global $config;
+ $retvalue = array();
$nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
$nas_port = $ruleno - 10000;
$radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
$callingstationid = $clientmac;
}
- if ($debug)
- echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
-
// Create our instance
$racct = new Auth_RADIUS_Acct_Start;
* RADIUS_AUTH_REMOTE => authenticated remote
*
*/
-
$racct->authentic = RADIUS_AUTH_RADIUS;
// Construct data package
- $racct->addServer($radiusip, $radiusport, $radiuskey);
$racct->username = $username;
+ $racct->addServer($radiusip, $radiusport, $radiuskey);
+
if (PEAR::isError($racct->start())) {
$retvalue['acct_val'] = 1;
$retvalue['error'] = $racct->getMessage();
if ($debug)
printf("Radius start: %s<br>\n", $retvalue['error']);
+ // If we encounter an error immediately stop this function and go back
+ $racct->close();
+ return $retvalue;
/* Old code:
* $status = $racct->start();
*/
// Default attributes
+ $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND);
$racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
$racct->putAttribute(RADIUS_NAS_PORT, $nas_port);
$racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid);
- $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND);
// Extra data to identify the client and nas
$racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip);
// Send request
$result = $racct->send();
+
+ // Evaluation of the response
+ // 5 -> Accounting-Response
+ // See RFC2866 for this.
if (PEAR::isError($result)) {
$retvalue['acct_val'] = 1;
$retvalue['error'] = $result->getMessage();
$racct->close();
return $retvalue ;
- // 5 -> Accounting-Response
- // See RFC2866 for this.
}
global $config;
+ $retvalue = array();
$nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
$nas_port = $ruleno - 10000;
$radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
$callingstationid = $clientmac;
}
- if ($debug)
- echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
-
- // See if we should use Accounting Interim Updates or Accounting STOP messages
+ // Create our instance, see if we should use Accounting Interim Updates or Accounting STOP messages
if ($interimupdate)
$racct = new_Auth_RADIUS_Acct_Update;
else
$racct->authentic = RADIUS_AUTH_RADIUS;
// Construct data package
- $racct->addServer($radiusip, $radiusport, $radiuskey);
$racct->username = $username;
+ $racct->addServer($radiusip, $radiusport, $radiuskey);
+
if (PEAR::isError($racct->start())) {
$retvalue['acct_val'] = 1;
$retvalue['error'] = $racct->getMessage();
if ($debug)
printf("Radius start: %s<br>\n", $retvalue['error']);
+ // If we encounter an error immediately stop this function and go back
+ $racct->close();
+ return $retvalue;
}
- // you can put any additional attributes here
- //$racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
-
// Default attributes
+ $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND);
$racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
$racct->putAttribute(RADIUS_NAS_PORT, $nas_port);
$racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid);
- $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND);
// We have 2 ways to set the session-time, we will see which one to use in a later version
// $racct->session_time = $session_time;
// Send request
$result = $racct->send();
+
+ // Evaluation of the response
+ // 5 -> Accounting-Response
+ // See RFC2866 for this.
if (PEAR::isError($result)) {
$retvalue['acct_val'] = 1;
$retvalue['error'] = $result->getMessage();
// close OO RADIUS_ACCOUNTING
$racct->close();
- return $retvalue ;
- // 5 -> Accounting-Response
- // See RFC2866 for this.
-
-}
-
-/**
- * Deprecated function that shouldn't be used anymore if get_current_wan_address() works
- *
- */
+ return $retvalue;
+ // Construct data package
+ $racct->addServer($radiusip, $radiusport, $radiuskey);
+ $racct->username = $username;
-function get_nas_ip() {
- global $config;
+ if (PEAR::isError($racct->start())) {
+ $retvalue['acct_val'] = 1;
+ $retvalue['error'] = $racct->getMessage();
+ if ($debug)
+ printf("Radius start: %s<br>\n", $retvalue['error']);
+ // If we encounter an error immediately stop this function and go back
+ $racct->close();
+ return $retvalue;
+ }
- /* static WAN IP address */
- return $config['interfaces']['wan']['ipaddr'];
}
$gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 2147483647) ;
return $gigawords;
+
}
function remainder($bytes) {
$bytes = bcmod($bytes, 2147483647);
return $bytes;
+
}
?>
*/
function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) {
+
global $config;
- /* Initialisation of variables - Constructor */
$retvalue = array();
- $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null;
$nas_mac = get_interface_mac($config['interfaces']['wan']['if']);
$nas_port = $ruleno - 10000;
$radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null;
+ // Do we even need to set it to NULL?
+ $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null;
- exec("/bin/hostname", $nasHostname) ;
- if(!$nasHostname[0])
- $nasHostname[0] = "m0n0wall" ;
-
-$rauth = new Auth_RADIUS_PAP($username, $password);
-
-/*
-Add support for more then one radiusserver.
-At most 10 servers may be specified.
-When multiple servers are given, they are tried in round-robin fashion until a valid response is received
-*/
-
-foreach ($radiusservers as $radsrv) {
+ switch($radiusvendor) {
- // Add a new server to our instance
- $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
-
-}
+ case 'cisco':
+ $calledstationid = $clientmac;
+ $callingstationid = $clientip;
+ break;
-$rauth->username = $username;
-$rauth->password = $password;
+ default:
+ $calledstationid = $nas_mac;
+ $callingstationid = $clientmac;
+ }
+ // Create our instance
+ $rauth = new Auth_RADIUS_PAP($username, $password);
-if (!$rauth->start()) {
- $retvalue['auth_val'] = 1;
- $retvalue['error'] = $rauth->getError();
- if ($debug)
- printf("Radius start: %s<br>\n", $retvalue['error']);
-}
-else {
+ /*
+ Add support for more then one radiusserver.
+ At most 10 servers may be specified.
+ When multiple servers are given, they are tried in round-robin fashion until a valid response is received
+ */
- // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius
- // 2 -> Access-Accept
- // 3 -> Access-Reject
- // See RFC2865 for this.
+ foreach ($radiusservers as $radsrv) {
- /*
- * We put our attributes in here
- */
+ // Add a new server to our instance
+ $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']);
- switch($radiusvendor) {
+ }
- case 'cisco':
- $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $clientmac);
- $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientip);
- break;
+ // Construct data package
+ $rauth->username = $username;
+ $rauth->password = $password;
- default:
- $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $nas_mac);
- $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientmac);
+ if (PEAR::isError($rauth->start())) {
+ $retvalue['auth_val'] = 1;
+ $retvalue['error'] = $rauth->getError();
+ if ($debug)
+ printf("Radius start: %s<br>\n", $retvalue['error']);
+ // If we encounter an error immediately stop this function and go back
+ $rauth->close();
+ return $retvalue;
}
// Default attributes
+ $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND);
+ $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
$rauth->putAttribute(RADIUS_NAS_PORT, $nas_port);
- // Send request
+ // Extra data to identify the client and nas
+ $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip);
+ $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);
+ $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
+ // Send request
$result = $rauth->send();
+
+ // Evaluation of the response
+ // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius
+ // 2 -> Access-Accept
+ // 3 -> Access-Reject
+ // See RFC2865 for this.
if (PEAR::isError($result)) {
$retvalue['auth_val'] = 1;
$retvalue['error'] = $result->getMessage();
$stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt)));
}
}
- }
- // close OO RADIUS_AUTHENTICATION
- $rauth->close();
+ // close OO RADIUS_AUTHENTICATION
+ $rauth->close();
- return $retvalue;
+ return $retvalue;
}
projects / m0n0chwall.git / commitdiff