Revert the CP files back to the ones from r119 since adding multiple servers to the...

git-svn-id: https://svn.m0n0.ch/wall/trunk@122 e36fee2c-cc09-0410-a7cc-ebac5c6737de

diff --git a/CHANGELOG b/CHANGELOG
index ee09151288cf5b6c3b223d9807b54b68aa11ec8b..f93422b337a02f0e43af0a035c38666a19d24cd7 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -19,7 +19,6 @@ $Id$
   - RADIUS mac authentication now works on local subnet even if "Disable MAC filtering" is activated
   - Firewall ruleno now uses a more intelligent pool, this fixes a bug where a ruleno could be used even if it is already been assigned
   - Fixed bug in RADIUS Session-Timeout handling so it'll also work even if reauthentication is disabled
-  - RADIUS accounting now can use all available radiusservers. The primary radius server is always preferred.
 
 - added "disable port mapping" option to advanced outbound NAT (helps with certain IPsec
   VPN gateways that insist on the IKE source port being 500) (mkasper)

diff --git a/captiveportal/index.php b/captiveportal/index.php
index b493cba7a3175e82be569b0ea3aacf52bd6c1862..100d3324c7d9a85401808718bb9e09e310204102 100755 (executable)
--- a/captiveportal/index.php
+++ b/captiveportal/index.php
@@ -281,7 +281,9 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = null, $attrib
                                        $cpdb[$i][4], // username
                                        $cpdb[$i][5], // sessionid
                                        $cpdb[$i][0], // start time
-                                       $radiusservers,
+                                       $radiusservers[0]['ipaddr'],
+                                       $radiusservers[0]['acctport'],
+                                       $radiusservers[0]['key'],
                                        $cpdb[$i][2], // clientip
                                        $cpdb[$i][3], // clientmac
                                        13); // Port Preempted
@@ -404,7 +406,9 @@ function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1
                                        $cpdb[$i][4], // username
                                        $cpdb[$i][5], // sessionid
                                        $cpdb[$i][0], // start time
-                                       $radiusservers,
+                                       $radiusservers[0]['ipaddr'],
+                                       $radiusservers[0]['acctport'],
+                                       $radiusservers[0]['key'],
                                        $cpdb[$i][2], // clientip
                                        $cpdb[$i][3], // clientmac
                                        $term_cause);

diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc
index ad2d0aad64691209272bc51e34899ecb61c752f9..9f9064d532e0b55d79f0d65c806d95f18b364666 100644 (file)
--- a/captiveportal/radius_accounting.inc
+++ b/captiveportal/radius_accounting.inc
@@ -43,7 +43,7 @@ RADIUS ACCOUNTING START
 -----------------------
 */
 
-function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$clientip,$clientmac) {
+function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac) {
 
     global $config;
 
@@ -67,14 +67,6 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$cl
     // Create our instance
     $racct = new Auth_RADIUS_Acct_Start;
 
-    // Initialise our server
-    foreach ($radiusservers as $radsrv) {
-
-        // Add a new server to our instance
-        $racct->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
-
-    }
-
     /* Different Authentication options
      *
      * Its possible todo other authentication methods but still do radius accounting
@@ -88,6 +80,7 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$cl
 
     // Construct data package
     $racct->username = $username;
+    $racct->addServer($radiusip, $radiusport, $radiuskey);
 
     if (PEAR::isError($racct->start())) {
         $retvalue['acct_val'] = 1;
@@ -98,6 +91,14 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$cl
         $racct->close();
         return $retvalue;
 
+        /* Old code:
+         * $status = $racct->start();
+         * if(PEAR::isError($status)) {
+         *    if ($debug)
+         *        printf("Radius start: %s<br>\n", $status->getMessage());
+         *        exit;
+         * }
+         */
     }
 
     /*
@@ -148,7 +149,7 @@ RADIUS ACCOUNTING STOP/UPDATE
 -----------------------------
 */
 
-function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusservers,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) {
+function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) {
 
     global $config;
 
@@ -182,19 +183,26 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius
     else
         $racct = new Auth_RADIUS_Acct_Stop;
 
-    // Initialise our server
+    /*
+     * Currently disabled
+    Add support for more then one radiusserver. 
+    At most 10 servers may be specified. 
+    When multiple servers are given, they are tried in round-robin fashion until a valid response is received 
+
     foreach ($radiusservers as $radsrv) {
 
         // Add a new server to our instance
         $racct->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
 
     }
+    */
 
     // See RADIUS_ACCOUNTING_START for info
     $racct->authentic = RADIUS_AUTH_RADIUS;
 
     // Construct data package
     $racct->username = $username;
+    $racct->addServer($radiusip, $radiusport, $radiuskey);
     // Set session_time
     $racct->session_time = $session_time;
 

diff --git a/phpconf/inc/captiveportal.inc b/phpconf/inc/captiveportal.inc
index a2f8f456e77fde489af7c83120b62323db9653e7..824948d322fc32ab08f18818d1712f5fe2c74d20 100644 (file)
--- a/phpconf/inc/captiveportal.inc
+++ b/phpconf/inc/captiveportal.inc
@@ -451,7 +451,9 @@ function captiveportal_prune_old() {
                                            $cpdb[$i][4], // username
                                            $cpdb[$i][5], // sessionid
                                            $cpdb[$i][0], // start time
-                                           $radiusservers,
+                                           $radiusservers[0]['ipaddr'],
+                                           $radiusservers[0]['acctport'],
+                                           $radiusservers[0]['key'],
                                            $cpdb[$i][2], // clientip
                                            $cpdb[$i][3], // clientmac
                                            10); // NAS Request
@@ -459,7 +461,9 @@ function captiveportal_prune_old() {
                     RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno
                                             $cpdb[$i][4], // username
                                             $cpdb[$i][5], // sessionid
-                                            $radiusservers,
+                                            $radiusservers[0]['ipaddr'],
+                                            $radiusservers[0]['acctport'],
+                                            $radiusservers[0]['key'],
                                             $cpdb[$i][2], // clientip
                                             $cpdb[$i][3]); // clientmac
                 } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
@@ -467,7 +471,9 @@ function captiveportal_prune_old() {
                                            $cpdb[$i][4], // username
                                            $cpdb[$i][5], // sessionid
                                            $cpdb[$i][0], // start time
-                                           $radiusservers,
+                                           $radiusservers[0]['ipaddr'],
+                                           $radiusservers[0]['acctport'],
+                                           $radiusservers[0]['key'],
                                            $cpdb[$i][2], // clientip
                                            $cpdb[$i][3], // clientmac
                                            10, // NAS Request
@@ -510,7 +516,9 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
                                $dbent[4], // username
                                $dbent[5], // sessionid
                                $dbent[0], // start time
-                               $radiusservers,
+                               $radiusservers[0]['ipaddr'],
+                               $radiusservers[0]['acctport'],
+                               $radiusservers[0]['key'],
                                $dbent[2], // clientip
                                $dbent[3], // clientmac
                                $term_cause, // Acct-Terminate-Cause
@@ -574,7 +582,9 @@ function captiveportal_radius_stop_all() {
                                    $cpdb[$i][4], // username
                                    $cpdb[$i][5], // sessionid
                                    $cpdb[$i][0], // start time
-                                   $radiusservers,
+                                   $radiusservers[0]['ipaddr'],
+                                   $radiusservers[0]['acctport'],
+                                   $radiusservers[0]['key'],
                                    $cpdb[$i][2], // clientip
                                    $cpdb[$i][3], // clientmac
                                    7); // Admin Reboot
@@ -797,7 +807,9 @@ function radius($username,$password,$clientip,$clientmac,$type) {
             $auth_list['acct_val'] = RADIUS_ACCOUNTING_START($ruleno,
                                     $username,
                                     $sessionid,
-                                    $radiusservers,
+                                    $radiusservers[0]['ipaddr'],
+                                    $radiusservers[0]['acctport'],
+                                    $radiusservers[0]['key'],
                                     $clientip,
                                     $clientmac);
             if ($auth_list['acct_val'] == 1) 

diff --git a/webgui/services_captiveportal.php b/webgui/services_captiveportal.php
index c6752122afec1a84ba7aaa77d3bdff631321925c..99200e81453f8663b482a37f3d9829e35ba9dca6 100755 (executable)
--- a/webgui/services_captiveportal.php
+++ b/webgui/services_captiveportal.php
@@ -409,7 +409,7 @@ to access after they've authenticated.</td>
                                <td class="vncell">&nbsp;</td>
                                <td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
                                <strong>send RADIUS accounting packets</strong><br>
-                               If this is enabled, RADIUS accounting packets will be sent to the RADIUS server(s).</td>
+                               If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.</td>
                        </tr>
                        <tr>
                          <td class="vncell" valign="top">Accounting port</td>