PageRenderTime 58ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 1ms

/shared/radius/radius.class.php

https://bitbucket.org/biadmin/tcexam
PHP | 840 lines | 537 code | 100 blank | 203 comment | 45 complexity | 4174724b758875f798e0455f1c453434 MD5 | raw file
Possible License(s): AGPL-3.0, GPL-3.0, BSD-3-Clause, LGPL-2.1, LGPL-3.0
  1. <?php
  2. /*********************************************************************
  3. *
  4. * Pure PHP radius class
  5. *
  6. * This Radius class is a radius client implementation in pure PHP
  7. * following the RFC 2865 rules (http://www.ietf.org/rfc/rfc2865.txt)
  8. *
  9. * This class works with at least the following RADIUS servers:
  10. * - Authenex Strong Authentication System (ASAS) with two-factor authentication
  11. * - FreeRADIUS, a free Radius server implementation for Linux and *nix environments
  12. * - Microsoft Radius server IAS
  13. * - Mideye RADIUS server (http://www.mideye.com)
  14. * - Radl, a free Radius server for Windows
  15. * - RSA SecurID
  16. * - VASCO Middleware 3.0 server
  17. * - WinRadius, Windows Radius server (free for 5 users)
  18. * - ZyXEL ZyWALL OTP (Authenex ASAS branded by ZyXEL, cheaper)
  19. *
  20. *
  21. * LICENCE
  22. *
  23. * Copyright (c) 2008, SysCo systemes de communication sa
  24. * SysCo (tm) is a trademark of SysCo systemes de communication sa
  25. * (http://www.sysco.ch/)
  26. * All rights reserved.
  27. *
  28. * This file is part of the Pure PHP radius class
  29. *
  30. * Pure PHP radius class is free software; you can redistribute it and/or
  31. * modify it under the terms of the GNU Lesser General Public License as
  32. * published by the Free Software Foundation, either version 3 of the License,
  33. * or (at your option) any later version.
  34. *
  35. * Pure PHP radius class is distributed in the hope that it will be useful,
  36. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  37. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  38. * GNU Lesser General Public License for more details.
  39. *
  40. * You should have received a copy of the GNU Lesser General Public
  41. * License along with Pure PHP radius class.
  42. * If not, see <http://www.gnu.org/licenses/>.
  43. *
  44. *
  45. * @author: SysCo/al
  46. * @since CreationDate: 2008-01-04
  47. * @copyright (c) 2008 by SysCo systemes de communication sa
  48. * @version $LastChangedRevision: 1.2.2 $
  49. * @version $LastChangedDate: 2009-01-05 $
  50. * @version $LastChangedBy: SysCo/al $
  51. * @link $HeadURL: radius.class.php $
  52. * @link http://developer.sysco.ch/php/
  53. * @link developer@sysco.ch
  54. * Language: PHP 4.0.7 or higher
  55. *
  56. *
  57. * Usage
  58. *
  59. * require_once('radius.class.php');
  60. * $radius = new Radius($ip_radius_server = 'radius_server_ip_address', $shared_secret = 'radius_shared_secret'[, $radius_suffix = 'optional_radius_suffix'[, $udp_timeout = udp_timeout_in_seconds[, $authentication_port = 1812]]]);
  61. * $result = $radius->Access_Request($username = 'username', $password = 'password'[, $udp_timeout = udp_timeout_in_seconds]);
  62. *
  63. *
  64. * Examples
  65. *
  66. * Example 1
  67. * <?php
  68. * require_once('radius.class.php');
  69. * $radius = new Radius('127.0.0.1', 'secret');
  70. * $radius->SetNasIpAddress('1.2.3.4'); // Needed for some devices, and not auto_detected if PHP not runned through a web server
  71. * if ($radius->AccessRequest('user', 'pass'))
  72. * {
  73. * echo "Authentication accepted.";
  74. * }
  75. * else
  76. * {
  77. * echo "Authentication rejected.";
  78. * }
  79. * ?>
  80. *
  81. * Example 2
  82. * <?php
  83. * require_once('radius.class.php');
  84. * $radius = new Radius('127.0.0.1', 'secret');
  85. * $radius->SetNasPort(0);
  86. * $radius->SetNasIpAddress('1.2.3.4'); // Needed for some devices, and not auto_detected if PHP not runned through a web server
  87. * if ($radius->AccessRequest('user', 'pass'))
  88. * {
  89. * echo "Authentication accepted.";
  90. * echo "<br />";
  91. * }
  92. * else
  93. * {
  94. * echo "Authentication rejected.";
  95. * echo "<br />";
  96. * }
  97. * echo $radius->GetReadableReceivedAttributes();
  98. * ?>
  99. *
  100. *
  101. * External file needed
  102. *
  103. * none.
  104. *
  105. *
  106. * External file created
  107. *
  108. * none.
  109. *
  110. *
  111. * Special issues
  112. *
  113. * - Sockets support must be enabled.
  114. * * In Linux and *nix environments, the extension is enabled at
  115. * compile time using the --enable-sockets configure option
  116. * * In Windows, PHP Sockets can be activated by un-commenting
  117. * extension=php_sockets.dll in php.ini
  118. *
  119. *
  120. * Other related ressources
  121. *
  122. * FreeRADIUS, a free Radius server implementation for Linux and *nix environments:
  123. * http://www.freeradius.org/
  124. *
  125. * WinRadius, Windows Radius server (free for 5 users):
  126. * http://www.itconsult2000.com/en/product/WinRadius.zip
  127. *
  128. * Radl, a free Radius server for Windows:
  129. * http://www.loriotpro.com/Products/RadiusServer/FreeRadiusServer_EN.php
  130. *
  131. * DOS command line Radius client:
  132. * http://www.itconsult2000.com/en/product/WinRadiusClient.zip
  133. *
  134. *
  135. * Users feedbacks and comments
  136. *
  137. * 2008-07-02 Pim Koeman/Parantion
  138. *
  139. * When using a radius connection behind a linux iptables firewall
  140. * allow port 1812 and 1813 with udp protocol
  141. *
  142. * IPTABLES EXAMPLE (command line):
  143. * iptables -A AlwaysACCEPT -p udp --dport 1812 -j ACCEPT
  144. * iptables -A AlwaysACCEPT -p udp --dport 1813 -j ACCEPT
  145. *
  146. * or put the lines in /etc/sysconfig/iptables (red-hat type systems (fedora, centos, rhel etc.)
  147. * -A AlwaysACCEPT -p udp --dport 1812 -j ACCEPT
  148. * -A AlwaysACCEPT -p udp --dport 1813 -j ACCEPT
  149. *
  150. *
  151. * Change Log
  152. *
  153. * 2009-01-05 1.2.2 SysCo/al Added Robert Svensson feedback, Mideye RADIUS server is supported
  154. * 2008-11-11 1.2.1 SysCo/al Added Carlo Ferrari resolution in examples (add NAS IP Address for a VASCO Middleware server)
  155. * 2008-07-07 1.2 SysCo/al Added Pim Koeman (Parantion) contribution
  156. * - comments concerning using radius behind a linux iptables firewall
  157. * Added Jon Bright (tick Trading Software AG) contribution
  158. * - false octal encoding with 0xx indexes (indexes are now rewritten in xx only)
  159. * - challenge/response support for the RSA SecurID New-PIN mode
  160. * Added GetRadiusPacketInfo() method
  161. * Added GetAttributesInfo() method
  162. * Added DecodeVendorSpecificContent() (to answer Raul Carvalho's question)
  163. * Added Decoded Vendor Specific Content in debug messages
  164. * 2008-02-04 1.1 SysCo/al Typo error for the udp_timeout parameter (line 256 in the version 1.0)
  165. * 2008-01-07 1.0 SysCo/al Initial release
  166. *
  167. *********************************************************************/
  168. /*********************************************************************
  169. *
  170. * Radius
  171. * Pure PHP radius class
  172. *
  173. * Creation 2008-01-04
  174. * Update 2009-01-05
  175. * @package radius
  176. * @version v.1.2.2
  177. * @author SysCo/al
  178. *
  179. *********************************************************************/
  180. class Radius
  181. {
  182. var $_ip_radius_server; // Radius server IP address
  183. var $_shared_secret; // Shared secret with the radius server
  184. var $_radius_suffix; // Radius suffix (default is '');
  185. var $_udp_timeout; // Timeout of the UDP connection in seconds (default value is 5)
  186. var $_authentication_port; // Authentication port (default value is 1812)
  187. var $_accounting_port; // Accouting port (default value is 1813)
  188. var $_nas_ip_address; // NAS IP address
  189. var $_nas_port; // NAS port
  190. var $_encrypted_password; // Encrypted password, as described in the RFC 2865
  191. var $_user_ip_address; // Remote IP address of the user
  192. var $_request_authenticator; // Request-Authenticator, 16 octets random number
  193. var $_response_authenticator; // Request-Authenticator, 16 octets random number
  194. var $_username; // Username to sent to the Radius server
  195. var $_password; // Password to sent to the Radius server (clear password, must be encrypted)
  196. var $_identifier_to_send; // Identifier field for the packet to be sent
  197. var $_identifier_received; // Identifier field for the received packet
  198. var $_radius_packet_to_send; // Radius packet code (1=Access-Request, 2=Access-Accept, 3=Access-Reject, 4=Accounting-Request, 5=Accounting-Response, 11=Access-Challenge, 12=Status-Server (experimental), 13=Status-Client (experimental), 255=Reserved
  199. var $_radius_packet_received; // Radius packet code (1=Access-Request, 2=Access-Accept, 3=Access-Reject, 4=Accounting-Request, 5=Accounting-Response, 11=Access-Challenge, 12=Status-Server (experimental), 13=Status-Client (experimental), 255=Reserved
  200. var $_attributes_to_send; // Radius attributes to send
  201. var $_attributes_received; // Radius attributes received
  202. var $_socket_to_server; // Socket connection
  203. var $_debug_mode; // Debug mode flag
  204. var $_attributes_info; // Attributes info array
  205. var $_radius_packet_info; // Radius packet codes info array
  206. var $_last_error_code; // Last error code
  207. var $_last_error_message; // Last error message
  208. /*********************************************************************
  209. *
  210. * Name: Radius
  211. * short description: Radius class constructor
  212. *
  213. * Creation 2008-01-04
  214. * Update 2009-01-05
  215. * @version v.1.2.2
  216. * @author SysCo/al
  217. * @param string ip address of the radius server
  218. * @param string shared secret with the radius server
  219. * @param string radius domain name suffix (default is empty)
  220. * @param integer UDP timeout (default is 5)
  221. * @param integer authentication port
  222. * @param integer accounting port
  223. * @return NULL
  224. *********************************************************************/
  225. public function Radius($ip_radius_server = '127.0.0.1', $shared_secret = '', $radius_suffix = '', $udp_timeout = 5, $authentication_port = 1812, $accounting_port = 1813)
  226. {
  227. $this->_radius_packet_info[1] = 'Access-Request';
  228. $this->_radius_packet_info[2] = 'Access-Accept';
  229. $this->_radius_packet_info[3] = 'Access-Reject';
  230. $this->_radius_packet_info[4] = 'Accounting-Request';
  231. $this->_radius_packet_info[5] = 'Accounting-Response';
  232. $this->_radius_packet_info[11] = 'Access-Challenge';
  233. $this->_radius_packet_info[12] = 'Status-Server (experimental)';
  234. $this->_radius_packet_info[13] = 'Status-Client (experimental)';
  235. $this->_radius_packet_info[255] = 'Reserved';
  236. $this->_attributes_info[1] = array('User-Name', 'S');
  237. $this->_attributes_info[2] = array('User-Password', 'S');
  238. $this->_attributes_info[3] = array('CHAP-Password', 'S'); // Type (1) / Length (1) / CHAP Ident (1) / String
  239. $this->_attributes_info[4] = array('NAS-IP-Address', 'A');
  240. $this->_attributes_info[5] = array('NAS-Port', 'I');
  241. $this->_attributes_info[6] = array('Service-Type', 'I');
  242. $this->_attributes_info[7] = array('Framed-Protocol', 'I');
  243. $this->_attributes_info[8] = array('Framed-IP-Address', 'A');
  244. $this->_attributes_info[9] = array('Framed-IP-Netmask', 'A');
  245. $this->_attributes_info[10] = array('Framed-Routing', 'I');
  246. $this->_attributes_info[11] = array('Filter-Id', 'T');
  247. $this->_attributes_info[12] = array('Framed-MTU', 'I');
  248. $this->_attributes_info[13] = array('Framed-Compression', 'I');
  249. $this->_attributes_info[14] = array( 'Login-IP-Host', 'A');
  250. $this->_attributes_info[15] = array('Login-service', 'I');
  251. $this->_attributes_info[16] = array('Login-TCP-Port', 'I');
  252. $this->_attributes_info[17] = array('(unassigned)', '');
  253. $this->_attributes_info[18] = array('Reply-Message', 'T');
  254. $this->_attributes_info[19] = array('Callback-Number', 'S');
  255. $this->_attributes_info[20] = array('Callback-Id', 'S');
  256. $this->_attributes_info[21] = array('(unassigned)', '');
  257. $this->_attributes_info[22] = array('Framed-Route', 'T');
  258. $this->_attributes_info[23] = array('Framed-IPX-Network', 'I');
  259. $this->_attributes_info[24] = array('State', 'S');
  260. $this->_attributes_info[25] = array('Class', 'S');
  261. $this->_attributes_info[26] = array('Vendor-Specific', 'S'); // Type (1) / Length (1) / Vendor-Id (4) / Vendor type (1) / Vendor length (1) / Attribute-Specific...
  262. $this->_attributes_info[27] = array('Session-Timeout', 'I');
  263. $this->_attributes_info[28] = array('Idle-Timeout', 'I');
  264. $this->_attributes_info[29] = array('Termination-Action', 'I');
  265. $this->_attributes_info[30] = array('Called-Station-Id', 'S');
  266. $this->_attributes_info[31] = array('Calling-Station-Id', 'S');
  267. $this->_attributes_info[32] = array('NAS-Identifier', 'S');
  268. $this->_attributes_info[33] = array('Proxy-State', 'S');
  269. $this->_attributes_info[34] = array('Login-LAT-Service', 'S');
  270. $this->_attributes_info[35] = array('Login-LAT-Node', 'S');
  271. $this->_attributes_info[36] = array('Login-LAT-Group', 'S');
  272. $this->_attributes_info[37] = array('Framed-AppleTalk-Link', 'I');
  273. $this->_attributes_info[38] = array('Framed-AppleTalk-Network', 'I');
  274. $this->_attributes_info[39] = array('Framed-AppleTalk-Zone', 'S');
  275. $this->_attributes_info[60] = array('CHAP-Challenge', 'S');
  276. $this->_attributes_info[61] = array('NAS-Port-Type', 'I');
  277. $this->_attributes_info[62] = array('Port-Limit', 'I');
  278. $this->_attributes_info[63] = array('Login-LAT-Port', 'S');
  279. $this->_attributes_info[76] = array('Prompt', 'I');
  280. $this->_identifier_to_send = 0;
  281. $this->_user_ip_address = (isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'0.0.0.0');
  282. $this->GenerateRequestAuthenticator();
  283. $this->SetIpRadiusServer($ip_radius_server);
  284. $this->SetSharedSecret($shared_secret);
  285. $this->SetAuthenticationPort($authentication_port);
  286. $this->SetAccountingPort($accounting_port);
  287. $this->SetRadiusSuffix($radius_suffix);
  288. $this->SetUdpTimeout($udp_timeout);
  289. $this->SetUsername();
  290. $this->SetPassword();
  291. $this->SetNasIpAddress();
  292. $this->SetNasPort();
  293. $this->ClearLastError();
  294. $this->ClearDataToSend();
  295. $this->ClearDataReceived();
  296. }
  297. function GetNextIdentifier()
  298. {
  299. $this->_identifier_to_send = (($this->_identifier_to_send + 1) % 256);
  300. return $this->_identifier_to_send;
  301. }
  302. function GenerateRequestAuthenticator()
  303. {
  304. $this->_request_authenticator = '';
  305. for ($ra_loop = 0; $ra_loop <= 15; $ra_loop++)
  306. {
  307. $this->_request_authenticator .= chr(rand(1, 255));
  308. }
  309. }
  310. function GetRequestAuthenticator()
  311. {
  312. return $this->_request_authenticator;
  313. }
  314. function GetLastError()
  315. {
  316. if (0 < $this->_last_error_code)
  317. {
  318. return $this->_last_error_message.' ('.$this->_last_error_code.')';
  319. }
  320. else
  321. {
  322. return '';
  323. }
  324. }
  325. function ClearDataToSend()
  326. {
  327. $this->_radius_packet_to_send = 0;
  328. $this->_attributes_to_send = NULL;
  329. }
  330. function ClearDataReceived()
  331. {
  332. $this->_radius_packet_received = 0;
  333. $this->_attributes_received = NULL;
  334. }
  335. function SetPacketCodeToSend($packet_code)
  336. {
  337. $this->_radius_packet_to_send = $packet_code;
  338. }
  339. function SetDebugMode($debug_mode)
  340. {
  341. $this->_debug_mode = (TRUE === $debug_mode);
  342. }
  343. function SetIpRadiusServer($ip_radius_server)
  344. {
  345. $this->_ip_radius_server = gethostbyname($ip_radius_server);
  346. }
  347. function SetSharedSecret($shared_secret)
  348. {
  349. $this->_shared_secret = $shared_secret;
  350. }
  351. function SetRadiusSuffix($radius_suffix)
  352. {
  353. $this->_radius_suffix = $radius_suffix;
  354. }
  355. function SetUsername($username = '')
  356. {
  357. $temp_username = $username;
  358. if (false === strpos($temp_username, '@'))
  359. {
  360. $temp_username .= $this->_radius_suffix;
  361. }
  362. $this->_username = $temp_username;
  363. $this->SetAttribute(1, $this->_username);
  364. }
  365. function SetPassword($password = '')
  366. {
  367. $this->_password = $password;
  368. $encrypted_password = '';
  369. $padded_password = $password;
  370. if (0 != (strlen($password)%16))
  371. {
  372. $padded_password .= str_repeat(chr(0),(16-strlen($password)%16));
  373. }
  374. $previous_result = $this->_request_authenticator;
  375. for ($full_loop = 0; $full_loop < (strlen($padded_password)/16); $full_loop++)
  376. {
  377. $xor_value = md5($this->_shared_secret.$previous_result);
  378. $previous_result = '';
  379. for ($xor_loop = 0; $xor_loop <= 15; $xor_loop++)
  380. {
  381. $value1 = ord(substr($padded_password, ($full_loop * 16) + $xor_loop, 1));
  382. $value2 = hexdec(substr($xor_value, 2*$xor_loop, 2));
  383. $xor_result = $value1 ^ $value2;
  384. $previous_result .= chr($xor_result);
  385. }
  386. $encrypted_password .= $previous_result;
  387. }
  388. $this->_encrypted_password = $encrypted_password;
  389. $this->SetAttribute(2, $this->_encrypted_password);
  390. }
  391. function SetNasIPAddress($nas_ip_address = '')
  392. {
  393. if (0 < strlen($nas_ip_address))
  394. {
  395. $this->_nas_ip_address = gethostbyname($nas_ip_address);
  396. }
  397. else
  398. {
  399. $this->_nas_ip_address = gethostbyname(isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'0.0.0.0');
  400. }
  401. $this->SetAttribute(4, $this->_nas_ip_address);
  402. }
  403. function SetNasPort($nas_port = 0)
  404. {
  405. $this->_nas_port = intval($nas_port);
  406. $this->SetAttribute(5, $this->_nas_port);
  407. }
  408. function SetUdpTimeout($udp_timeout = 5)
  409. {
  410. if (intval($udp_timeout) > 0)
  411. {
  412. $this->_udp_timeout = intval($udp_timeout);
  413. }
  414. }
  415. function ClearLastError()
  416. {
  417. $this->_last_error_code = 0;
  418. $this->_last_error_message = '';
  419. }
  420. function SetAuthenticationPort($authentication_port)
  421. {
  422. if ((intval($authentication_port) > 0) && (intval($authentication_port) < 65536))
  423. {
  424. $this->_authentication_port = intval($authentication_port);
  425. }
  426. }
  427. function SetAccountingPort($accounting_port)
  428. {
  429. if ((intval($accounting_port) > 0) && (intval($accounting_port) < 65536))
  430. {
  431. $this->_accounting_port = intval($accounting_port);
  432. }
  433. }
  434. function GetReceivedPacket()
  435. {
  436. return $this->_radius_packet_received;
  437. }
  438. function GetReceivedAttributes()
  439. {
  440. return $this->_attributes_received;
  441. }
  442. function GetReadableReceivedAttributes()
  443. {
  444. $readable_attributes = '';
  445. if (isset($this->_attributes_received))
  446. {
  447. foreach($this->_attributes_received as $one_received_attribute)
  448. {
  449. $attributes_info = $this->GetAttributesInfo($one_received_attribute[0]);
  450. $readable_attributes .= $attributes_info[0].": ";
  451. if (26 == $one_received_attribute[0])
  452. {
  453. $vendor_array = $this->DecodeVendorSpecificContent($one_received_attribute[1]);
  454. foreach($vendor_array as $vendor_one)
  455. {
  456. $readable_attributes .= 'Vendor-Id: '.$vendor_one[0].", Vendor-type: ".$vendor_one[1].", Attribute-specific: ".$vendor_one[2];
  457. }
  458. }
  459. else
  460. {
  461. $readable_attributes .= $one_received_attribute[1];
  462. }
  463. $readable_attributes .= "<br />\n";
  464. }
  465. }
  466. return $readable_attributes;
  467. }
  468. function GetAttribute($attribute_type)
  469. {
  470. $attribute_value = NULL;
  471. foreach($this->_attributes_received as $one_received_attribute)
  472. {
  473. if (intval($attribute_type) == $one_received_attribute[0])
  474. {
  475. $attribute_value = $one_received_attribute[1];
  476. break;
  477. }
  478. }
  479. return $attribute_value;
  480. }
  481. function GetRadiusPacketInfo($info_index)
  482. {
  483. if (isset($this->_radius_packet_info[intval($info_index)]))
  484. {
  485. return $this->_radius_packet_info[intval($info_index)];
  486. }
  487. else
  488. {
  489. return '';
  490. }
  491. }
  492. function GetAttributesInfo($info_index)
  493. {
  494. if (isset($this->_attributes_info[intval($info_index)]))
  495. {
  496. return $this->_attributes_info[intval($info_index)];
  497. }
  498. else
  499. {
  500. return array('','');
  501. }
  502. }
  503. function DebugInfo($debug_info)
  504. {
  505. if ($this->_debug_mode)
  506. {
  507. echo date('Y-m-d H:i:s').' DEBUG: ';
  508. echo $debug_info;
  509. echo '<br />';
  510. flush();
  511. }
  512. }
  513. function SetAttribute($type, $value)
  514. {
  515. $attribute_index = -1;
  516. for ($attributes_loop = 0; $attributes_loop < count($this->_attributes_to_send); $attributes_loop++)
  517. {
  518. if ($type == ord(substr($this->_attributes_to_send[$attributes_loop], 0, 1)))
  519. {
  520. $attribute_index = $attributes_loop;
  521. break;
  522. }
  523. }
  524. $temp_attribute = NULL;
  525. if (isset($this->_attributes_info[$type]))
  526. {
  527. switch ($this->_attributes_info[$type][1])
  528. {
  529. case 'T': // Text, 1-253 octets containing UTF-8 encoded ISO 10646 characters (RFC 2279).
  530. $temp_attribute = chr($type).chr(2+strlen($value)).$value;
  531. break;
  532. case 'S': // String, 1-253 octets containing binary data (values 0 through 255 decimal, inclusive).
  533. $temp_attribute = chr($type).chr(2+strlen($value)).$value;
  534. break;
  535. case 'A': // Address, 32 bit value, most significant octet first.
  536. $ip_array = explode(".", $value);
  537. $temp_attribute = chr($type).chr(6).chr($ip_array[0]).chr($ip_array[1]).chr($ip_array[2]).chr($ip_array[3]);
  538. break;
  539. case 'I': // Integer, 32 bit unsigned value, most significant octet first.
  540. $temp_attribute = chr($type).chr(6).chr(($value/(256*256*256))%256).chr(($value/(256*256))%256).chr(($value/(256))%256).chr($value%256);
  541. break;
  542. case 'D': // Time, 32 bit unsigned value, most significant octet first -- seconds since 00:00:00 UTC, January 1, 1970. (not used in this RFC)
  543. $temp_attribute = NULL;
  544. break;
  545. default:
  546. $temp_attribute = NULL;
  547. }
  548. }
  549. if ($attribute_index > -1)
  550. {
  551. $this->_attributes_to_send[$attribute_index] = $temp_attribute;
  552. $additional_debug = 'Modified';
  553. }
  554. else
  555. {
  556. $this->_attributes_to_send[] = $temp_attribute;
  557. $additional_debug = 'Added';
  558. }
  559. $attribute_info = $this->GetAttributesInfo($type);
  560. $this->DebugInfo($additional_debug.' Attribute '.$type.' ('.$attribute_info[0].'), format '.$attribute_info[1].', value <em>'.$value.'</em>');
  561. }
  562. function DecodeAttribute($attribute_raw_value, $attribute_format)
  563. {
  564. $attribute_value = NULL;
  565. if (isset($this->_attributes_info[$attribute_format]))
  566. {
  567. switch ($this->_attributes_info[$attribute_format][1])
  568. {
  569. case 'T': // Text, 1-253 octets containing UTF-8 encoded ISO 10646 characters (RFC 2279).
  570. $attribute_value = $attribute_raw_value;
  571. break;
  572. case 'S': // String, 1-253 octets containing binary data (values 0 through 255 decimal, inclusive).
  573. $attribute_value = $attribute_raw_value;
  574. break;
  575. case 'A': // Address, 32 bit value, most significant octet first.
  576. $attribute_value = ord(substr($attribute_raw_value, 0, 1)).'.'.ord(substr($attribute_raw_value, 1, 1)).'.'.ord(substr($attribute_raw_value, 2, 1)).'.'.ord(substr($attribute_raw_value, 3, 1));
  577. break;
  578. case 'I': // Integer, 32 bit unsigned value, most significant octet first.
  579. $attribute_value = (ord(substr($attribute_raw_value, 0, 1))*256*256*256)+(ord(substr($attribute_raw_value, 1, 1))*256*256)+(ord(substr($attribute_raw_value, 2, 1))*256)+ord(substr($attribute_raw_value, 3, 1));
  580. break;
  581. case 'D': // Time, 32 bit unsigned value, most significant octet first -- seconds since 00:00:00 UTC, January 1, 1970. (not used in this RFC)
  582. $attribute_value = NULL;
  583. break;
  584. default:
  585. $attribute_value = NULL;
  586. }
  587. }
  588. return $attribute_value;
  589. }
  590. /*********************************************************************
  591. * Array returned: array(array(Vendor-Id1, Vendor type1, Attribute-Specific1), ..., array(Vendor-IdN, Vendor typeN, Attribute-SpecificN)
  592. *********************************************************************/
  593. function DecodeVendorSpecificContent($vendor_specific_raw_value)
  594. {
  595. $result = array();
  596. $offset_in_raw = 0;
  597. $vendor_id = (ord(substr($vendor_specific_raw_value, 0, 1))*256*256*256)+(ord(substr($vendor_specific_raw_value, 1, 1))*256*256)+(ord(substr($vendor_specific_raw_value, 2, 1))*256)+ord(substr($vendor_specific_raw_value, 3, 1));
  598. $offset_in_raw += 4;
  599. while ($offset_in_raw < strlen($vendor_specific_raw_value))
  600. {
  601. $vendor_type = (ord(substr($vendor_specific_raw_value, 0+$offset_in_raw, 1)));
  602. $vendor_length = (ord(substr($vendor_specific_raw_value, 1+$offset_in_raw, 1)));
  603. $attribute_specific = substr($vendor_specific_raw_value, 2+$offset_in_raw, $vendor_length);
  604. $result[] = array($vendor_id, $vendor_type, $attribute_specific);
  605. $offset_in_raw += ($vendor_length);
  606. }
  607. return $result;
  608. }
  609. /*
  610. * Function : AccessRequest
  611. *
  612. * Return TRUE if Access-Request is accepted, FALSE otherwise
  613. */
  614. function AccessRequest($username = '', $password = '', $udp_timeout = 0, $state = NULL)
  615. {
  616. $this->ClearDataReceived();
  617. $this->ClearLastError();
  618. $this->SetPacketCodeToSend(1); // Access-Request
  619. if (0 < strlen($username))
  620. {
  621. $this->SetUsername($username);
  622. }
  623. if (0 < strlen($password))
  624. {
  625. $this->SetPassword($password);
  626. }
  627. if ($state!==NULL)
  628. {
  629. $this->SetAttribute(24, $state);
  630. }
  631. else
  632. {
  633. $this->SetAttribute(6, 1); // 1=Login
  634. }
  635. if (intval($udp_timeout) > 0)
  636. {
  637. $this->SetUdpTimeout($udp_timeout);
  638. }
  639. $attributes_content = '';
  640. for ($attributes_loop = 0; $attributes_loop < count($this->_attributes_to_send); $attributes_loop++)
  641. {
  642. $attributes_content .= $this->_attributes_to_send[$attributes_loop];
  643. }
  644. $packet_length = 4; // Radius packet code + Identifier + Length high + Length low
  645. $packet_length += strlen($this->_request_authenticator); // Request-Authenticator
  646. $packet_length += strlen($attributes_content); // Attributes
  647. $packet_data = chr($this->_radius_packet_to_send);
  648. $packet_data .= chr($this->GetNextIdentifier());
  649. $packet_data .= chr(intval($packet_length/256));
  650. $packet_data .= chr(intval($packet_length%256));
  651. $packet_data .= $this->_request_authenticator;
  652. $packet_data .= $attributes_content;
  653. $_socket_to_server = socket_create(AF_INET, SOCK_DGRAM, 17); // UDP packet = 17
  654. if ($_socket_to_server === FALSE)
  655. {
  656. $this->_last_error_code = socket_last_error();
  657. $this->_last_error_message = socket_strerror($this->_last_error_code);
  658. }
  659. elseif (FALSE === socket_connect($_socket_to_server, $this->_ip_radius_server, $this->_authentication_port))
  660. {
  661. $this->_last_error_code = socket_last_error();
  662. $this->_last_error_message = socket_strerror($this->_last_error_code);
  663. }
  664. elseif (FALSE === socket_write($_socket_to_server, $packet_data, $packet_length))
  665. {
  666. $this->_last_error_code = socket_last_error();
  667. $this->_last_error_message = socket_strerror($this->_last_error_code);
  668. }
  669. else
  670. {
  671. $this->DebugInfo('<b>Packet type '.$this->_radius_packet_to_send.' ('.$this->GetRadiusPacketInfo($this->_radius_packet_to_send).')'.' sent</b>');
  672. if ($this->_debug_mode)
  673. {
  674. $readable_attributes = '';
  675. foreach($this->_attributes_to_send as $one_attribute_to_send)
  676. {
  677. $attribute_info = $this->GetAttributesInfo(ord(substr($one_attribute_to_send,0,1)));
  678. $this->DebugInfo('Attribute '.ord(substr($one_attribute_to_send,0,1)).' ('.$attribute_info[0].'), length '.(ord(substr($one_attribute_to_send,1,1))-2).', format '.$attribute_info[1].', value <em>'.$this->DecodeAttribute(substr($one_attribute_to_send,2), ord(substr($one_attribute_to_send,0,1))).'</em>');
  679. }
  680. }
  681. $read_socket_array = array($_socket_to_server);
  682. $write_socket_array = NULL;
  683. $except_socket_array = NULL;
  684. $received_packet = chr(0);
  685. if (!(FALSE === socket_select($read_socket_array, $write_socket_array, $except_socket_array, $this->_udp_timeout)))
  686. {
  687. if (in_array($_socket_to_server, $read_socket_array))
  688. {
  689. if (FALSE === ($received_packet = @socket_read($_socket_to_server, 1024))) // @ used, than no error is displayed if the connection is closed by the remote host
  690. {
  691. $received_packet = chr(0);
  692. $this->_last_error_code = socket_last_error();
  693. $this->_last_error_message = socket_strerror($this->_last_error_code);
  694. }
  695. else
  696. {
  697. socket_close($_socket_to_server);
  698. }
  699. }
  700. }
  701. else
  702. {
  703. socket_close($_socket_to_server);
  704. }
  705. }
  706. $this->_radius_packet_received = intval(ord(substr($received_packet, 0, 1)));
  707. $this->DebugInfo('<b>Packet type '.$this->_radius_packet_received.' ('.$this->GetRadiusPacketInfo($this->_radius_packet_received).')'.' received</b>');
  708. if ($this->_radius_packet_received > 0)
  709. {
  710. $this->_identifier_received = intval(ord(substr($received_packet, 1, 1)));
  711. $packet_length = (intval(ord(substr($received_packet, 2, 1))) * 256) + (intval(ord(substr($received_packet, 3, 1))));
  712. $this->_response_authenticator = substr($received_packet, 4, 16);
  713. $attributes_content = substr($received_packet, 20, ($packet_length - 4 - 16));
  714. while (strlen($attributes_content) > 2)
  715. {
  716. $attribute_type = intval(ord(substr($attributes_content,0,1)));
  717. $attribute_length = intval(ord(substr($attributes_content,1,1)));
  718. $attribute_raw_value = substr($attributes_content,2,$attribute_length-2);
  719. $attributes_content = substr($attributes_content, $attribute_length);
  720. $attribute_value = $this->DecodeAttribute($attribute_raw_value, $attribute_type);
  721. $attribute_info = $this->GetAttributesInfo($attribute_type);
  722. if (26 == $attribute_type)
  723. {
  724. $vendor_array = $this->DecodeVendorSpecificContent($attribute_value);
  725. foreach($vendor_array as $vendor_one)
  726. {
  727. $this->DebugInfo('Attribute '.$attribute_type.' ('.$attribute_info[0].'), length '.($attribute_length-2).', format '.$attribute_info[1].', Vendor-Id: '.$vendor_one[0].", Vendor-type: ".$vendor_one[1].", Attribute-specific: ".$vendor_one[2]);
  728. }
  729. }
  730. else
  731. {
  732. $this->DebugInfo('Attribute '.$attribute_type.' ('.$attribute_info[0].'), length '.($attribute_length-2).', format '.$attribute_info[1].', value <em>'.$attribute_value.'</em>');
  733. }
  734. $this->_attributes_received[] = array($attribute_type, $attribute_value);
  735. }
  736. }
  737. return (2 == ($this->_radius_packet_received));
  738. }
  739. }
  740. ?>