summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-03-14 01:57:46 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-03-14 01:57:46 +0000
commit33f0abb1245ac409fbe9e94884fdd531eb1c42cf (patch)
tree5711af84a800a704b60b12c0cc02239cc31dbdc9
parent12ee8fe4a25d6fcda720a171c102f48d9bcceb5c (diff)
downloadpfsense-33f0abb1245ac409fbe9e94884fdd531eb1c42cf.zip
pfsense-33f0abb1245ac409fbe9e94884fdd531eb1c42cf.tar.gz
Restore 1.2b5's captive portal. 1.2b7 + radius == boom.
Diffstat
-rwxr-xr-xusr/local/captiveportal/index.php83
-rw-r--r--usr/local/captiveportal/radius_accounting.inc59
-rw-r--r--usr/local/captiveportal/radius_authentication.inc148
3 files changed, 33 insertions, 257 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index 1f35a57..497e506 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -27,10 +27,6 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
-
- This version of index.php has been modified by Rob Parker
- <rob.parker@keycom.co.uk>. Changes made are in relation to Per-User Bandwidth
- Management based on returned RADIUS attributes, and are (c) 2004 Keycom PLC.
*/
require("globals.inc");
@@ -63,12 +59,7 @@ if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) {
if ($clientmac && portal_mac_fixed($clientmac)) {
/* punch hole in ipfw for pass thru mac addresses */
- // KEYCOM: passthru mac bandwidth control]
- if (isset($config['captiveportal']['peruserbw'])) {
- portal_allow($clientip, $clientmac, "unauthenticated",$config['captiveportal']['bwauthmacup'],$config['captiveportal']['bwauthmacdn']);
- } else {
- portal_allow($clientip, $clientmac, "unauthenticated",0,0);
- }
+ portal_allow($clientip, $clientmac, "unauthenticated");
} else if ($_POST['accept'] && file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
@@ -81,23 +72,14 @@ if ($clientmac && portal_mac_fixed($clientmac)) {
$radiusservers[0]['ipaddr'],
$radiusservers[0]['port'],
$radiusservers[0]['key']);
- $auth_returns = explode("/", $auth_val);
- $auth_val = $auth_returns[0];
- $bw_up = $auth_returns[1];
- $bw_down = $auth_returns[2];
if ($auth_val == 2) {
- if (isset($config['captiveportal']['peruserbw'])) {
- $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],$bw_up,$bw_down);
- } else {
- $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user'],0,0);
- }
+ $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']);
if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
$auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'],
$sessionid,
$radiusservers[0]['ipaddr'],
$radiusservers[0]['acctport'],
- $radiusservers[0]['key'],
- $clientip);
+ $radiusservers[0]['key']);
}
} else {
readfile("{$g['varetc_path']}/captiveportal-error.html");
@@ -107,20 +89,7 @@ if ($clientmac && portal_mac_fixed($clientmac)) {
}
} else if ($_POST['accept'] && $clientip) {
- //KEYCOM: authorised up and down bandwidth defaults (set from webgui). If not set, use 128/128
- if (isset($config['captiveportal']['peruserbw'])) {
- $bw_up=$config['captiveportal']['bwauthipup'];
- $bw_down=$config['captiveportal']['bwauthipdn'];
- if(!isset($bw_up)) {
- $bw_up=128;
- }
- if(!isset($bw_down)) {
- $bw_down=128;
- }
- portal_allow($clientip, $clientmac, "unauthenticated",$bw_up,$bw_down);
- } else {
- portal_allow($clientip, $clientmac, "unauthenticated",0,0);
- }
+ portal_allow($clientip, $clientmac, "unauthenticated");
} else if ($_POST['logout_id']) {
disconnect_client($_POST['logout_id']);
echo <<<EOD
@@ -150,7 +119,7 @@ EOD;
if (isset($config['captiveportal']['httpslogin']))
$htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
else
- $htmltext = str_replace("\$PORTAL_ACTION\$", "", $htmltext);
+ $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$config['interfaces'][$config['captiveportal']['interface']]['ipaddr']}:8000/", $htmltext);
if (preg_match("/redirurl=(.*)/", $orig_request, $matches))
$redirurl = urldecode($matches[1]);
@@ -184,7 +153,7 @@ function portal_mac_fixed($clientmac) {
return FALSE ;
}
-function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) {
+function portal_allow($clientip,$clientmac,$clientuser) {
global $orig_host, $orig_request, $g, $config;
@@ -206,26 +175,6 @@ function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) {
/* add ipfw rules for layer 3 */
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in");
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");
-
- /* KEYCOM: add ipfw rules for dummynet based on bw_up and bw_down */
- //we're just copying them by adding on some and hoping no collision will occur
- //2000 users would be expecting a bit much from a WAP ;)
-
- //we're using fixed rule numbers which are 'a step above' the m0n0 ones
- //this makes sure we always know where our rules are, and taht they are deleted when m0n0's are
- //they're set so they shouldn't hit anything important, and also so they are in roughly the right position in the fw.
-
- //of course, we only need to do this if it's enabled in the config
- if (isset($config['captiveportal']['peruserbw'])) {
- $up_rule_number = $ruleno + 40500;
- $down_rule_number = $ruleno + 45500;
- $lanif = $config['interfaces']['lan']['if'];
- exec("/sbin/ipfw add $up_rule_number set 4 pipe $up_rule_number ip from $clientip to any via $lanif");
- exec("/sbin/ipfw add $down_rule_number set 4 pipe $down_rule_number ip from any to $clientip via $lanif");
- exec("/sbin/ipfw pipe $up_rule_number config bw " . trim($bw_up) . "Kbit/s queue 10");
- exec("/sbin/ipfw pipe $down_rule_number config bw " . trim($bw_down) . "Kbit/s queue 10");
- }
- /* done */
/* add ipfw rules for layer 2 */
if (!isset($config['captiveportal']['nomacfilter'])) {
@@ -260,17 +209,9 @@ function portal_allow($clientip,$clientmac,$clientuser,$bw_up,$bw_down) {
$cpdb[$i][0], // start time
$radiusservers[0]['ipaddr'],
$radiusservers[0]['acctport'],
- $radiusservers[0]['key'],
- $clientip);
- }
- //KEYCOM: we need to delete +40500 and +45500 as well...
- //these are the rule numbers we use to control traffic shaping for each logged in user via captive portal
- mwexec("/sbin/ipfw delete " . $cpdb[$i][1]);
- //we only need to remove our rules if peruserbw is turned on.
- if(isset($config['captiveportal']['peruserbw'])) {
- mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500));
- mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500));
+ $radiusservers[0]['key']);
}
+ mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
unset($cpdb[$i]);
break;
}
@@ -444,15 +385,9 @@ function disconnect_client($sessionid) {
$cpdb[$i][0], // start time
$radiusservers[0]['ipaddr'],
$radiusservers[0]['acctport'],
- $radiusservers[0]['key'],
- $clientip);
+ $radiusservers[0]['key']);
}
- //again we need to remve +40500 and +45500 as well, if they exist
mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
- if(isset($config['captiveportal']['peruserbw'])) {
- mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+40500));
- mwexec("/sbin/ipfw delete " . ($cpdb[$i][1]+45500));
- }
unset($cpdb[$i]);
break;
}
diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc
index 1aac92d..7004971 100644
--- a/usr/local/captiveportal/radius_accounting.inc
+++ b/usr/local/captiveportal/radius_accounting.inc
@@ -26,16 +26,10 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
-
- // This version of radius_accounting.inc has been modified by
- // Rob Parker <rob.parker@keycom.co.uk>. Changes made include:
- // * now sends Framed-IP-Address (client IP)
- // * now sends Called-Station-ID (NAS IP)
- // * now sends Calling-Station-ID (client IP)
*/
-function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip) {
+function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey) {
$sharedsecret=$radiuskey ;
# $debug = 1 ;
@@ -50,14 +44,6 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad
/* set 5 second timeout on socket i/o */
stream_set_timeout($fd, 5) ;
- $nas_ip_address=get_current_wan_address();
-
- if(!isset($clientip)) {
- //if there's no client ip, we'll need to use the NAS ip
- $clientip=get_current_wan_address();
- }
- $ip_exp=explode(".",$clientip);
-
if ($debug)
echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
@@ -72,12 +58,11 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad
6+ // nasPortType
6+ // Acct Status Type
6+ // Acct RADIUS Authenticated
- 2+strlen($sessionid)+ // Acct SessionID
- 6; // Framed-IP-Address
+ 2+strlen($sessionid); // Acct SessionID
// v v v v v v v v v 1 v
// Line # 1 2 3 4 5 6 7 8 9 0 E
- $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCCCCC",
+ $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*",
4,$thisidentifier,$length/256,$length%256, // header
0,0,0,0, // authcode
6,6,0,0,0,1, // service type
@@ -87,8 +72,7 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad
61,6,0,0,0,15, // nasPortType = Ethernet
40,6,0,0,0,1, // Acct Status Type = Start
45,6,0,0,0,1, // Acct RADIUS Authenticated
- 44,2+strlen($sessionid),$sessionid, // Acct Session ID
- 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address
+ 44,2+strlen($sessionid),$sessionid // Acct Session ID
);
/* Generate Accounting Request Authenticator */
@@ -96,7 +80,7 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad
// v v v v v v v v v 1 v
// Line # 1 2 3 4 5 6 7 8 9 0 E
- $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCCCCC",
+ $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*",
4,$thisidentifier,$length/256,$length%256, // header
$RA, // authcode
6,6,0,0,0,1, // service type
@@ -106,8 +90,7 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad
61,6,0,0,0,15, // nasPortType = Ethernet
40,6,0,0,0,1, // Acct Status Type = Start
45,6,0,0,0,1, // Acct RADIUS Authenticated
- 44,2+strlen($sessionid),$sessionid, // Acct Session ID
- 8,6,$ip_exp[0],$ip_exp[1],$ip_exp[2],$ip_exp[3] //Framed-IP-Address
+ 44,2+strlen($sessionid),$sessionid // Acct Session ID
);
if($debug) {
@@ -131,14 +114,12 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad
else
$retvalue = ord($readdata) ;
- syslog(LOG_INFO,"Sent Accounting-Request Start packet to RADIUS for $username");
-
return $retvalue ;
// 5 -> Accounting-Response
// See RFC2866 for this.
}
-function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip) {
+function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey) {
$sharedsecret=$radiuskey ;
# $debug = 1 ;
@@ -165,14 +146,6 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
/* set 5 second timeout on socket i/o */
stream_set_timeout($fd, 5) ;
- $nas_ip_address=get_current_wan_address();
-
- if(!isset($clientip)) {
- //if there's no client ip, we'll need to use the NAS ip
- $clientip=get_current_wan_address();
- }
- $ip_exp=explode(".",$clientip);
-
if ($debug)
echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
@@ -193,13 +166,11 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
6+ // input bytes
6+ // input packets
6+ // output bytes
- 6+ // output packets
- 2+strlen($nas_ip_address)+ //Called-Station-ID
- 2+strlen($clientip); //Calling-Station-ID
+ 6; // output packets
// v v v v v v v v v 1 1 1 1 1 1 1 v
// Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E
- $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*",
+ $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN",
4,$thisidentifier,$length/256,$length%256, // header
0,0,0,0, // authcode
6,6,0,0,0,1, // service type
@@ -215,9 +186,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
42,6,$input_bytes, // Input Octets
47,6,$input_pkts, // Input Packets
43,6,$output_bytes, // Output Octets
- 48,6,$output_pkts, // Output Packets
- 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID
- 31,2+strlen($clientip),$clientip //Calling-Station-ID
+ 48,6,$output_pkts // Output Packets
);
/* Generate Accounting Request Authenticator */
@@ -225,7 +194,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
// v v v v v v v v v 1 1 1 1 1 1 1 v
// Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E
- $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*",
+ $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN",
4,$thisidentifier,$length/256,$length%256, // header
$RA, // authcode
6,6,0,0,0,1, // service type
@@ -241,9 +210,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
42,6,$input_bytes, // Input Octets
47,6,$input_pkts, // Input Packets
43,6,$output_bytes, // Output Octets
- 48,6,$output_pkts, // Output Packets
- 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID
- 31,2+strlen($clientip),$clientip //Calling-Station-ID
+ 48,6,$output_pkts // Output Packets
);
if($debug) {
@@ -267,8 +234,6 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
else
$retvalue = ord($readdata) ;
- syslog(LOG_INFO,"Sent Accounting-Request Stop packet to RADIUS for $username");
-
return $retvalue ;
// 5 -> Accounting-Response
// See RFC2866 for this.
diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc
index 77d263a..c106da3 100644
--- a/usr/local/captiveportal/radius_authentication.inc
+++ b/usr/local/captiveportal/radius_authentication.inc
@@ -28,33 +28,9 @@
// was also fixed and patches submitted to Edwin. This bug would
// have caused authentication to fail on every access.
- // This version of radius_authentication.inc has been modified by
- // Rob Parker <rob.parker@keycom.co.uk>. Changes made include:
- // * move to fread() from fgets() to ensure binary safety
- // * ability to read back specific attributes from a
- // RADIUS Access-Accept packet
- // * these attributes (in this version, Nomadix-Bw-Up and -Down,
- // which are Nomadix vendor specific attributes to be passed back
- // to index.php of m0n0wall to create dummynet rules for per-user
- // radius-based bandwidth restriction.
- // * IMPORTANT NOTE: this function no longer returns a simple integer
- // of '2' for Access-Accept, and '3' for Access-Deny. It will return
- // x/y/z, where x = 2 or 3 (Accept or Deny), y = up bandwidth, if
- // enabled in web gui, and z = down bandwidth. These will be empty if
- // per user bw is disabled in webgui.
- // * these changes are (c) 2004 Keycom PLC.
-
function RADIUS_AUTHENTICATION($username,$password,$radiusip,$radiusport,$radiuskey) {
- global $config;
-
- //radius database, hack this if we need to
-
- $radius_db[1]=="Nomadix-Bw-Up";
- $radius_db[2]=="Nomadix-Bw-Down";
- $radius_db[5]=="Nomadix-Expiration";
-
$sharedsecret=$radiuskey ;
- #$debug = 1 ;
+ # $debug = 1 ;
exec("/bin/hostname", $nasHostname) ;
if(!$nasHostname[0])
@@ -88,9 +64,6 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusip,$radiusport,$radius
6; // nasPortType
$thisidentifier=rand()%256;
-
-
-
// v v v v v v v v v
// Line # 1 2 3 4 5 6 7 8 E
$data=pack("CCCCa*CCCCCCCCa*CCa*CCa*CCCCCCCCCCCC",
@@ -117,113 +90,16 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusip,$radiusport,$radius
if ($debug)
echo "<br>writing $length bytes<hr>\n";
-
- //RADIUS attributes returned in Access-Accept packet.
-
- #turn off magic quotes so we're binary-safe on fread.
- set_magic_quotes_runtime(0);
- $readdata = fread($fd,1024);
- $pack_upack = unpack("Ctype/Cuid/nlength/A16resp/A*payload",$readdata);
- if($pack_upack[type]==2) {
- //only for 'Access-Accept' packets, otherwise throw back the number so error page is shown
- $payload_upack = unpack("Cnum/Clen/C*value",$pack_upack[payload]);
- $used_upack = $payload_upack;
-
- while(count($used_upack)>=1) {
- //the payload contains two initial packets we need to record (number, and payload)
- $attribute_number++;
- $packet_type=array_shift($used_upack); //push the type off
- $attributes[$attribute_number][]=$packet_type;
- $packet_length=array_shift($used_upack); //push the length off
- $attributes[$attribute_number][]=$packet_length;
- //iterate until the end of this attribute
- for($n=1;$n<=$packet_length-2;$n+=1) {
- $attributes[$attribute_number][]=array_shift($used_upack);
- }
- }
-
- //at this stage, $attribute contains a list of ALL attributes that were sent (well, the first 1kbyte of them anyway,
- //change fread above to alter the quantity of data read from the socket.
- //we're only interested in two specific nomadix (3309) attributes (1 and 2, Bw-Up and Bw-Down)
-
- for($n=1;$n<=count($attributes);$n+=1) {
- if($attributes[$n][0]=="26") { //VSA attribs
- if((($attributes[$n][4]*256)+$attributes[$n][5])=="3309") { //just nomadix
- switch($attributes[$n][6]) { //nomadix packet type
- //we do this *256 because otherwise we'd need to unpack the packet
- //again with a different packet format. which is a waste of time for now.
- case "1":
- $bw_up = 0;
- $bw_up += $attributes[$n][10]*256;
- $bw_up += $attributes[$n][11];
- if ($debug) {echo ">>VSA: Nomadix-Bw-Up=" . $bw_up . "kbit\n";}
- break;
- case "2":
- $bw_down = 0;
- $bw_down += $attributes[$n][10]*256;
- $bw_down += $attributes[$n][11];
- if ($debug) {echo ">>VSA: Nomadix-Bw-Down=" . $bw_down . "kbit\n";}
- break;
- default:
- if ($debug) {echo ">>VSA: Unknown Nomadix Packet (" . $attributes[$n][6] . ")!\n";}
- }
- }
- }
- }
- //end RADIUS attribute return code.
-
- $status = socket_get_status($fd) ;
- fclose($fd) ;
-
- if($status['timed_out'])
- $retvalue = 1 ;
- else
- $retvalue = $pack_upack[type];
-
- if($debug) {
- switch($retvalue) {
- case 1:
- echo "Socket Failure!\n";
- break;
- case 2:
- echo "Access-Accept!\n";
- break;
- case 3:
- echo "Access-Reject!\n";
- break;
- default:
- echo "Unknown Reply!\n";
- }
- }
-
- //what happens if there's no Nomadix attributes set, but the user has this turned on?
- //we give them a default of 64kbit. this should be an option in the webgui too.
- if(!isset($bw_up)) {
- //go for default bw up
- $bw_up==$config['captiveportal']['bwdefaultup'];
- if(!isset($bw_up)) {
- $bw_up=64;
- }
- }
- if(!isset($bw_down)) {
- //go for default bw down
- $bw_down==$config['captiveportal']['bwdefaultdn'];
- if(!isset($bw_down)) {
- $bw_down=64;
- }
- }
-
- //whilst we're debugging, we're also going to syslog this
- syslog(LOG_INFO,"Authenticated user $username. Setting bandwidth to $bwdown/$bwup KBit/s");
-
- return $retvalue . "/" . $bw_up . "/" . $bw_down;
- } else {
- //we're returning 5kbit/s each way here, but really it doesn't matter
- //if it's a 3, it's Access-Reject anyway, so the user will actually get
- //nothing at all. :)
- syslog(LOG_INFO,"Authentication failed for $username");
- return "3/5/5";
- }
+ $readdata = fgets($fd,2) ; /* read 1 byte */
+ $status = socket_get_status($fd) ;
+ fclose($fd) ;
+
+ if($status['timed_out'])
+ $retvalue = 1 ;
+ else
+ $retvalue = ord($readdata) ;
+
+ return $retvalue ;
// 2 -> Access-Accept
// 3 -> Access-Reject
// See RFC2865 for this.
@@ -249,4 +125,4 @@ function Encrypt($password,$key,$RA) {
}
return $output;
}
-?> \ No newline at end of file
+?>
OpenPOWER on IntegriCloud