From 23fb78df80691e44833bfde5e4d03660c08b3281 Mon Sep 17 00:00:00 2001 From: jdegraeve Date: Thu, 9 Feb 2006 15:33:35 +0000 Subject: [PATCH] Update all code to make everything more the same to make problem solving much easier. Planning to make this code OO since that would be so much better (less code) git-svn-id: https://svn.m0n0.ch/wall/trunk@68 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- captiveportal/radius_accounting.inc | 69 +++++++++-------- captiveportal/radius_authentication.inc | 98 +++++++++++++------------ phpconf/inc/radius.inc | 17 ++++- 3 files changed, 103 insertions(+), 81 deletions(-) diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc index 6c492b5..92eb788 100644 --- a/captiveportal/radius_accounting.inc +++ b/captiveportal/radius_accounting.inc @@ -47,6 +47,7 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp global $config; + $retvalue = array(); $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); $nas_port = $ruleno - 10000; $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; @@ -63,9 +64,6 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp $callingstationid = $clientmac; } - if ($debug) - echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; - // Create our instance $racct = new Auth_RADIUS_Acct_Start; @@ -78,17 +76,20 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp * RADIUS_AUTH_REMOTE => authenticated remote * */ - $racct->authentic = RADIUS_AUTH_RADIUS; // Construct data package - $racct->addServer($radiusip, $radiusport, $radiuskey); $racct->username = $username; + $racct->addServer($radiusip, $radiusport, $radiuskey); + if (PEAR::isError($racct->start())) { $retvalue['acct_val'] = 1; $retvalue['error'] = $racct->getMessage(); if ($debug) printf("Radius start: %s
\n", $retvalue['error']); + // If we encounter an error immediately stop this function and go back + $racct->close(); + return $retvalue; /* Old code: * $status = $racct->start(); @@ -105,10 +106,10 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp */ // Default attributes + $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND); $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); $racct->putAttribute(RADIUS_NAS_PORT, $nas_port); $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); - $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND); // Extra data to identify the client and nas $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip); @@ -117,6 +118,10 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp // Send request $result = $racct->send(); + + // Evaluation of the response + // 5 -> Accounting-Response + // See RFC2866 for this. if (PEAR::isError($result)) { $retvalue['acct_val'] = 1; $retvalue['error'] = $result->getMessage(); @@ -136,8 +141,6 @@ function RADIUS_ACCOUNTING_START($ruleno,$username,$sessionid,$radiusip,$radiusp $racct->close(); return $retvalue ; - // 5 -> Accounting-Response - // See RFC2866 for this. } @@ -150,6 +153,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius global $config; + $retvalue = array(); $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); $nas_port = $ruleno - 10000; $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; @@ -173,10 +177,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius $callingstationid = $clientmac; } - if ($debug) - echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; - - // See if we should use Accounting Interim Updates or Accounting STOP messages + // Create our instance, see if we should use Accounting Interim Updates or Accounting STOP messages if ($interimupdate) $racct = new_Auth_RADIUS_Acct_Update; else @@ -200,23 +201,24 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius $racct->authentic = RADIUS_AUTH_RADIUS; // Construct data package - $racct->addServer($radiusip, $radiusport, $radiuskey); $racct->username = $username; + $racct->addServer($radiusip, $radiusport, $radiuskey); + if (PEAR::isError($racct->start())) { $retvalue['acct_val'] = 1; $retvalue['error'] = $racct->getMessage(); if ($debug) printf("Radius start: %s
\n", $retvalue['error']); + // If we encounter an error immediately stop this function and go back + $racct->close(); + return $retvalue; } - // you can put any additional attributes here - //$racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN); - // Default attributes + $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND); $racct->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); $racct->putAttribute(RADIUS_NAS_PORT, $nas_port); $racct->putAttribute(RADIUS_ACCT_SESSION_ID, $sessionid); - $racct->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND); // We have 2 ways to set the session-time, we will see which one to use in a later version // $racct->session_time = $session_time; @@ -241,6 +243,10 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius // Send request $result = $racct->send(); + + // Evaluation of the response + // 5 -> Accounting-Response + // See RFC2866 for this. if (PEAR::isError($result)) { $retvalue['acct_val'] = 1; $retvalue['error'] = $result->getMessage(); @@ -259,22 +265,21 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius // close OO RADIUS_ACCOUNTING $racct->close(); - return $retvalue ; - // 5 -> Accounting-Response - // See RFC2866 for this. - -} - -/** - * Deprecated function that shouldn't be used anymore if get_current_wan_address() works - * - */ + return $retvalue; + // Construct data package + $racct->addServer($radiusip, $radiusport, $radiuskey); + $racct->username = $username; -function get_nas_ip() { - global $config; + if (PEAR::isError($racct->start())) { + $retvalue['acct_val'] = 1; + $retvalue['error'] = $racct->getMessage(); + if ($debug) + printf("Radius start: %s
\n", $retvalue['error']); + // If we encounter an error immediately stop this function and go back + $racct->close(); + return $retvalue; + } - /* static WAN IP address */ - return $config['interfaces']['wan']['ipaddr']; } @@ -289,6 +294,7 @@ function gigawords($bytes) { $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 2147483647) ; return $gigawords; + } function remainder($bytes) { @@ -297,6 +303,7 @@ function remainder($bytes) { $bytes = bcmod($bytes, 2147483647); return $bytes; + } ?> diff --git a/captiveportal/radius_authentication.inc b/captiveportal/radius_authentication.inc index 14f8664..4759127 100644 --- a/captiveportal/radius_authentication.inc +++ b/captiveportal/radius_authentication.inc @@ -43,73 +43,76 @@ RADIUS AUTHENTICATION */ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) { + global $config; - /* Initialisation of variables - Constructor */ $retvalue = array(); - $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null; $nas_mac = get_interface_mac($config['interfaces']['wan']['if']); $nas_port = $ruleno - 10000; $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; + // Do we even need to set it to NULL? + $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null; - exec("/bin/hostname", $nasHostname) ; - if(!$nasHostname[0]) - $nasHostname[0] = "m0n0wall" ; - -$rauth = new Auth_RADIUS_PAP($username, $password); - -/* -Add support for more then one radiusserver. -At most 10 servers may be specified. -When multiple servers are given, they are tried in round-robin fashion until a valid response is received -*/ - -foreach ($radiusservers as $radsrv) { + switch($radiusvendor) { - // Add a new server to our instance - $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); - -} + case 'cisco': + $calledstationid = $clientmac; + $callingstationid = $clientip; + break; -$rauth->username = $username; -$rauth->password = $password; + default: + $calledstationid = $nas_mac; + $callingstationid = $clientmac; + } + // Create our instance + $rauth = new Auth_RADIUS_PAP($username, $password); -if (!$rauth->start()) { - $retvalue['auth_val'] = 1; - $retvalue['error'] = $rauth->getError(); - if ($debug) - printf("Radius start: %s
\n", $retvalue['error']); -} -else { + /* + Add support for more then one radiusserver. + At most 10 servers may be specified. + When multiple servers are given, they are tried in round-robin fashion until a valid response is received + */ - // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius - // 2 -> Access-Accept - // 3 -> Access-Reject - // See RFC2865 for this. + foreach ($radiusservers as $radsrv) { - /* - * We put our attributes in here - */ + // Add a new server to our instance + $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['key']); - switch($radiusvendor) { + } - case 'cisco': - $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $clientmac); - $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientip); - break; + // Construct data package + $rauth->username = $username; + $rauth->password = $password; - default: - $rauth->putAttribute(RADIUS_CALLED_STATION_ID, $nas_mac); - $rauth->putAttribute(RADIUS_CALLING_STATION_ID, $clientmac); + if (PEAR::isError($rauth->start())) { + $retvalue['auth_val'] = 1; + $retvalue['error'] = $rauth->getError(); + if ($debug) + printf("Radius start: %s
\n", $retvalue['error']); + // If we encounter an error immediately stop this function and go back + $rauth->close(); + return $retvalue; } // Default attributes + $rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_OUTBOUND); + $rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET); $rauth->putAttribute(RADIUS_NAS_PORT, $nas_port); - // Send request + // Extra data to identify the client and nas + $racct->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip); + $racct->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid); + $racct->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid); + // Send request $result = $rauth->send(); + + // Evaluation of the response + // 1 -> Access-Request => We will use this value as an error indicator since we can't get a 1 back from the radius + // 2 -> Access-Accept + // 3 -> Access-Reject + // See RFC2865 for this. if (PEAR::isError($result)) { $retvalue['auth_val'] = 1; $retvalue['error'] = $result->getMessage(); @@ -145,12 +148,11 @@ else { $stt = strtotime(preg_replace("/\+(\d+):(\d+)$/", " +\${1}\${2}", preg_replace("/(\d+)T(\d+)/", "\${1} \${2}",$stt))); } } - } - // close OO RADIUS_AUTHENTICATION - $rauth->close(); + // close OO RADIUS_AUTHENTICATION + $rauth->close(); - return $retvalue; + return $retvalue; } diff --git a/phpconf/inc/radius.inc b/phpconf/inc/radius.inc index 0181db8..9538378 100644 --- a/phpconf/inc/radius.inc +++ b/phpconf/inc/radius.inc @@ -238,7 +238,20 @@ class Auth_RADIUS extends PEAR { return radius_put_int($this->res, $attrib, $value); case 'addr': - return radius_put_addr($this->res, $attrib, $value); + return radius_put_addr($this->res, $attrib, $value); // Construct data package + $racct->addServer($radiusip, $radiusport, $radiuskey); + $racct->username = $username; + + if (PEAR::isError($racct->start())) { + $retvalue['acct_val'] = 1; + $retvalue['error'] = $racct->getMessage(); + if ($debug) + printf("Radius start: %s
\n", $retvalue['error']); + // If we encounter an error immediately stop this function and go back + $racct->close(); + return $retvalue; + } + case 'string': default: @@ -448,7 +461,7 @@ class Auth_RADIUS extends PEAR { default: return $this->raiseError("Unexpected return value: $req"); - } + } } -- 2.25.1