| [ Index ] |
PHP Cross Reference of moodle-2.8 |
[Summary view] [Print] [Text view]
1 <?php 2 /* vim: set expandtab tabstop=4 shiftwidth=4: */ 3 /* 4 Copyright (c) 2003, Michael Bretterklieber <[email protected]> 5 All rights reserved. 6 7 Redistribution and use in source and binary forms, with or without 8 modification, are permitted provided that the following conditions 9 are met: 10 11 1. Redistributions of source code must retain the above copyright 12 notice, this list of conditions and the following disclaimer. 13 2. Redistributions in binary form must reproduce the above copyright 14 notice, this list of conditions and the following disclaimer in the 15 documentation and/or other materials provided with the distribution. 16 3. The names of the authors may not be used to endorse or promote products 17 derived from this software without specific prior written permission. 18 19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 30 This code cannot simply be copied and put under the GNU Public License or 31 any other GPL-like (LGPL, GPL2) License. 32 33 $Id$ 34 */ 35 36 require_once 'PEAR.php'; 37 38 /** 39 * Client implementation of RADIUS. This are wrapper classes for 40 * the RADIUS PECL. 41 * Provides RADIUS Authentication (RFC2865) and RADIUS Accounting (RFC2866). 42 * 43 * @package Auth_RADIUS 44 * @author Michael Bretterklieber <[email protected]> 45 * @access public 46 * @version $Revision$ 47 */ 48 49 // PEAR::loadExtension('radius'); // Moodle commented. See MDL-38373. 50 51 /** 52 * class Auth_RADIUS 53 * 54 * Abstract base class for RADIUS 55 * 56 * @package Auth_RADIUS 57 */ 58 class Auth_RADIUS extends PEAR { 59 60 /** 61 * List of RADIUS servers. 62 * @var array 63 * @see addServer(), putServer() 64 */ 65 var $_servers = array(); 66 67 /** 68 * Path to the configuration-file. 69 * @var string 70 * @see setConfigFile() 71 */ 72 var $_configfile = null; 73 74 /** 75 * Resource. 76 * @var resource 77 * @see open(), close() 78 */ 79 var $res = null; 80 81 /** 82 * Username for authentication and accounting requests. 83 * @var string 84 */ 85 var $username = null; 86 87 /** 88 * Password for plaintext-authentication (PAP). 89 * @var string 90 */ 91 var $password = null; 92 93 /** 94 * List of known attributes. 95 * @var array 96 * @see dumpAttributes(), getAttributes() 97 */ 98 var $attributes = array(); 99 100 /** 101 * List of raw attributes. 102 * @var array 103 * @see dumpAttributes(), getAttributes() 104 */ 105 var $rawAttributes = array(); 106 107 /** 108 * List of raw vendor specific attributes. 109 * @var array 110 * @see dumpAttributes(), getAttributes() 111 */ 112 var $rawVendorAttributes = array(); 113 114 /** 115 * Switch whether we should put standard attributes or not 116 * @var bool 117 * @see putStandardAttributes() 118 */ 119 var $useStandardAttributes = true; 120 121 /** 122 * Constructor 123 * 124 * Loads the RADIUS PECL/extension 125 * 126 * @return void 127 */ 128 function Auth_RADIUS() 129 { 130 $this->loadExtension('radius'); // Moodle added. See MDL-38373. 131 $this->PEAR(); 132 } 133 134 /** 135 * Adds a RADIUS server to the list of servers for requests. 136 * 137 * At most 10 servers may be specified. When multiple servers 138 * are given, they are tried in round-robin fashion until a 139 * valid response is received 140 * 141 * @access public 142 * @param string $servername Servername or IP-Address 143 * @param integer $port Portnumber 144 * @param string $sharedSecret Shared secret 145 * @param integer $timeout Timeout for each request 146 * @param integer $maxtries Max. retries for each request 147 * @return void 148 */ 149 function addServer($servername = 'localhost', $port = 0, $sharedSecret = 'testing123', $timeout = 3, $maxtries = 3) 150 { 151 $this->_servers[] = array($servername, $port, $sharedSecret, $timeout, $maxtries); 152 } 153 154 /** 155 * Returns an error message, if an error occurred. 156 * 157 * @access public 158 * @return string 159 */ 160 function getError() 161 { 162 return radius_strerror($this->res); 163 } 164 165 /** 166 * Sets the configuration-file. 167 * 168 * @access public 169 * @param string $file Path to the configuration file 170 * @return void 171 */ 172 function setConfigfile($file) 173 { 174 $this->_configfile = $file; 175 } 176 177 /** 178 * Puts an attribute. 179 * 180 * @access public 181 * @param integer $attrib Attribute-number 182 * @param mixed $port Attribute-value 183 * @param type $type Attribute-type 184 * @return bool true on success, false on error 185 */ 186 function putAttribute($attrib, $value, $type = null) 187 { 188 if ($type == null) { 189 $type = gettype($value); 190 } 191 192 switch ($type) { 193 case 'integer': 194 case 'double': 195 return radius_put_int($this->res, $attrib, $value); 196 197 case 'addr': 198 return radius_put_addr($this->res, $attrib, $value); 199 200 case 'string': 201 default: 202 return radius_put_attr($this->res, $attrib, $value); 203 } 204 205 } 206 207 /** 208 * Puts a vendor-specific attribute. 209 * 210 * @access public 211 * @param integer $vendor Vendor (MSoft, Cisco, ...) 212 * @param integer $attrib Attribute-number 213 * @param mixed $port Attribute-value 214 * @param type $type Attribute-type 215 * @return bool true on success, false on error 216 */ 217 function putVendorAttribute($vendor, $attrib, $value, $type = null) 218 { 219 220 if ($type == null) { 221 $type = gettype($value); 222 } 223 224 switch ($type) { 225 case 'integer': 226 case 'double': 227 return radius_put_vendor_int($this->res, $vendor, $attrib, $value); 228 229 case 'addr': 230 return radius_put_vendor_addr($this->res, $vendor,$attrib, $value); 231 232 case 'string': 233 default: 234 return radius_put_vendor_attr($this->res, $vendor, $attrib, $value); 235 } 236 237 } 238 239 /** 240 * Prints known attributes received from the server. 241 * 242 * @access public 243 */ 244 function dumpAttributes() 245 { 246 foreach ($this->attributes as $name => $data) { 247 echo "$name:$data<br>\n"; 248 } 249 } 250 251 /** 252 * Overwrite this. 253 * 254 * @access public 255 */ 256 function open() 257 { 258 } 259 260 /** 261 * Overwrite this. 262 * 263 * @access public 264 */ 265 function createRequest() 266 { 267 } 268 269 /** 270 * Puts standard attributes. 271 * 272 * @access public 273 */ 274 function putStandardAttributes() 275 { 276 if (!$this->useStandardAttributes) 277 return; 278 279 if (isset($_SERVER)) { 280 $var = &$_SERVER; 281 } else { 282 $var = &$GLOBALS['HTTP_SERVER_VARS']; 283 } 284 285 $this->putAttribute(RADIUS_NAS_IDENTIFIER, isset($var['HTTP_HOST']) ? $var['HTTP_HOST'] : 'localhost'); 286 $this->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL); 287 $this->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_FRAMED); 288 $this->putAttribute(RADIUS_FRAMED_PROTOCOL, RADIUS_PPP); 289 $this->putAttribute(RADIUS_CALLING_STATION_ID, isset($var['REMOTE_HOST']) ? $var['REMOTE_HOST'] : '127.0.0.1'); 290 } 291 292 /** 293 * Puts custom attributes. 294 * 295 * @access public 296 */ 297 function putAuthAttributes() 298 { 299 if (isset($this->username)) { 300 $this->putAttribute(RADIUS_USER_NAME, $this->username); 301 } 302 } 303 304 /** 305 * Configures the radius library. 306 * 307 * @access public 308 * @param string $servername Servername or IP-Address 309 * @param integer $port Portnumber 310 * @param string $sharedSecret Shared secret 311 * @param integer $timeout Timeout for each request 312 * @param integer $maxtries Max. retries for each request 313 * @return bool true on success, false on error 314 * @see addServer() 315 */ 316 function putServer($servername, $port = 0, $sharedsecret = 'testing123', $timeout = 3, $maxtries = 3) 317 { 318 if (!radius_add_server($this->res, $servername, $port, $sharedsecret, $timeout, $maxtries)) { 319 return false; 320 } 321 return true; 322 } 323 324 /** 325 * Configures the radius library via external configurationfile 326 * 327 * @access public 328 * @param string $servername Servername or IP-Address 329 * @return bool true on success, false on error 330 */ 331 function putConfigfile($file) 332 { 333 if (!radius_config($this->res, $file)) { 334 return false; 335 } 336 return true; 337 } 338 339 /** 340 * Initiates a RADIUS request. 341 * 342 * @access public 343 * @return bool true on success, false on errors 344 */ 345 function start() 346 { 347 if (!$this->open()) { 348 return false; 349 } 350 351 foreach ($this->_servers as $s) { 352 // Servername, port, sharedsecret, timeout, retries 353 if (!$this->putServer($s[0], $s[1], $s[2], $s[3], $s[4])) { 354 return false; 355 } 356 } 357 358 if (!empty($this->_configfile)) { 359 if (!$this->putConfigfile($this->_configfile)) { 360 return false; 361 } 362 } 363 364 $this->createRequest(); 365 $this->putStandardAttributes(); 366 $this->putAuthAttributes(); 367 return true; 368 } 369 370 /** 371 * Sends a prepared RADIUS request and waits for a response 372 * 373 * @access public 374 * @return mixed true on success, false on reject, PEAR_Error on error 375 */ 376 function send() 377 { 378 $req = radius_send_request($this->res); 379 if (!$req) { 380 return $this->raiseError('Error sending request: ' . $this->getError()); 381 } 382 383 switch($req) { 384 case RADIUS_ACCESS_ACCEPT: 385 if (is_subclass_of($this, 'auth_radius_acct')) { 386 return $this->raiseError('RADIUS_ACCESS_ACCEPT is unexpected for accounting'); 387 } 388 return true; 389 390 case RADIUS_ACCESS_REJECT: 391 return false; 392 393 case RADIUS_ACCOUNTING_RESPONSE: 394 if (is_subclass_of($this, 'auth_radius_pap')) { 395 return $this->raiseError('RADIUS_ACCOUNTING_RESPONSE is unexpected for authentication'); 396 } 397 return true; 398 399 default: 400 return $this->raiseError("Unexpected return value: $req"); 401 } 402 403 } 404 405 /** 406 * Reads all received attributes after sending the request. 407 * 408 * This methods stores known attributes in the property attributes, 409 * all attributes (including known attibutes) are stored in rawAttributes 410 * or rawVendorAttributes. 411 * NOTE: call this function also even if the request was rejected, because the 412 * Server returns usualy an errormessage 413 * 414 * @access public 415 * @return bool true on success, false on error 416 */ 417 function getAttributes() 418 { 419 420 while ($attrib = radius_get_attr($this->res)) { 421 422 if (!is_array($attrib)) { 423 return false; 424 } 425 426 $attr = $attrib['attr']; 427 $data = $attrib['data']; 428 429 $this->rawAttributes[$attr] = $data; 430 431 switch ($attr) { 432 case RADIUS_FRAMED_IP_ADDRESS: 433 $this->attributes['framed_ip'] = radius_cvt_addr($data); 434 break; 435 436 case RADIUS_FRAMED_IP_NETMASK: 437 $this->attributes['framed_mask'] = radius_cvt_addr($data); 438 break; 439 440 case RADIUS_FRAMED_MTU: 441 $this->attributes['framed_mtu'] = radius_cvt_int($data); 442 break; 443 444 case RADIUS_FRAMED_COMPRESSION: 445 $this->attributes['framed_compression'] = radius_cvt_int($data); 446 break; 447 448 case RADIUS_SESSION_TIMEOUT: 449 $this->attributes['session_timeout'] = radius_cvt_int($data); 450 break; 451 452 case RADIUS_IDLE_TIMEOUT: 453 $this->attributes['idle_timeout'] = radius_cvt_int($data); 454 break; 455 456 case RADIUS_SERVICE_TYPE: 457 $this->attributes['service_type'] = radius_cvt_int($data); 458 break; 459 460 case RADIUS_CLASS: 461 $this->attributes['class'] = radius_cvt_string($data); 462 break; 463 464 case RADIUS_FRAMED_PROTOCOL: 465 $this->attributes['framed_protocol'] = radius_cvt_int($data); 466 break; 467 468 case RADIUS_FRAMED_ROUTING: 469 $this->attributes['framed_routing'] = radius_cvt_int($data); 470 break; 471 472 case RADIUS_FILTER_ID: 473 $this->attributes['filter_id'] = radius_cvt_string($data); 474 break; 475 476 case RADIUS_REPLY_MESSAGE: 477 $this->attributes['reply_message'] = radius_cvt_string($data); 478 break; 479 480 case RADIUS_VENDOR_SPECIFIC: 481 $attribv = radius_get_vendor_attr($data); 482 if (!is_array($attribv)) { 483 return false; 484 } 485 486 $vendor = $attribv['vendor']; 487 $attrv = $attribv['attr']; 488 $datav = $attribv['data']; 489 490 $this->rawVendorAttributes[$vendor][$attrv] = $datav; 491 492 if ($vendor == RADIUS_VENDOR_MICROSOFT) { 493 494 switch ($attrv) { 495 case RADIUS_MICROSOFT_MS_CHAP2_SUCCESS: 496 $this->attributes['ms_chap2_success'] = radius_cvt_string($datav); 497 break; 498 499 case RADIUS_MICROSOFT_MS_CHAP_ERROR: 500 $this->attributes['ms_chap_error'] = radius_cvt_string(substr($datav,1)); 501 break; 502 503 case RADIUS_MICROSOFT_MS_CHAP_DOMAIN: 504 $this->attributes['ms_chap_domain'] = radius_cvt_string($datav); 505 break; 506 507 case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: 508 $this->attributes['ms_mppe_encryption_policy'] = radius_cvt_int($datav); 509 break; 510 511 case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: 512 $this->attributes['ms_mppe_encryption_types'] = radius_cvt_int($datav); 513 break; 514 515 case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS: 516 $demangled = radius_demangle($this->res, $datav); 517 $this->attributes['ms_chap_mppe_lm_key'] = substr($demangled, 0, 8); 518 $this->attributes['ms_chap_mppe_nt_key'] = substr($demangled, 8, RADIUS_MPPE_KEY_LEN); 519 break; 520 521 case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY: 522 $this->attributes['ms_chap_mppe_send_key'] = radius_demangle_mppe_key($this->res, $datav); 523 break; 524 525 case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY: 526 $this->attributes['ms_chap_mppe_recv_key'] = radius_demangle_mppe_key($this->res, $datav); 527 break; 528 529 case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER: 530 $this->attributes['ms_primary_dns_server'] = radius_cvt_string($datav); 531 break; 532 } 533 } 534 break; 535 536 } 537 } 538 539 return true; 540 } 541 542 /** 543 * Frees resources. 544 * 545 * Calling this method is always a good idea, because all security relevant 546 * attributes are filled with Nullbytes to leave nothing in the mem. 547 * 548 * @access public 549 */ 550 function close() 551 { 552 if ($this->res != null) { 553 radius_close($this->res); 554 $this->res = null; 555 } 556 $this->username = str_repeat("\0", strlen($this->username)); 557 $this->password = str_repeat("\0", strlen($this->password)); 558 } 559 560 } 561 562 /** 563 * class Auth_RADIUS_PAP 564 * 565 * Class for authenticating using PAP (Plaintext) 566 * 567 * @package Auth_RADIUS 568 */ 569 class Auth_RADIUS_PAP extends Auth_RADIUS 570 { 571 572 /** 573 * Constructor 574 * 575 * @param string $username Username 576 * @param string $password Password 577 * @return void 578 */ 579 function Auth_RADIUS_PAP($username = null, $password = null) 580 { 581 $this->Auth_RADIUS(); 582 $this->username = $username; 583 $this->password = $password; 584 } 585 586 /** 587 * Creates a RADIUS resource 588 * 589 * Creates a RADIUS resource for authentication. This should be the first 590 * call before you make any other things with the library. 591 * 592 * @return bool true on success, false on error 593 */ 594 function open() 595 { 596 $this->res = radius_auth_open(); 597 if (!$this->res) { 598 return false; 599 } 600 return true; 601 } 602 603 /** 604 * Creates an authentication request 605 * 606 * Creates an authentication request. 607 * You MUST call this method before you can put any attribute 608 * 609 * @return bool true on success, false on error 610 */ 611 function createRequest() 612 { 613 if (!radius_create_request($this->res, RADIUS_ACCESS_REQUEST)) { 614 return false; 615 } 616 return true; 617 } 618 619 /** 620 * Put authentication specific attributes 621 * 622 * @return void 623 */ 624 function putAuthAttributes() 625 { 626 if (isset($this->username)) { 627 $this->putAttribute(RADIUS_USER_NAME, $this->username); 628 } 629 if (isset($this->password)) { 630 $this->putAttribute(RADIUS_USER_PASSWORD, $this->password); 631 } 632 } 633 634 } 635 636 /** 637 * class Auth_RADIUS_CHAP_MD5 638 * 639 * Class for authenticating using CHAP-MD5 see RFC1994. 640 * Instead og the plaintext password the challenge and 641 * the response are needed. 642 * 643 * @package Auth_RADIUS 644 */ 645 class Auth_RADIUS_CHAP_MD5 extends Auth_RADIUS_PAP 646 { 647 /** 648 * 8 Bytes binary challenge 649 * @var string 650 */ 651 var $challenge = null; 652 653 /** 654 * 16 Bytes MD5 response binary 655 * @var string 656 */ 657 var $response = null; 658 659 /** 660 * Id of the authentication request. Should incremented after every request. 661 * @var integer 662 */ 663 var $chapid = 1; 664 665 /** 666 * Constructor 667 * 668 * @param string $username Username 669 * @param string $challenge 8 Bytes Challenge (binary) 670 * @param integer $chapid Requestnumber 671 * @return void 672 */ 673 function Auth_RADIUS_CHAP_MD5($username = null, $challenge = null, $chapid = 1) 674 { 675 $this->Auth_RADIUS_PAP(); 676 $this->username = $username; 677 $this->challenge = $challenge; 678 $this->chapid = $chapid; 679 } 680 681 /** 682 * Put CHAP-MD5 specific attributes 683 * 684 * For authenticating using CHAP-MD5 via RADIUS you have to put the challenge 685 * and the response. The chapid is inserted in the first byte of the response. 686 * 687 * @return void 688 */ 689 function putAuthAttributes() 690 { 691 if (isset($this->username)) { 692 $this->putAttribute(RADIUS_USER_NAME, $this->username); 693 } 694 if (isset($this->response)) { 695 $response = pack('C', $this->chapid) . $this->response; 696 $this->putAttribute(RADIUS_CHAP_PASSWORD, $response); 697 } 698 if (isset($this->challenge)) { 699 $this->putAttribute(RADIUS_CHAP_CHALLENGE, $this->challenge); 700 } 701 } 702 703 /** 704 * Frees resources. 705 * 706 * Calling this method is always a good idea, because all security relevant 707 * attributes are filled with Nullbytes to leave nothing in the mem. 708 * 709 * @access public 710 */ 711 function close() 712 { 713 Auth_RADIUS_PAP::close(); 714 $this->challenge = str_repeat("\0", strlen($this->challenge)); 715 $this->response = str_repeat("\0", strlen($this->response)); 716 } 717 718 } 719 720 /** 721 * class Auth_RADIUS_MSCHAPv1 722 * 723 * Class for authenticating using MS-CHAPv1 see RFC2433 724 * 725 * @package Auth_RADIUS 726 */ 727 class Auth_RADIUS_MSCHAPv1 extends Auth_RADIUS_CHAP_MD5 728 { 729 /** 730 * LAN-Manager-Response 731 * @var string 732 */ 733 var $lmResponse = null; 734 735 /** 736 * Wether using deprecated LM-Responses or not. 737 * 0 = use LM-Response, 1 = use NT-Response 738 * @var bool 739 */ 740 var $flags = 1; 741 742 /** 743 * Put MS-CHAPv1 specific attributes 744 * 745 * For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge 746 * and the response. The response has this structure: 747 * struct rad_mschapvalue { 748 * u_char ident; 749 * u_char flags; 750 * u_char lm_response[24]; 751 * u_char response[24]; 752 * }; 753 * 754 * @return void 755 */ 756 function putAuthAttributes() 757 { 758 if (isset($this->username)) { 759 $this->putAttribute(RADIUS_USER_NAME, $this->username); 760 } 761 if (isset($this->response) || isset($this->lmResponse)) { 762 $lmResp = isset($this->lmResponse) ? $this->lmResponse : str_repeat ("\0", 24); 763 $ntResp = isset($this->response) ? $this->response : str_repeat ("\0", 24); 764 $resp = pack('CC', $this->chapid, $this->flags) . $lmResp . $ntResp; 765 $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp); 766 } 767 if (isset($this->challenge)) { 768 $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge); 769 } 770 } 771 } 772 773 /** 774 * class Auth_RADIUS_MSCHAPv2 775 * 776 * Class for authenticating using MS-CHAPv2 see RFC2759 777 * 778 * @package Auth_RADIUS 779 */ 780 class Auth_RADIUS_MSCHAPv2 extends Auth_RADIUS_MSCHAPv1 781 { 782 /** 783 * 16 Bytes binary challenge 784 * @var string 785 */ 786 var $challenge = null; 787 788 /** 789 * 16 Bytes binary Peer Challenge 790 * @var string 791 */ 792 var $peerChallenge = null; 793 794 /** 795 * Put MS-CHAPv2 specific attributes 796 * 797 * For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge 798 * and the response. The response has this structure: 799 * struct rad_mschapv2value { 800 * u_char ident; 801 * u_char flags; 802 * u_char pchallenge[16]; 803 * u_char reserved[8]; 804 * u_char response[24]; 805 * }; 806 * where pchallenge is the peer challenge. Like for MS-CHAPv1 we set the flags field to 1. 807 * @return void 808 */ 809 function putAuthAttributes() 810 { 811 if (isset($this->username)) { 812 $this->putAttribute(RADIUS_USER_NAME, $this->username); 813 } 814 if (isset($this->response) && isset($this->peerChallenge)) { 815 // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response 816 $resp = pack('CCa16a8a24',$this->chapid , 1, $this->peerChallenge, str_repeat("\0", 8), $this->response); 817 $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp); 818 } 819 if (isset($this->challenge)) { 820 $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge); 821 } 822 } 823 824 /** 825 * Frees resources. 826 * 827 * Calling this method is always a good idea, because all security relevant 828 * attributes are filled with Nullbytes to leave nothing in the mem. 829 * 830 * @access public 831 */ 832 function close() 833 { 834 Auth_RADIUS_MSCHAPv1::close(); 835 $this->peerChallenge = str_repeat("\0", strlen($this->peerChallenge)); 836 } 837 } 838 839 /** 840 * class Auth_RADIUS_Acct 841 * 842 * Class for RADIUS accounting 843 * 844 * @package Auth_RADIUS 845 */ 846 class Auth_RADIUS_Acct extends Auth_RADIUS 847 { 848 /** 849 * Defines where the Authentication was made, possible values are: 850 * RADIUS_AUTH_RADIUS, RADIUS_AUTH_LOCAL, RADIUS_AUTH_REMOTE 851 * @var integer 852 */ 853 var $authentic = null; 854 855 /** 856 * Defines the type of the accounting request, on of: 857 * RADIUS_START, RADIUS_STOP, RADIUS_ACCOUNTING_ON, RADIUS_ACCOUNTING_OFF 858 * @var integer 859 */ 860 var $status_type = null; 861 862 /** 863 * The time the user was logged in in seconds 864 * @var integer 865 */ 866 var $session_time = null; 867 868 /** 869 * A uniq identifier for the session of the user, maybe the PHP-Session-Id 870 * @var string 871 */ 872 var $session_id = null; 873 874 /** 875 * Constructor 876 * 877 * Generates a predefined session_id. We use the Remote-Address, the PID, and the Current user. 878 * @return void 879 */ 880 function Auth_RADIUS_Acct() 881 { 882 $this->Auth_RADIUS(); 883 884 if (isset($_SERVER)) { 885 $var = &$_SERVER; 886 } else { 887 $var = &$GLOBALS['HTTP_SERVER_VARS']; 888 } 889 890 $this->session_id = sprintf("%s:%d-%s", isset($var['REMOTE_ADDR']) ? $var['REMOTE_ADDR'] : '127.0.0.1' , getmypid(), get_current_user()); 891 } 892 893 /** 894 * Creates a RADIUS resource 895 * 896 * Creates a RADIUS resource for accounting. This should be the first 897 * call before you make any other things with the library. 898 * 899 * @return bool true on success, false on error 900 */ 901 function open() 902 { 903 $this->res = radius_acct_open(); 904 if (!$this->res) { 905 return false; 906 } 907 return true; 908 } 909 910 /** 911 * Creates an accounting request 912 * 913 * Creates an accounting request. 914 * You MUST call this method before you can put any attribute. 915 * 916 * @return bool true on success, false on error 917 */ 918 function createRequest() 919 { 920 if (!radius_create_request($this->res, RADIUS_ACCOUNTING_REQUEST)) { 921 return false; 922 } 923 return true; 924 } 925 926 /** 927 * Put attributes for accounting. 928 * 929 * Here we put some accounting values. There many more attributes for accounting, 930 * but for web-applications only certain attributes make sense. 931 * @return void 932 */ 933 function putAuthAttributes() 934 { 935 $this->putAttribute(RADIUS_ACCT_SESSION_ID, $this->session_id); 936 $this->putAttribute(RADIUS_ACCT_STATUS_TYPE, $this->status_type); 937 if (isset($this->session_time) && $this->status_type == RADIUS_STOP) { 938 $this->putAttribute(RADIUS_ACCT_SESSION_TIME, $this->session_time); 939 } 940 if (isset($this->authentic)) { 941 $this->putAttribute(RADIUS_ACCT_AUTHENTIC, $this->authentic); 942 } 943 944 } 945 946 } 947 948 /** 949 * class Auth_RADIUS_Acct_Start 950 * 951 * Class for RADIUS accounting. Its usualy used, after the user has logged in. 952 * 953 * @package Auth_RADIUS 954 */ 955 class Auth_RADIUS_Acct_Start extends Auth_RADIUS_Acct 956 { 957 /** 958 * Defines the type of the accounting request. 959 * It is set to RADIUS_START by default in this class. 960 * @var integer 961 */ 962 var $status_type = RADIUS_START; 963 } 964 965 /** 966 * class Auth_RADIUS_Acct_Start 967 * 968 * Class for RADIUS accounting. Its usualy used, after the user has logged out. 969 * 970 * @package Auth_RADIUS 971 */ 972 class Auth_RADIUS_Acct_Stop extends Auth_RADIUS_Acct 973 { 974 /** 975 * Defines the type of the accounting request. 976 * It is set to RADIUS_STOP by default in this class. 977 * @var integer 978 */ 979 var $status_type = RADIUS_STOP; 980 } 981 982 if (!defined('RADIUS_UPDATE')) 983 define('RADIUS_UPDATE', 3); 984 985 /** 986 * class Auth_RADIUS_Acct_Update 987 * 988 * Class for interim RADIUS accounting updates. 989 * 990 * @package Auth_RADIUS 991 */ 992 class Auth_RADIUS_Acct_Update extends Auth_RADIUS_Acct 993 { 994 /** 995 * Defines the type of the accounting request. 996 * It is set to RADIUS_UPDATE by default in this class. 997 * @var integer 998 */ 999 var $status_type = RADIUS_UPDATE; 1000 } 1001 1002 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 28 20:29:05 2014 | Cross-referenced by PHPXref 0.7.1 |