From b5c986aa9e6bda0a2f144b77a5f3e74e7fe36db2 Mon Sep 17 00:00:00 2001
From: Tobias Perschon <tobias@perschon.at>
Date: Fri, 13 Sep 2024 15:59:45 +0200
Subject: [PATCH] add Tunnel-Password field to radius user

---
 .../OPNsense/Freeradius/forms/dialogEditFreeRADIUSUser.xml  | 6 ++++++
 .../opnsense/mvc/app/models/OPNsense/Freeradius/User.xml    | 4 ++++
 .../opnsense/service/templates/OPNsense/Freeradius/users    | 3 +++
 3 files changed, 13 insertions(+)

diff --git a/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/dialogEditFreeRADIUSUser.xml b/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/dialogEditFreeRADIUSUser.xml
index e025a865a5..3cf67144ef 100644
--- a/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/dialogEditFreeRADIUSUser.xml
+++ b/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/dialogEditFreeRADIUSUser.xml
@@ -164,4 +164,10 @@
         <allownew>true</allownew>
         <help>Select the configured AVPairs for this user.</help>
     </field>
+    <field>
+        <id>user.tunnel_password</id>
+        <label>Tunnel-Password</label>
+        <type>password</type>
+        <help>Set the Tunnel-Password attribute for the user. Allowed characters are 0-9, a-z, A-Z, and ,._-!$%/()+#=: with up to 128 characters.</help>
+    </field>
 </form>
diff --git a/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/User.xml b/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/User.xml
index 589798ce4a..baf82636f1 100644
--- a/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/User.xml
+++ b/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/User.xml
@@ -132,6 +132,10 @@
                     <Multiple>Y</Multiple>
                     <Required>N</Required>
                 </linkedAVPair>
+                <tunnel_password type="TextField">
+                    <Required>N</Required>
+                    <mask>/^([0-9a-zA-Z._\-\!\$\%\/\(\)\+\#\=\{\}:]){1,128}$/u</mask>
+                </tunnel_password>
             </user>
         </users>
     </items>
diff --git a/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users b/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users
index ff9a97916f..6618e41102 100644
--- a/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users
+++ b/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users
@@ -24,6 +24,9 @@
        Service-Type = {{ servicelist }},
 {%         endfor %}
 {%       endif %}
+{%       if user_list.tunnel_password is defined %}
+       Tunnel-Password = {{ user_list.tunnel_password }},
+{%       endif %}
 {%       if helpers.exists('OPNsense.freeradius.general.vlanassign') and OPNsense.freeradius.general.vlanassign == '1' %}
 {%         if user_list.vlan is defined %}
        Tunnel-Type = VLAN,