PHP init_radiusconfig Examples

Example #1

File: radius_authentication.inc.php Project: NamingException/PHP-Certificate-Authority-Server

function RADIUS_AUTHENTICATION($username, $password)
{
    global $debug;
    global $SERVER_ADDR;
    $radiushost = "";
    $sharedsecret = "";
    $suffix = "";
    init_radiusconfig(&$radiushost, &$radiusport, &$sharedsecret, &$suffix);
    // check your /etc/services. Some radius servers
    // listen on port 1812, some on 1645.
    if ($radiusport == 0) {
        $radiusport = getservbyname("radius", "udp");
    }
    $nasIP = explode(".", $SERVER_ADDR);
    $ip = gethostbyname($radiushost);
    // 17 is UDP, formerly known as PROTO_UDP
    $sock = socket_create(AF_INET, SOCK_DGRAM, 17);
    $retval = socket_connect($sock, $ip, $radiusport);
    if (!preg_match("/@/", $username)) {
        $username .= $suffix;
    }
    if ($debug) {
        echo "<br>radius-port: {$radiusport}<br>radius-host: {$radiushost}<br>username: {$username}<br>suffix: {$suffix}<hr>\n";
    }
    $RA = pack("CCCCCCCCCCCCCCCC", 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255);
    $encryptedpassword = Encrypt($password, $sharedsecret, $RA);
    $length = 4 + 16 + 6 + 2 + strlen($username) + 2 + strlen($encryptedpassword) + 6 + 6;
    // nasPort
    $thisidentifier = rand() % 256;
    //          v   v v     v   v   v     v     v
    $data = pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCCCCC", 1, $thisidentifier, $length / 256, $length % 256, $RA, 6, 6, 0, 0, 0, 1, 1, 2 + strlen($username), $username, 2, 2 + strlen($encryptedpassword), $encryptedpassword, 4, 6, $nasIP[0], $nasIP[1], $nasIP[2], $nasIP[3], 5, 3, 0, 0, 0, 0);
    socket_write($sock, $data, $length);
    if ($debug) {
        echo "<br>writing {$length} bytes<hr>\n";
    }
    //
    // Wait at most five seconds for the answer. Thanks to
    // Michael Long <*****@*****.**> for his remark about this.
    //
    $set = socket_fd_alloc();
    socket_fd_zero($set);
    socket_fd_set($set, $sock);
    socket_select($set, null, null, 5);
    if (!socket_fd_isset($set, $sock)) {
        echo "No answer from radius server, aborting\n";
        exit(0);
    }
    socket_fd_free($set);
    $readdata = socket_read($sock, 1);
    socket_close($sock);
    return ord($readdata);
    // 2 -> Access-Accept
    // 3 -> Access-Reject
    // See RFC2138 for this.
}

Example #2

File: radius_authentication.inc.php Project: nicolnx/norad

    function RADIUS_AUTHENTICATION($username,$password) {
	global $debug;
	$radiushost="";
	$sharedsecret="";
	$suffix="";

	init_radiusconfig(&$radiushost,&$radiusport,&$sharedsecret,&$suffix);

	// check your /etc/services. Some radius servers 
	// listen on port 1812, some on 1645.
	if ($radiusport==0)
	    $radiusport=getservbyname("radius","udp");

	$nasIP=explode(".",$_SERVER['SERVER_ADDR']);
	$ip=gethostbyname($radiushost);

	// 17 is UDP, formerly known as PROTO_UDP
	$sock=socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
	if ($sock==FALSE) {
	    echo "socket_create() failed: " . socket_strerror(socket_last_error()) . "\n";
	    exit(0);
	}
	$retval=socket_connect($sock,$ip,$radiusport);
	if ($retval==FALSE) {
	    echo "socket_connect() failed: " . socket_strerror(socket_last_error()) . "\n";
	    exit(0);
	}

	if (!preg_match("/@/",$username))
	    $username.=$suffix;

	if ($debug)
	    echo "<br>radius-port: $radiusport<br>radius-host: $radiushost<br>username: $username<br>suffix: $suffix<hr>\n";

	$RA=pack("CCCCCCCCCCCCCCCC",				// auth code
	    1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255,
	    1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255,
	    1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255,
	    1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255);

	$encryptedpassword=Encrypt($password,$sharedsecret,$RA);

	$length=4+				// header
		16+				// auth code
		6+				// service type
		2+strlen($username)+		// username
		2+strlen($encryptedpassword)+	// userpassword
		6+				// nasIP
		6;				// nasPort

	$thisidentifier=mt_rand()%256;
	//          v   v v     v   v   v     v     v
	$data=pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCN",
	    1,$thisidentifier,$length/256,$length%256,		// header
	    $RA,						// authcode
	    6,6,0,0,0,1,					// service type
	    1,2+strlen($username),$username,			// username
	    2,2+strlen($encryptedpassword),$encryptedpassword,	// userpassword
	    4,6,$nasIP[0],$nasIP[1],$nasIP[2],$nasIP[3],	// nasIP
	    5,6,$_SERVER['SERVER_PORT']				// nasPort
	    );

	socket_write($sock,$data,$length);

	if ($debug)
	    echo "<br>writing $length bytes<hr>\n";

	//
	// Wait at most five seconds for the answer. Thanks to
	// Michael Long <*****@*****.**> for his remark about this.
	//
	$read = array($sock);
	$num_sockets = socket_select($read, $write = NULL, $except = NULL, 60);
	if ($num_sockets === FALSE) {
	    echo "socket_select() failed: " .
	    	socket_strerror(socket_last_error()) . "\n";
	    socket_close($sock);
	    exit(0);
	} elseif ($num_sockets == 0) {
	    echo "No answer from radius server, aborting\n";
	    socket_close($sock);
	    exit(0);
	}
	unset($read);

	$readdata=socket_read($sock,2);
	socket_close($sock);
	if ($readdata===FALSE) {
	    echo "socket_read() failed: " .
	    	socket_strerror(socket_last_error()) . "\n";
	    exit(0);
	}
	if (ord(substr($readdata, 1, 1)) != $thisidentifier) {
	    //echo "Wrong id received from radius server, aborting\n";
	    //exit(0);
	    return 3; // FIXME this is awfull
	}

	return ord($readdata);
	// 2 -> Access-Accept
	// 3 -> Access-Reject
	// See RFC2138 for this.
    }