private function _sendPOD($session)
{
$nas = $session[0]['nas'];
$username = $session[0]['login'];
$session_id = str_replace('sid_', '', $session[0]['id']);
$radport = 3799;
$sharedsecret = 'brascoa';
$res = radius_acct_open();
radius_add_server($res, $nas, $radport, $sharedsecret, 3, 1);
radius_create_request($res, RADIUS_DISCONNECT_REQUEST);
// radius_put_string($res, RADIUS_NAS_IP_ADDRESS, 0);
radius_put_string($res, RADIUS_USER_NAME, $username);
radius_put_string($res, RADIUS_ACCT_SESSION_ID, $session_id);
$reply = radius_send_request($res);
switch ($reply) {
case RADIUS_COA_ACK:
case RADIUS_DISCONNECT_ACK:
$result = "CoA-ACK\n";
break;
case RADIUS_COA_NAK:
case RADIUS_DISCONNECT_NAK:
$result = "CoA-NAK\n";
break;
default:
return "Unsupported reply\n";
}
while ($resa = radius_get_attr($res)) {
$data = $resa['data'];
$value = radius_cvt_int($data);
switch ($value) {
case 401:
$result = "Unsupported Attribute\n";
break;
case 402:
$result = "Missing Attribute\n";
break;
case 403:
$result = "NAS Identification mismatch [{$nas}]\n";
break;
case 404:
$result = "Invalid Request\n";
break;
case 503:
$result = "Session context not found\n";
break;
case 506:
$result = "Resources unavailable\n";
break;
default:
$result = "Unsupported Error-Cause\n";
}
}
radius_close($res);
return $result;
}
// RADIUS_AUTH_LOCAL => authenicated local
// RADIUS_AUTH_REMOTE => authenticated remote
if (!radius_put_int($res, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
exit;
}
sleep(3);
// if RADIUS_ACCT_STATUS_TYPE == RADIUS_STOP
if (!radius_put_int($res, RADIUS_ACCT_TERMINATE_CAUSE, RADIUS_TERM_USER_REQUEST)) {
echo 'RadiusError2:' . radius_strerror($res) . "\n<br>";
exit;
}
if (!radius_put_int($res, RADIUS_ACCT_SESSION_TIME, time() - $starttime)) {
echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
exit;
}
// endif
$req = radius_send_request($res);
if (!$req) {
echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
exit;
}
switch ($req) {
case RADIUS_ACCOUNTING_RESPONSE:
echo "Radius Accounting response<br>\n";
break;
default:
echo "Unexpected return value:{$req}\n<br>";
}
radius_close($res);
public function checkPassword($login, $pass, $seed)
{
if (!extension_loaded('radius')) {
AJXP_Logger::logAction("RADIUS: php radius extension is missing, please install it.");
return false;
}
$res = radius_auth_open();
$this->prepareRequest($res, $login, $pass, $seed);
$req = radius_send_request($res);
if (!$req) {
AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not send request (" . radius_strerror($res) . ")");
return false;
}
switch ($req) {
case RADIUS_ACCESS_ACCEPT:
AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: authentication for user \"" . $login . "\" successful");
radius_close($res);
return true;
case RADIUS_ACCESS_REJECT:
AJXP_Logger::logAction("RADIUS: authentication for user \"" . $login . "\" failed");
break;
default:
AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: unknwon return value " . $req);
break;
}
radius_close($res);
return false;
}
/**
* Limpia el objeto cerrando la conexion si esta existe
*
*/
public function __destruct()
{
if ($this->resource) {
radius_close($this->resource);
}
}
/**
* Frees resources.
*
* Calling this method is always a good idea, because all security relevant
* attributes are filled with Nullbytes to leave nothing in the mem.
*
* @access public
*/
function close()
{
if ($this->res != null) {
radius_close($this->res);
$this->res = null;
}
$this->username = str_repeat("", strlen($this->username));
$this->password = str_repeat("", strlen($this->password));
}
/**
* Close the connection to the Radius server
*/
function close()
{
if (!radius_close($this->connection)) {
$this->makeErrorText('RADIUS close error: ');
return false;
} else {
return true;
}
}
/**
* update radius accounting (interim update)
* @param $username user name
* @param $sessionid session id
* @param $session_time total time spend on this session
*/
public function updateAccounting($username, $sessionid, $session_time)
{
// only send messages if target port specified
if ($this->acctPort != null) {
$radius = radius_auth_open();
if (!defined('RADIUS_UPDATE')) {
define('RADIUS_UPDATE', 3);
}
$error = null;
if (!radius_add_server($radius, $this->radiusHost, $this->acctPort, $this->sharedSecret, $this->timeout, $this->maxRetries)) {
$error = radius_strerror($radius);
} elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_UPDATE)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_SESSION_TIME, $session_time)) {
$error = radius_strerror($radius);
}
if ($error != null) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
} else {
$req = radius_send_request($radius);
if (!$req) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
exit;
}
switch ($req) {
case RADIUS_ACCOUNTING_RESPONSE:
break;
default:
syslog(LOG_ERR, "Unexpected return value:{$radius}\n");
}
radius_close($radius);
}
}
}
