unregisteredUserPolicies'],
       },
     ];
     return fieldToAttrs(this, groups);