package.xml100644 1751 0 16537 10577333114 6361 radius pecl.php.net Radius client library This package is based on the libradius of FreeBSD, with some modifications and extensions. This PECL provides full support for RADIUS authentication (RFC 2865) and RADIUS accounting (RFC 2866), works on Unix and on Windows. Its an easy way to authenticate your users against the user-database of your OS (for example against Windows Active-Directory via IAS). Michael Bretterklieber mbretter mbretter@php.net yes 2007-03-18 1.2.5 1.2.5 stable stable BSD - amd64 arch fixes 4.0.0 1.4.0b1 radius 1.2.5 1.2.5 stable stable 2007-03-18 BSD - Release 1.2.5 - amd64 arch fixes 1.2.4 1.2.4 stable stable 2003-11-17 BSD - Release 1.2.4 - Forgot including updated radius_init_const.h 1.2.3 1.2.3 stable stable 2003-11-04 BSD - Release 1.2.3 - Fixed a typo in radius_init_const.h wich caused RADIUS_ACCT_STATUS_TYPE to be undefined. - Re-added Makefile.in 1.2.2 1.2.2 stable stable 2003-07-17 BSD - Release 1.2.2 - Changed role for example-files to doc - Removed deprecated files - Added IPv6 related attributes defined in RFC3162 1.2.1 1.2.1 stable stable 2003-05-02 BSD - Release 1.2.1 - Change License to BSD - BugFix: The MS-CHAPv2 Authenticator-Challenge has 16 Bytes and not 8 Bytes - BugFix: build under Solaris - Generate better challenges - Many source-code-style fixes - Removed unneeded sources - Some cleanup's 1.2 1.2 stable stable 2003-01-11 BSD - Release 1.2 - BugFix: a to short challenge was generated sometimes (MS-CHAPv1, MS-CHAPv2) - New functions: radius_demangle: demangles radius passwords and mppe MS-CHAPv1 Keys radius_demangle_mppe_key: demangles mppe send- and recvkey (MS-CHAPv2) - Provide examples for radius-accounting - Replaced mcrypt-functions with own des-ecb-encryption function - Some minor changes in radius-auth.php - Added php-script for testing MS-CHAP functions 1.1 1.1 stable stable 2002-12-22 BSD - Release 1.1 - Fixed source code style - added examples directory - added examples for MS-CHAPv1 and MS-CHAPv2 1.0 1.0 stable stable 2002-12-17 BSD - Release 1.0 0.9 0.9 beta beta 2002-12-11 BSD - Well tested under Linux, FreeBSD and Windows radius-1.2.5/examples/des.php100644 1751 0 27370 10577333114 11273 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: mschap.php,v 1.5 2003/01/26 20:31:11 mbretter Exp $ */ include_once 'des.php'; function NtPasswordHash($plain) { return mhash (MHASH_MD4, str2unicode($plain)); } function str2unicode($str) { for ($i=0;$i radius-1.2.5/examples/mschaptest.php100644 1751 0 6235 10577333114 12650 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: mschaptest.php,v 1.2 2003/01/26 20:31:11 mbretter Exp $ */ include_once('mschap.php'); echo "MS-CHAPv1 TEST\n"; $pass = 'MyPw'; $challenge = pack('H*', '102DB5DF085D3041'); printf ("Test Challenge: %s\n", bin2hex($challenge)); $unipw = str2unicode($pass); printf ("Unicode PW: %s\nexpected : 4d00790050007700\n", bin2hex($unipw)); $nthash = NtPasswordHash($pass); printf ("NT HASH : %s\nexpected : fc156af7edcd6c0edde3337d427f4eac\n", bin2hex($nthash)); $challresp = ChallengeResponse($challenge, $nthash); printf ("ChallResp : %s\nexpected : 4e9d3c8f9cfd385d5bf4d3246791956ca4c351ab409a3d61\n", bin2hex($challresp)); echo "\n"; echo "MS-CHAPv2 TEST\n"; $user = 'User'; $pass = 'clientPass'; printf ("Username : %s\nexpected : 55736572\n", bin2hex($user)); $challenge = pack('H*', 'd02e4386bce91226'); printf ("Challenge : %s\n", bin2hex($challenge)); $authchallenge = pack('H*', '5b5d7c7d7b3f2f3e3c2c602132262628'); printf ("Auth Challenge: %s\n", bin2hex($authchallenge)); $peerChallenge = pack('H*', '21402324255E262A28295F2B3A337C7E'); printf ("Peer Challenge: %s\n", bin2hex($peerChallenge)); $nthash = NtPasswordHash($pass); printf ("NT HASH : %s\nexpected : 44ebba8d5312b8d611474411f56989ae\n", bin2hex($nthash)); $nthashhash = NtPasswordHashHash($nthash); printf ("NT HASH-HASH : %s\nexpected : 41c00c584bd2d91c4017a2a12fa59f3f\n", bin2hex($nthashhash)); $resp = GenerateNtResponse($authchallenge, $peerChallenge, $user, $pass); printf ("ChallResp : %s\nexpected : 82309ecd8d708b5ea08faa3981cd83544233114a3d85d6df\n", bin2hex($resp)); echo "\n"; ?> radius-1.2.5/examples/radius-acct.php100644 1751 0 11437 10577333114 12714 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: radius-acct.php,v 1.3 2007/03/18 21:17:02 mbretter Exp $ */ if(!extension_loaded('radius')) { if (preg_match('/windows/i', getenv('OS'))) { dl('php_radius.dll'); } else { dl('radius.so'); } } $username = 'sepp'; $radserver = 'localhost'; $radport = 1813; $starttime = time(); $sharedsecret = 'testing123'; if (!isset($REMOTE_ADDR)) $REMOTE_ADDR = '127.0.0.1'; $res = radius_acct_open(); echo "$res
\n"; //if (!radius_config($res, '/etc/radius.conf')) { /*if (!radius_config($res, 'D:/php-devel/pear/PECL/radius/radius.conf')) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; }*/ if (!radius_add_server($res, $radserver, $radport, $sharedsecret, 3, 3)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_create_request($res, RADIUS_ACCOUNTING_REQUEST)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_string($res, RADIUS_NAS_IDENTIFIER, isset($HTTP_HOST) ? $HTTP_HOST : 'localhost')) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_string($res, RADIUS_CALLING_STATION_ID, isset($REMOTE_HOST) ? $REMOTE_HOST : '127.0.0.1') == -1) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_string($res, RADIUS_USER_NAME, $username)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_addr($res, RADIUS_FRAMED_IP_ADDRESS, $REMOTE_ADDR)) { echo 'RadiusError1:' . radius_strerror($res). "\n
"; exit; } // RADIUS_START => start accounting // RADIUS_STOP => stop accounting if (!radius_put_int($res, RADIUS_ACCT_STATUS_TYPE, RADIUS_START)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } /* Generate a session ID */ $sessionid = sprintf("%s:%d-%s", $REMOTE_ADDR, getmypid(), get_current_user()); if (!radius_put_string($res, RADIUS_ACCT_SESSION_ID, $sessionid)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } // RADIUS_AUTH_RADIUS => authenticated via Radius // RADIUS_AUTH_LOCAL => authenicated local // RADIUS_AUTH_REMOTE => authenticated remote if (!radius_put_int($res, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } sleep(3); // if RADIUS_ACCT_STATUS_TYPE == RADIUS_STOP if (!radius_put_int($res, RADIUS_ACCT_TERMINATE_CAUSE, RADIUS_TERM_USER_REQUEST)) { echo 'RadiusError2:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_int($res, RADIUS_ACCT_SESSION_TIME, time() - $starttime)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } // endif $req = radius_send_request($res); if (!$req) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } switch($req) { case RADIUS_ACCOUNTING_RESPONSE: echo "Radius Accounting response
\n"; break; default: echo "Unexpected return value:$req\n
"; } radius_close($res); ?> radius-1.2.5/examples/radius-auth.php100644 1751 0 30407 10577333114 12741 All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: radius-auth.php,v 1.3 2007/03/18 21:17:02 mbretter Exp $ */ if(!extension_loaded('radius')) { if (preg_match('/windows/i', getenv('OS'))) { dl('php_radius.dll'); } else { dl('radius.so'); } } $module = 'radius'; $functions = get_extension_funcs($module); echo "Functions available in the test extension:
\n"; foreach($functions as $func) echo $func . "
\n"; $username = 'sepp'; $password = 'sepp'; $radserver = 'localhost'; $radport = 1812; $sharedsecret = 'testing123'; $auth_type = 'pap'; //$auth_type = 'chap'; //$auth_type = 'mschapv1'; //$auth_type = 'mschapv2'; $res = radius_auth_open(); echo "$res
\n"; //if (!radius_config($res, '/etc/radius.conf')) { /*if (!radius_config($res, 'D:/php-devel/pear/PECL/radius/radius.conf')) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; }*/ if (!radius_add_server($res, $radserver, $radport, $sharedsecret, 3, 3)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_add_server($res, $radserver, $radport, 'testing123', 3, 3)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_create_request($res, RADIUS_ACCESS_REQUEST)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_string($res, RADIUS_NAS_IDENTIFIER, isset($HTTP_HOST) ? $HTTP_HOST : 'localhost')) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_string($res, RADIUS_CALLING_STATION_ID, isset($REMOTE_HOST) ? $REMOTE_HOST : '127.0.0.1') == -1) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_string($res, RADIUS_USER_NAME, $username)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if ($auth_type == 'chap') { echo "CHAP
\n"; /* generate Challenge */ mt_srand(time()); $chall = mt_rand(); // FYI: CHAP = md5(ident + plaintextpass + challenge) $chapval = pack('H*', md5(pack('Ca*',1 , $password . $chall))); // $chapval = md5(pack('Ca*',1 , $password . $chall)); // Radius wants the CHAP Ident in the first byte of the CHAP-Password $pass = pack('C', 1) . $chapval; if (!radius_put_attr($res, RADIUS_CHAP_PASSWORD, $pass)) { echo 'RadiusError: RADIUS_CHAP_PASSWORD:' . radius_strerror($res). "
\n"; exit; } if (!radius_put_attr($res, RADIUS_CHAP_CHALLENGE, $chall)) { echo 'RadiusError: RADIUS_CHAP_CHALLENGE:' . radius_strerror($res). "
\n"; exit; } } else if ($auth_type == 'mschapv1') { echo "MS-CHAPv1
\n"; include_once('mschap.php'); $challenge = GenerateChallenge(); printf ("Challenge:%s\n", bin2hex($challenge)); if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $challenge)) { echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP_CHALLENGE:' . radius_strerror($res). "
\n"; exit; } $ntresp = ChallengeResponse($challenge, NtPasswordHash($password)); $lmresp = str_repeat ("\0", 24); printf ("NT Response:%s\n", bin2hex($ntresp)); // Response: chapid, flags (1 = use NT Response), LM Response, NT Response $resp = pack('CCa48',1 , 1, $lmresp . $ntresp); printf ("Response:%d %s\n", strlen($resp), bin2hex($resp)); if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_RESPONSE, $resp)) { echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP_RESPONSE:' . radius_strerror($res). "
\n"; exit; } } else if ($auth_type == 'mschapv2') { echo "MS-CHAPv2
\n"; include_once('mschap.php'); $authChallenge = GenerateChallenge(16); printf ("Auth Challenge:%s\n", bin2hex($authChallenge)); if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP_CHALLENGE, $authChallenge)) { echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP_CHALLENGE:' . radius_strerror($res). "
\n"; exit; } // we have no client, therefore we generate the Peer-Challenge $peerChallenge = GeneratePeerChallenge(); printf ("Peer Challenge:%s\n", bin2hex($peerChallenge)); $ntresp = GenerateNTResponse($authChallenge, $peerChallenge, $username, $password); $reserved = str_repeat ("\0", 8); printf ("NT Response:%s\n", bin2hex($ntresp)); // Response: chapid, flags (1 = use NT Response), Peer challenge, reserved, Response $resp = pack('CCa16a8a24',1 , 1, $peerChallenge, $reserved, $ntresp); printf ("Response:%d %s\n", strlen($resp), bin2hex($resp)); if (!radius_put_vendor_attr($res, RADIUS_VENDOR_MICROSOFT, RADIUS_MICROSOFT_MS_CHAP2_RESPONSE, $resp)) { echo 'RadiusError: RADIUS_MICROSOFT_MS_CHAP2_RESPONSE:' . radius_strerror($res). "
\n"; exit; } } else { echo "PAP
\n"; if (!radius_put_string($res, RADIUS_USER_PASSWORD, "sepp")) { echo 'RadiusError:' . radius_strerror($res). "
\n"; exit; } } if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } $req = radius_send_request($res); if (!$req) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } switch($req) { case RADIUS_ACCESS_ACCEPT: echo "Radius Request accepted
\n"; break; case RADIUS_ACCESS_REJECT: echo "Radius Request rejected
\n"; break; default: echo "Unexpected return value:$req\n
"; } while ($resa = radius_get_attr($res)) { if (!is_array($resa)) { printf ("Error getting attribute: %s\n", radius_strerror($res)); exit; } $attr = $resa['attr']; $data = $resa['data']; //printf("Got Attr:%d %d Bytes %s\n", $attr, strlen($data), bin2hex($data)); switch ($attr) { case RADIUS_FRAMED_IP_ADDRESS: $ip = radius_cvt_addr($data); echo "IP: $ip
\n"; break; case RADIUS_FRAMED_IP_NETMASK: $mask = radius_cvt_addr($data); echo "MASK: $mask
\n"; break; case RADIUS_FRAMED_MTU: $mtu = radius_cvt_int($data); echo "MTU: $mtu
\n"; break; case RADIUS_FRAMED_COMPRESSION: $comp = radius_cvt_int($data); echo "Compression: $comp
\n"; break; case RADIUS_SESSION_TIMEOUT: $time = radius_cvt_int($data); echo "Session timeout: $time
\n"; ini_set('max_execution_time', $time); break; case RADIUS_IDLE_TIMEOUT: $idletime = radius_cvt_int($data); echo "Idle timeout: $idletime
\n"; break; case RADIUS_SERVICE_TYPE: $type = radius_cvt_int($data); echo "Service Type: $type
\n"; break; case RADIUS_CLASS: $class = radius_cvt_int($data); echo "Class: $class
\n"; break; case RADIUS_FRAMED_PROTOCOL: $proto = radius_cvt_int($data); echo "Protocol: $proto
\n"; break; case RADIUS_FRAMED_ROUTING: $rout = radius_cvt_int($data); echo "Routing: $rout
\n"; break; case RADIUS_FILTER_ID: $id = radius_cvt_string($data); echo "Filter ID: $id
\n"; break; case RADIUS_VENDOR_SPECIFIC: //printf ("Vendor specific (%d)
\n", $attr); $resv = radius_get_vendor_attr($data); if (is_array($resv)) { $vendor = $resv['vendor']; $attrv = $resv['attr']; $datav = $resv['data']; if ($vendor == RADIUS_VENDOR_MICROSOFT) { switch ($attrv) { case RADIUS_MICROSOFT_MS_CHAP2_SUCCESS: $mschap2resp = radius_cvt_string($datav); printf ("MS CHAPv2 success: %s
\n", $mschap2resp); break; case RADIUS_MICROSOFT_MS_CHAP_ERROR: $errormsg = radius_cvt_string(substr($datav,1)); echo "MS CHAP Error: $errormsg
\n"; break; case RADIUS_MICROSOFT_MS_CHAP_DOMAIN: $domain = radius_cvt_string($datav); echo "MS CHAP Domain: $domain
\n"; break; case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: $policy = radius_cvt_int($datav); echo "MS MPPE Policy: $policy
\n"; break; case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: $type = radius_cvt_int($datav); echo "MS MPPE Type: $type
\n"; break; case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS: $demangled = radius_demangle($res, $datav); $lmkey = substr($demangled, 0, 8); $ntkey = substr($demangled, 8, RADIUS_MPPE_KEY_LEN); printf ("MS MPPE Keys: LM-Key: %s NT-Key: %s
\n", bin2hex($lmkey), bin2hex($ntkey)); break; case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY: $demangled = radius_demangle_mppe_key($res, $datav); printf ("MS MPPE Send Key: %s
\n", bin2hex($demangled)); break; case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY: $demangled = radius_demangle_mppe_key($res, $datav); printf ("MS MPPE Send Key: %s
\n", bin2hex($demangled)); break; case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER: $server = radius_cvt_string($datav); printf ("MS Primary DNS Server: %s
\n", $server); break; default: printf("Unexpected Microsoft attribute: %d
\n", $attrv); } } } else { printf ("Error getting Vendor attribute %s
\n", radius_strerror($res)); } break; default: printf("Unexpected attribute: %d
\n", $attr); } } $secret = radius_server_secret($res); if (!$secret) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } else { echo "Shared Secret:$secret
\n"; } $authent = radius_request_authenticator($res); if (!$authent) { echo 'RadiusError:' . radius_strerror($res). "\n
"; exit; } else { printf ("Request Authenticator:%s Len:%d
\n", bin2hex($authent), strlen($authent)); } radius_close($res); ?> radius-1.2.5/config.m4100644 1751 0 743 10577333114 7633 dnl $Id: config.m4,v 1.4 2003/07/17 13:54:39 mbretter Exp $ dnl config.m4 for extension radius PHP_ARG_ENABLE(radius, whether to enable radius support, dnl Make sure that the comment is aligned: [ --enable-radius Enable radius support]) if test "$PHP_RADIUS" != "no"; then AC_TRY_COMPILE([ #include ], [ u_int32_t ulongint; ulongint = 1; ], [ AC_DEFINE(HAVE_U_INT32_T, 1, [ ]) ]) PHP_NEW_EXTENSION(radius, radius.c radlib.c, $ext_shared) fi radius-1.2.5/CREDITS100644 1751 0 111 10577333114 7131 RADIUS Michael Bretterklieber, The FreeBSD Project http://www.freebsd.orgradius-1.2.5/Makefile.in100644 1751 0 464 10577333114 10171 # $Id: Makefile.in,v 1.3 2003/11/04 19:14:39 mbretter Exp $ LTLIBRARY_NAME = libradius.la LTLIBRARY_SOURCES = radius.c radlib.c LTLIBRARY_SHARED_NAME = radius.la LTLIBRARY_LIBADD = $(RADIUS_LIBADD) LTLIBRARY_SHARED_LIBADD = $(RADIUS_SHARED_LIBADD) include $(top_srcdir)/build/dynlib.mkradius-1.2.5/php_radius.h100644 1751 0 6322 10577333114 10452 /* Copyright (c) 2003, Michael Bretterklieber All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: php_radius.h,v 1.7 2003/05/17 19:22:32 mbretter Exp $ */ #include "radlib.h" #include "radlib_private.h" #ifndef PHP_RADIUS_H #define PHP_RADIUS_H #define phpext_radius_ptr &radius_module_entry #ifdef PHP_WIN32 #define PHP_RADIUS_API __declspec(dllexport) #else #define PHP_RADIUS_API #endif #ifdef ZTS #include "TSRM.h" #endif extern zend_module_entry radius_module_entry; typedef struct { int id; struct rad_handle *radh; } radius_descriptor; PHP_MINIT_FUNCTION(radius); PHP_MSHUTDOWN_FUNCTION(radius); PHP_MINFO_FUNCTION(radius); PHP_FUNCTION(radius_auth_open); PHP_FUNCTION(radius_acct_open); PHP_FUNCTION(radius_close); PHP_FUNCTION(radius_strerror); PHP_FUNCTION(radius_config); PHP_FUNCTION(radius_add_server); PHP_FUNCTION(radius_create_request); PHP_FUNCTION(radius_put_string); PHP_FUNCTION(radius_put_int); PHP_FUNCTION(radius_put_attr); PHP_FUNCTION(radius_put_addr); PHP_FUNCTION(radius_put_vendor_string); PHP_FUNCTION(radius_put_vendor_int); PHP_FUNCTION(radius_put_vendor_attr); PHP_FUNCTION(radius_put_vendor_addr); PHP_FUNCTION(radius_send_request); PHP_FUNCTION(radius_get_attr); PHP_FUNCTION(radius_get_vendor_attr); PHP_FUNCTION(radius_cvt_addr); PHP_FUNCTION(radius_cvt_int); PHP_FUNCTION(radius_cvt_string); PHP_FUNCTION(radius_request_authenticator); PHP_FUNCTION(radius_server_secret); PHP_FUNCTION(radius_demangle); PHP_FUNCTION(radius_demangle_mppe_key); #ifdef ZTS #define RADIUS_G(v) TSRMG(radius_globals_id, zend_radius_globals *, v) #else #define RADIUS_G(v) (radius_globals.v) #endif #endif /* PHP_RADIUS_H */ /* * Local variables: * tab-width: 4 * c-basic-offset: 4 * indent-tabs-mode: t * End: */ radius-1.2.5/radius.c100644 1751 0 41506 10577333114 7621 /* Copyright (c) 2003, Michael Bretterklieber All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: radius.c,v 1.13 2007/03/18 21:17:02 mbretter Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include "php.h" #include "php_ini.h" #include "php_network.h" #include "ext/standard/info.h" #include "php_radius.h" #include "radlib.h" #include "radlib_private.h" #ifndef PHP_WIN32 #include #include #include #endif void _radius_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); /* If you declare any globals in php_radius.h uncomment this: ZEND_DECLARE_MODULE_GLOBALS(radius) */ /* True global resources - no need for thread safety here */ static int le_radius; /* {{{ radius_functions[] * * Every user visible function must have an entry in radius_functions[]. */ function_entry radius_functions[] = { PHP_FE(radius_auth_open, NULL) PHP_FE(radius_acct_open, NULL) PHP_FE(radius_close, NULL) PHP_FE(radius_strerror, NULL) PHP_FE(radius_config, NULL) PHP_FE(radius_add_server, NULL) PHP_FE(radius_create_request, NULL) PHP_FE(radius_put_string, NULL) PHP_FE(radius_put_int, NULL) PHP_FE(radius_put_attr, NULL) PHP_FE(radius_put_addr, NULL) PHP_FE(radius_put_vendor_string, NULL) PHP_FE(radius_put_vendor_int, NULL) PHP_FE(radius_put_vendor_attr, NULL) PHP_FE(radius_put_vendor_addr, NULL) PHP_FE(radius_send_request, NULL) PHP_FE(radius_get_attr, NULL) PHP_FE(radius_get_vendor_attr, NULL) PHP_FE(radius_cvt_addr, NULL) PHP_FE(radius_cvt_int, NULL) PHP_FE(radius_cvt_string, NULL) PHP_FE(radius_request_authenticator, NULL) PHP_FE(radius_server_secret, NULL) PHP_FE(radius_demangle, NULL) PHP_FE(radius_demangle_mppe_key, NULL) {NULL, NULL, NULL} /* Must be the last line in radius_functions[] */ }; /* }}} */ /* {{{ radius_module_entry */ zend_module_entry radius_module_entry = { #if ZEND_MODULE_API_NO >= 20010901 STANDARD_MODULE_HEADER, #endif "radius", radius_functions, PHP_MINIT(radius), PHP_MSHUTDOWN(radius), NULL, NULL, PHP_MINFO(radius), #if ZEND_MODULE_API_NO >= 20010901 "1.2.4", /* Replace with version number for your extension */ #endif STANDARD_MODULE_PROPERTIES }; /* }}} */ #ifdef COMPILE_DL_RADIUS ZEND_GET_MODULE(radius) #endif /* {{{ PHP_MINIT_FUNCTION */ PHP_MINIT_FUNCTION(radius) { le_radius = zend_register_list_destructors_ex(_radius_close, NULL, "rad_handle", module_number); #include "radius_init_const.h" REGISTER_LONG_CONSTANT("RADIUS_MPPE_KEY_LEN", MPPE_KEY_LEN, CONST_PERSISTENT); return SUCCESS; } /* }}} */ /* {{{ PHP_MSHUTDOWN_FUNCTION */ PHP_MSHUTDOWN_FUNCTION(radius) { return SUCCESS; } /* }}} */ /* {{{ PHP_MINFO_FUNCTION */ PHP_MINFO_FUNCTION(radius) { php_info_print_table_start(); php_info_print_table_row(2, "radius support", "enabled"); php_info_print_table_row(2, "Revision", "$Revision: 1.13 $"); php_info_print_table_end(); } /* }}} */ /* {{{ proto ressource radius_auth_open(string arg) */ PHP_FUNCTION(radius_auth_open) { radius_descriptor *raddesc; raddesc = emalloc(sizeof(radius_descriptor)); raddesc->radh = rad_auth_open(); if (raddesc->radh != NULL) { ZEND_REGISTER_RESOURCE(return_value, raddesc, le_radius); raddesc->id = Z_LVAL_P(return_value); } else { RETURN_FALSE; } } /* }}} */ /* {{{ proto ressource radius_acct_open(string arg) */ PHP_FUNCTION(radius_acct_open) { radius_descriptor *raddesc; raddesc = emalloc(sizeof(radius_descriptor)); raddesc->radh = rad_acct_open(); if (raddesc->radh != NULL) { ZEND_REGISTER_RESOURCE(return_value, raddesc, le_radius); raddesc->id = Z_LVAL_P(return_value); } else { RETURN_FALSE; } } /* }}} */ /* {{{ proto bool radius_close(radh) */ PHP_FUNCTION(radius_close) { radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &z_radh) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); zend_list_delete(raddesc->id); RETURN_TRUE; } /* }}} */ /* {{{ proto string radius_strerror(radh) */ PHP_FUNCTION(radius_strerror) { char *msg; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &z_radh) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); msg = (char *)rad_strerror(raddesc->radh); RETURN_STRINGL(msg, strlen(msg), 1); } /* }}} */ /* {{{ proto bool radius_config(desc, configfile) */ PHP_FUNCTION(radius_config) { char *filename; int filename_len; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &z_radh, &filename, &filename_len) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_config(raddesc->radh, filename) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_add_server(desc, hostname, port, secret, timeout, maxtries) */ PHP_FUNCTION(radius_add_server) { char *hostname, *secret; int hostname_len, secret_len; long port, timeout, maxtries; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rslsll", &z_radh, &hostname, &hostname_len, &port, &secret, &secret_len, &timeout, &maxtries) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_add_server(raddesc->radh, hostname, port, secret, timeout, maxtries) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_create_request(desc, code) */ PHP_FUNCTION(radius_create_request) { int code; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl", &z_radh, &code) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_create_request(raddesc->radh, code) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_string(desc, type, str) */ PHP_FUNCTION(radius_put_string) { char *str; int str_len; long type; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rls", &z_radh, &type, &str, &str_len) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_put_string(raddesc->radh, type, str) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_int(desc, type, int) */ PHP_FUNCTION(radius_put_int) { long type, val; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rll", &z_radh, &type, &val) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_put_int(raddesc->radh, type, val) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_attr(desc, type, data) */ PHP_FUNCTION(radius_put_attr) { long type; int len; char *data; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rls", &z_radh, &type, &data, &len) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_put_attr(raddesc->radh, type, data, len) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_addr(desc, type, addr) */ PHP_FUNCTION(radius_put_addr) { int addrlen; long type; char *addr; radius_descriptor *raddesc; zval *z_radh; struct in_addr intern_addr; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rls", &z_radh, &type, &addr, &addrlen) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (inet_aton(addr, &intern_addr) == 0) { zend_error(E_ERROR, "Error converting Address"); RETURN_FALSE; } if (rad_put_addr(raddesc->radh, type, intern_addr) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_vendor_string(desc, vendor, type, str) */ PHP_FUNCTION(radius_put_vendor_string) { char *str; int str_len; long type, vendor; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlls", &z_radh, &vendor, &type, &str, &str_len) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_put_vendor_string(raddesc->radh, vendor, type, str) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_vendor_int(desc, vendor, type, int) */ PHP_FUNCTION(radius_put_vendor_int) { long type, vendor, val; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlll", &z_radh, &vendor, &type, &val) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_put_vendor_int(raddesc->radh, vendor, type, val) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_vendor_attr(desc, vendor, type, data) */ PHP_FUNCTION(radius_put_vendor_attr) { long type, vendor; int len; char *data; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlls", &z_radh, &vendor, &type, &data, &len) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (rad_put_vendor_attr(raddesc->radh, vendor, type, data, len) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_put_vendor_addr(desc, vendor, type, addr) */ PHP_FUNCTION(radius_put_vendor_addr) { long type, vendor; int addrlen; char *addr; radius_descriptor *raddesc; zval *z_radh; struct in_addr intern_addr; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlls", &z_radh, &vendor, &type, &addr, &addrlen) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); if (inet_aton(addr, &intern_addr) == 0) { zend_error(E_ERROR, "Error converting Address"); RETURN_FALSE; } if (rad_put_vendor_addr(raddesc->radh, vendor, type, intern_addr) == -1) { RETURN_FALSE; } else { RETURN_TRUE; } } /* }}} */ /* {{{ proto bool radius_send_request(desc) */ PHP_FUNCTION(radius_send_request) { radius_descriptor *raddesc; zval *z_radh; int res; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &z_radh) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); res = rad_send_request(raddesc->radh); if (res == -1) { RETURN_FALSE; } else { RETURN_LONG(res); } } /* }}} */ /* {{{ proto string radius_get_attr(desc) */ PHP_FUNCTION(radius_get_attr) { radius_descriptor *raddesc; int res; const void *data; size_t len; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &z_radh) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); res = rad_get_attr(raddesc->radh, &data, &len); if (res == -1) { RETURN_FALSE; } else { if (res > 0) { array_init(return_value); add_assoc_long(return_value, "attr", res); add_assoc_stringl(return_value, "data", (char *) data, len, 1); return; } RETURN_LONG(res); } } /* }}} */ /* {{{ proto string radius_get_vendor_attr(data) */ PHP_FUNCTION(radius_get_vendor_attr) { int res, vendor; const void *data; size_t len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &data, &len) == FAILURE) { return; } res = rad_get_vendor_attr(&vendor, &data, &len); if (res == -1) { RETURN_FALSE; } else { array_init(return_value); add_assoc_long(return_value, "attr", res); add_assoc_long(return_value, "vendor", vendor); add_assoc_stringl(return_value, "data", (char *) data, len, 1); return; } } /* }}} */ /* {{{ proto string radius_cvt_addr(data) */ PHP_FUNCTION(radius_cvt_addr) { const void *data; char *addr_dot; int len; struct in_addr addr; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &data, &len) == FAILURE) { return; } addr = rad_cvt_addr(data); addr_dot = inet_ntoa(addr); RETURN_STRINGL(addr_dot, strlen(addr_dot), 1); } /* }}} */ /* {{{ proto int radius_cvt_int(data) */ PHP_FUNCTION(radius_cvt_int) { const void *data; int len, val; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &data, &len) == FAILURE) { return; } val = rad_cvt_int(data); RETURN_LONG(val); } /* }}} */ /* {{{ proto string radius_cvt_string(data) */ PHP_FUNCTION(radius_cvt_string) { const void *data; char *val; int len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &data, &len) == FAILURE) { return; } val = rad_cvt_string(data, len); if (val == NULL) RETURN_FALSE; RETVAL_STRINGL(val, strlen(val), 1); free(val); return; } /* }}} */ /* {{{ proto string radius_request_authenticator(radh) */ PHP_FUNCTION(radius_request_authenticator) { radius_descriptor *raddesc; ssize_t res; char buf[LEN_AUTH]; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &z_radh) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); res = rad_request_authenticator(raddesc->radh, buf, sizeof buf); if (res == -1) { RETURN_FALSE; } else { RETURN_STRINGL(buf, res, 1); } } /* }}} */ /* {{{ proto string radius_server_secret(radh) */ PHP_FUNCTION(radius_server_secret) { char *secret; radius_descriptor *raddesc; zval *z_radh; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &z_radh) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); secret = (char *)rad_server_secret(raddesc->radh); RETURN_STRINGL(secret, strlen(secret), 1); } /* }}} */ /* {{{ proto string radius_demangle(radh, mangled) */ PHP_FUNCTION(radius_demangle) { radius_descriptor *raddesc; zval *z_radh; const void *mangled; unsigned char *buf; size_t len; int res; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &z_radh, &mangled, &len) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); buf = emalloc(len); res = rad_demangle(raddesc->radh, mangled, len, buf); if (res == -1) { efree(buf); RETURN_FALSE; } else { RETVAL_STRINGL(buf, len, 1); efree(buf); return; } } /* }}} */ /* {{{ proto string radius_demangle_mppe_key(radh, mangled) */ PHP_FUNCTION(radius_demangle_mppe_key) { radius_descriptor *raddesc; zval *z_radh; const void *mangled; unsigned char *buf; size_t len, dlen; int res; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &z_radh, &mangled, &len) == FAILURE) { return; } ZEND_FETCH_RESOURCE(raddesc, radius_descriptor *, &z_radh, -1, "rad_handle", le_radius); buf = emalloc(len); res = rad_demangle_mppe_key(raddesc->radh, mangled, len, buf, &dlen); if (res == -1) { efree(buf); RETURN_FALSE; } else { RETVAL_STRINGL(buf, dlen, 1); efree(buf); return; } } /* }}} */ /* {{{ _radius_close() */ void _radius_close(zend_rsrc_list_entry *rsrc TSRMLS_DC) { radius_descriptor *raddesc = (radius_descriptor *)rsrc->ptr; rad_close(raddesc->radh); efree(raddesc); } /* }}} */ /* * Local variables: * tab-width: 4 * c-basic-offset: 4 * End: * vim600: noet sw=4 ts=4 fdm=marker * vim<600: noet sw=4 ts=4 */ radius-1.2.5/radius.conf100644 1751 0 614 10577333114 10257 # Service-type Server Shared-secret Timeout Retries #auth|acct host[:port] secret 3 3 # A simple entry using all the defaults: #acct radius1.domain.com OurLittleSecret # A server still using the obsolete RADIUS port, with increased # timeout and maximum tries: #auth auth.domain.com:1645 "I can't see you" 5 4 # A server specified by its IP address: #auth 192.168.27.81 $X*#..38947ax-+=radius-1.2.5/radius.dsp100644 1751 0 12742 10577333114 10165 # Microsoft Developer Studio Project File - Name="radius" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 CFG=radius - Win32 Debug_TS !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE !MESSAGE NMAKE /f "radius.mak". !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE !MESSAGE NMAKE /f "radius.mak" CFG="radius - Win32 Debug_TS" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE !MESSAGE "radius - Win32 Debug_TS" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE "radius - Win32 Release_TS" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE # Begin Project # PROP AllowPerConfigDependencies 0 # PROP Scc_ProjName "" # PROP Scc_LocalPath "" CPP=cl.exe MTL=midl.exe RSC=rc.exe !IF "$(CFG)" == "radius - Win32 Debug_TS" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 # PROP BASE Output_Dir "radius___Win32_Debug_TS" # PROP BASE Intermediate_Dir "radius___Win32_Debug_TS" # PROP BASE Ignore_Export_Lib 0 # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 1 # PROP Output_Dir "Debug_TS" # PROP Intermediate_Dir "Debug_TS" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "ZEND_WIN32" /D "_MBCS" /D "_USRDLL" /D "RADIUS_EXPORTS" /D HAVE_SOCKETS=1 /D ZEND_DEBUG=0 /D "PHP_EXPORTS" /YX /FD /GZ /c # ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "..\..\..\php4" /I "..\..\..\php4\main" /I "..\..\..\php4\Zend" /I "..\..\..\php4\TSRM" /I "..\..\..\php4\win32" /I "..\..\..\\bindlib_w32" /D ZEND_DEBUG=1 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "PHP_EXPORTS" /D "COMPILE_DL_SOCKETS" /D ZTS=1 /D "ZEND_WIN32" /D "PHP_WIN32" /D HAVE_RADIUS=1 /YX /FD /GZ /c # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0xc07 /d "_DEBUG" # ADD RSC /l 0xc07 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept # ADD LINK32 php4ts_debug.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /out:"..\..\Debug_TS\php_radius.dll" /pdbtype:sept /libpath:"..\..\..\php4\Debug_TS" !ELSEIF "$(CFG)" == "radius - Win32 Release_TS" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 # PROP BASE Output_Dir "radius___Win32_Release_TS" # PROP BASE Intermediate_Dir "radius___Win32_Release_TS" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 0 # PROP Output_Dir "Release_TS" # PROP Intermediate_Dir "Release_TS" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "RADIUS_EXPORTS" /YX /FD /c # ADD CPP /nologo /MD /W3 /GX /O2 /I "..\..\..\php4" /I "..\..\..\php4\main" /I "..\..\..\php4\Zend" /I "..\..\..\php4\TSRM" /I "..\..\..\php4\win32" /I "..\..\..\\bindlib_w32" /D ZEND_DEBUG=0 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "PHP_EXPORTS" /D "COMPILE_DL_RADIUS" /D ZTS=1 /D "ZEND_WIN32" /D "PHP_WIN32" /D "HAVE_RADIUS" /FR /YX /FD /c # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0xc07 /d "NDEBUG" # ADD RSC /l 0xc07 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 # ADD LINK32 php4ts.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 /out:"..\..\Release_TS\php_radius.dll" /libpath:"..\..\..\php4\Release_TS" /libpath:"..\..\..\php4\Release_TS_Inline" # SUBTRACT LINK32 /pdb:none !ENDIF # Begin Target # Name "radius - Win32 Debug_TS" # Name "radius - Win32 Release_TS" # Begin Group "Quellcodedateien" # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" # Begin Source File SOURCE=.\radius.c # End Source File # Begin Source File SOURCE=.\radlib.c # End Source File # Begin Source File SOURCE=.\radlib_compat.c # End Source File # End Group # Begin Group "Header-Dateien" # PROP Default_Filter "h;hpp;hxx;hm;inl" # Begin Source File SOURCE=.\php_radius.h # End Source File # Begin Source File SOURCE=.\radius_init_const.h # End Source File # Begin Source File SOURCE=.\radlib.h # End Source File # Begin Source File SOURCE=.\radlib_compat.h # End Source File # Begin Source File SOURCE=.\radlib_md5.h # End Source File # Begin Source File SOURCE=.\radlib_private.h # End Source File # Begin Source File SOURCE=.\radlib_vs.h # End Source File # End Group # Begin Group "Ressourcendateien" # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" # End Group # End Target # End Project radius-1.2.5/radius.dsw100644 1751 0 1065 10577333114 10150 Microsoft Developer Studio Workspace File, Format Version 6.00 # WARNUNG: DIESE ARBEITSBEREICHSDATEI DARF NICHT BEARBEITET ODER GELÖSCHT WERDEN! ############################################################################### Project: "radius"=".\radius.dsp" - Package Owner=<4> Package=<5> {{{ }}} Package=<4> {{{ }}} ############################################################################### Global: Package=<5> {{{ }}} Package=<3> {{{ }}} ############################################################################### radius-1.2.5/radius_init_const.h100644 1751 0 30614 10577333114 12055 REGISTER_LONG_CONSTANT("RADIUS_ACCESS_REQUEST", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCESS_ACCEPT", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCESS_REJECT", 3, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCOUNTING_REQUEST", 4, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCOUNTING_RESPONSE", 5, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCESS_CHALLENGE", 11, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_USER_NAME", 1, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_USER_PASSWORD", 2, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_CHAP_PASSWORD", 3, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_NAS_IP_ADDRESS", 4, CONST_PERSISTENT); /* IP address */ REGISTER_LONG_CONSTANT("RADIUS_NAS_PORT", 5, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_SERVICE_TYPE", 6, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_FRAMED", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_CALLBACK_LOGIN", 3, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_CALLBACK_FRAMED", 4, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_OUTBOUND", 5, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ADMINISTRATIVE", 6, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_NAS_PROMPT", 7, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_AUTHENTICATE_ONLY", 8, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_CALLBACK_NAS_PROMPT", 9, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_FRAMED_PROTOCOL", 7, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_PPP", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_SLIP", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ARAP", 3, CONST_PERSISTENT); /* Appletalk */ REGISTER_LONG_CONSTANT("RADIUS_GANDALF", 4, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_XYLOGICS", 5, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_FRAMED_IP_ADDRESS", 8, CONST_PERSISTENT); /* IP address */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_IP_NETMASK", 9, CONST_PERSISTENT); /* IP address */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_ROUTING", 10, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_FILTER_ID", 11, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_MTU", 12, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_COMPRESSION", 13, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_COMP_NONE", 0, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_COMP_VJ", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_COMP_IPXHDR", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_LOGIN_IP_HOST", 14, CONST_PERSISTENT); /* IP address */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN_SERVICE", 15, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN_TCP_PORT", 16, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_REPLY_MESSAGE", 18, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_CALLBACK_NUMBER", 19, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_CALLBACK_ID", 20, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_ROUTE", 22, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_IPX_NETWORK", 23, CONST_PERSISTENT); /* IP address */ REGISTER_LONG_CONSTANT("RADIUS_STATE", 24, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_CLASS", 25, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_VENDOR_SPECIFIC", 26, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_SESSION_TIMEOUT", 27, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_IDLE_TIMEOUT", 28, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_TERMINATION_ACTION", 29, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_CALLED_STATION_ID", 30, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_CALLING_STATION_ID", 31, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_NAS_IDENTIFIER", 32, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_PROXY_STATE", 33, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN_LAT_SERVICE", 34, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN_LAT_NODE", 35, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN_LAT_GROUP", 36, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_APPLETALK_LINK", 37, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_APPLETALK_NETWORK", 38, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_APPLETALK_ZONE", 39, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_CHAP_CHALLENGE", 60, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_NAS_PORT_TYPE", 61, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_ASYNC", 0, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_SYNC", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ISDN_SYNC", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ISDN_ASYNC_V120", 3, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ISDN_ASYNC_V110", 4, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_VIRTUAL", 5, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_PIAFS", 6, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_HDLC_CLEAR_CHANNEL", 7, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_X_25", 8, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_X_75", 9, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_G_3_FAX", 10, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_SDSL", 11, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ADSL_CAP", 12, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ADSL_DMT", 13, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_IDSL", 14, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ETHERNET", 15, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_XDSL", 16, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_CABLE", 17, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_WIRELESS_OTHER", 18, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_WIRELESS_IEEE_802_11", 19, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_PORT_LIMIT", 62, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN_LAT_PORT", 63, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_CONNECT_INFO", 77, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_NAS_IPV6_ADDRESS", 95, CONST_PERSISTENT); /* IPv6 address */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_INTERFACE_ID", 96, CONST_PERSISTENT); /* 8 octets */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_IPV6_PREFIX", 97, CONST_PERSISTENT); /* Octets */ REGISTER_LONG_CONSTANT("RADIUS_LOGIN_IPV6_HOST", 98, CONST_PERSISTENT); /* IPv6 address */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_IPV6_ROUTE", 99, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_FRAMED_IPV6_POOL", 100, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_STATUS_TYPE", 40, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_START", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_STOP", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCOUNTING_ON", 7, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCOUNTING_OFF", 8, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCT_DELAY_TIME", 41, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_INPUT_OCTETS", 42, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_OUTPUT_OCTETS", 43, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_SESSION_ID", 44, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_AUTHENTIC", 45, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_AUTH_RADIUS", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_AUTH_LOCAL", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_AUTH_REMOTE", 3, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCT_SESSION_TIME", 46, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_INPUT_PACKETS", 47, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_OUTPUT_PACKETS", 48, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_TERMINATE_CAUSE", 49, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_TERM_USER_REQUEST", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_LOST_CARRIER", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_LOST_SERVICE", 3, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_IDLE_TIMEOUT", 4, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_SESSION_TIMEOUT", 5, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_ADMIN_RESET", 6, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_ADMIN_REBOOT", 7, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_PORT_ERROR", 8, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_NAS_ERROR", 9, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_NAS_REQUEST", 10, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_NAS_REBOOT", 11, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_PORT_UNNEEDED", 12, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_PORT_PREEMPTED", 13, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_PORT_SUSPENDED", 14, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_SERVICE_UNAVAILABLE", 15, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_CALLBACK", 16, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_USER_ERROR", 17, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_TERM_HOST_REQUEST", 18, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_ACCT_MULTI_SESSION_ID", 50, CONST_PERSISTENT); /* String */ REGISTER_LONG_CONSTANT("RADIUS_ACCT_LINK_COUNT", 51, CONST_PERSISTENT); /* Integer */ REGISTER_LONG_CONSTANT("RADIUS_VENDOR_MICROSOFT", 311, CONST_PERSISTENT); /* rfc2548 */ REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_RESPONSE", 1, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_ERROR", 2, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_PW_1", 3, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_PW_2", 4, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_LM_ENC_PW", 5, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_NT_ENC_PW", 6, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY", 7, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES", 8, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_RAS_VENDOR", 9, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_DOMAIN", 10, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_CHALLENGE", 11, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS", 12, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_BAP_USAGE", 13, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD", 14, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_LINK_DROP_TIME_LIMIT", 15, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_MPPE_SEND_KEY", 16, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_MPPE_RECV_KEY", 17, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_RAS_VERSION", 18, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_OLD_ARAP_PASSWORD", 19, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_NEW_ARAP_PASSWORD", 20, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON", 21, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_FILTER", 22, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_ACCT_AUTH_TYPE", 23, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_ACCT_EAP_TYPE", 24, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP2_RESPONSE", 25, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP2_SUCCESS", 26, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_CHAP2_PW", 27, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER", 28, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_SECONDARY_DNS_SERVER", 29, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_PRIMARY_NBNS_SERVER", 30, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_SECONDARY_NBNS_SERVER", 31, CONST_PERSISTENT); REGISTER_LONG_CONSTANT("RADIUS_MICROSOFT_MS_ARAP_CHALLENGE", 33, CONST_PERSISTENT); radius-1.2.5/radlib.c100644 1751 0 62425 10577333114 7572 /*- * Copyright 1998 Juniper Networks, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: src/lib/libradius/radlib.c,v 1.4.2.3 2002/06/17 02:24:57 brian Exp $ */ #include #ifndef PHP_WIN32 #include #include #include #include #include #else #include #include "win32/time.h" #endif #include #include #include #include #include #include #ifndef PHP_WIN32 #include #endif #include "radlib_compat.h" #include "radlib_md5.h" #include "radlib_private.h" static void clear_password(struct rad_handle *); static void generr(struct rad_handle *, const char *, ...) __printflike(2, 3); static void insert_scrambled_password(struct rad_handle *, int); static void insert_request_authenticator(struct rad_handle *, int); static int is_valid_response(struct rad_handle *, int, const struct sockaddr_in *); static int put_password_attr(struct rad_handle *, int, const void *, size_t); static int put_raw_attr(struct rad_handle *, int, const void *, size_t); static int split(char *, char *[], int, char *, size_t); static void clear_password(struct rad_handle *h) { if (h->pass_len != 0) { memset(h->pass, 0, h->pass_len); h->pass_len = 0; } h->pass_pos = 0; } static void generr(struct rad_handle *h, const char *format, ...) { va_list ap; va_start(ap, format); vsnprintf(h->errmsg, ERRSIZE, format, ap); va_end(ap); } static void insert_scrambled_password(struct rad_handle *h, int srv) { MD5_CTX ctx; unsigned char md5[16]; const struct rad_server *srvp; int padded_len; int pos; srvp = &h->servers[srv]; padded_len = h->pass_len == 0 ? 16 : (h->pass_len+15) & ~0xf; memcpy(md5, &h->request[POS_AUTH], LEN_AUTH); for (pos = 0; pos < padded_len; pos += 16) { int i; /* Calculate the new scrambler */ MD5Init(&ctx); MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); MD5Update(&ctx, md5, 16); MD5Final(md5, &ctx); /* * Mix in the current chunk of the password, and copy * the result into the right place in the request. Also * modify the scrambler in place, since we will use this * in calculating the scrambler for next time. */ for (i = 0; i < 16; i++) h->request[h->pass_pos + pos + i] = md5[i] ^= h->pass[pos + i]; } } static void insert_request_authenticator(struct rad_handle *h, int srv) { MD5_CTX ctx; const struct rad_server *srvp; srvp = &h->servers[srv]; /* Create the request authenticator */ MD5Init(&ctx); MD5Update(&ctx, &h->request[POS_CODE], POS_AUTH - POS_CODE); MD5Update(&ctx, memset(&h->request[POS_AUTH], 0, LEN_AUTH), LEN_AUTH); MD5Update(&ctx, &h->request[POS_ATTRS], h->req_len - POS_ATTRS); MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); MD5Final(&h->request[POS_AUTH], &ctx); } /* * Return true if the current response is valid for a request to the * specified server. */ static int is_valid_response(struct rad_handle *h, int srv, const struct sockaddr_in *from) { MD5_CTX ctx; unsigned char md5[16]; const struct rad_server *srvp; int len; srvp = &h->servers[srv]; /* Check the source address */ if (from->sin_family != srvp->addr.sin_family || from->sin_addr.s_addr != srvp->addr.sin_addr.s_addr || from->sin_port != srvp->addr.sin_port) return 0; /* Check the message length */ if (h->resp_len < POS_ATTRS) return 0; len = h->response[POS_LENGTH] << 8 | h->response[POS_LENGTH+1]; if (len > h->resp_len) return 0; /* Check the response authenticator */ MD5Init(&ctx); MD5Update(&ctx, &h->response[POS_CODE], POS_AUTH - POS_CODE); MD5Update(&ctx, &h->request[POS_AUTH], LEN_AUTH); MD5Update(&ctx, &h->response[POS_ATTRS], len - POS_ATTRS); MD5Update(&ctx, srvp->secret, strlen(srvp->secret)); MD5Final(md5, &ctx); if (memcmp(&h->response[POS_AUTH], md5, sizeof md5) != 0) return 0; return 1; } static int put_password_attr(struct rad_handle *h, int type, const void *value, size_t len) { int padded_len; int pad_len; if (h->pass_pos != 0) { generr(h, "Multiple User-Password attributes specified"); return -1; } if (len > PASSSIZE) len = PASSSIZE; padded_len = len == 0 ? 16 : (len+15) & ~0xf; pad_len = padded_len - len; /* * Put in a place-holder attribute containing all zeros, and * remember where it is so we can fill it in later. */ clear_password(h); put_raw_attr(h, type, h->pass, padded_len); h->pass_pos = h->req_len - padded_len; /* Save the cleartext password, padded as necessary */ memcpy(h->pass, value, len); h->pass_len = len; memset(h->pass + len, 0, pad_len); return 0; } static int put_raw_attr(struct rad_handle *h, int type, const void *value, size_t len) { if (len > 253) { generr(h, "Attribute too long"); return -1; } if (h->req_len + 2 + len > MSGSIZE) { generr(h, "Maximum message length exceeded"); return -1; } h->request[h->req_len++] = type; h->request[h->req_len++] = len + 2; memcpy(&h->request[h->req_len], value, len); h->req_len += len; return 0; } int rad_add_server(struct rad_handle *h, const char *host, int port, const char *secret, int timeout, int tries) { struct rad_server *srvp; if (h->num_servers >= MAXSERVERS) { generr(h, "Too many RADIUS servers specified"); return -1; } srvp = &h->servers[h->num_servers]; memset(&srvp->addr, 0, sizeof srvp->addr); srvp->addr.sin_family = AF_INET; if (!inet_aton(host, &srvp->addr.sin_addr)) { struct hostent *hent; if ((hent = gethostbyname(host)) == NULL) { generr(h, "%s: host not found", host); return -1; } memcpy(&srvp->addr.sin_addr, hent->h_addr, sizeof srvp->addr.sin_addr); } if (port != 0) srvp->addr.sin_port = htons((short) port); else { struct servent *sent; if (h->type == RADIUS_AUTH) srvp->addr.sin_port = (sent = getservbyname("radius", "udp")) != NULL ? sent->s_port : htons(RADIUS_PORT); else srvp->addr.sin_port = (sent = getservbyname("radacct", "udp")) != NULL ? sent->s_port : htons(RADACCT_PORT); } if ((srvp->secret = strdup(secret)) == NULL) { generr(h, "Out of memory"); return -1; } srvp->timeout = timeout; srvp->max_tries = tries; srvp->num_tries = 0; h->num_servers++; return 0; } void rad_close(struct rad_handle *h) { int srv; if (h->fd != -1) close(h->fd); for (srv = 0; srv < h->num_servers; srv++) { memset(h->servers[srv].secret, 0, strlen(h->servers[srv].secret)); free(h->servers[srv].secret); } clear_password(h); free(h); } int rad_config(struct rad_handle *h, const char *path) { FILE *fp; char buf[MAXCONFLINE]; int linenum; int retval; if (path == NULL) path = PATH_RADIUS_CONF; if ((fp = fopen(path, "r")) == NULL) { generr(h, "Cannot open \"%s\": %s", path, strerror(errno)); return -1; } retval = 0; linenum = 0; while (fgets(buf, sizeof buf, fp) != NULL) { int len; char *fields[5]; int nfields; char msg[ERRSIZE]; char *type; char *host, *res; char *port_str; char *secret; char *timeout_str; char *maxtries_str; char *end; char *wanttype; unsigned long timeout; unsigned long maxtries; int port; int i; linenum++; len = strlen(buf); /* We know len > 0, else fgets would have returned NULL. */ if (buf[len - 1] != '\n' && !(buf[len - 2] != '\r' && buf[len - 1] != '\n')) { if (len == sizeof buf - 1) generr(h, "%s:%d: line too long", path, linenum); else generr(h, "%s:%d: missing newline", path, linenum); retval = -1; break; } buf[len - 1] = '\0'; /* Extract the fields from the line. */ nfields = split(buf, fields, 5, msg, sizeof msg); if (nfields == -1) { generr(h, "%s:%d: %s", path, linenum, msg); retval = -1; break; } if (nfields == 0) continue; /* * The first field should contain "auth" or "acct" for * authentication or accounting, respectively. But older * versions of the file didn't have that field. Default * it to "auth" for backward compatibility. */ if (strcmp(fields[0], "auth") != 0 && strcmp(fields[0], "acct") != 0) { if (nfields >= 5) { generr(h, "%s:%d: invalid service type", path, linenum); retval = -1; break; } nfields++; for (i = nfields; --i > 0; ) fields[i] = fields[i - 1]; fields[0] = "auth"; } if (nfields < 3) { generr(h, "%s:%d: missing shared secret", path, linenum); retval = -1; break; } type = fields[0]; host = fields[1]; secret = fields[2]; timeout_str = fields[3]; maxtries_str = fields[4]; /* Ignore the line if it is for the wrong service type. */ wanttype = h->type == RADIUS_AUTH ? "auth" : "acct"; if (strcmp(type, wanttype) != 0) continue; /* Parse and validate the fields. */ res = host; host = strsep(&res, ":"); port_str = strsep(&res, ":"); if (port_str != NULL) { port = strtoul(port_str, &end, 10); if (*end != '\0') { generr(h, "%s:%d: invalid port", path, linenum); retval = -1; break; } } else port = 0; if (timeout_str != NULL) { timeout = strtoul(timeout_str, &end, 10); if (*end != '\0') { generr(h, "%s:%d: invalid timeout", path, linenum); retval = -1; break; } } else timeout = TIMEOUT; if (maxtries_str != NULL) { maxtries = strtoul(maxtries_str, &end, 10); if (*end != '\0') { generr(h, "%s:%d: invalid maxtries", path, linenum); retval = -1; break; } } else maxtries = MAXTRIES; if (rad_add_server(h, host, port, secret, timeout, maxtries) == -1) { strcpy(msg, h->errmsg); generr(h, "%s:%d: %s", path, linenum, msg); retval = -1; break; } } /* Clear out the buffer to wipe a possible copy of a shared secret */ memset(buf, 0, sizeof buf); fclose(fp); return retval; } /* * rad_init_send_request() must have previously been called. * Returns: * 0 The application should select on *fd with a timeout of tv before * calling rad_continue_send_request again. * < 0 Failure * > 0 Success */ int rad_continue_send_request(struct rad_handle *h, int selected, int *fd, struct timeval *tv) { int n; if (selected) { struct sockaddr_in from; int fromlen; fromlen = sizeof from; h->resp_len = recvfrom(h->fd, h->response, MSGSIZE, MSG_WAITALL, (struct sockaddr *)&from, &fromlen); if (h->resp_len == -1) { #ifdef PHP_WIN32 generr(h, "recfrom: %d", WSAGetLastError()); #else generr(h, "recvfrom: %s", strerror(errno)); #endif return -1; } if (is_valid_response(h, h->srv, &from)) { h->resp_len = h->response[POS_LENGTH] << 8 | h->response[POS_LENGTH+1]; h->resp_pos = POS_ATTRS; return h->response[POS_CODE]; } } if (h->try == h->total_tries) { generr(h, "No valid RADIUS responses received"); return -1; } /* * Scan round-robin to the next server that has some * tries left. There is guaranteed to be one, or we * would have exited this loop by now. */ while (h->servers[h->srv].num_tries >= h->servers[h->srv].max_tries) if (++h->srv >= h->num_servers) h->srv = 0; if (h->request[POS_CODE] == RAD_ACCOUNTING_REQUEST) /* Insert the request authenticator into the request */ insert_request_authenticator(h, h->srv); else /* Insert the scrambled password into the request */ if (h->pass_pos != 0) insert_scrambled_password(h, h->srv); /* Send the request */ n = sendto(h->fd, h->request, h->req_len, 0, (const struct sockaddr *)&h->servers[h->srv].addr, sizeof h->servers[h->srv].addr); if (n != h->req_len) { if (n == -1) #ifdef PHP_WIN32 generr(h, "sendto: %d", WSAGetLastError()); #else generr(h, "sendto: %s", strerror(errno)); #endif else generr(h, "sendto: short write"); return -1; } h->try++; h->servers[h->srv].num_tries++; tv->tv_sec = h->servers[h->srv].timeout; tv->tv_usec = 0; *fd = h->fd; return 0; } int rad_create_request(struct rad_handle *h, int code) { int i; h->request[POS_CODE] = code; h->request[POS_IDENT] = ++h->ident; /* Create a random authenticator */ for (i = 0; i < LEN_AUTH; i += 2) { long r; TSRMLS_FETCH(); r = php_rand(TSRMLS_C); h->request[POS_AUTH+i] = (unsigned char) r; h->request[POS_AUTH+i+1] = (unsigned char) (r >> 8); } h->req_len = POS_ATTRS; h->request_created = 1; clear_password(h); return 0; } struct in_addr rad_cvt_addr(const void *data) { struct in_addr value; memcpy(&value.s_addr, data, sizeof value.s_addr); return value; } u_int32_t rad_cvt_int(const void *data) { u_int32_t value; memcpy(&value, data, sizeof value); return ntohl(value); } char * rad_cvt_string(const void *data, size_t len) { char *s; s = malloc(len + 1); if (s != NULL) { memcpy(s, data, len); s[len] = '\0'; } return s; } /* * Returns the attribute type. If none are left, returns 0. On failure, * returns -1. */ int rad_get_attr(struct rad_handle *h, const void **value, size_t *len) { int type; if (h->resp_pos >= h->resp_len) return 0; if (h->resp_pos + 2 > h->resp_len) { generr(h, "Malformed attribute in response"); return -1; } type = h->response[h->resp_pos++]; *len = h->response[h->resp_pos++] - 2; if (h->resp_pos + (int) *len > h->resp_len) { generr(h, "Malformed attribute in response"); return -1; } *value = &h->response[h->resp_pos]; h->resp_pos += *len; return type; } /* * Returns -1 on error, 0 to indicate no event and >0 for success */ int rad_init_send_request(struct rad_handle *h, int *fd, struct timeval *tv) { int srv; /* Make sure we have a socket to use */ if (h->fd == -1) { struct sockaddr_in sin; if ((h->fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { #ifdef PHP_WIN32 generr(h, "Cannot create socket: %d", WSAGetLastError()); #else generr(h, "Cannot create socket: %s", strerror(errno)); #endif return -1; } memset(&sin, 0, sizeof sin); sin.sin_family = AF_INET; sin.sin_addr.s_addr = INADDR_ANY; sin.sin_port = htons(0); if (bind(h->fd, (const struct sockaddr *)&sin, sizeof sin) == -1) { #ifdef PHP_WIN32 generr(h, "bind: %d", WSAGetLastError()); #else generr(h, "bind: %s", strerror(errno)); #endif close(h->fd); h->fd = -1; return -1; } } if (h->request[POS_CODE] == RAD_ACCOUNTING_REQUEST) { /* Make sure no password given */ if (h->pass_pos || h->chap_pass) { generr(h, "User or Chap Password in accounting request"); return -1; } } else { /* Make sure the user gave us a password */ if (h->pass_pos == 0 && !h->chap_pass) { generr(h, "No User or Chap Password attributes given"); return -1; } if (h->pass_pos != 0 && h->chap_pass) { generr(h, "Both User and Chap Password attributes given"); return -1; } } /* Fill in the length field in the message */ h->request[POS_LENGTH] = h->req_len >> 8; h->request[POS_LENGTH+1] = h->req_len; /* * Count the total number of tries we will make, and zero the * counter for each server. */ h->total_tries = 0; for (srv = 0; srv < h->num_servers; srv++) { h->total_tries += h->servers[srv].max_tries; h->servers[srv].num_tries = 0; } if (h->total_tries == 0) { generr(h, "No RADIUS servers specified"); return -1; } h->try = h->srv = 0; return rad_continue_send_request(h, 0, fd, tv); } /* * Create and initialize a rad_handle structure, and return it to the * caller. Can fail only if the necessary memory cannot be allocated. * In that case, it returns NULL. */ struct rad_handle * rad_auth_open(void) { struct rad_handle *h; h = (struct rad_handle *)malloc(sizeof(struct rad_handle)); if (h != NULL) { TSRMLS_FETCH(); php_srand(time(NULL) * getpid() * (unsigned long) (php_combined_lcg(TSRMLS_C) * 10000.0) TSRMLS_CC); h->fd = -1; h->num_servers = 0; h->ident = php_rand(TSRMLS_C); h->errmsg[0] = '\0'; memset(h->pass, 0, sizeof h->pass); h->pass_len = 0; h->pass_pos = 0; h->chap_pass = 0; h->type = RADIUS_AUTH; h->request_created = 0; } return h; } struct rad_handle * rad_acct_open(void) { struct rad_handle *h; h = rad_open(); if (h != NULL) h->type = RADIUS_ACCT; return h; } struct rad_handle * rad_open(void) { return rad_auth_open(); } int rad_put_addr(struct rad_handle *h, int type, struct in_addr addr) { return rad_put_attr(h, type, &addr.s_addr, sizeof addr.s_addr); } int rad_put_attr(struct rad_handle *h, int type, const void *value, size_t len) { int result; if (!h->request_created) { generr(h, "Please call rad_create_request()"); return -1; } if (type == RAD_USER_PASSWORD) result = put_password_attr(h, type, value, len); else { result = put_raw_attr(h, type, value, len); if (result == 0 && type == RAD_CHAP_PASSWORD) h->chap_pass = 1; } return result; } int rad_put_int(struct rad_handle *h, int type, u_int32_t value) { u_int32_t nvalue; nvalue = htonl(value); return rad_put_attr(h, type, &nvalue, sizeof nvalue); } int rad_put_string(struct rad_handle *h, int type, const char *str) { return rad_put_attr(h, type, str, strlen(str)); } /* * Returns the response type code on success, or -1 on failure. */ int rad_send_request(struct rad_handle *h) { struct timeval timelimit; struct timeval tv; int fd; int n; n = rad_init_send_request(h, &fd, &tv); if (n != 0) return n; gettimeofday(&timelimit, NULL); timeradd(&tv, &timelimit, &timelimit); for ( ; ; ) { fd_set readfds; FD_ZERO(&readfds); FD_SET(fd, &readfds); n = select(fd + 1, &readfds, NULL, NULL, &tv); if (n == -1) { generr(h, "select: %s", strerror(errno)); return -1; } if (!FD_ISSET(fd, &readfds)) { /* Compute a new timeout */ gettimeofday(&tv, NULL); timersub(&timelimit, &tv, &tv); if (tv.tv_sec > 0 || (tv.tv_sec == 0 && tv.tv_usec > 0)) /* Continue the select */ continue; } n = rad_continue_send_request(h, n, &fd, &tv); if (n != 0) return n; gettimeofday(&timelimit, NULL); timeradd(&tv, &timelimit, &timelimit); } } const char * rad_strerror(struct rad_handle *h) { return h->errmsg; } /* * Destructively split a string into fields separated by white space. * `#' at the beginning of a field begins a comment that extends to the * end of the string. Fields may be quoted with `"'. Inside quoted * strings, the backslash escapes `\"' and `\\' are honored. * * Pointers to up to the first maxfields fields are stored in the fields * array. Missing fields get NULL pointers. * * The return value is the actual number of fields parsed, and is always * <= maxfields. * * On a syntax error, places a message in the msg string, and returns -1. */ static int split(char *str, char *fields[], int maxfields, char *msg, size_t msglen) { char *p; int i; static const char ws[] = " \t"; for (i = 0; i < maxfields; i++) fields[i] = NULL; p = str; i = 0; while (*p != '\0') { p += strspn(p, ws); if (*p == '#' || *p == '\0') break; if (i >= maxfields) { snprintf(msg, msglen, "line has too many fields"); return -1; } if (*p == '"') { char *dst; dst = ++p; fields[i] = dst; while (*p != '"') { if (*p == '\\') { p++; if (*p != '"' && *p != '\\' && *p != '\0') { snprintf(msg, msglen, "invalid `\\' escape"); return -1; } } if (*p == '\0') { snprintf(msg, msglen, "unterminated quoted string"); return -1; } *dst++ = *p++; } *dst = '\0'; p++; if (*fields[i] == '\0') { snprintf(msg, msglen, "empty quoted string not permitted"); return -1; } if (*p != '\0' && strspn(p, ws) == 0) { snprintf(msg, msglen, "quoted string not" " followed by white space"); return -1; } } else { fields[i] = p; p += strcspn(p, ws); if (*p != '\0') *p++ = '\0'; } i++; } return i; } int rad_get_vendor_attr(u_int32_t *vendor, const void **data, size_t *len) { struct vendor_attribute *attr; attr = (struct vendor_attribute *)*data; *vendor = ntohl(attr->vendor_value); *data = attr->attrib_data; *len = attr->attrib_len - 2; return (attr->attrib_type); } int rad_put_vendor_addr(struct rad_handle *h, int vendor, int type, struct in_addr addr) { return (rad_put_vendor_attr(h, vendor, type, &addr.s_addr, sizeof addr.s_addr)); } int rad_put_vendor_attr(struct rad_handle *h, int vendor, int type, const void *value, size_t len) { struct vendor_attribute *attr; int res; if (!h->request_created) { generr(h, "Please call rad_create_request()"); return -1; } if ((attr = malloc(len + 6)) == NULL) { generr(h, "malloc failure (%d bytes)", len + 6); return -1; } attr->vendor_value = htonl(vendor); attr->attrib_type = type; attr->attrib_len = len + 2; memcpy(attr->attrib_data, value, len); res = put_raw_attr(h, RAD_VENDOR_SPECIFIC, attr, len + 6); free(attr); if (res == 0 && vendor == RAD_VENDOR_MICROSOFT && (type == RAD_MICROSOFT_MS_CHAP_RESPONSE || type == RAD_MICROSOFT_MS_CHAP2_RESPONSE)) { h->chap_pass = 1; } return (res); } int rad_put_vendor_int(struct rad_handle *h, int vendor, int type, u_int32_t i) { u_int32_t value; value = htonl(i); return (rad_put_vendor_attr(h, vendor, type, &value, sizeof value)); } int rad_put_vendor_string(struct rad_handle *h, int vendor, int type, const char *str) { return (rad_put_vendor_attr(h, vendor, type, str, strlen(str))); } ssize_t rad_request_authenticator(struct rad_handle *h, char *buf, size_t len) { if (len < LEN_AUTH) return (-1); memcpy(buf, h->request + POS_AUTH, LEN_AUTH); if (len > LEN_AUTH) buf[LEN_AUTH] = '\0'; return (LEN_AUTH); } const char * rad_server_secret(struct rad_handle *h) { return (h->servers[h->srv].secret); } int rad_demangle(struct rad_handle *h, const void *mangled, size_t mlen, u_char *demangled) { char R[LEN_AUTH]; const char *S; int i, Ppos; MD5_CTX Context; u_char b[16], *C; if ((mlen % 16 != 0) || (mlen > 128)) { generr(h, "Cannot interpret mangled data of length %ld", (u_long)mlen); return -1; } C = (u_char *)mangled; /* We need the shared secret as Salt */ S = rad_server_secret(h); /* We need the request authenticator */ if (rad_request_authenticator(h, R, sizeof R) != LEN_AUTH) { generr(h, "Cannot obtain the RADIUS request authenticator"); return -1; } MD5Init(&Context); MD5Update(&Context, S, strlen(S)); MD5Update(&Context, R, LEN_AUTH); MD5Final(b, &Context); Ppos = 0; while (mlen) { mlen -= 16; for (i = 0; i < 16; i++) demangled[Ppos++] = C[i] ^ b[i]; if (mlen) { MD5Init(&Context); MD5Update(&Context, S, strlen(S)); MD5Update(&Context, C, 16); MD5Final(b, &Context); } C += 16; } return 0; } int rad_demangle_mppe_key(struct rad_handle *h, const void *mangled, size_t mlen, u_char *demangled, size_t *len) { char R[LEN_AUTH]; /* variable names as per rfc2548 */ const char *S; u_char b[16]; const u_char *A, *C; MD5_CTX Context; int Slen, i, Clen, Ppos; u_char *P; if (mlen % 16 != SALT_LEN) { generr(h, "Cannot interpret mangled data of length %ld", (u_long)mlen); return -1; } /* We need the RADIUS Request-Authenticator */ if (rad_request_authenticator(h, R, sizeof R) != LEN_AUTH) { generr(h, "Cannot obtain the RADIUS request authenticator"); return -1; } A = (const u_char *)mangled; /* Salt comes first */ C = (const u_char *)mangled + SALT_LEN; /* Then the ciphertext */ Clen = mlen - SALT_LEN; S = rad_server_secret(h); /* We need the RADIUS secret */ Slen = strlen(S); P = alloca(Clen); /* We derive our plaintext */ MD5Init(&Context); MD5Update(&Context, S, Slen); MD5Update(&Context, R, LEN_AUTH); MD5Update(&Context, A, SALT_LEN); MD5Final(b, &Context); Ppos = 0; while (Clen) { Clen -= 16; for (i = 0; i < 16; i++) P[Ppos++] = C[i] ^ b[i]; if (Clen) { MD5Init(&Context); MD5Update(&Context, S, Slen); MD5Update(&Context, C, 16); MD5Final(b, &Context); } C += 16; } /* * The resulting plain text consists of a one-byte length, the text and * maybe some padding. */ *len = *P; if (*len > mlen - 1) { generr(h, "Mangled data seems to be garbage %d %d", *len, mlen-1); return -1; } if (*len > MPPE_KEY_LEN) { generr(h, "Key to long (%d) for me max. %d", *len, MPPE_KEY_LEN); return -1; } memcpy(demangled, P + 1, *len); return 0; } radius-1.2.5/radlib.h100644 1751 0 17371 10577333114 7577 /*- * Copyright 1998 Juniper Networks, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: src/lib/libradius/radlib.h,v 1.3.2.1 2002/06/17 02:24:57 brian Exp $ */ #ifndef _RADLIB_H_ #define _RADLIB_H_ #ifndef PHP_WIN32 #include #include #endif #include "radlib_compat.h" /* Message types */ #define RAD_ACCESS_REQUEST 1 #define RAD_ACCESS_ACCEPT 2 #define RAD_ACCESS_REJECT 3 #define RAD_ACCOUNTING_REQUEST 4 #define RAD_ACCOUNTING_RESPONSE 5 #define RAD_ACCESS_CHALLENGE 11 /* Attribute types and values */ #define RAD_USER_NAME 1 /* String */ #define RAD_USER_PASSWORD 2 /* String */ #define RAD_CHAP_PASSWORD 3 /* String */ #define RAD_NAS_IP_ADDRESS 4 /* IP address */ #define RAD_NAS_PORT 5 /* Integer */ #define RAD_SERVICE_TYPE 6 /* Integer */ #define RAD_LOGIN 1 #define RAD_FRAMED 2 #define RAD_CALLBACK_LOGIN 3 #define RAD_CALLBACK_FRAMED 4 #define RAD_OUTBOUND 5 #define RAD_ADMINISTRATIVE 6 #define RAD_NAS_PROMPT 7 #define RAD_AUTHENTICATE_ONLY 8 #define RAD_CALLBACK_NAS_PROMPT 9 #define RAD_FRAMED_PROTOCOL 7 /* Integer */ #define RAD_PPP 1 #define RAD_SLIP 2 #define RAD_ARAP 3 /* Appletalk */ #define RAD_GANDALF 4 #define RAD_XYLOGICS 5 #define RAD_FRAMED_IP_ADDRESS 8 /* IP address */ #define RAD_FRAMED_IP_NETMASK 9 /* IP address */ #define RAD_FRAMED_ROUTING 10 /* Integer */ #define RAD_FILTER_ID 11 /* String */ #define RAD_FRAMED_MTU 12 /* Integer */ #define RAD_FRAMED_COMPRESSION 13 /* Integer */ #define RAD_COMP_NONE 0 #define RAD_COMP_VJ 1 #define RAD_COMP_IPXHDR 2 #define RAD_LOGIN_IP_HOST 14 /* IP address */ #define RAD_LOGIN_SERVICE 15 /* Integer */ #define RAD_LOGIN_TCP_PORT 16 /* Integer */ /* unassiged 17 */ #define RAD_REPLY_MESSAGE 18 /* String */ #define RAD_CALLBACK_NUMBER 19 /* String */ #define RAD_CALLBACK_ID 20 /* String */ /* unassiged 21 */ #define RAD_FRAMED_ROUTE 22 /* String */ #define RAD_FRAMED_IPX_NETWORK 23 /* IP address */ #define RAD_STATE 24 /* String */ #define RAD_CLASS 25 /* Integer */ #define RAD_VENDOR_SPECIFIC 26 /* Integer */ #define RAD_SESSION_TIMEOUT 27 /* Integer */ #define RAD_IDLE_TIMEOUT 28 /* Integer */ #define RAD_TERMINATION_ACTION 29 /* Integer */ #define RAD_CALLED_STATION_ID 30 /* String */ #define RAD_CALLING_STATION_ID 31 /* String */ #define RAD_NAS_IDENTIFIER 32 /* Integer */ #define RAD_PROXY_STATE 33 /* Integer */ #define RAD_LOGIN_LAT_SERVICE 34 /* Integer */ #define RAD_LOGIN_LAT_NODE 35 /* Integer */ #define RAD_LOGIN_LAT_GROUP 36 /* Integer */ #define RAD_FRAMED_APPLETALK_LINK 37 /* Integer */ #define RAD_FRAMED_APPLETALK_NETWORK 38 /* Integer */ #define RAD_FRAMED_APPLETALK_ZONE 39 /* Integer */ /* reserved for accounting 40-59 */ #define RAD_CHAP_CHALLENGE 60 /* String */ #define RAD_NAS_PORT_TYPE 61 /* Integer */ #define RAD_ASYNC 0 #define RAD_SYNC 1 #define RAD_ISDN_SYNC 2 #define RAD_ISDN_ASYNC_V120 3 #define RAD_ISDN_ASYNC_V110 4 #define RAD_VIRTUAL 5 #define RAD_PIAFS 6 #define RAD_HDLC_CLEAR_CHANNEL 7 #define RAD_X_25 8 #define RAD_X_75 9 #define RAD_G_3_FAX 10 #define RAD_SDSL 11 #define RAD_ADSL_CAP 12 #define RAD_ADSL_DMT 13 #define RAD_IDSL 14 #define RAD_ETHERNET 15 #define RAD_XDSL 16 #define RAD_CABLE 17 #define RAD_WIRELESS_OTHER 18 #define RAD_WIRELESS_IEEE_802_11 19 #define RAD_PORT_LIMIT 62 /* Integer */ #define RAD_LOGIN_LAT_PORT 63 /* Integer */ #define RAD_CONNECT_INFO 77 /* String */ #define RAD_NAS_IPV6_ADDRESS 95 /* IPv6 address */ #define RAD_FRAMED_INTERFACE_ID 96 /* 8 octets */ #define RAD_FRAMED_IPV6_PREFIX 97 /* Octets */ #define RAD_LOGIN_IPV6_HOST 98 /* IPv6 address */ #define RAD_FRAMED_IPV6_ROUTE 99 /* String */ #define RAD_FRAMED_IPV6_POOL 100 /* String */ /* Accounting attribute types and values */ #define RAD_ACCT_STATUS_TYPE 40 /* Integer */ #define RAD_START 1 #define RAD_STOP 2 #define RAD_ACCOUNTING_ON 7 #define RAD_ACCOUNTING_OFF 8 #define RAD_ACCT_DELAY_TIME 41 /* Integer */ #define RAD_ACCT_INPUT_OCTETS 42 /* Integer */ #define RAD_ACCT_OUTPUT_OCTETS 43 /* Integer */ #define RAD_ACCT_SESSION_ID 44 /* String */ #define RAD_ACCT_AUTHENTIC 45 /* Integer */ #define RAD_AUTH_RADIUS 1 #define RAD_AUTH_LOCAL 2 #define RAD_AUTH_REMOTE 3 #define RAD_ACCT_SESSION_TIME 46 /* Integer */ #define RAD_ACCT_INPUT_PACKETS 47 /* Integer */ #define RAD_ACCT_OUTPUT_PACKETS 48 /* Integer */ #define RAD_ACCT_TERMINATE_CAUSE 49 /* Integer */ #define RAD_TERM_USER_REQUEST 1 #define RAD_TERM_LOST_CARRIER 2 #define RAD_TERM_LOST_SERVICE 3 #define RAD_TERM_IDLE_TIMEOUT 4 #define RAD_TERM_SESSION_TIMEOUT 5 #define RAD_TERM_ADMIN_RESET 6 #define RAD_TERM_ADMIN_REBOOT 7 #define RAD_TERM_PORT_ERROR 8 #define RAD_TERM_NAS_ERROR 9 #define RAD_TERM_NAS_REQUEST 10 #define RAD_TERM_NAS_REBOOT 11 #define RAD_TERM_PORT_UNNEEDED 12 #define RAD_TERM_PORT_PREEMPTED 13 #define RAD_TERM_PORT_SUSPENDED 14 #define RAD_TERM_SERVICE_UNAVAILABLE 15 #define RAD_TERM_CALLBACK 16 #define RAD_TERM_USER_ERROR 17 #define RAD_TERM_HOST_REQUEST 18 #define RAD_ACCT_MULTI_SESSION_ID 50 /* String */ #define RAD_ACCT_LINK_COUNT 51 /* Integer */ struct rad_handle; struct timeval; struct rad_handle *rad_acct_open(void); int rad_add_server(struct rad_handle *, const char *, int, const char *, int, int); struct rad_handle *rad_auth_open(void); void rad_close(struct rad_handle *); int rad_config(struct rad_handle *, const char *); int rad_continue_send_request(struct rad_handle *, int, int *, struct timeval *); int rad_create_request(struct rad_handle *, int); struct in_addr rad_cvt_addr(const void *); u_int32_t rad_cvt_int(const void *); char *rad_cvt_string(const void *, size_t); int rad_get_attr(struct rad_handle *, const void **, size_t *); int rad_init_send_request(struct rad_handle *, int *, struct timeval *); struct rad_handle *rad_open(void); /* Deprecated, == rad_auth_open */ int rad_put_addr(struct rad_handle *, int, struct in_addr); int rad_put_attr(struct rad_handle *, int, const void *, size_t); int rad_put_int(struct rad_handle *, int, u_int32_t); int rad_put_string(struct rad_handle *, int, const char *); ssize_t rad_request_authenticator(struct rad_handle *, char *, size_t); int rad_send_request(struct rad_handle *); const char *rad_server_secret(struct rad_handle *); const char *rad_strerror(struct rad_handle *); int rad_demangle(struct rad_handle *, const void *, size_t, u_char *); #endif /* _RADLIB_H_ */ radius-1.2.5/radlib_compat.c100644 1751 0 4344 10577333114 11111 /* Copyright (c) 2003, Michael Bretterklieber All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: radlib_compat.c,v 1.5 2003/04/24 18:07:06 mbretter Exp $ */ #include #include "php.h" #include "time.h" int inet_aton(const char *cp, struct in_addr *inp) { inp->s_addr = inet_addr(cp); if (inp->s_addr == INADDR_NONE) { return 0; } return 1; } char *strsep(char **stringp, const char *delim) { char *s; const char *spanp; int c, sc; char *tok; if ((s = *stringp) == NULL) return (NULL); for (tok = s;;) { c = *s++; spanp = delim; do { if ((sc = *spanp++) == c) { if (c == 0) s = NULL; else s[-1] = 0; *stringp = s; return (tok); } } while (sc != 0); } /* NOTREACHED */ } radius-1.2.5/radlib_compat.h100644 1751 0 5406 10577333114 11116 /* Copyright (c) 2003, Michael Bretterklieber All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: radlib_compat.h,v 1.6 2003/04/24 18:04:44 mbretter Exp $ */ #ifndef _RADLIB_COMPAT_H_ #define _RADLIB_COMPAT_H_ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include "php.h" #include "ext/standard/php_rand.h" #include "ext/standard/php_standard.h" #define MPPE_KEY_LEN 16 #ifndef HAVE_U_INT32_T typedef unsigned int u_int32_t; #endif #ifdef PHP_WIN32 typedef long ssize_t; int inet_aton(const char *cp, struct in_addr *inp); char *strsep(char **stringp, const char *delim); #define MSG_WAITALL 0 #include "php_network.h" #endif #ifndef __printflike #define __printflike(fmtarg, firstvararg) #endif #ifndef timeradd #define timeradd(tvp, uvp, vvp) \ do { \ (vvp)->tv_sec = (tvp)->tv_sec + (uvp)->tv_sec; \ (vvp)->tv_usec = (tvp)->tv_usec + (uvp)->tv_usec; \ if ((vvp)->tv_usec >= 1000000) { \ (vvp)->tv_sec++; \ (vvp)->tv_usec -= 1000000; \ } \ } while (0) #endif #ifndef timersub #define timersub(tvp, uvp, vvp) \ do { \ (vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec; \ (vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec; \ if ((vvp)->tv_usec < 0) { \ (vvp)->tv_sec--; \ (vvp)->tv_usec += 1000000; \ } \ } while (0) #endif #endif radius-1.2.5/radlib_md5.h100644 1751 0 3476 10577333114 10325 /* Copyright (c) 2003, Michael Bretterklieber All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This code cannot simply be copied and put under the GNU Public License or any other GPL-like (LGPL, GPL2) License. $Id: radlib_md5.h,v 1.4 2003/01/26 20:31:10 mbretter Exp $ */ #include "php.h" #include "ext/standard/md5.h" #define MD5Init PHP_MD5Init #define MD5Update PHP_MD5Update #define MD5Final PHP_MD5Final #define MD5_CTX PHP_MD5_CTX radius-1.2.5/radlib_private.h100644 1751 0 7560 10577333114 11310 /*- * Copyright 1998 Juniper Networks, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: src/lib/libradius/radlib_private.h,v 1.4.2.1 2002/06/17 02:24:57 brian Exp $ */ #ifndef RADLIB_PRIVATE_H #define RADLIB_PRIVATE_H #include #ifndef PHP_WIN32 #include #endif #include "radlib_compat.h" #include "radlib.h" #include "radlib_vs.h" /* Handle types */ #define RADIUS_AUTH 0 /* RADIUS authentication, default */ #define RADIUS_ACCT 1 /* RADIUS accounting */ /* Defaults */ #define MAXTRIES 3 #define PATH_RADIUS_CONF "/etc/radius.conf" #define RADIUS_PORT 1812 #define RADACCT_PORT 1813 #define TIMEOUT 3 /* In seconds */ /* Limits */ #define ERRSIZE 128 /* Maximum error message length */ #define MAXCONFLINE 1024 /* Maximum config file line length */ #define MAXSERVERS 10 /* Maximum number of servers to try */ #define MSGSIZE 4096 /* Maximum RADIUS message */ #define PASSSIZE 128 /* Maximum significant password chars */ /* Positions of fields in RADIUS messages */ #define POS_CODE 0 /* Message code */ #define POS_IDENT 1 /* Identifier */ #define POS_LENGTH 2 /* Message length */ #define POS_AUTH 4 /* Authenticator */ #define LEN_AUTH 16 /* Length of authenticator */ #define POS_ATTRS 20 /* Start of attributes */ struct rad_server { struct sockaddr_in addr; /* Address of server */ char *secret; /* Shared secret */ int timeout; /* Timeout in seconds */ int max_tries; /* Number of tries before giving up */ int num_tries; /* Number of tries so far */ }; struct rad_handle { int fd; /* Socket file descriptor */ struct rad_server servers[MAXSERVERS]; /* Servers to contact */ int num_servers; /* Number of valid server entries */ int ident; /* Current identifier value */ char errmsg[ERRSIZE]; /* Most recent error message */ unsigned char request[MSGSIZE]; /* Request to send */ char request_created; /* rad_create_request() called? */ int req_len; /* Length of request */ char pass[PASSSIZE]; /* Cleartext password */ int pass_len; /* Length of cleartext password */ int pass_pos; /* Position of scrambled password */ char chap_pass; /* Have we got a CHAP_PASSWORD ? */ unsigned char response[MSGSIZE]; /* Response received */ int resp_len; /* Length of response */ int resp_pos; /* Current position scanning attrs */ int total_tries; /* How many requests we'll send */ int try; /* How many requests we've sent */ int srv; /* Server number we did last */ int type; /* Handle type */ }; struct vendor_attribute { u_int32_t vendor_value; u_char attrib_type; u_char attrib_len; u_char attrib_data[1]; }; #endif radius-1.2.5/radlib_vs.h100644 1751 0 7112 10577333114 10257 /*- * Copyright (c) 2002-2003 Brian Somers * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: src/lib/libradius/radlib_vs.h,v 1.2.2.1 2002/06/17 02:24:57 brian Exp $ */ #ifndef _RADLIB_VS_H_ #define _RADLIB_VS_H_ #include #ifndef PHP_WIN32 #include #endif #include "radlib_compat.h" #define RAD_VENDOR_MICROSOFT 311 /* rfc2548 */ #define RAD_MICROSOFT_MS_CHAP_RESPONSE 1 #define RAD_MICROSOFT_MS_CHAP_ERROR 2 #define RAD_MICROSOFT_MS_CHAP_PW_1 3 #define RAD_MICROSOFT_MS_CHAP_PW_2 4 #define RAD_MICROSOFT_MS_CHAP_LM_ENC_PW 5 #define RAD_MICROSOFT_MS_CHAP_NT_ENC_PW 6 #define RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY 7 #define RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES 8 #define RAD_MICROSOFT_MS_RAS_VENDOR 9 #define RAD_MICROSOFT_MS_CHAP_DOMAIN 10 #define RAD_MICROSOFT_MS_CHAP_CHALLENGE 11 #define RAD_MICROSOFT_MS_CHAP_MPPE_KEYS 12 #define RAD_MICROSOFT_MS_BAP_USAGE 13 #define RAD_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD 14 #define RAD_MICROSOFT_MS_LINK_DROP_TIME_LIMIT 15 #define RAD_MICROSOFT_MS_MPPE_SEND_KEY 16 #define RAD_MICROSOFT_MS_MPPE_RECV_KEY 17 #define RAD_MICROSOFT_MS_RAS_VERSION 18 #define RAD_MICROSOFT_MS_OLD_ARAP_PASSWORD 19 #define RAD_MICROSOFT_MS_NEW_ARAP_PASSWORD 20 #define RAD_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON 21 #define RAD_MICROSOFT_MS_FILTER 22 #define RAD_MICROSOFT_MS_ACCT_AUTH_TYPE 23 #define RAD_MICROSOFT_MS_ACCT_EAP_TYPE 24 #define RAD_MICROSOFT_MS_CHAP2_RESPONSE 25 #define RAD_MICROSOFT_MS_CHAP2_SUCCESS 26 #define RAD_MICROSOFT_MS_CHAP2_PW 27 #define RAD_MICROSOFT_MS_PRIMARY_DNS_SERVER 28 #define RAD_MICROSOFT_MS_SECONDARY_DNS_SERVER 29 #define RAD_MICROSOFT_MS_PRIMARY_NBNS_SERVER 30 #define RAD_MICROSOFT_MS_SECONDARY_NBNS_SERVER 31 #define RAD_MICROSOFT_MS_ARAP_CHALLENGE 33 #define SALT_LEN 2 struct rad_handle; int rad_get_vendor_attr(u_int32_t *, const void **, size_t *); int rad_put_vendor_addr(struct rad_handle *, int, int, struct in_addr); int rad_put_vendor_attr(struct rad_handle *, int, int, const void *, size_t); int rad_put_vendor_int(struct rad_handle *, int, int, u_int32_t); int rad_put_vendor_string(struct rad_handle *, int, int, const char *); int rad_demangle_mppe_key(struct rad_handle *, const void *, size_t, u_char *, size_t *); #endif /* _RADLIB_VS_H_ */