function RADIUS_AUTHENTICATION($username, $password) { global $debug; global $SERVER_ADDR; $radiushost = ""; $sharedsecret = ""; $suffix = ""; init_radiusconfig(&$radiushost, &$radiusport, &$sharedsecret, &$suffix); // check your /etc/services. Some radius servers // listen on port 1812, some on 1645. if ($radiusport == 0) { $radiusport = getservbyname("radius", "udp"); } $nasIP = explode(".", $SERVER_ADDR); $ip = gethostbyname($radiushost); // 17 is UDP, formerly known as PROTO_UDP $sock = socket_create(AF_INET, SOCK_DGRAM, 17); $retval = socket_connect($sock, $ip, $radiusport); if (!preg_match("/@/", $username)) { $username .= $suffix; } if ($debug) { echo "<br>radius-port: {$radiusport}<br>radius-host: {$radiushost}<br>username: {$username}<br>suffix: {$suffix}<hr>\n"; } $RA = pack("CCCCCCCCCCCCCCCC", 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255, 1 + rand() % 255); $encryptedpassword = Encrypt($password, $sharedsecret, $RA); $length = 4 + 16 + 6 + 2 + strlen($username) + 2 + strlen($encryptedpassword) + 6 + 6; // nasPort $thisidentifier = rand() % 256; // v v v v v v v v $data = pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCCCCC", 1, $thisidentifier, $length / 256, $length % 256, $RA, 6, 6, 0, 0, 0, 1, 1, 2 + strlen($username), $username, 2, 2 + strlen($encryptedpassword), $encryptedpassword, 4, 6, $nasIP[0], $nasIP[1], $nasIP[2], $nasIP[3], 5, 3, 0, 0, 0, 0); socket_write($sock, $data, $length); if ($debug) { echo "<br>writing {$length} bytes<hr>\n"; } // // Wait at most five seconds for the answer. Thanks to // Michael Long <*****@*****.**> for his remark about this. // $set = socket_fd_alloc(); socket_fd_zero($set); socket_fd_set($set, $sock); socket_select($set, null, null, 5); if (!socket_fd_isset($set, $sock)) { echo "No answer from radius server, aborting\n"; exit(0); } socket_fd_free($set); $readdata = socket_read($sock, 1); socket_close($sock); return ord($readdata); // 2 -> Access-Accept // 3 -> Access-Reject // See RFC2138 for this. }
function RADIUS_AUTHENTICATION($username,$password) { global $debug; $radiushost=""; $sharedsecret=""; $suffix=""; init_radiusconfig(&$radiushost,&$radiusport,&$sharedsecret,&$suffix); // check your /etc/services. Some radius servers // listen on port 1812, some on 1645. if ($radiusport==0) $radiusport=getservbyname("radius","udp"); $nasIP=explode(".",$_SERVER['SERVER_ADDR']); $ip=gethostbyname($radiushost); // 17 is UDP, formerly known as PROTO_UDP $sock=socket_create(AF_INET, SOCK_DGRAM, SOL_UDP); if ($sock==FALSE) { echo "socket_create() failed: " . socket_strerror(socket_last_error()) . "\n"; exit(0); } $retval=socket_connect($sock,$ip,$radiusport); if ($retval==FALSE) { echo "socket_connect() failed: " . socket_strerror(socket_last_error()) . "\n"; exit(0); } if (!preg_match("/@/",$username)) $username.=$suffix; if ($debug) echo "<br>radius-port: $radiusport<br>radius-host: $radiushost<br>username: $username<br>suffix: $suffix<hr>\n"; $RA=pack("CCCCCCCCCCCCCCCC", // auth code 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255); $encryptedpassword=Encrypt($password,$sharedsecret,$RA); $length=4+ // header 16+ // auth code 6+ // service type 2+strlen($username)+ // username 2+strlen($encryptedpassword)+ // userpassword 6+ // nasIP 6; // nasPort $thisidentifier=mt_rand()%256; // v v v v v v v v $data=pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCN", 1,$thisidentifier,$length/256,$length%256, // header $RA, // authcode 6,6,0,0,0,1, // service type 1,2+strlen($username),$username, // username 2,2+strlen($encryptedpassword),$encryptedpassword, // userpassword 4,6,$nasIP[0],$nasIP[1],$nasIP[2],$nasIP[3], // nasIP 5,6,$_SERVER['SERVER_PORT'] // nasPort ); socket_write($sock,$data,$length); if ($debug) echo "<br>writing $length bytes<hr>\n"; // // Wait at most five seconds for the answer. Thanks to // Michael Long <*****@*****.**> for his remark about this. // $read = array($sock); $num_sockets = socket_select($read, $write = NULL, $except = NULL, 60); if ($num_sockets === FALSE) { echo "socket_select() failed: " . socket_strerror(socket_last_error()) . "\n"; socket_close($sock); exit(0); } elseif ($num_sockets == 0) { echo "No answer from radius server, aborting\n"; socket_close($sock); exit(0); } unset($read); $readdata=socket_read($sock,2); socket_close($sock); if ($readdata===FALSE) { echo "socket_read() failed: " . socket_strerror(socket_last_error()) . "\n"; exit(0); } if (ord(substr($readdata, 1, 1)) != $thisidentifier) { //echo "Wrong id received from radius server, aborting\n"; //exit(0); return 3; // FIXME this is awfull } return ord($readdata); // 2 -> Access-Accept // 3 -> Access-Reject // See RFC2138 for this. }