4. Bug in newest check_ip.php

Bug in newest check_ip.php

  • S

    Found this bug:

    if(!strpos($db, "_radius")) {
    $status = squid_check_ip($db, $check_ip);
                            break;
    }

    break; causes the system to only check the first CP zone, as it will break out of foreach loop as soon as it stumbles upon a non-radius zone. So if you have multiple CP zones belongning to the same squid proxy, all those belongning to any zone except for the first zone, will get a "Access denied" error.

    Solution: Remove break; from check_ip.php

    0
    M
     1 Reply
  • M

    I've had the same problem.
    The bug is still not fixed!

    0
  • M

    del /usr/local/bin/check_ip.php and use the following code. i solve

    #!/usr/local/bin/php-cgi -q
<?php
/*
 * check_ip.php
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2016-2017 Rubicon Communications, LLC (Netgate)
 * Copyright (c) 2013-2016 Marcello Coutinho
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

require_once("config.inc");
require_once("globals.inc");
error_reporting(0);
global $g;
// stdin loop
if (!defined(STDIN)) {
	define("STDIN", fopen("php://stdin", "r"));
}
if (!defined(STDOUT)) {
	define("STDOUT", fopen('php://stdout', 'w'));
}
while (!feof(STDIN)) {
	$check_ip = trim(fgets(STDIN));
	$dbs = glob("{$g['vardb_path']}/captiveportal*.db");
	$status = NULL;
	
	foreach ($dbs as $db) {
		if(!strpos($db, "_radius")) {
			$status = squid_check_ip($db, $check_ip);
			if (isset($status)){
				break;
			}
		}
	}
	if (!is_null($status)) {
		fwrite(STDOUT, "OK user={$status}\n");
	} else {
		fwrite(STDOUT, "ERR\n");
	}
}

function squid_check_ip($db, $check_ip) {
	exec("/usr/local/bin/sqlite3 {$db} \"SELECT ip FROM captiveportal WHERE ip='{$check_ip}'\"", $ip);
	if ($check_ip == $ip[0]) {
		exec("/usr/local/bin/sqlite3 {$db} \"SELECT username FROM captiveportal WHERE ip='{$check_ip}'\"", $user);
		return $user[0];
	}
}

?>
    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy