freeauthd.php

Revision 9, 19.1 kB (checked in by evilbunny, 2 years ago)
More new setup fixes
Property svn:executable set to

Line
1	#!/usr/bin/php -q
2	<?
3	$faaddress = "127.0.0.1";
4	$faport = 10000;
5
6	$radaddress = "0.0.0.0";
7	$radport = 1812;
8
9	$uid = posix_getpwnam('freeauth');
10	if(!$permsdone)
11	{
12	checkperms($uid);
13	$permsdone = TRUE;
14	}
15
16	posix_setuid($uid['uid']);
17	posix_setgid($uid['gid']);
18
19	if(posix_getuid() != $uid['uid'])
20	die("Failed to drop privledges.\n");
21
22	$runradius = $runfreeauth = 1;
23	echo "Starting FreeAuth Daemon: ";
24	$freeauthpid = pcntl_fork();
25	if($freeauthpid == -1 && !$doradius)
26	{
27	die("Failed to background process\n");
28	} else if($freeauthpid && !$doradius) {
29	echo "OK\nStarting Radius Daemon: ";
30	$doradius = 1;
31	$radiuspid = pcntl_fork();
32	}
33
34	if($radiuspid == -1 && $doradius) {
35	die("Failed to background process\n");
36	} else if($radiuspid && $doradius) {
37	echo "OK\n";
38	die(0);
39	}
40
41	set_time_limit(0);
42
43	$SHM_KEY = ftok(__FILE__, chr(4));
44	$shmem = shm_attach($SHM_KEY, 1048576, 0600);
45
46	if(!$doradius)
47	{
48	$log = fopen("/var/log/freeauth.log", "a");
49	fputs($log, date("M j H:i:s")." EMS FreeAuth: Start-up Successful\n");
50
51	declare(ticks = 1);
52	pcntl_signal(SIGHUP, "sig_handler");
53	pcntl_signal(SIGTERM, "sig_handler");
54	pcntl_signal(SIGQUIT, "sig_handler");
55	pcntl_signal(SIGINT, "sig_handler");
56
57	loadconfig();
58
59	$sock = socket_create(AF_INET, SOCK_STREAM, 0);
60	socket_set_option($sock, SOL_SOCKET, SO_REUSEADDR, 1);
61	while(!@socket_bind($sock, $faaddress, $faport))
62	{
63	fputs($log, "Failed to bind to $faaddress:$faport, sleeping for 30 seconds\n");
64	sleep(30);
65	}
66	socket_listen($sock);
67
68	$clients = array($sock);
69
70	while($runfreeauth)
71	{
72	$read = $clients;
73	if(socket_select($read, $write = NULL, $except = NULL, 0) >= 1)
74	{
75	if(in_array($sock, $read))
76	{
77	$clients[] = $newsock = socket_accept($sock);
78	$key = array_search($sock, $read);
79	unset($read[$key]);
80	}
81
82	foreach($read as $read_sock)
83	{
84	$data = @socket_read($read_sock, 1024);
85	$clisock = array_search($read_sock, $clients);
86
87	if($data === false)
88	{
89	socket_close($clients[$clisock]);
90	unset($clients[$clisock]);
91	continue;
92	}
93
94	$data = trim($data);
95
96	if(!empty($data))
97	{
98	$bits = explode('\|', $data);
99	foreach($bits as $key => $val)
100	$bits[trim($key)] = trim($val);
101
102	$cmd = $bits[0];
103
104	if($cmd == 'die')
105	{
106	foreach($clients as $tmpsock)
107	socket_close($tmpsock);
108	die(0);
109	} else if($cmd == 'users') {
110	$tmp = "";
111	if(is_array($secrets))
112	foreach($secrets as $username => $secret)
113	$tmp .= "$username\|$secret\n";
114	socket_write($clients[$clisock], $tmp);
115	} else if($cmd == 'getuser') {
116	$tmp = "";
117	if($secrets[$username] != "")
118	$tmp .= "$username\|".$secrets[$username]."\n";
119	socket_write($clients[$clisock], $tmp);
120	} else if($cmd == 'adduser') {
121	$username = $bits['1'];
122	$secrets[$username] = substr($bits['2'], 0, 16);
123	saveusers();
124	socket_write($clients[$clisock], "OK\n");
125	} else if($cmd == 'deluser') {
126	$username = $bits['1'];
127	unset($secrets[$username]);
128	unset($aliases[$username]);
129	saveusers();
130	savealiases();
131	socket_write($clients[$clisock], "OK\n");
132	} else if($cmd == 'getalias') {
133	$username = $bits['1'];
134	$tmp = "";
135	if(is_array($aliases[$username]))
136	foreach($aliases[$username] as $key => $val)
137	$tmp .= "$username\|$key\n";
138	socket_write($clients[$clisock], $tmp);
139	} else if($cmd == 'addalias') {
140	$username = $bits['1'];
141	$alias = $bits['2'];
142	if($secrets[$username] != "")
143	$aliases[$username][$alias] = 1;
144	savealiases();
145	socket_write($clients[$clisock], "OK\n");
146	} else if($cmd == 'delalias') {
147	$username = $bits['1'];
148	$alias = $bits['2'];
149	unset($aliases[$username][$alias]);
150	savealiases();
151	socket_write($clients[$clisock], "OK\n");
152	} else if($cmd == 'getrealms') {
153	$tmp = "";
154	if(is_array($realms))
155	{
156	foreach($realms['realm'] as $key => $realm)
157	{
158	$secret = $realms['secret'][$key];
159	$ip = "";
160	if(is_array($realms['range'][$key]['cidr']))
161	foreach($realms['range'][$key]['cidr'] as $k => $v)
162	$ip .= "\|$v";
163	$tmp .= "$realm\|$secret$ip\n";
164	}
165	}
166
167	socket_write($clients[$clisock], $tmp);
168	} else if($cmd == 'getrealm') {
169	$tmp = "";
170	if(is_array($realms))
171	{
172	foreach($realms['realm'] as $key => $realm)
173	{
174	if($realm != $bits['1'])
175	continue;
176
177	$secret = $realms['secret'][$key];
178	$ip = "";
179	if(is_array($realms['range'][$key]['cidr']))
180	foreach($realms['range'][$key]['cidr'] as $k => $v)
181	$ip .= "\|$v";
182	$tmp .= "$realm\|$secret$ip\n";
183	}
184	}
185	socket_write($clients[$clisock], $tmp);
186	} else if($cmd == 'addrealm') {
187	if(is_array($realms))
188	{
189	foreach($realms['realm'] as $num => $val)
190	{
191	if($val != $bits['1'])
192	continue;
193
194	socket_write($clients[$clisock], "Command Failed, realm already exists.\n");
195	continue(2);
196	}
197	}
198
199	$num = count($realms['realm']);
200	while($realms['realm'][$num])
201	$num++;
202
203	$realms['realm'][$num] = $bits['1'];
204	$realms['secret'][$num] = $bits['2'];
205	foreach($bits as $key => $val)
206	{
207	if($key <= 2)
208	continue;
209
210	list($IP, $net) = explode('/', trim($val));
211	if($net == "")
212	$net = "32";
213	$bits = pow(2, 32 - $net) - 1;
214
215	$start = sprintf("%u", ip2long($IP));
216	$end = sprintf("%u", (ip2long($IP) + $bits));
217	$rc = count($realms['range'][$num]['start']);
218	$realms['range'][$num]['start'][$rc] = trim($start);
219	$realms['range'][$num]['end'][$rc] = trim($end);
220	$realms['range'][$num]['cidr'][$rc] = trim($val);
221	}
222	saverealms();
223	socket_write($clients[$clisock], "OK\n");
224	} else if($cmd == 'editrealm') {
225	$changed = 0;
226	if(is_array($realms))
227	{
228	foreach($realms['realm'] as $num => $val)
229	{
230	if($val != $bits['1'])
231	continue;
232
233	$changed = 1;
234	$realms['secret'][$num] = $bits['2'];
235	$realms['range'][$num] = array();
236	foreach($bits as $key => $val)
237	{
238	if($key <= 2)
239	continue;
240
241	list($IP, $net) = explode('/', trim($val));
242	if($net == "")
243	$net = "32";
244	$bits = pow(2, 32 - $net) - 1;
245
246	$start = sprintf("%u", ip2long($IP));
247	$end = sprintf("%u", (ip2long($IP) + $bits));
248	$rc = count($realms['range'][$num]['start']);
249	$realms['range'][$num]['start'][$rc] = trim($start);
250	$realms['range'][$num]['end'][$rc] = trim($end);
251	$realms['range'][$num]['cidr'][$rc] = trim($val);
252	}
253	}
254	}
255	if($changed)
256	{
257	saverealms();
258	socket_write($clients[$clisock], "OK\n");
259	} else {
260	socket_write($clients[$clisock], "Failed to update record\n");
261	}
262	} else if($cmd == 'delrealm') {
263	if(is_array($realms))
264	{
265	foreach($realms['realm'] as $num => $val)
266	{
267	if($val != $bits['1'])
268	continue;
269
270	foreach($aliases as $user => $arr)
271	{
272	foreach($arr as $key => $val)
273	{
274	list($u, $d) = explode('@', $key);
275	if($d == $bits['1'])
276	unset($aliases[$user][$key]);
277	}
278	}
279	unset($realms['realm'][$num]);
280	unset($realms['secret'][$num]);
281	unset($realms['range'][$num]);
282	}
283	}
284	savealiases();
285	saverealms();
286	socket_write($clients[$clisock], "OK\n");
287	} else {
288	socket_write($clients[$clisock], "Unknown command or action\n");
289	}
290
291	socket_close($clients[$clisock]);
292	unset($clients[$clisock]);
293	continue;
294	}
295	}
296	}
297	usleep(10000);
298	}
299
300	socket_close($sock);
301	fputs($log, date("M j H:i:s")." EMS FreeAuth: Shut down\n");
302	fclose($log);
303	die(0);
304
305	} else {
306	$log = fopen("/var/log/radiusd.log", "a");
307	fputs($log, date("M j H:i:s")." EMS FreeAuth: Start-up Successful\n");
308
309	declare(ticks = 1);
310	pcntl_signal(SIGHUP, "sig_handler2");
311
312	while($runradius)
313	{
314	$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
315	while(!@socket_bind($sock, $radaddress, $radport))
316	{
317	fputs($log, "Failed to bind to $radaddress:$radport, sleeping for 30 seconds.\n");
318	sleep(30);
319	}
320
321	socket_recvfrom($sock, $data, 65535, 0, $clientIP, $clientPort);
322	if($data === FALSE)
323	{
324	socket_close($sock);
325	continue;
326	} else if(strlen($data) === 0) {
327	socket_close($sock);
328	continue;
329	}
330
331	if(!socket_connect($sock, $clientIP, $clientPort))
332	{
333	socket_close($sock);
334	continue;
335	}
336
337	$divlen = ord($data[2]);
338	$modlen = ord($data[3]);
339	$RA = substr($data, 4, 16);
340	$pos = 20;
341	while(ord($data[$pos]) != 1)
342	$pos += ord($data[$pos+1]);
343	$pos++;
344	$userlen = ord($data[$pos]);
345	$user = trim(substr($data, $pos+1, $userlen - 2));
346	$pos = $pos+$userlen;
347	$passlen = ord($data[$pos]);
348	$pass = trim(substr($data, $pos+1, $passlen - 2));
349
350	list($alias, $realm) = explode('@', $user);
351	if($realm == '' \|\| $realm == 'LOCAL')
352	{
353	$realm = 'LOCAL';
354	$user = $alias;
355	}
356
357	if($realm != 'LOCAL')
358	{
359	$aliases = shm_get_var($shmem, 2);
360	foreach($aliases as $key => $val)
361	{
362	if($aliases[$key][$user] == 1)
363	{
364	$user = trim($key);
365	break;
366	}
367	}
368	}
369	$secret = "";
370	$realms = shm_get_var($shmem, 3);
371	if(is_array($realms))
372	{
373	foreach($realms['realm'] as $key => $val)
374	{
375	if($val == $realm)
376	{
377	foreach($realms['range'][$key]['start'] as $k => $start)
378	{
379	$end = $realms['range'][$key]['end'][$k];
380