root/EMS/radauth.php

Revision 7, 4.7 kB (checked in by evilbunny, 2 years ago)

bad default address for radius

Line 
1 <?
2     //
3     // $Id: radius_authentication.inc,v 1.3 2002/01/23 23:21:20 mavetju Exp $
4     //
5     // Roberto Lumbreras <rover@debian.org> Tue, 23 Mar 2004 00:34:01 +0100
6     //   select fixes, error checks, more than one config file
7     //
8     // radius authentication v1.0 by Edwin Groothuis (edwin@mavetju.org)
9     //
10     // If you didn't get this file via http://www.mavetju.org, please
11     // check for the availability of newer versions.
12     //
13     // See LICENSE for distribution issues. If this file isn't in
14     // the distribution, please inform me about it.
15     //
16     // If you want to use this script, fill in the configuration in
17     // radius_authentication.conf and call the function
18     // RADIUS_AUTHENTICATION() with the username and password
19     // provided by the user. If it returns a 2, the authentication
20     // was successfull!
21
22     // If you want to use this, make sure that you have raw sockets
23     // enabled during compile-time: "./configure --enable-sockets".
24
25     $radiushost = "127.0.0.1";
26     $radiusport = 1812;
27     $sharedsecret = "testing123";
28     $suffix = "";
29
30     function RADIUS_AUTHENTICATION($username,$password) {
31     global $debug, $radiushost, $radiusport, $sharedsecret, $suffix;
32
33     // check your /etc/services. Some radius servers
34     // listen on port 1812, some on 1645.
35     if ($radiusport == 0)
36         $radiusport = getservbyname("radius","udp");
37
38     $nasIP=explode(".",$_SERVER['SERVER_ADDR']);
39     $ip=gethostbyname($radiushost);
40
41     // 17 is UDP, formerly known as PROTO_UDP
42     $sock=socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
43     if ($sock==FALSE) {
44         echo "socket_create() failed: " . socket_strerror(socket_last_error()) . "\n";
45         exit(0);
46     }
47     $retval=socket_connect($sock,$ip,$radiusport);
48     if ($retval==FALSE) {
49         echo "socket_connect() failed: " . socket_strerror(socket_last_error()) . "\n";
50         exit(0);
51     }
52
53     if (!preg_match("/@/",$username))
54         $username.=$suffix;
55
56     if ($debug)
57         echo "<br>radius-port: $radiusport<br>radius-host: $radiushost<br>username: $username<br>suffix: $suffix<hr>\n";
58
59     $RA=pack("CCCCCCCCCCCCCCCC",                // auth code
60         1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255,
61         1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255,
62         1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255,
63         1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255, 1+mt_rand()%255);
64
65     $encryptedpassword=Encrypt($password,$sharedsecret,$RA);
66
67     $length=4+                // header
68         16+                // auth code
69         6+                // service type
70         2+strlen($username)+        // username
71         2+strlen($encryptedpassword)+    // userpassword
72         6+                // nasIP
73         6;                // nasPort
74
75     $thisidentifier = 0;
76     $thisidentifier = rand(0,256) % 256;
77     //          v   v v     v   v   v     v     v
78     $data=pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCN",
79         1,$thisidentifier,$length/256,$length%256,        // header
80         $RA,                        // authcode
81         6,6,0,0,0,1,                    // service type
82         1,2+strlen($username),$username,            // username
83         2,2+strlen($encryptedpassword),$encryptedpassword,    // userpassword
84         4,6,$nasIP[0],$nasIP[1],$nasIP[2],$nasIP[3],    // nasIP
85         5,6,$_SERVER['SERVER_PORT']                // nasPort
86         );
87
88     socket_write($sock,$data,$length);
89
90     if ($debug)
91         echo "<br>writing $length bytes<hr>\n";
92
93     //
94     // Wait at most five seconds for the answer. Thanks to
95     // Michael Long <mlong@infoave.net> for his remark about this.
96     //
97     $read = array($sock);
98     $num_sockets = socket_select($read, $write = NULL, $except = NULL, 15);
99     if ($num_sockets === FALSE) {
100         echo "socket_select() failed: " .
101             socket_strerror(socket_last_error()) . "\n";
102         socket_close($sock);
103         exit(0);
104     } elseif ($num_sockets == 0) {
105         echo "No answer from radius server, aborting\n";
106         socket_close($sock);
107         exit(0);
108     }
109     unset($read);
110
111     $readdata=socket_read($sock,1024);
112     socket_close($sock);
113     if ($readdata===FALSE) {
114         echo "socket_read() failed: " .
115             socket_strerror(socket_last_error()) . "\n";
116         exit(0);
117     }
118
119     if (ord(substr($readdata, 1, 1)) != $thisidentifier) {
120         //echo "Wrong id received from radius server, aborting\n";
121         //exit(0);
122         return 3; // FIXME this is awfull
123     }
124
125     return ord($readdata);
126     // 2 -> Access-Accept
127     // 3 -> Access-Reject
128     // See RFC2138 for this.
129     }
130
131     function Encrypt($password,$key,$RA) {
132     global $debug;
133
134     $keyRA=$key.$RA;
135
136     if ($debug)
137         echo "<br>key: $key<br>password: $password<hr>\n";
138
139     $md5checksum=md5($keyRA);
140     $output="";
141
142     for ($i=0;$i<=15;$i++) {
143         if (2*$i>strlen($md5checksum)) $m=0; else $m=hexdec(substr($md5checksum,2*$i,2));
144         if ($i>strlen($keyRA)) $k=0; else $k=ord(substr($keyRA,$i,1));
145         if ($i>strlen($password)) $p=0; else $p=ord(substr($password,$i,1));
146         $c=$m^$p;
147         $output.=chr($c);
148     }
149     return $output;
150     }
151 ?>
152
Note: See TracBrowser for help on using the browser.