diff options
| author | Ermal Luçi <eri@pfsense.org> | 2009-09-14 17:16:26 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2009-09-14 17:16:26 +0000 |
| commit | 40b48c6cd486efddf88a805efeb42e3181fd93bc (patch) | |
| tree | 387237103ee025da1fcdd43ea267e1c2b7262b21 | |
| parent | 89a31c7e103992a812d3ef231826758ade6b79f1 (diff) | |
| download | pfsense-40b48c6cd486efddf88a805efeb42e3181fd93bc.zip pfsense-40b48c6cd486efddf88a805efeb42e3181fd93bc.tar.gz | |
Fix multiple radius server handling.
| -rw-r--r-- | etc/inc/captiveportal.inc | 26 | ||||
| -rwxr-xr-x | usr/local/captiveportal/index.php | 6 | ||||
| -rw-r--r-- | usr/local/captiveportal/radius_accounting.inc | 23 |
3 files changed, 23 insertions, 32 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 685a1a6..8ee9e16 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -530,7 +530,7 @@ function captiveportal_prune_old() { /* do periodic RADIUS reauthentication? */ if (!$timedout && isset($config['captiveportal']['reauthenticate']) && - ($radiusservers !== false)) { + !empty($radiusservers)) { if (isset($config['captiveportal']['radacct_enable'])) { if ($config['captiveportal']['reauthenticateacct'] == "stopstart") { @@ -539,9 +539,7 @@ function captiveportal_prune_old() { $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], + $radiusservers, $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 10); // NAS Request @@ -550,9 +548,7 @@ function captiveportal_prune_old() { RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno $cpdb[$i][4], // username $cpdb[$i][5], // sessionid - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], + $radiusservers, $cpdb[$i][2], // clientip $cpdb[$i][3]); // clientmac } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") { @@ -560,9 +556,7 @@ function captiveportal_prune_old() { $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], + $radiusservers, $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 10, // NAS Request @@ -603,14 +597,12 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t $stop_time = (empty($stop_time)) ? time() : $stop_time; /* this client needs to be deleted - remove ipfw rules */ - if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { + if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { RADIUS_ACCOUNTING_STOP($dbent[1], // ruleno $dbent[4], // username $dbent[5], // sessionid $dbent[0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], + $radiusservers, $dbent[2], // clientip $dbent[3], // clientmac $term_cause, // Acct-Terminate-Cause @@ -681,15 +673,13 @@ function captiveportal_radius_stop_all($lock = false) { $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); - if (isset($radiusservers[0])) { + if (!empty($radiusservers)) { for ($i = 0; $i < count($cpdb); $i++) { RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], + $radiusservers, $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 7); // Admin Reboot diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 2e59f03..af6f867 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -352,13 +352,11 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $attributes['idle_timeout'], $attributes['session_terminate_time']); - if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) { + if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) { $acct_val = RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], + $radiusservers, $clientip, $clientmac); diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index c4df029..aea05c8 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -47,7 +47,7 @@ RADIUS ACCOUNTING START ----------------------- */ -function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac) { +function RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, $radiusservers, $clientip, $clientmac) { global $config; @@ -85,7 +85,15 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp // Construct data package $racct->username = $username; - $racct->addServer($radiusip, $radiusport, $radiuskey); + /* + Add support for more then one radiusserver. + At most 10 servers may be specified. + When multiple servers are given, they are tried in round-robin fashion until a valid response is received + */ + foreach ($radiusservers as $radsrv) { + // Add a new server to our instance + $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); + } if (PEAR::isError($racct->start())) { $retvalue['acct_val'] = 1; @@ -150,7 +158,7 @@ RADIUS ACCOUNTING STOP/UPDATE ----------------------------- */ -function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { +function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusservers,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { global $config; @@ -186,25 +194,20 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius $racct = new Auth_RADIUS_Acct_Stop; /* - * Currently disabled Add support for more then one radiusserver. At most 10 servers may be specified. When multiple servers are given, they are tried in round-robin fashion until a valid response is received - + */ foreach ($radiusservers as $radsrv) { - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); - + $racct->addServer($radsrv['ipaddr'], $radsrv['acctport'], $radsrv['key']); } - */ // See RADIUS_ACCOUNTING_START for info $racct->authentic = RADIUS_AUTH_RADIUS; // Construct data package $racct->username = $username; - $racct->addServer($radiusip, $radiusport, $radiuskey); // Set session_time $racct->session_time = $session_time; |
