private function _sendPOD($session) { $nas = $session[0]['nas']; $username = $session[0]['login']; $session_id = str_replace('sid_', '', $session[0]['id']); $radport = 3799; $sharedsecret = 'brascoa'; $res = radius_acct_open(); radius_add_server($res, $nas, $radport, $sharedsecret, 3, 1); radius_create_request($res, RADIUS_DISCONNECT_REQUEST); // radius_put_string($res, RADIUS_NAS_IP_ADDRESS, 0); radius_put_string($res, RADIUS_USER_NAME, $username); radius_put_string($res, RADIUS_ACCT_SESSION_ID, $session_id); $reply = radius_send_request($res); switch ($reply) { case RADIUS_COA_ACK: case RADIUS_DISCONNECT_ACK: $result = "CoA-ACK\n"; break; case RADIUS_COA_NAK: case RADIUS_DISCONNECT_NAK: $result = "CoA-NAK\n"; break; default: return "Unsupported reply\n"; } while ($resa = radius_get_attr($res)) { $data = $resa['data']; $value = radius_cvt_int($data); switch ($value) { case 401: $result = "Unsupported Attribute\n"; break; case 402: $result = "Missing Attribute\n"; break; case 403: $result = "NAS Identification mismatch [{$nas}]\n"; break; case 404: $result = "Invalid Request\n"; break; case 503: $result = "Session context not found\n"; break; case 506: $result = "Resources unavailable\n"; break; default: $result = "Unsupported Error-Cause\n"; } } radius_close($res); return $result; }
// RADIUS_AUTH_LOCAL => authenicated local // RADIUS_AUTH_REMOTE => authenticated remote if (!radius_put_int($res, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) { echo 'RadiusError:' . radius_strerror($res) . "\n<br>"; exit; } sleep(3); // if RADIUS_ACCT_STATUS_TYPE == RADIUS_STOP if (!radius_put_int($res, RADIUS_ACCT_TERMINATE_CAUSE, RADIUS_TERM_USER_REQUEST)) { echo 'RadiusError2:' . radius_strerror($res) . "\n<br>"; exit; } if (!radius_put_int($res, RADIUS_ACCT_SESSION_TIME, time() - $starttime)) { echo 'RadiusError:' . radius_strerror($res) . "\n<br>"; exit; } // endif $req = radius_send_request($res); if (!$req) { echo 'RadiusError:' . radius_strerror($res) . "\n<br>"; exit; } switch ($req) { case RADIUS_ACCOUNTING_RESPONSE: echo "Radius Accounting response<br>\n"; break; default: echo "Unexpected return value:{$req}\n<br>"; } radius_close($res);
public function checkPassword($login, $pass, $seed) { if (!extension_loaded('radius')) { AJXP_Logger::logAction("RADIUS: php radius extension is missing, please install it."); return false; } $res = radius_auth_open(); $this->prepareRequest($res, $login, $pass, $seed); $req = radius_send_request($res); if (!$req) { AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not send request (" . radius_strerror($res) . ")"); return false; } switch ($req) { case RADIUS_ACCESS_ACCEPT: AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: authentication for user \"" . $login . "\" successful"); radius_close($res); return true; case RADIUS_ACCESS_REJECT: AJXP_Logger::logAction("RADIUS: authentication for user \"" . $login . "\" failed"); break; default: AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: unknwon return value " . $req); break; } radius_close($res); return false; }
/** * Limpia el objeto cerrando la conexion si esta existe * */ public function __destruct() { if ($this->resource) { radius_close($this->resource); } }
/** * Frees resources. * * Calling this method is always a good idea, because all security relevant * attributes are filled with Nullbytes to leave nothing in the mem. * * @access public */ function close() { if ($this->res != null) { radius_close($this->res); $this->res = null; } $this->username = str_repeat("", strlen($this->username)); $this->password = str_repeat("", strlen($this->password)); }
/** * Close the connection to the Radius server */ function close() { if (!radius_close($this->connection)) { $this->makeErrorText('RADIUS close error: '); return false; } else { return true; } }
/** * update radius accounting (interim update) * @param $username user name * @param $sessionid session id * @param $session_time total time spend on this session */ public function updateAccounting($username, $sessionid, $session_time) { // only send messages if target port specified if ($this->acctPort != null) { $radius = radius_auth_open(); if (!defined('RADIUS_UPDATE')) { define('RADIUS_UPDATE', 3); } $error = null; if (!radius_add_server($radius, $this->radiusHost, $this->acctPort, $this->sharedSecret, $this->timeout, $this->maxRetries)) { $error = radius_strerror($radius); } elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) { $error = radius_strerror($radius); } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) { $error = radius_strerror($radius); } elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_UPDATE)) { $error = radius_strerror($radius); } elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_ACCT_SESSION_TIME, $session_time)) { $error = radius_strerror($radius); } if ($error != null) { syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error)); } else { $req = radius_send_request($radius); if (!$req) { syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error)); exit; } switch ($req) { case RADIUS_ACCOUNTING_RESPONSE: break; default: syslog(LOG_ERR, "Unexpected return value:{$radius}\n"); } radius_close($radius); } } }