<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
/*
-$Id$
-
-Copyright (c) 2003, Michael Bretterklieber <michael@bretterklieber.com>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-3. The names of the authors may not be used to endorse or promote products
- derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-This code cannot simply be copied and put under the GNU Public License or
-any other GPL-like (LGPL, GPL2) License.
-
- This version of RADIUS.php has been modified by
- Jonathan De Graeve <jonathan@imelda.be> to integrate with M0n0wall <http://www.m0n0.ch/wall>
-
- Changes made include:
- * StandardAttributes for M0n0wall use
- * Removed internal Session-Id creation
- * Adding of ReplyMessage to getAttributes()
- * Adding of listAttributes()
- * Adding of VENDOR Bay Networks (Nortel)
- * Adding of VENDOR Nomadix
- * Adding of VENDOR WISPr (Wi-Fi Alliance)
-
+ $Id$
+
+ Copyright (c) 2003, Michael Bretterklieber <michael@bretterklieber.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The names of the authors may not be used to endorse or promote products
+ derived from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ This code cannot simply be copied and put under the GNU Public License or
+ any other GPL-like (LGPL, GPL2) License.
+
+ This version of RADIUS.php has been modified by
+ Jonathan De Graeve <jonathan@imelda.be> to integrate with M0n0wall <http://www.m0n0.ch/wall>
+
+ Changes made include:
+ * StandardAttributes for M0n0wall use
+ * Removed internal Session-Id creation
+ * Adding of ReplyMessage to getAttributes()
+ * Adding of listAttributes()
+ * Adding of VENDOR Bay Networks (Nortel)
+ * Adding of VENDOR Nomadix
+ * Adding of VENDOR WISPr (Wi-Fi Alliance)
+
*/
require_once("pear.inc");
+require_once("radius_authentication.inc");
+require_once("radius_accounting.inc");
/**
* Client implementation of RADIUS. This are wrapper classes for
-* the RADIUS PECL.
+* the RADIUS PECL
* Provides RADIUS Authentication (RFC2865) and RADIUS Accounting (RFC2866).
*
* @package Auth_RADIUS
* @see addServer(), putServer()
*/
var $_servers = array();
-
+
/**
* Path to the configuration-file.
* @var string
* @see setConfigFile()
*/
var $_configfile = null;
-
+
/**
* Resource.
* @var resource
* @see open(), close()
*/
var $res = null;
-
+
/**
* Username for authentication and accounting requests.
* @var string
* @see dumpAttributes(), getAttributes()
*/
var $attributes = array();
-
+
/**
* List of raw attributes.
* @var array
* @var array
* @see dumpAttributes(), getAttributes()
*/
- var $rawVendorAttributes = array();
-
+ var $rawVendorAttributes = array();
+
/**
* Constructor
*
{
$this->PEAR();
}
-
+
/**
* Adds a RADIUS server to the list of servers for requests.
*
- * At most 10 servers may be specified. When multiple servers
+ * At most 10 servers may be specified. When multiple servers
* are given, they are tried in round-robin fashion until a
* valid response is received
*
* @param integer $port Portnumber
* @param string $sharedSecret Shared secret
* @param integer $timeout Timeout for each request
- * @param integer $maxtries Max. retries for each request
+ * @param integer $maxtries Max. retries for each request
* @return void
*/
function addServer($servername = 'localhost', $port = 0, $sharedSecret = 'testing123', $timeout = 5, $maxtries = 3)
{
- $this->_servers[] = array($servername, $port, $sharedSecret, $timeout, $maxtries);
+ $this->_servers[] = array($servername, $port, $sharedSecret, $timeout, $maxtries);
}
/**
* Sets the configuration-file.
*
* @access public
- * @param string $file Path to the configuration file
+ * @param string $file Path to the configuration file
* @return void
- */
+ */
function setConfigfile($file)
{
$this->_configfile = $file;
* @param mixed $port Attribute-value
* @param type $type Attribute-type
* @return bool true on success, false on error
- */
+ */
function putAttribute($attrib, $value, $type = null)
{
if ($type == null) {
}
}
-
+
/**
* Puts a vendor-specific attribute.
*
*/
function putVendorAttribute($vendor, $attrib, $value, $type = null)
{
-
+
if ($type == null) {
$type = gettype($value);
}
-
+
switch ($type) {
case 'integer':
return radius_put_vendor_int($this->res, $vendor, $attrib, $value);
-
+
case 'addr':
return radius_put_vendor_addr($this->res, $vendor,$attrib, $value);
-
+
case 'string':
default:
return radius_put_vendor_attr($this->res, $vendor, $attrib, $value);
}
-
- }
+
+ }
/**
* Prints known attributes received from the server.
*
* @access public
- */
+ */
function dumpAttributes()
{
foreach ($this->attributes as $name => $data) {
* Overwrite this.
*
* @access public
- */
+ */
function open()
{
}
* Overwrite this.
*
* @access public
- */
+ */
function createRequest()
{
}
-
+
/**
* Puts standard attributes.
*
* These attributes will always be present in a radius request
*
* @access public
- */
+ */
function putStandardAttributes()
{
- // Not sure if these need to be in here but for the moment its ok
- $this->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
- $this->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
// Add support for sending NAS-IP-Address, set this explicitly as an ip_addr
$this->putAttribute(RADIUS_NAS_IP_ADDRESS, getNasIP(), addr);
$this->putAttribute(RADIUS_NAS_IDENTIFIER, getNasID());
}
-
+
/**
* Puts custom attributes.
*
* @access public
- */
+ */
function putAuthAttributes()
{
if (isset($this->username)) {
- $this->putAttribute(RADIUS_USER_NAME, $this->username);
+ $this->putAttribute(RADIUS_USER_NAME, $this->username);
}
}
-
+
/**
* Configures the radius library.
*
* @param integer $port Portnumber
* @param string $sharedSecret Shared secret
* @param integer $timeout Timeout for each request
- * @param integer $maxtries Max. retries for each request
+ * @param integer $maxtries Max. retries for each request
* @return bool true on success, false on error
* @see addServer()
- */
+ */
function putServer($servername, $port = 0, $sharedsecret = 'testing123', $timeout = 3, $maxtries = 3)
{
if (!radius_add_server($this->res, $servername, $port, $sharedsecret, $timeout, $maxtries)) {
}
return true;
}
-
+
/**
* Configures the radius library via external configurationfile
*
* @access public
* @param string $servername Servername or IP-Address
* @return bool true on success, false on error
- */
+ */
function putConfigfile($file)
{
if (!radius_config($this->res, $file)) {
return false;
}
return true;
- }
-
+ }
+
/**
* Initiates a RADIUS request.
*
if (!$this->open()) {
return false;
}
-
+
foreach ($this->_servers as $s) {
- // Servername, port, sharedsecret, timeout, retries
+ // Servername, port, sharedsecret, timeout, retries
if (!$this->putServer($s[0], $s[1], $s[2], $s[3], $s[4])) {
return false;
}
}
-
+
if (!empty($this->_configfile)) {
if (!$this->putConfigfile($this->_configfile)) {
return false;
}
}
-
+
$this->createRequest();
$this->putStandardAttributes();
$this->putAuthAttributes();
return true;
}
-
+
/**
* Sends a prepared RADIUS request and waits for a response
*
* @access public
* @return mixed true on success, false on reject, PEAR_Error on error
- */
+ */
function send()
{
$req = radius_send_request($this->res);
case RADIUS_ACCESS_REJECT:
return false;
-
+
case RADIUS_ACCOUNTING_RESPONSE:
if (is_subclass_of($this, 'auth_radius_pap')) {
return $this->raiseError('RADIUS_ACCOUNTING_RESPONSE is unexpected for authentication');
default:
return $this->raiseError("Unexpected return value: $req");
}
-
+
}
/**
* Reads all received attributes after sending the request.
*
- * This methos stores know attributes in the property attributes,
- * all attributes (including known attibutes) are stored in rawAttributes
+ * This methos stores know attributes in the property attributes,
+ * all attributes (including known attibutes) are stored in rawAttributes
* or rawVendorAttributes.
- * NOTE: call this functio also even if the request was rejected, because the
+ * NOTE: call this functio also even if the request was rejected, because the
* Server returns usualy an errormessage
*
* @access public
* @return bool true on success, false on error
- */
+ */
function getAttributes()
{
if (!is_array($attribv)) {
return false;
}
-
+
$vendor = $attribv['vendor'];
$attrv = $attribv['attr'];
$datav = $attribv['data'];
-
+
$this->rawVendorAttributes[$vendor][$attrv] = $datav;
if ($vendor == RADIUS_VENDOR_MICROSOFT) {
}
}
- if ($vendor == 3309) { /* RADIUS_VENDOR_NOMADIX */
+ if ($vendor == 3309) { /* RADIUS_VENDOR_NOMADIX */
switch ($attrv) {
case 1: /* RADIUS_NOMADIX_BW_UP */
}
}
- if ($vendor == 14122) { /* RADIUS_VENDOR_WISPr Wi-Fi Alliance */
-
- switch ($attrv) {
- case 1: /* WISPr-Location-ID */
- $this->attributes['location_id'] = radius_cvt_string($datav);
- break;
- case 2: /* WISPr-Location-Name */
- $this->attributes['location_name'] = radius_cvt_string($datav);
- break;
- case 3: /* WISPr-Logoff-URL */
- $this->attributes['url_logoff'] = radius_cvt_string($datav);
- break;
- case 4: /* WISPr-Redirection-URL */
- $this->attributes['url_redirection'] = radius_cvt_string($datav);
- break;
- case 5: /* WISPr-Bandwidth-Min-Up */
- $this->attributes['bw_minbytesup'] = radius_cvt_int($datav);
- break;
- case 6: /* WISPr-Bandwidth-Min-Down */
- $this->attributes['bw_minbytesdown'] = radius_cvt_int($datav);
- break;
- case 7: /* WIPSr-Bandwidth-Max-Up */
- $this->attributes['bw_maxbytesup'] = radius_cvt_int($datav);
- break;
- case 8: /* WISPr-Bandwidth-Max-Down */
- $this->attributes['bw_maxbytesdown'] = radius_cvt_int($datav);
- break;
- case 9: /* WISPr-Session-Terminate-Time */
- $this->attributes['session_terminate_time'] = radius_cvt_string($datav);
- break;
- case 10: /* WISPr-Session-Terminate-End-Of-Day */
- $this->attributes['session_terminate_endofday'] = radius_cvt_int($datav);
- break;
- case 11: /* WISPr-Billing-Class-Of-Service */
- $this->attributes['billing_class_of_service'] = radius_cvt_string($datav);
- break;
- }
- }
+ if ($vendor == 14122) { /* RADIUS_VENDOR_WISPr Wi-Fi Alliance */
+
+ switch ($attrv) {
+ case 1: /* WISPr-Location-ID */
+ $this->attributes['location_id'] = radius_cvt_string($datav);
+ break;
+ case 2: /* WISPr-Location-Name */
+ $this->attributes['location_name'] = radius_cvt_string($datav);
+ break;
+ case 3: /* WISPr-Logoff-URL */
+ $this->attributes['url_logoff'] = radius_cvt_string($datav);
+ break;
+ case 4: /* WISPr-Redirection-URL */
+ $this->attributes['url_redirection'] = radius_cvt_string($datav);
+ break;
+ case 5: /* WISPr-Bandwidth-Min-Up */
+ $this->attributes['bw_minbytesup'] = radius_cvt_int($datav);
+ break;
+ case 6: /* WISPr-Bandwidth-Min-Down */
+ $this->attributes['bw_minbytesdown'] = radius_cvt_int($datav);
+ break;
+ case 7: /* WIPSr-Bandwidth-Max-Up */
+ $this->attributes['bw_maxbytesup'] = radius_cvt_int($datav);
+ break;
+ case 8: /* WISPr-Bandwidth-Max-Down */
+ $this->attributes['bw_maxbytesdown'] = radius_cvt_int($datav);
+ break;
+ case 9: /* WISPr-Session-Terminate-Time */
+ $this->attributes['session_terminate_time'] = radius_cvt_string($datav);
+ break;
+ case 10: /* WISPr-Session-Terminate-End-Of-Day */
+ $this->attributes['session_terminate_endofday'] = radius_cvt_int($datav);
+ break;
+ case 11: /* WISPr-Billing-Class-Of-Service */
+ $this->attributes['billing_class_of_service'] = radius_cvt_string($datav);
+ break;
+ }
+ }
break;
-
+
}
- }
+ }
return true;
}
-
+
/**
* Frees resources.
*
* attributes are filled with Nullbytes to leave nothing in the mem.
*
* @access public
- */
+ */
function close()
{
if ($this->res != null) {
$this->username = str_repeat("\0", strlen($this->username));
$this->password = str_repeat("\0", strlen($this->password));
}
-
+
}
/**
* class Auth_RADIUS_PAP
*
* Class for authenticating using PAP (Plaintext)
- *
+ *
* @package Auth_RADIUS
*/
class Auth_RADIUS_PAP extends Auth_RADIUS
$this->username = $username;
$this->password = $password;
}
-
+
/**
* Creates a RADIUS resource
*
}
return true;
}
-
+
/**
* Creates an authentication request
*
function putAuthAttributes()
{
if (isset($this->username)) {
- $this->putAttribute(RADIUS_USER_NAME, $this->username);
+ $this->putAttribute(RADIUS_USER_NAME, $this->username);
}
if (isset($this->password)) {
$this->putAttribute(RADIUS_USER_PASSWORD, $this->password);
* Class for authenticating using CHAP-MD5 see RFC1994.
* Instead og the plaintext password the challenge and
* the response are needed.
- *
+ *
* @package Auth_RADIUS
*/
class Auth_RADIUS_CHAP_MD5 extends Auth_RADIUS_PAP
* @var string
*/
var $response = null;
-
+
/**
* Id of the authentication request. Should incremented after every request.
* @var integer
*/
var $chapid = 1;
-
+
/**
* Constructor
*
$this->challenge = $challenge;
$this->chapid = $chapid;
}
-
+
/**
* Put CHAP-MD5 specific attributes
*
$this->putAttribute(RADIUS_CHAP_CHALLENGE, $this->challenge);
}
}
-
+
/**
* Frees resources.
*
* attributes are filled with Nullbytes to leave nothing in the mem.
*
* @access public
- */
+ */
function close()
{
Auth_RADIUS_PAP::close();
$this->challenge = str_repeat("\0", strlen($this->challenge));
$this->response = str_repeat("\0", strlen($this->response));
- }
-
+ }
+
}
/**
* class Auth_RADIUS_MSCHAPv1
*
* Class for authenticating using MS-CHAPv1 see RFC2433
- *
+ *
* @package Auth_RADIUS
*/
class Auth_RADIUS_MSCHAPv1 extends Auth_RADIUS_CHAP_MD5
* @var bool
*/
var $flags = 1;
-
+
/**
* Put MS-CHAPv1 specific attributes
*
* u_char lm_response[24];
* u_char response[24];
* };
- *
+ *
* @return void
*/
function putAuthAttributes()
{
if (isset($this->username)) {
- $this->putAttribute(RADIUS_USER_NAME, $this->username);
+ $this->putAttribute(RADIUS_USER_NAME, $this->username);
}
if (isset($this->response) || isset($this->lmResponse)) {
$lmResp = isset($this->lmResponse) ? $this->lmResponse : str_repeat ("\0", 24);
$resp = pack('CC', $this->chapid, $this->flags) . $lmResp . $ntResp;
$this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp);
}
- if (isset($this->challenge)) {
+ if (isset($this->challenge)) {
$this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge);
}
- }
+ }
}
/**
* class Auth_RADIUS_MSCHAPv2
*
* Class for authenticating using MS-CHAPv2 see RFC2759
- *
+ *
* @package Auth_RADIUS
*/
class Auth_RADIUS_MSCHAPv2 extends Auth_RADIUS_MSCHAPv1
* @var string
*/
var $challenge = null;
-
+
/**
* 16 Bytes binary Peer Challenge
* @var string
* };
* where pchallenge is the peer challenge. Like for MS-CHAPv1 we set the flags field to 1.
* @return void
- */
+ */
function putAuthAttributes()
{
if (isset($this->username)) {
if (isset($this->challenge)) {
$this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge);
}
- }
-
+ }
+
/**
* Frees resources.
*
{
Auth_RADIUS_MSCHAPv1::close();
$this->peerChallenge = str_repeat("\0", strlen($this->peerChallenge));
- }
+ }
}
/**
* @var string
*/
var $session_id = null;
-
+
/**
* Constructor
*
function Auth_RADIUS_Acct()
{
$this->Auth_RADIUS();
-
+
if (isset($_SERVER)) {
$var = &$_SERVER;
} else {
return false;
}
return true;
- }
-
+ }
+
/**
* Put attributes for accounting.
*
*/
function putAuthAttributes()
{
- /* Remove the internal ACCT_SESSION_ID function since we are going to set it manually
- $this->putAttribute(RADIUS_ACCT_SESSION_ID, $this->session_id);
- */
+ if (isset($this->username)) {
+ $this->putAttribute(RADIUS_USER_NAME, $this->username);
+ }
$this->putAttribute(RADIUS_ACCT_STATUS_TYPE, $this->status_type);
if (isset($this->session_time) && $this->status_type == RADIUS_STOP) {
$this->putAttribute(RADIUS_ACCT_SESSION_TIME, $this->session_time);
if (isset($this->authentic)) {
$this->putAttribute(RADIUS_ACCT_AUTHENTIC, $this->authentic);
}
-
- }
-
+
+ }
+
}
/**
* Defines the type of the accounting request.
* It is set to RADIUS_START by default in this class.
* @var integer
- */
+ */
var $status_type = RADIUS_START;
}
projects / m0n0chwall.git / commitdiff