radius.php

很棒的在线教学系统

                    case RADIUS_MICROSOFT_MS_CHAP_DOMAIN:
                        $this->attributes['ms_chap_domain'] = radius_cvt_string($datav);
                        break;

                    case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
                        $this->attributes['ms_mppe_encryption_policy'] = radius_cvt_int($datav);
                        break;

                    case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:
                        $this->attributes['ms_mppe_encryption_types'] = radius_cvt_int($datav);
                        break;

                    case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS:
                        $demangled = radius_demangle($this->res, $datav);
                        $this->attributes['ms_chap_mppe_lm_key'] = substr($demangled, 0, 8);
                        $this->attributes['ms_chap_mppe_nt_key'] = substr($demangled, 8, RADIUS_MPPE_KEY_LEN);
                        break;

                    case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY:
                        $this->attributes['ms_chap_mppe_send_key'] = radius_demangle_mppe_key($this->res, $datav);
                        break;

                    case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY:
                        $this->attributes['ms_chap_mppe_recv_key'] = radius_demangle_mppe_key($this->res, $datav);
                        break;

                    case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER:
                        $this->attributes['ms_primary_dns_server'] = radius_cvt_string($datav);
                        break;
                    }
                }
                break;

            }
        }

        return true;
    }

    /**
     * Frees resources.
     *
     * Calling this method is always a good idea, because all security relevant
     * attributes are filled with Nullbytes to leave nothing in the mem.
     *
     * @access public
     */
    function close()
    {
        if ($this->res != null) {
            radius_close($this->res);
            $this->res = null;
        }
        $this->username = str_repeat("\0", strlen($this->username));
        $this->password = str_repeat("\0", strlen($this->password));
    }

}

/**
 * class Auth_RADIUS_PAP
 *
 * Class for authenticating using PAP (Plaintext)
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_PAP extends Auth_RADIUS
{

    /**
     * Constructor
     *
     * @param  string  $username   Username
     * @param  string  $password   Password
     * @return void
     */
    function Auth_RADIUS_PAP($username = null, $password = null)
    {
        $this->Auth_RADIUS();
        $this->username = $username;
        $this->password = $password;
    }

    /**
     * Creates a RADIUS resource
     *
     * Creates a RADIUS resource for authentication. This should be the first
     * call before you make any other things with the library.
     *
     * @return bool   true on success, false on error
     */
    function open()
    {
        $this->res = radius_auth_open();
        if (!$this->res) {
            return false;
        }
        return true;
    }

    /**
     * Creates an authentication request
     *
     * Creates an authentication request.
     * You MUST call this method before you can put any attribute
     *
     * @return bool   true on success, false on error
     */
    function createRequest()
    {
        if (!radius_create_request($this->res, RADIUS_ACCESS_REQUEST)) {
            return false;
        }
        return true;
    }

    /**
     * Put authentication specific attributes
     *
     * @return void
     */
    function putAuthAttributes()
    {
        if (isset($this->username)) {
            $this->putAttribute(RADIUS_USER_NAME, $this->username);
        }
        if (isset($this->password)) {
            $this->putAttribute(RADIUS_USER_PASSWORD, $this->password);
        }
    }

}

/**
 * class Auth_RADIUS_CHAP_MD5
 *
 * Class for authenticating using CHAP-MD5 see RFC1994.
 * Instead og the plaintext password the challenge and
 * the response are needed.
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_CHAP_MD5 extends Auth_RADIUS_PAP
{
    /**
     * 8 Bytes binary challenge
     * @var  string
     */
    var $challenge = null;

    /**
     * 16 Bytes MD5 response binary
     * @var  string
     */
    var $response = null;

    /**
     * Id of the authentication request. Should incremented after every request.
     * @var  integer
     */
    var $chapid = 1;

    /**
     * Constructor
     *
     * @param  string  $username   Username
     * @param  string  $challenge  8 Bytes Challenge (binary)
     * @param  integer $chapid     Requestnumber
     * @return void
     */
    function Auth_RADIUS_CHAP_MD5($username = null, $challenge = null, $chapid = 1)
    {
        $this->Auth_RADIUS_PAP();
        $this->username = $username;
        $this->challenge = $challenge;
        $this->chapid = $chapid;
    }

    /**
     * Put CHAP-MD5 specific attributes
     *
     * For authenticating using CHAP-MD5 via RADIUS you have to put the challenge
     * and the response. The chapid is inserted in the first byte of the response.
     *
     * @return void
     */
    function putAuthAttributes()
    {
        if (isset($this->username)) {
            $this->putAttribute(RADIUS_USER_NAME, $this->username);
        }
        if (isset($this->response)) {
            $response = pack('C', $this->chapid) . $this->response;
            $this->putAttribute(RADIUS_CHAP_PASSWORD, $response);
        }
        if (isset($this->challenge)) {
            $this->putAttribute(RADIUS_CHAP_CHALLENGE, $this->challenge);
        }
    }

    /**
     * Frees resources.
     *
     * Calling this method is always a good idea, because all security relevant
     * attributes are filled with Nullbytes to leave nothing in the mem.
     *
     * @access public
     */
    function close()
    {
        Auth_RADIUS_PAP::close();
        $this->challenge =  str_repeat("\0", strlen($this->challenge));
        $this->response =  str_repeat("\0", strlen($this->response));
    }

}

/**
 * class Auth_RADIUS_MSCHAPv1
 *
 * Class for authenticating using MS-CHAPv1 see RFC2433
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_MSCHAPv1 extends Auth_RADIUS_CHAP_MD5
{
    /**
     * LAN-Manager-Response
     * @var  string
     */
    var $lmResponse = null;

    /**
     * Wether using deprecated LM-Responses or not.
     * 0 = use LM-Response, 1 = use NT-Response
     * @var  bool
     */
    var $flags = 1;

    /**
     * Put MS-CHAPv1 specific attributes
     *
     * For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge
     * and the response. The response has this structure:
     * struct rad_mschapvalue {
     *   u_char ident;
     *   u_char flags;
     *   u_char lm_response[24];
     *   u_char response[24];
     * };
     *
     * @return void
     */
    function putAuthAttributes()
    {
        if (isset($this->username)) {
            $this->putAttribute(RADIUS_USER_NAME, $this->username);
        }
        if (isset($this->response) || isset($this->lmResponse)) {
            $lmResp = isset($this->lmResponse) ? $this->lmResponse : str_repeat ("\0", 24);
            $ntResp = isset($this->response)   ? $this->response :   str_repeat ("\0", 24);
            $resp = pack('CC', $this->chapid, $this->flags) . $lmResp . $ntResp;
            $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp);
        }
        if (isset($this->challenge)) {
            $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge);
        }
    }
}

/**
 * class Auth_RADIUS_MSCHAPv2
 *
 * Class for authenticating using MS-CHAPv2 see RFC2759
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_MSCHAPv2 extends Auth_RADIUS_MSCHAPv1
{
    /**
     * 16 Bytes binary challenge
     * @var  string
     */
    var $challenge = null;

    /**
     * 16 Bytes binary Peer Challenge
     * @var  string
     */
    var $peerChallenge = null;

  /**
     * Put MS-CHAPv2 specific attributes
     *
     * For authenticating using MS-CHAPv1 via RADIUS you have to put the challenge
     * and the response. The response has this structure:
     * struct rad_mschapv2value {
     *   u_char ident;
     *   u_char flags;
     *   u_char pchallenge[16];
     *   u_char reserved[8];
     *   u_char response[24];
     * };
     * where pchallenge is the peer challenge. Like for MS-CHAPv1 we set the flags field to 1.
     * @return void
     */
    function putAuthAttributes()
    {
        if (isset($this->username)) {
            $this->putAttribute(RADIUS_USER_NAME, $this->username);
        }
        if (isset($this->response) && isset($this->peerChallenge)) {
            // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response
            $resp = pack('CCa16a8a24',$this->chapid , 1, $this->peerChallenge, str_repeat("\0", 8), $this->response);
            $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp);
        }
        if (isset($this->challenge)) {
            $this->putVendorAttribute(RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $this->challenge);
        }
    }

    /**
     * Frees resources.
     *
     * Calling this method is always a good idea, because all security relevant
     * attributes are filled with Nullbytes to leave nothing in the mem.
     *
     * @access public
     */
    function close()
    {
        Auth_RADIUS_MSCHAPv1::close();
        $this->peerChallenge = str_repeat("\0", strlen($this->peerChallenge));
    }
}

/**
 * class Auth_RADIUS_Acct
 *
 * Class for RADIUS accounting
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_Acct extends Auth_RADIUS
{
    /**
     * Defines where the Authentication was made, possible values are:
     * RADIUS_AUTH_RADIUS, RADIUS_AUTH_LOCAL, RADIUS_AUTH_REMOTE
     * @var  integer
     */
    var $authentic = null;

   /**
     * Defines the type of the accounting request, on of:
     * RADIUS_START, RADIUS_STOP, RADIUS_ACCOUNTING_ON, RADIUS_ACCOUNTING_OFF
     * @var  integer
     */
    var $status_type = null;

   /**
     * The time the user was logged in in seconds
     * @var  integer
     */
    var $session_time = null;

   /**
     * A uniq identifier for the session of the user, maybe the PHP-Session-Id
     * @var  string
     */
    var $session_id = null;

    /**
     * Constructor
     *
     * Generates a predefined session_id. We use the Remote-Address, the PID, and the Current user.
     * @return void
     */
    function Auth_RADIUS_Acct()
    {
        $this->Auth_RADIUS();

        if (isset($_SERVER)) {
            $var = &$_SERVER;
        } else {
            $var = &$GLOBALS['HTTP_SERVER_VARS'];
        }

        $this->session_id = sprintf("%s:%d-%s", isset($var['REMOTE_ADDR']) ? $var['REMOTE_ADDR'] : '127.0.0.1' , getmypid(), get_current_user());
    }

    /**
     * Creates a RADIUS resource
     *
     * Creates a RADIUS resource for accounting. This should be the first
     * call before you make any other things with the library.
     *
     * @return bool   true on success, false on error
     */
    function open()
    {
        $this->res = radius_acct_open();
        if (!$this->res) {
            return false;
        }
        return true;
    }

   /**
     * Creates an accounting request
     *
     * Creates an accounting request.
     * You MUST call this method before you can put any attribute.
     *
     * @return bool   true on success, false on error
     */
    function createRequest()
    {
        if (!radius_create_request($this->res, RADIUS_ACCOUNTING_REQUEST)) {
            return false;
        }
        return true;
    }

  /**
     * Put attributes for accounting.
     *
     * Here we put some accounting values. There many more attributes for accounting,
     * but for web-applications only certain attributes make sense.
     * @return void
     */
    function putAuthAttributes()
    {
        $this->putAttribute(RADIUS_ACCT_SESSION_ID, $this->session_id);
        $this->putAttribute(RADIUS_ACCT_STATUS_TYPE, $this->status_type);
        if (isset($this->session_time) && $this->status_type == RADIUS_STOP) {
            $this->putAttribute(RADIUS_ACCT_SESSION_TIME, $this->session_time);
        }
        if (isset($this->authentic)) {
            $this->putAttribute(RADIUS_ACCT_AUTHENTIC, $this->authentic);
        }

    }

}

/**
 * class Auth_RADIUS_Acct_Start
 *
 * Class for RADIUS accounting. Its usualy used, after the user has logged in.
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_Acct_Start extends Auth_RADIUS_Acct
{
   /**
     * Defines the type of the accounting request.
     * It is set to RADIUS_START by default in this class.
     * @var  integer
     */
    var $status_type = RADIUS_START;
}

/**
 * class Auth_RADIUS_Acct_Start
 *
 * Class for RADIUS accounting. Its usualy used, after the user has logged out.
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_Acct_Stop extends Auth_RADIUS_Acct
{
   /**
     * Defines the type of the accounting request.
     * It is set to RADIUS_STOP by default in this class.
     * @var  integer
     */
    var $status_type = RADIUS_STOP;
}

if (!defined('RADIUS_UPDATE'))
    define('RADIUS_UPDATE', 3);

/**
 * class Auth_RADIUS_Acct_Update
 *
 * Class for interim RADIUS accounting updates.
 *
 * @package Auth_RADIUS
 */
class Auth_RADIUS_Acct_Update extends Auth_RADIUS_Acct
{
   /**
     * Defines the type of the accounting request.
     * It is set to RADIUS_UPDATE by default in this class.
     * @var  integer
     */
    var $status_type = RADIUS_UPDATE;
}

?>