(auth) add getLastAuthProperties to interface and implementations

src/opnsense/mvc/app/library/OPNsense/Auth/IAuthConnector.php

@@ -41,6 +41,12 @@ interface IAuthConnector
      */
     public function setProperties($config);
 
+    /**
+     * after authentication, you can call this method to retrieve optional return data from the authenticator
+     * @return mixed named list of authentication properties, may be returned by the authenticator
+     */
+    public function getLastAuthProperties();
+
     /**
      * authenticate user
      * @param $username username to authenticate

src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php

@@ -286,6 +286,15 @@ class LDAP implements IAuthConnector
         return false;
     }
 
+    /**
+     * unused
+     * @return array mixed named list of authentication properties
+     */
+    public function getLastAuthProperties()
+    {
+        return array();
+    }
+
     /**
      * authenticate user against ldap server
      * @param $username username to authenticate

src/opnsense/mvc/app/library/OPNsense/Auth/Local.php

@@ -46,6 +46,15 @@ class Local implements IAuthConnector
         // local authenticator doesn't use any additional settings.
     }
 
+    /**
+     * unused
+     * @return array mixed named list of authentication properties
+     */
+    public function getLastAuthProperties()
+    {
+        return array();
+    }
+
     /**
      * authenticate user against local database (in config.xml)
      * @param $username username to authenticate

src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php

@@ -77,6 +77,10 @@ class Radius implements IAuthConnector
      */
     private $nasIdentifier = 'local';
 
+    /**
+     * @var array internal list of authentication properties (returned by radius auth)
+     */
+    private $lastAuthProperties = array();
 
     /**
      * set connector properties
@@ -102,6 +106,15 @@ class Radius implements IAuthConnector
         }
     }
 
+    /**
+     * unused
+     * @return array mixed named list of authentication properties
+     */
+    public function getLastAuthProperties()
+    {
+        return $this->lastAuthProperties;
+    }
+
     /**
      * authenticate user against radius
      * @param $username username to authenticate
@@ -110,6 +123,7 @@ class Radius implements IAuthConnector
      */
     public function authenticate($username, $password)
     {
+        $this->lastAuthProperties = array() ;// reset auth properties
         $radius = radius_auth_open();
 
         $error = null;
@@ -154,11 +168,24 @@ class Radius implements IAuthConnector
             syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
         } else {
             $request = radius_send_request($radius);
-            if (!$request) {
+            if (!$radius) {
                 syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
             } else {
                 switch($request) {
                     case RADIUS_ACCESS_ACCEPT:
+                        while ($resa = radius_get_attr($radius)) {
+                            switch ($resa['attr']) {
+                                case RADIUS_SESSION_TIMEOUT:
+                                    $this->lastAuthProperties['session_timeout'] = radius_cvt_int($resa['data']);
+                                    break;
+                                case 85: // Acct-Interim-Interval
+                                    $this->lastAuthProperties['Acct-Interim-Interval'] =  radius_cvt_int($resa['data']);
+                                    break;
+                                default:
+                                    break;
+                            }
+
+                        }
                         return true;
                         break;
                     case RADIUS_ACCESS_REJECT: