Add secure-id example to the repository

git-svn-id: https://svn.m0n0.ch/wall/trunk@64 e36fee2c-cc09-0410-a7cc-ebac5c6737de

diff --git a/captiveportal/securid_radius.txt b/captiveportal/securid_radius.txt
new file mode 100644 (file)
index 0000000..6552877
--- /dev/null
+++ b/captiveportal/securid_radius.txt
@@ -0,0 +1,120 @@
+Here's a longer example that DOES do Challenge Response\r
+and works with SecurID Authentication Managers.\r
+\r
+Make sure you have Open files based on content, not file extension turned off in IE,\r
+if it thinks this is supposed to be a regular HTML page instead of source.\r
+\r
+I think I have enough plain text lines at the top now to prevent that.\r
+\r
+-brett@silcon.com\r
+------------------------------------------------------------------------------------\r
+\r
+<html>\r
+<head><title>RSA Test</title></head>\r
+<body bgcolor=#ffffff text=#000000>\r
+<?php\r
+$challenge = false;\r
+$loginAccepted = false;\r
+$error = false;\r
+\r
+if (isset($_POST['uname'])) {\r
+       $radius = radius_auth_open();\r
+\r
+       if (!radius_add_server($radius,'{SERVERS_IP}',1645,'{SHARED_SECRET}',60,1)) {\r
+               $error = radius_strerror($radius);\r
+       } else if (!radius_create_request($radius,RADIUS_ACCESS_REQUEST)) {\r
+               $error = radius_strerror($radius);\r
+       } else {\r
+\r
+               radius_put_attr($radius,RADIUS_USER_NAME,$_POST['uname']);\r
+               if (isset($_POST['challenge'])) {\r
+                       radius_put_attr($radius,RADIUS_USER_PASSWORD,$_POST['challenge']);\r
+                       radius_put_attr($radius, RADIUS_STATE, $_POST['state']);\r
+               } else {\r
+                       radius_put_attr($radius,RADIUS_USER_PASSWORD,$_POST['upw']);\r
+               }\r
+\r
+\r
+               $result = radius_send_request($radius);\r
+               if ($result == RADIUS_ACCESS_ACCEPT) {\r
+                       $loginAccepted = true;\r
+       \r
+               } else if ($result == RADIUS_ACCESS_REJECT) {\r
+                       $loginAccepted = false;\r
+       \r
+               } else if ($result == RADIUS_ACCESS_CHALLENGE) {\r
+                       // When we get a challenge, return the response as the password\r
+                       // and return RADIUS_STATE as given\r
+               \r
+                       $challenge = true;\r
+                       $challengePrompt = false;\r
+                       $challengeState = false;\r
+                       $challengeStatus = false;\r
+       \r
+       \r
+                       // loop through attributes.\r
+                       while ($attrArray = radius_get_attr($radius)) {\r
+                               if (!is_array($attrArray)) break;\r
+                               if ($attrArray['attr'] == RADIUS_REPLY_MESSAGE) $challengePrompt = $attrArray['data'];\r
+                               if ($attrArray['attr'] == RADIUS_STATE) {\r
+                                       $challengeState = false;\r
+                                       $parts = explode('|', $attrArray['data']);\r
+                                       if (sizeof($parts) == 2) {\r
+                                               if (strlen($parts[0]) == 12) {\r
+                                                       if (strcmp(substr($parts[0], 0, 8), "SECURID_") == 0) {\r
+                                                               $challengeStatus = substr($parts[0], 8);\r
+                                                               $challengeState = $attrArray['data'];\r
+                                                       }\r
+                                               }\r
+                                       }\r
+                               }\r
+                       }\r
+                       if ($challengePrompt === false) $error = "Error receiving challenge prompt";\r
+       \r
+               } else {\r
+                       $error = radius_strerror($radius);\r
+               }\r
+       }\r
+       if ($error !== false) {\r
+               print "There was an error trying to authenticate.<br>";\r
+               print "<i>" . $error . "</i><br>";\r
+               print "<hr>";\r
+       }\r
+}\r
+?>\r
+<!-- PRESENT THE LOGIN FORM -->\r
+<?\r
+       if ($challenge && (strcmp($challengeStatus, "WAIT") != 0)) {\r
+               print "<h1>SecurID Challenge</h1>";\r
+       } else if ($challenge && (strcmp($challengeStatus, "WAIT") == 0)) {\r
+               print "<h1>SecurID Response Accepted</h1>";\r
+               print "<h3>" . $challengePrompt . "</h3>";\r
+       } else if ($loginAccepted) {\r
+               print "<h1>SecurID Login Accepted</h1>";\r
+       } else if (!isset($_POST['uname'])) {\r
+               print "<h1>SecurID Login</h1>";\r
+       } else {\r
+               print "<h1>SecurID Login Failure</h1>";\r
+               print "<h3>Please try again</h3>";\r
+               print "<em>(if after two tries, you're still getting a failure, try just your token code)</em>";\r
+       }\r
+?>\r
+\r
+<form action=<? print $_SERVER['PHP_SELF']; ?> method=POST>\r
+       Username: <input type=text name=uname size=30 value="blt"><br>\r
+\r
+<!-- IF WE'RE NOT ANSWERING A CHALLENGE, PRESENT THE REGULAR PROMPT. -->\r
+<!-- WAIT STATE MEANS WE JUST ANSWERED A RESPONSE SUCCESSFULLY. -->\r
+<!-- ALSO SHOW REGULAR PROMPT AFTER ERROR -->\r
+<? if (!$challenge || (strcmp($challengeStatus, "WAIT") == 0) || ($error !== false)) { ?>\r
+       Password: <input type=password name=upw size=30 value=""><br>\r
+<? } else { ?>\r
+       <hr><? print $challengePrompt; ?><br>\r
+       Response: <input type=password name=challenge size=30 value=""><br>\r
+       <input type=hidden name=state value="<? print addslashes($challengeState); ?>">\r
+       <hr>\r
+<? } ?>\r
+<input type=submit name=submit value="Log In">\r
+</form>\r
+</body>\r
+</html>\r