コード例 #1
1
ファイル: SessionController.php プロジェクト: nicolnx/norad
 private function _sendPOD($session)
 {
     $nas = $session[0]['nas'];
     $username = $session[0]['login'];
     $session_id = str_replace('sid_', '', $session[0]['id']);
     $radport = 3799;
     $sharedsecret = 'brascoa';
     $res = radius_acct_open();
     radius_add_server($res, $nas, $radport, $sharedsecret, 3, 1);
     radius_create_request($res, RADIUS_DISCONNECT_REQUEST);
     // radius_put_string($res, RADIUS_NAS_IP_ADDRESS, 0);
     radius_put_string($res, RADIUS_USER_NAME, $username);
     radius_put_string($res, RADIUS_ACCT_SESSION_ID, $session_id);
     $reply = radius_send_request($res);
     switch ($reply) {
         case RADIUS_COA_ACK:
         case RADIUS_DISCONNECT_ACK:
             $result = "CoA-ACK\n";
             break;
         case RADIUS_COA_NAK:
         case RADIUS_DISCONNECT_NAK:
             $result = "CoA-NAK\n";
             break;
         default:
             return "Unsupported reply\n";
     }
     while ($resa = radius_get_attr($res)) {
         $data = $resa['data'];
         $value = radius_cvt_int($data);
         switch ($value) {
             case 401:
                 $result = "Unsupported Attribute\n";
                 break;
             case 402:
                 $result = "Missing Attribute\n";
                 break;
             case 403:
                 $result = "NAS Identification mismatch [{$nas}]\n";
                 break;
             case 404:
                 $result = "Invalid Request\n";
                 break;
             case 503:
                 $result = "Session context not found\n";
                 break;
             case 506:
                 $result = "Resources unavailable\n";
                 break;
             default:
                 $result = "Unsupported Error-Cause\n";
         }
     }
     radius_close($res);
     return $result;
 }
コード例 #2
0
function radius_authenticate($username, $password)
{
    global $config, $rad;
    radius_init();
    if ($username && $rad) {
        radius_create_request($rad, RADIUS_ACCESS_REQUEST);
        radius_put_string($rad, 1, $username);
        radius_put_string($rad, 2, $password);
        radius_put_string($rad, 4, $_SERVER['SERVER_ADDR']);
        $response = radius_send_request($rad);
        if ($response == RADIUS_ACCESS_ACCEPT) {
            return 1;
        }
    }
    session_logout();
    return 0;
}
コード例 #3
0
ファイル: radius-acct.php プロジェクト: OlegUA/pecl-radius
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
if (!radius_put_addr($res, RADIUS_FRAMED_IP_ADDRESS, $REMOTE_ADDR)) {
    echo 'RadiusError1:' . radius_strerror($res) . "\n<br>";
    exit;
}
// RADIUS_START => start accounting
// RADIUS_STOP => stop accounting
if (!radius_put_int($res, RADIUS_ACCT_STATUS_TYPE, RADIUS_START)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
/* Generate a session ID */
$sessionid = sprintf("%s:%d-%s", $REMOTE_ADDR, getmypid(), get_current_user());
if (!radius_put_string($res, RADIUS_ACCT_SESSION_ID, $sessionid)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
// RADIUS_AUTH_RADIUS => authenticated via Radius
// RADIUS_AUTH_LOCAL => authenicated local
// RADIUS_AUTH_REMOTE => authenticated remote
if (!radius_put_int($res, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
sleep(3);
// if RADIUS_ACCT_STATUS_TYPE == RADIUS_STOP
if (!radius_put_int($res, RADIUS_ACCT_TERMINATE_CAUSE, RADIUS_TERM_USER_REQUEST)) {
    echo 'RadiusError2:' . radius_strerror($res) . "\n<br>";
    exit;
コード例 #4
0
 public function prepareRequest($res, $login, $pass, $seed)
 {
     if (!radius_add_server($res, $this->radiusServer, $this->radiusPort, $this->radiusSecret, 3, 3)) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not add server (" . radius_strerror($res) . ")");
         return false;
     }
     if (!radius_create_request($res, RADIUS_ACCESS_REQUEST)) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not create request (" . radius_strerror($res) . ")");
         return false;
     }
     if (!radius_put_string($res, RADIUS_NAS_IDENTIFIER, isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : 'localhost')) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put string for nas_identifier (" . radius_strerror($res) . ")");
         return false;
     }
     if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put int for service_type (" . radius_strerror($res) . ")");
         return false;
     }
     if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put int for framed_protocol (" . radius_strerror($res) . ")");
         return false;
     }
     if (!radius_put_string($res, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1') == -1) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put string for calling_station_id (" . radius_strerror($res) . ")");
         return false;
     }
     if (!radius_put_string($res, RADIUS_USER_NAME, $login)) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put string for user name (" . radius_strerror($res) . ")");
         return false;
     }
     if ($this->radiusAuthType == 'chap') {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Using CHAP.");
         mt_srand(time());
         $chall = mt_rand();
         $chapval = pack('H*', md5(pack('Ca*', 1, $pass . $chall)));
         $pass = pack('C', 1) . $chapval;
         if (!radius_put_attr($res, RADIUS_CHAP_PASSWORD, $pass)) {
             AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put attribute for chap password (" . radius_strerror($res) . ")");
             return false;
         }
         if (!radius_put_attr($res, RADIUS_CHAP_CHALLENGE, $chall)) {
             AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put attribute for chap callenge (" . radius_strerror($res) . ")");
             return false;
         }
     } else {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Using PAP.");
         if (!radius_put_string($res, RADIUS_USER_PASSWORD, $pass)) {
             AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put string for pap password (" . radius_strerror($res) . ")");
             return false;
         }
     }
     if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put int for second service type (" . radius_strerror($res) . ")");
         return false;
     }
     if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
         AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not put int for second framed protocol (" . radius_strerror($res) . ")");
         return false;
     }
 }
コード例 #5
0
ファイル: index.php プロジェクト: pl0o0f/nedi-puppet
     $res = DbQuery($query, $link);
 } elseif (strstr($guiauth, 'radius') && $user != "admin") {
     # Radius code by Till Elsner
     $radres = radius_auth_open();
     if (!$radres) {
         $raderr = "Error while preparing RADIUS authentication: " . radius_strerror($radres);
     }
     foreach ($radsrv as $rs) {
         if (!radius_add_server($radres, $rs[0], $rs[1], $rs[2], $rs[3], $rs[4])) {
             echo "<h4>RADIUS: " . radius_strerror($radres) . "</h4>";
         }
     }
     if (!radius_create_request($radres, RADIUS_ACCESS_REQUEST)) {
         $raderr = "RADIUS create: " . radius_strerror($radres);
     }
     if (!(radius_put_string($radres, RADIUS_USER_NAME, $user) && radius_put_string($radres, RADIUS_USER_PASSWORD, $_POST['pass']) && radius_put_string($radres, RADIUS_CALLING_STATION_ID, $_SERVER['REMOTE_ADDR']) && radius_put_addr($radres, RADIUS_NAS_IP_ADDRESS, $_SERVER['SERVER_ADDR']))) {
         $raderr = "RADIUS put: " . radius_strerror($radres);
     }
     $radauth = radius_send_request($radres);
     if (!$radauth) {
         $raderr = "RADIUS send: " . radius_strerror($radres);
     } else {
         switch ($radauth) {
             case RADIUS_ACCESS_ACCEPT:
                 $query = GenQuery('users', 's', '*', '', '', array('usrname'), array('='), array($user));
                 $res = DbQuery($query, $link);
                 $uok = DbNumRows($res);
                 break;
             case RADIUS_ACCESS_REJECT:
                 $raderr = "Incorrect RADIUS login!";
                 break;
コード例 #6
0
ファイル: radius_auth.php プロジェクト: Jamp/sgas
 /**
  * Autentica un usuario usando el adaptador
  *
  * @return boolean
  */
 public function authenticate()
 {
     $radius = radius_auth_open();
     if (!$radius) {
         throw new KumbiaException("No se pudo crear el autenticador de Radius");
     }
     if (!radius_add_server($radius, $this->server, $this->port, $this->secret, $this->timeout, $this->max_retries)) {
         throw new KumbiaException(radius_strerror($radius));
     }
     if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) {
         throw new KumbiaException(radius_strerror($radius));
     }
     if (!radius_put_string($radius, RADIUS_USER_NAME, $this->username)) {
         throw new KumbiaException(radius_strerror($radius));
     }
     if (!radius_put_string($radius, RADIUS_USER_PASSWORD, $this->password)) {
         throw new KumbiaException(radius_strerror($radius));
     }
     if (!radius_put_int($radius, RADIUS_AUTHENTICATE_ONLY, 1)) {
         throw new KumbiaException(radius_strerror($radius));
     }
     $this->resource = $radius;
     if (radius_send_request($radius) == RADIUS_ACCESS_ACCEPT) {
         return true;
     } else {
         return false;
     }
 }
コード例 #7
0
ファイル: radius.php プロジェクト: poef/ariadne
 function authExternalUser($login, $password)
 {
     $res = radius_auth_open();
     if (!radius_add_server($res, $this->config['radius_server'], $this->config['radius_port'], $this->config['sharedsecret'], 3, 3)) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if (!radius_create_request($res, RADIUS_ACCESS_REQUEST)) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if (!radius_put_string($res, RADIUS_NAS_IDENTIFIER, isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost')) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if (!radius_put_string($res, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : '127.0.0.1') == -1) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if (!radius_put_string($res, RADIUS_USER_NAME, $login)) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if ($password) {
         if (!radius_put_string($res, RADIUS_USER_PASSWORD, $password)) {
             debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
             return false;
         }
     }
     if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     $req = radius_send_request($res);
     if (!$req) {
         debug('RadiusError:' . radius_strerror($res) . "\n", 'auth');
         return false;
     }
     $user = false;
     switch ($req) {
         case RADIUS_ACCESS_ACCEPT:
             $userData = array();
             $userData["name"] = $login;
             $userData["newpass1"] = '!';
             $userData["newpass2"] = '!';
             $user = $this->storeExternalUser($login, $userData);
             break;
         case RADIUS_ACCESS_REJECT:
             debug("RadiusError: Radius Request rejected\n", 'auth');
             break;
         default:
             debug("RadiusError: Unknown answer\n", 'auth');
     }
     return $user;
 }
コード例 #8
0
 /**
  * This is the main authentication function of the plugin. Given both the 
  * username and password it will make use of the options set to authenticate
  * against the configured RADIUS servers.
  */
 function checkLogin($user, $username, $password)
 {
     if (is_a($user, 'WP_User')) {
         return $user;
     }
     if (empty($username)) {
         return self::wp_error('empty_username', __('The username field is empty.'));
     }
     if (empty($password)) {
         return self::wp_error('empty_password', __('The password field is empty.'));
     }
     $opts = TwoFactorRadiusAuth::getOptions();
     // skip radius for user
     if (@array_search($username, $opts['skip_users']) !== false) {
         return;
     }
     remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
     $userdata = get_user_by('login', $username);
     if (!$userdata) {
         return self::wp_error('invalid_username', __('Invalid username.'));
     }
     if (is_multisite()) {
         // Is user marked as spam?
         if (1 == $userdata->spam) {
             return self::wp_error('invalid_username', __('Your account has been marked as a spammer.'));
         }
         // Is a user's blog marked as spam?
         if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) {
             $details = get_blog_details($userdata->primary_blog);
             if (is_object($details) && $details->spam == 1) {
                 return self::wp_error('blog_suspended', __('Site Suspended.'));
             }
         }
     }
     $OTP = trim($_POST['otp']);
     $radiuspass = $password;
     if (!empty($OTP)) {
         $radiuspass = $password . $opts['pwd_otp_sep'] . $OTP;
     }
     if (!function_exists('radius_auth_open')) {
         return self::wp_error('missing_php_radius', 'Missing php-radius');
     }
     if (!TwoFactorRadiusAuth::isConfigured()) {
         return self::wp_error('missing_plugin_settings', __('Missing auth server settings'));
     }
     $reply_message = '';
     try {
         $rad = radius_auth_open();
         if (!radius_add_server($rad, $opts['s1_host'], $opts['s1_port'], $opts['s1_secr'], $opts['timeout'], $opts['max_tries'])) {
             throw new Exception(radius_strerror($rad));
         }
         if (!empty($opts['s2_host']) && !empty($opts['s2_port']) && !empty($opts['s2_secr'])) {
             if (!radius_add_server($rad, $opts['s2_host'], $opts['s2_port'], $opts['s2_secr'], $opts['timeout'], $opts['max_tries'])) {
                 throw new Exception(radius_strerror($rad));
             }
         }
         if (!radius_create_request($rad, RADIUS_ACCESS_REQUEST)) {
             throw new Exception(radius_strerror($rad));
         }
         if (!radius_put_string($rad, RADIUS_NAS_IDENTIFIER, '1')) {
             throw new Exception(radius_strerror($rad));
         }
         if (!radius_put_int($rad, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
             throw new Exception(radius_strerror($rad));
         }
         if (!radius_put_int($rad, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
             throw new Exception(radius_strerror($rad));
         }
         $station = isset($REMOTE_HOST) ? $REMOTE_HOST : '127.0.0.1';
         if (!radius_put_string($rad, RADIUS_CALLING_STATION_ID, $station) == -1) {
             throw new Exception(radius_strerror($rad));
         }
         if (!radius_put_string($rad, RADIUS_USER_NAME, $username)) {
             throw new Exception(radius_strerror($rad));
         }
         if (!radius_put_string($rad, RADIUS_USER_PASSWORD, $radiuspass)) {
             throw new Exception(radius_strerror($rad));
         }
         if (!radius_put_int($rad, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
             throw new Exception(radius_strerror($rad));
         }
         if (!radius_put_int($rad, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
             throw new Exception(radius_strerror($rad));
         }
         $res = radius_send_request($rad);
         if (!$res) {
             throw new Exception(radius_strerror($rad));
         }
         while ($rattr = radius_get_attr($rad)) {
             if ($rattr['attr'] == 18) {
                 $reply_message = $rattr['data'];
                 break;
             }
         }
     } catch (Exception $exp) {
         return self::wp_error('radius_error', $exp->getMessage());
     }
     switch ($res) {
         case RADIUS_ACCESS_ACCEPT:
             $userdata->user_pass = wp_hash_password($password);
             return new WP_User($userdata->ID);
             break;
         case RADIUS_ACCESS_REJECT:
             switch ($reply_message) {
                 case 'LDAP USER NOT FOUND':
                     if ($opts['use_wp_auth'] == 'on') {
                         add_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
                         return null;
                     } else {
                         return self::wp_error('invalid_username', __('Unknown user'));
                     }
                 case 'INVALID OTP':
                 default:
                     return self::wp_error('incorrect_password', __('Wrong password/OTP'));
             }
             break;
         default:
             return self::wp_error('denied', __('Unknown error'));
     }
 }
コード例 #9
0
ファイル: radius-auth.php プロジェクト: OlegUA/pecl-radius
            // we have no client, therefore we generate the Peer-Challenge
            $peerChallenge = GeneratePeerChallenge();
            printf("Peer Challenge:%s\n", bin2hex($peerChallenge));
            $ntresp = GenerateNTResponse($authChallenge, $peerChallenge, $username, $password);
            $reserved = str_repeat("", 8);
            printf("NT Response:%s\n", bin2hex($ntresp));
            // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response
            $resp = pack('CCa16a8a24', 1, 1, $peerChallenge, $reserved, $ntresp);
            printf("Response:%d %s\n", strlen($resp), bin2hex($resp));
            if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp)) {
                echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP2_RESPONSE:' . radius_strerror($res) . "<br>\n";
                exit;
            }
        } else {
            echo "PAP<br>\n";
            if (!radius_put_string($res, RADIUS_USER_PASSWORD, "sepp")) {
                echo 'RadiusError:' . radius_strerror($res) . "<br>\n";
                exit;
            }
        }
    }
}
if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {
    echo 'RadiusError:' . radius_strerror($res) . "\n<br>";
    exit;
}
$req = radius_send_request($res);
コード例 #10
0
ファイル: Radius.php プロジェクト: 8191/opnsense-core
 /**
  * authenticate user against radius
  * @param $username username to authenticate
  * @param $password user password
  * @return bool authentication status
  */
 public function authenticate($username, $password)
 {
     $this->lastAuthProperties = array();
     // reset auth properties
     $radius = radius_auth_open();
     $error = null;
     if (!radius_add_server($radius, $this->radiusHost, $this->authPort, $this->sharedSecret, $this->timeout, $this->maxRetries)) {
         $error = radius_strerror($radius);
     } elseif (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) {
         $error = radius_strerror($radius);
     } elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
         $error = radius_strerror($radius);
     } elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_LOGIN)) {
         $error = radius_strerror($radius);
     } elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
         $error = radius_strerror($radius);
     } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
         $error = radius_strerror($radius);
     } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
         $error = radius_strerror($radius);
     } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
         $error = radius_strerror($radius);
     } else {
         // Implement extra protocols in this section.
         switch ($this->protocol) {
             case 'PAP':
                 // do PAP authentication
                 if (!radius_put_string($radius, RADIUS_USER_PASSWORD, $password)) {
                     $error = radius_strerror($radius);
                 }
                 break;
             default:
                 syslog(LOG_ERR, 'Unsupported protocol ' . $this->protocol);
                 return false;
         }
     }
     // log errors and perform actual authentication request
     if ($error != null) {
         syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
     } else {
         $request = radius_send_request($radius);
         if (!$radius) {
             syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
         } else {
             switch ($request) {
                 case RADIUS_ACCESS_ACCEPT:
                     while ($resa = radius_get_attr($radius)) {
                         switch ($resa['attr']) {
                             case RADIUS_SESSION_TIMEOUT:
                                 $this->lastAuthProperties['session_timeout'] = radius_cvt_int($resa['data']);
                                 break;
                             case 85:
                                 // Acct-Interim-Interval
                                 $this->lastAuthProperties['Acct-Interim-Interval'] = radius_cvt_int($resa['data']);
                                 break;
                             default:
                                 break;
                         }
                     }
                     return true;
                     break;
                 case RADIUS_ACCESS_REJECT:
                     return false;
                     break;
                 default:
                     // unexpected result, log
                     syslog(LOG_ERR, 'Radius unexpected response:' . $request);
             }
         }
     }
     return false;
 }