From: jdegraeve Date: Fri, 31 Mar 2006 21:17:03 +0000 (+0000) Subject: Revert the CP files back to the ones from r119 since adding multiple servers to the... X-Git-Url: https://git.gsnw.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc6a14de8de6f7bd037ec444c108293b292e6c9c;p=m0n0chwall.git Revert the CP files back to the ones from r119 since adding multiple servers to the accounting section seem to break things for an unknown reason and we want to have a working copy for the 1.22 release git-svn-id: https://svn.m0n0.ch/wall/trunk@122 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- diff --git a/CHANGELOG b/CHANGELOG index ee09151..f93422b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -19,7 +19,6 @@ $Id$ - RADIUS mac authentication now works on local subnet even if "Disable MAC filtering" is activated - Firewall ruleno now uses a more intelligent pool, this fixes a bug where a ruleno could be used even if it is already been assigned - Fixed bug in RADIUS Session-Timeout handling so it'll also work even if reauthentication is disabled - - RADIUS accounting now can use all available radiusservers. The primary radius server is always preferred. - added "disable port mapping" option to advanced outbound NAT (helps with certain IPsec VPN gateways that insist on the IKE source port being 500) (mkasper) diff --git a/captiveportal/index.php b/captiveportal/index.php index b493cba..100d332 100755 --- a/captiveportal/index.php +++ b/captiveportal/index.php @@ -281,7 +281,9 @@ function portal_allow($clientip,$clientmac,$clientuser,$password = null, $attrib $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 13); // Port Preempted @@ -404,7 +406,9 @@ function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1 $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac $term_cause); diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc index ad2d0aa..9f9064d 100644 --- a/captiveportal/radius_accounting.inc +++ b/captiveportal/radius_accounting.inc @@ -43,7 +43,7 @@ RADIUS ACCOUNTING START ----------------------- */ -function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$clientip,$clientmac) { +function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac) { global $config; @@ -67,14 +67,6 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$cl // Create our instance $racct = new Auth_RADIUS_Acct_Start; - // Initialise our server - foreach ($radiusservers as $radsrv) { - - // Add a new server to our instance - $racct->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); - - } - /* Different Authentication options * * Its possible todo other authentication methods but still do radius accounting @@ -88,6 +80,7 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$cl // Construct data package $racct->username = $username; + $racct->addServer($radiusip, $radiusport, $radiuskey); if (PEAR::isError($racct->start())) { $retvalue['acct_val'] = 1; @@ -98,6 +91,14 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusservers,$cl $racct->close(); return $retvalue; + /* Old code: + * $status = $racct->start(); + * if(PEAR::isError($status)) { + * if ($debug) + * printf("Radius start: %s
\n", $status->getMessage()); + * exit; + * } + */ } /* @@ -148,7 +149,7 @@ RADIUS ACCOUNTING STOP/UPDATE ----------------------------- */ -function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusservers,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { +function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$clientmac, $term_cause = 1, $interimupdate=false,$stop_time = null) { global $config; @@ -182,19 +183,26 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius else $racct = new Auth_RADIUS_Acct_Stop; - // Initialise our server + /* + * Currently disabled + Add support for more then one radiusserver. + At most 10 servers may be specified. + When multiple servers are given, they are tried in round-robin fashion until a valid response is received + foreach ($radiusservers as $radsrv) { // Add a new server to our instance $racct->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); } + */ // See RADIUS_ACCOUNTING_START for info $racct->authentic = RADIUS_AUTH_RADIUS; // Construct data package $racct->username = $username; + $racct->addServer($radiusip, $radiusport, $radiuskey); // Set session_time $racct->session_time = $session_time; diff --git a/phpconf/inc/captiveportal.inc b/phpconf/inc/captiveportal.inc index a2f8f45..824948d 100644 --- a/phpconf/inc/captiveportal.inc +++ b/phpconf/inc/captiveportal.inc @@ -451,7 +451,9 @@ function captiveportal_prune_old() { $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 10); // NAS Request @@ -459,7 +461,9 @@ function captiveportal_prune_old() { RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno $cpdb[$i][4], // username $cpdb[$i][5], // sessionid - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $cpdb[$i][2], // clientip $cpdb[$i][3]); // clientmac } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") { @@ -467,7 +471,9 @@ function captiveportal_prune_old() { $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 10, // NAS Request @@ -510,7 +516,9 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t $dbent[4], // username $dbent[5], // sessionid $dbent[0], // start time - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $dbent[2], // clientip $dbent[3], // clientmac $term_cause, // Acct-Terminate-Cause @@ -574,7 +582,9 @@ function captiveportal_radius_stop_all() { $cpdb[$i][4], // username $cpdb[$i][5], // sessionid $cpdb[$i][0], // start time - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 7); // Admin Reboot @@ -797,7 +807,9 @@ function radius($username,$password,$clientip,$clientmac,$type) { $auth_list['acct_val'] = RADIUS_ACCOUNTING_START($ruleno, $username, $sessionid, - $radiusservers, + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], $clientip, $clientmac); if ($auth_list['acct_val'] == 1) diff --git a/webgui/services_captiveportal.php b/webgui/services_captiveportal.php index c675212..99200e8 100755 --- a/webgui/services_captiveportal.php +++ b/webgui/services_captiveportal.php @@ -409,7 +409,7 @@ to access after they've authenticated.   > send RADIUS accounting packets
- If this is enabled, RADIUS accounting packets will be sent to the RADIUS server(s). + If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server. Accounting port