WebSVN – lars-tiefland.php_share – Blame – /docs/radius/examples/radius-auth.php

Revision	Autor	Zeilennr.	Zeile
1	lars	1	`<?php`
		2	`/*`
		3	`Copyright (c) 2003-2007, Michael Bretterklieber <michael@bretterklieber.com>`
		4	`All rights reserved.`
		5
		6	`Redistribution and use in source and binary forms, with or without`
		7	`modification, are permitted provided that the following conditions`
		8	`are met:`
		9
		10	`1. Redistributions of source code must retain the above copyright`
		11	`notice, this list of conditions and the following disclaimer.`
		12	`2. Redistributions in binary form must reproduce the above copyright`
		13	`notice, this list of conditions and the following disclaimer in the`
		14	`documentation and/or other materials provided with the distribution.`
		15	`3. The names of the authors may not be used to endorse or promote products`
		16	`derived from this software without specific prior written permission.`
		17
		18	`THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND`
		19	`ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
		20	`WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.`
		21	`IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,`
		22	`INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,`
		23	`BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,`
		24	`DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY`
		25	`OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING`
		26	`NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,`
		27	`EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
		28
		29	`This code cannot simply be copied and put under the GNU Public License or`
		30	`any other GPL-like (LGPL, GPL2) License.`
		31
		32	$Id: radius-auth.php,v 1.3 2007/03/18 21:17:02 mbretter Exp $
		33	`*/`
		34
		35	`if(!extension_loaded('radius')) {`
		36
		37	`if (preg_match('/windows/i', getenv('OS'))) {`
		38	`dl('php_radius.dll');`
		39	`} else {`
		40	`dl('radius.so');`
		41	`}`
		42
		43	`}`
		44
		45	`$module = 'radius';`
		46	`$functions = get_extension_funcs($module);`
		47	`echo "Functions available in the test extension:<br>\n";`
		48	`foreach($functions as $func) echo $func . "<br>\n";`
		49
		50	`$username = 'sepp';`
		51	`$password = 'sepp';`
		52	`$radserver = 'localhost';`
		53	`$radport = 1812;`
		54	`$sharedsecret = 'testing123';`
		55	`$auth_type = 'pap';`
		56	`//$auth_type = 'chap';`
		57	`//$auth_type = 'mschapv1';`
		58	`//$auth_type = 'mschapv2';`
		59
		60	`$res = radius_auth_open();`
		61	`echo "$res<br>\n";`
		62
		63	`//if (!radius_config($res, '/etc/radius.conf')) {`
		64	`/*if (!radius_config($res, 'D:/php-devel/pear/PECL/radius/radius.conf')) {`
		65	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		66	`exit;`
		67	`}*/`
		68
		69
		70	`if (!radius_add_server($res, $radserver, $radport, $sharedsecret, 3, 3)) {`
		71	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		72	`exit;`
		73	`}`
		74
		75	`if (!radius_add_server($res, $radserver, $radport, 'testing123', 3, 3)) {`
		76	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		77	`exit;`
		78	`}`
		79
		80	`if (!radius_create_request($res, RADIUS_ACCESS_REQUEST)) {`
		81	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		82	`exit;`
		83	`}`
		84
		85	`if (!radius_put_string($res, RADIUS_NAS_IDENTIFIER, isset($HTTP_HOST) ? $HTTP_HOST : 'localhost')) {`
		86	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		87	`exit;`
		88	`}`
		89
		90	`if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {`
		91	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		92	`exit;`
		93	`}`
		94
		95	`if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {`
		96	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		97	`exit;`
		98	`}`
		99
		100	`if (!radius_put_string($res, RADIUS_CALLING_STATION_ID, isset($REMOTE_HOST) ? $REMOTE_HOST : '127.0.0.1') == -1) {`
		101	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		102	`exit;`
		103	`}`
		104
		105	`if (!radius_put_string($res, RADIUS_USER_NAME, $username)) {`
		106	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		107	`exit;`
		108	`}`
		109
		110	`if ($auth_type == 'chap') {`
		111	`echo "CHAP<br>\n";`
		112
		113	`/* generate Challenge */`
		114	`mt_srand(time());`
		115	`$chall = mt_rand();`
		116
		117	`// FYI: CHAP = md5(ident + plaintextpass + challenge)`
		118	`$chapval = pack('H', md5(pack('Ca',1 , $password . $chall)));`
		119	`// $chapval = md5(pack('Ca*',1 , $password . $chall));`
		120	`// Radius wants the CHAP Ident in the first byte of the CHAP-Password`
		121	`$pass = pack('C', 1) . $chapval;`
		122
		123	`if (!radius_put_attr($res, RADIUS_CHAP_PASSWORD, $pass)) {`
		124	`echo 'RadiusError: RADIUS_CHAP_PASSWORD:' . radius_strerror($res). "<br>\n";`
		125	`exit;`
		126	`}`
		127
		128	`if (!radius_put_attr($res, RADIUS_CHAP_CHALLENGE, $chall)) {`
		129	`echo 'RadiusError: RADIUS_CHAP_CHALLENGE:' . radius_strerror($res). "<br>\n";`
		130	`exit;`
		131	`}`
		132
		133	`} else if ($auth_type == 'mschapv1') {`
		134	`echo "MS-CHAPv1<br>\n";`
		135	`include_once('mschap.php');`
		136
		137	`$challenge = GenerateChallenge();`
		138	`printf ("Challenge:%s\n", bin2hex($challenge));`
		139
		140	`if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge)) {`
		141	`echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP_CHALLENGE:' . radius_strerror($res). "<br>\n";`
		142	`exit;`
		143	`}`
		144
		145	`$ntresp = ChallengeResponse($challenge, NtPasswordHash($password));`
		146	`$lmresp = str_repeat ("\0", 24);`
		147
		148	`printf ("NT Response:%s\n", bin2hex($ntresp));`
		149	`// Response: chapid, flags (1 = use NT Response), LM Response, NT Response`
		150	`$resp = pack('CCa48',1 , 1, $lmresp . $ntresp);`
		151	`printf ("Response:%d %s\n", strlen($resp), bin2hex($resp));`
		152
		153	`if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp)) {`
		154	`echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP_RESPONSE:' . radius_strerror($res). "<br>\n";`
		155	`exit;`
		156	`}`
		157
		158	`} else if ($auth_type == 'mschapv2') {`
		159	`echo "MS-CHAPv2<br>\n";`
		160	`include_once('mschap.php');`
		161
		162	`$authChallenge = GenerateChallenge(16);`
		163	`printf ("Auth Challenge:%s\n", bin2hex($authChallenge));`
		164
		165	`if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $authChallenge)) {`
		166	`echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP_CHALLENGE:' . radius_strerror($res). "<br>\n";`
		167	`exit;`
		168	`}`
		169
		170	`// we have no client, therefore we generate the Peer-Challenge`
		171	`$peerChallenge = GeneratePeerChallenge();`
		172	`printf ("Peer Challenge:%s\n", bin2hex($peerChallenge));`
		173
		174	`$ntresp = GenerateNTResponse($authChallenge, $peerChallenge, $username, $password);`
		175	`$reserved = str_repeat ("\0", 8);`
		176
		177	`printf ("NT Response:%s\n", bin2hex($ntresp));`
		178	`// Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response`
		179	`$resp = pack('CCa16a8a24',1 , 1, $peerChallenge, $reserved, $ntresp);`
		180	`printf ("Response:%d %s\n", strlen($resp), bin2hex($resp));`
		181
		182	`if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp)) {`
		183	`echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP2_RESPONSE:' . radius_strerror($res). "<br>\n";`
		184	`exit;`
		185	`}`
		186
		187	`} else {`
		188	`echo "PAP<br>\n";`
		189
		190	`if (!radius_put_string($res, RADIUS_USER_PASSWORD, "sepp")) {`
		191	`echo 'RadiusError:' . radius_strerror($res). "<br>\n";`
		192	`exit;`
		193	`}`
		194	`}`
		195
		196	`if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {`
		197	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		198	`exit;`
		199	`}`
		200
		201	`if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) {`
		202	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		203	`exit;`
		204	`}`
		205
		206	`$req = radius_send_request($res);`
		207	`if (!$req) {`
		208	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		209	`exit;`
		210	`}`
		211
		212	`switch($req) {`
		213	`case RADIUS_ACCESS_ACCEPT:`
		214	`echo "Radius Request accepted<br>\n";`
		215	`break;`
		216
		217	`case RADIUS_ACCESS_REJECT:`
		218	`echo "Radius Request rejected<br>\n";`
		219	`break;`
		220
		221	`default:`
		222	`echo "Unexpected return value:$req\n<br>";`
		223	`}`
		224
		225	`while ($resa = radius_get_attr($res)) {`
		226
		227	`if (!is_array($resa)) {`
		228	`printf ("Error getting attribute: %s\n", radius_strerror($res));`
		229	`exit;`
		230	`}`
		231
		232	`$attr = $resa['attr'];`
		233	`$data = $resa['data'];`
		234	`//printf("Got Attr:%d %d Bytes %s\n", $attr, strlen($data), bin2hex($data));`
		235
		236	`switch ($attr) {`
		237
		238	`case RADIUS_FRAMED_IP_ADDRESS:`
		239	`$ip = radius_cvt_addr($data);`
		240	`echo "IP: $ip<br>\n";`
		241	`break;`
		242
		243	`case RADIUS_FRAMED_IP_NETMASK:`
		244	`$mask = radius_cvt_addr($data);`
		245	`echo "MASK: $mask<br>\n";`
		246	`break;`
		247
		248	`case RADIUS_FRAMED_MTU:`
		249	`$mtu = radius_cvt_int($data);`
		250	`echo "MTU: $mtu<br>\n";`
		251	`break;`
		252
		253	`case RADIUS_FRAMED_COMPRESSION:`
		254	`$comp = radius_cvt_int($data);`
		255	`echo "Compression: $comp<br>\n";`
		256	`break;`
		257
		258	`case RADIUS_SESSION_TIMEOUT:`
		259	`$time = radius_cvt_int($data);`
		260	`echo "Session timeout: $time<br>\n";`
		261	`ini_set('max_execution_time', $time);`
		262	`break;`
		263
		264	`case RADIUS_IDLE_TIMEOUT:`
		265	`$idletime = radius_cvt_int($data);`
		266	`echo "Idle timeout: $idletime<br>\n";`
		267	`break;`
		268
		269	`case RADIUS_SERVICE_TYPE:`
		270	`$type = radius_cvt_int($data);`
		271	`echo "Service Type: $type<br>\n";`
		272	`break;`
		273
		274	`case RADIUS_CLASS:`
		275	`$class = radius_cvt_int($data);`
		276	`echo "Class: $class<br>\n";`
		277	`break;`
		278
		279	`case RADIUS_FRAMED_PROTOCOL:`
		280	`$proto = radius_cvt_int($data);`
		281	`echo "Protocol: $proto<br>\n";`
		282	`break;`
		283
		284	`case RADIUS_FRAMED_ROUTING:`
		285	`$rout = radius_cvt_int($data);`
		286	`echo "Routing: $rout<br>\n";`
		287	`break;`
		288
		289	`case RADIUS_FILTER_ID:`
		290	`$id = radius_cvt_string($data);`
		291	`echo "Filter ID: $id<br>\n";`
		292	`break;`
		293
		294	`case RADIUS_VENDOR_SPECIFIC:`
		295	`//printf ("Vendor specific (%d)<br>\n", $attr);`
		296
		297	`$resv = radius_get_vendor_attr($data);`
		298	`if (is_array($resv)) {`
		299	`$vendor = $resv['vendor'];`
		300	`$attrv = $resv['attr'];`
		301	`$datav = $resv['data'];`
		302
		303	`if ($vendor == RADIUS_VENDOR_MICROSOFT) {`
		304
		305	`switch ($attrv) {`
		306
		307	`case RADIUS_MICROSOFT_MS_CHAP2_SUCCESS:`
		308	`$mschap2resp = radius_cvt_string($datav);`
		309	`printf ("MS CHAPv2 success: %s<br>\n", $mschap2resp);`
		310	`break;`
		311
		312	`case RADIUS_MICROSOFT_MS_CHAP_ERROR:`
		313	`$errormsg = radius_cvt_string(substr($datav,1));`
		314	`echo "MS CHAP Error: $errormsg<br>\n";`
		315	`break;`
		316
		317	`case RADIUS_MICROSOFT_MS_CHAP_DOMAIN:`
		318	`$domain = radius_cvt_string($datav);`
		319	`echo "MS CHAP Domain: $domain<br>\n";`
		320	`break;`
		321
		322	`case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:`
		323	`$policy = radius_cvt_int($datav);`
		324	`echo "MS MPPE Policy: $policy<br>\n";`
		325	`break;`
		326
		327	`case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:`
		328	`$type = radius_cvt_int($datav);`
		329	`echo "MS MPPE Type: $type<br>\n";`
		330	`break;`
		331
		332	`case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS:`
		333	`$demangled = radius_demangle($res, $datav);`
		334	`$lmkey = substr($demangled, 0, 8);`
		335	`$ntkey = substr($demangled, 8, RADIUS_MPPE_KEY_LEN);`
		336	`printf ("MS MPPE Keys: LM-Key: %s NT-Key: %s<br>\n", bin2hex($lmkey), bin2hex($ntkey));`
		337	`break;`
		338
		339	`case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY:`
		340	`$demangled = radius_demangle_mppe_key($res, $datav);`
		341	`printf ("MS MPPE Send Key: %s<br>\n", bin2hex($demangled));`
		342	`break;`
		343
		344	`case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY:`
		345	`$demangled = radius_demangle_mppe_key($res, $datav);`
		346	`printf ("MS MPPE Send Key: %s<br>\n", bin2hex($demangled));`
		347	`break;`
		348
		349	`case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER:`
		350	`$server = radius_cvt_string($datav);`
		351	`printf ("MS Primary DNS Server: %s<br>\n", $server);`
		352	`break;`
		353
		354	`default:`
		355	`printf("Unexpected Microsoft attribute: %d<br>\n", $attrv);`
		356	`}`
		357
		358	`}`
		359
		360	`} else {`
		361	`printf ("Error getting Vendor attribute %s<br>\n", radius_strerror($res));`
		362	`}`
		363	`break;`
		364
		365	`default:`
		366	`printf("Unexpected attribute: %d<br>\n", $attr);`
		367	`}`
		368	`}`
		369
		370	`$secret = radius_server_secret($res);`
		371	`if (!$secret) {`
		372	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		373	`exit;`
		374	`} else {`
		375	`echo "Shared Secret:$secret<br>\n";`
		376	`}`
		377
		378	`$authent = radius_request_authenticator($res);`
		379	`if (!$authent) {`
		380	`echo 'RadiusError:' . radius_strerror($res). "\n<br>";`
		381	`exit;`
		382	`} else {`
		383	`printf ("Request Authenticator:%s Len:%d<br>\n", bin2hex($authent), strlen($authent));`
		384	`}`
		385
		386	`radius_close($res);`
		387
		388	`?>`

Subversion-Projekte lars-tiefland.php_share

(root)/docs/radius/examples/radius-auth.php – Revision 1