Example #1
0
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
if (!radius_put_string($res, RADIUS_CALLING_STATION_ID, isset($REMOTE_HOST) ? $REMOTE_HOST : '127.0.0.1') == -1) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
if (!radius_put_string($res, RADIUS_USER_NAME, $username)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
if (!radius_put_addr($res, RADIUS_FRAMED_IP_ADDRESS, $REMOTE_ADDR)) {
    echo 'RadiusError1:' . radius_strerror($res) . "\n<br>";
    exit;
}
// RADIUS_START => start accounting
// RADIUS_STOP => stop accounting
if (!radius_put_int($res, RADIUS_ACCT_STATUS_TYPE, RADIUS_START)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
/* Generate a session ID */
$sessionid = sprintf("%s:%d-%s", $REMOTE_ADDR, getmypid(), get_current_user());
if (!radius_put_string($res, RADIUS_ACCT_SESSION_ID, $sessionid)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
Example #2
0
 /**
  * Puts an attribute.
  *
  * @access public
  * @param  integer $attrib       Attribute-number
  * @param  mixed   $port         Attribute-value
  * @param  type    $type         Attribute-type
  * @return bool  true on success, false on error
  */
 function putAttribute($attrib, $value, $type = null)
 {
     if ($type == null) {
         $type = gettype($value);
     }
     switch ($type) {
         case 'integer':
         case 'double':
             return radius_put_int($this->res, $attrib, $value);
         case 'addr':
             return radius_put_addr($this->res, $attrib, $value);
         case 'string':
         default:
             return radius_put_attr($this->res, $attrib, $value);
     }
 }
Example #3
0
     $res = DbQuery($query, $link);
 } elseif (strstr($guiauth, 'radius') && $user != "admin") {
     # Radius code by Till Elsner
     $radres = radius_auth_open();
     if (!$radres) {
         $raderr = "Error while preparing RADIUS authentication: " . radius_strerror($radres);
     }
     foreach ($radsrv as $rs) {
         if (!radius_add_server($radres, $rs[0], $rs[1], $rs[2], $rs[3], $rs[4])) {
             echo "<h4>RADIUS: " . radius_strerror($radres) . "</h4>";
         }
     }
     if (!radius_create_request($radres, RADIUS_ACCESS_REQUEST)) {
         $raderr = "RADIUS create: " . radius_strerror($radres);
     }
     if (!(radius_put_string($radres, RADIUS_USER_NAME, $user) && radius_put_string($radres, RADIUS_USER_PASSWORD, $_POST['pass']) && radius_put_string($radres, RADIUS_CALLING_STATION_ID, $_SERVER['REMOTE_ADDR']) && radius_put_addr($radres, RADIUS_NAS_IP_ADDRESS, $_SERVER['SERVER_ADDR']))) {
         $raderr = "RADIUS put: " . radius_strerror($radres);
     }
     $radauth = radius_send_request($radres);
     if (!$radauth) {
         $raderr = "RADIUS send: " . radius_strerror($radres);
     } else {
         switch ($radauth) {
             case RADIUS_ACCESS_ACCEPT:
                 $query = GenQuery('users', 's', '*', '', '', array('usrname'), array('='), array($user));
                 $res = DbQuery($query, $link);
                 $uok = DbNumRows($res);
                 break;
             case RADIUS_ACCESS_REJECT:
                 $raderr = "Incorrect RADIUS login!";
                 break;
Example #4
0
/**
 * Check username and password against RADIUS authentication backend.
 *
 * @param string $username User name to check
 * @param string $password User password to check
 * @return int Authentication success (0 = fail, 1 = success) FIXME bool
 */
function radius_authenticate($username, $password)
{
    global $config, $rad;
    radius_init();
    if ($username && $rad) {
        //print_vars(radius_server_secret($rad));
        radius_create_request($rad, RADIUS_ACCESS_REQUEST);
        radius_put_attr($rad, RADIUS_USER_NAME, $username);
        switch (strtolower($config['auth_radius_method'])) {
            // CHAP-MD5 see RFC1994
            case 'chap':
            case 'chap_md5':
                $chapid = 1;
                // Specify a CHAP identifier
                //$challenge = mt_rand(); // Generate a challenge
                //$cresponse = md5(pack('Ca*', $chapid, $password.$challenge), TRUE);
                new Crypt_CHAP();
                // Pre load class
                $crpt = new Crypt_CHAP_MD5();
                $crpt->password = $password;
                $challenge = $crpt->challenge;
                $resp_md5 = $crpt->challengeResponse();
                $resp = pack('C', $chapid) . $resp_md5;
                radius_put_attr($rad, RADIUS_CHAP_PASSWORD, $resp);
                // Add the Chap-Password attribute
                radius_put_attr($rad, RADIUS_CHAP_CHALLENGE, $challenge);
                // Add the Chap-Challenge attribute.
                break;
                // MS-CHAPv1 see RFC2433
            // MS-CHAPv1 see RFC2433
            case 'mschapv1':
                $chapid = 1;
                // Specify a CHAP identifier
                $flags = 1;
                // 0 = use LM-Response, 1 = use NT-Response (we not use old LM)
                new Crypt_CHAP();
                // Pre load class
                $crpt = new Crypt_CHAP_MSv1();
                $crpt->password = $password;
                $challenge = $crpt->challenge;
                $resp_lm = str_repeat("", 24);
                $resp_nt = $crpt->challengeResponse();
                $resp = pack('CC', $chapid, $flags) . $resp_lm . $resp_nt;
                radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp);
                radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge);
                break;
                // MS-CHAPv2 see RFC2759
            // MS-CHAPv2 see RFC2759
            case 'mschapv2':
                $chapid = 1;
                // Specify a CHAP identifier
                $flags = 1;
                // 0 = use LM-Response, 1 = use NT-Response (we not use old LM)
                new Crypt_CHAP();
                // Pre load class
                $crpt = new Crypt_CHAP_MSv2();
                $crpt->username = $username;
                $crpt->password = $password;
                $challenge = $crpt->authChallenge;
                $challenge_p = $crpt->peerChallenge;
                $resp_nt = $crpt->challengeResponse();
                // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response
                $resp = pack('CCa16a8a24', $chapid, $flags, $challenge_p, str_repeat("", 8), $resp_nt);
                radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp);
                radius_put_vendor_attr($rad, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge);
                break;
                // PAP (Plaintext)
            // PAP (Plaintext)
            default:
                radius_put_attr($rad, RADIUS_USER_PASSWORD, $password);
        }
        // Puts standard attributes
        $radius_ip = get_ip_version($config['auth_radius_nas_address']) ? $config['auth_radius_nas_address'] : $_SERVER['SERVER_ADDR'];
        if (get_ip_version($radius_ip) == 6) {
            // FIXME, not sure that this work correctly
            radius_put_attr($rad, RADIUS_NAS_IPV6_ADDRESS, $radius_ip);
        } else {
            radius_put_addr($rad, RADIUS_NAS_IP_ADDRESS, $radius_ip);
        }
        $radius_id = empty($config['auth_radius_id']) ? get_localhost() : $config['auth_radius_id'];
        radius_put_attr($rad, RADIUS_NAS_IDENTIFIER, $radius_id);
        //radius_put_attr($rad, RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL);
        //radius_put_attr($rad, RADIUS_SERVICE_TYPE, RADIUS_FRAMED);
        //radius_put_attr($rad, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP);
        radius_put_attr($rad, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1');
        $response = radius_send_request($rad);
        //print_vars($response);
        switch ($response) {
            case RADIUS_ACCESS_ACCEPT:
                // An Access-Accept response to an Access-Request indicating that the RADIUS server authenticated the user successfully.
                //echo 'Authentication successful';
                return 1;
                break;
            case RADIUS_ACCESS_REJECT:
                // An Access-Reject response to an Access-Request indicating that the RADIUS server could not authenticate the user.
                //echo 'Authentication failed';
                break;
            case RADIUS_ACCESS_CHALLENGE:
                // An Access-Challenge response to an Access-Request indicating that the RADIUS server requires further information
                // in another Access-Request before authenticating the user.
                //echo 'Challenge required';
                break;
            default:
                print_error('A RADIUS error has occurred: ' . radius_strerror($rad));
        }
    }
    //session_logout();
    return 0;
}