From db77016fc8245d01a5dbe63ccc308258c794e7f2 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 7 Apr 2013 19:27:34 +0400 Subject: move service-dependent auth plugins to contrib repo --- plugins/auth_radius/php-radius/radius.php | 840 ------------------------------ 1 file changed, 840 deletions(-) delete mode 100644 plugins/auth_radius/php-radius/radius.php (limited to 'plugins/auth_radius/php-radius/radius.php') diff --git a/plugins/auth_radius/php-radius/radius.php b/plugins/auth_radius/php-radius/radius.php deleted file mode 100644 index b56f061af..000000000 --- a/plugins/auth_radius/php-radius/radius.php +++ /dev/null @@ -1,840 +0,0 @@ -. - * - * - * @author: SysCo/al - * @since CreationDate: 2008-01-04 - * @copyright (c) 2008 by SysCo systemes de communication sa - * @version $LastChangedRevision: 1.2.2 $ - * @version $LastChangedDate: 2009-01-05 $ - * @version $LastChangedBy: SysCo/al $ - * @link $HeadURL: radius.class.php $ - * @link http://developer.sysco.ch/php/ - * @link developer@sysco.ch - * Language: PHP 4.0.7 or higher - * - * - * Usage - * - * require_once('radius.class.php'); - * $radius = new Radius($ip_radius_server = 'radius_server_ip_address', $shared_secret = 'radius_shared_secret'[, $radius_suffix = 'optional_radius_suffix'[, $udp_timeout = udp_timeout_in_seconds[, $authentication_port = 1812]]]); - * $result = $radius->Access_Request($username = 'username', $password = 'password'[, $udp_timeout = udp_timeout_in_seconds]); - * - * - * Examples - * - * Example 1 - * SetNasIpAddress('1.2.3.4'); // Needed for some devices, and not auto_detected if PHP not runned through a web server - * if ($radius->AccessRequest('user', 'pass')) - * { - * echo "Authentication accepted."; - * } - * else - * { - * echo "Authentication rejected."; - * } - * ?> - * - * Example 2 - * SetNasPort(0); - * $radius->SetNasIpAddress('1.2.3.4'); // Needed for some devices, and not auto_detected if PHP not runned through a web server - * if ($radius->AccessRequest('user', 'pass')) - * { - * echo "Authentication accepted."; - * echo "
"; - * } - * else - * { - * echo "Authentication rejected."; - * echo "
"; - * } - * echo $radius->GetReadableReceivedAttributes(); - * ?> - * - * - * External file needed - * - * none. - * - * - * External file created - * - * none. - * - * - * Special issues - * - * - Sockets support must be enabled. - * * In Linux and *nix environments, the extension is enabled at - * compile time using the --enable-sockets configure option - * * In Windows, PHP Sockets can be activated by un-commenting - * extension=php_sockets.dll in php.ini - * - * - * Other related ressources - * - * FreeRADIUS, a free Radius server implementation for Linux and *nix environments: - * http://www.freeradius.org/ - * - * WinRadius, Windows Radius server (free for 5 users): - * http://www.itconsult2000.com/en/product/WinRadius.zip - * - * Radl, a free Radius server for Windows: - * http://www.loriotpro.com/Products/RadiusServer/FreeRadiusServer_EN.php - * - * DOS command line Radius client: - * http://www.itconsult2000.com/en/product/WinRadiusClient.zip - * - * - * Users feedbacks and comments - * - * 2008-07-02 Pim Koeman/Parantion - * - * When using a radius connection behind a linux iptables firewall - * allow port 1812 and 1813 with udp protocol - * - * IPTABLES EXAMPLE (command line): - * iptables -A AlwaysACCEPT -p udp --dport 1812 -j ACCEPT - * iptables -A AlwaysACCEPT -p udp --dport 1813 -j ACCEPT - * - * or put the lines in /etc/sysconfig/iptables (red-hat type systems (fedora, centos, rhel etc.) - * -A AlwaysACCEPT -p udp --dport 1812 -j ACCEPT - * -A AlwaysACCEPT -p udp --dport 1813 -j ACCEPT - * - * - * Change Log - * - * 2009-01-05 1.2.2 SysCo/al Added Robert Svensson feedback, Mideye RADIUS server is supported - * 2008-11-11 1.2.1 SysCo/al Added Carlo Ferrari resolution in examples (add NAS IP Address for a VASCO Middleware server) - * 2008-07-07 1.2 SysCo/al Added Pim Koeman (Parantion) contribution - * - comments concerning using radius behind a linux iptables firewall - * Added Jon Bright (tick Trading Software AG) contribution - * - false octal encoding with 0xx indexes (indexes are now rewritten in xx only) - * - challenge/response support for the RSA SecurID New-PIN mode - * Added GetRadiusPacketInfo() method - * Added GetAttributesInfo() method - * Added DecodeVendorSpecificContent() (to answer Raul Carvalho's question) - * Added Decoded Vendor Specific Content in debug messages - * 2008-02-04 1.1 SysCo/al Typo error for the udp_timeout parameter (line 256 in the version 1.0) - * 2008-01-07 1.0 SysCo/al Initial release - * - *********************************************************************/ - - -/********************************************************************* - * - * Radius - * Pure PHP radius class - * - * Creation 2008-01-04 - * Update 2009-01-05 - * @package radius - * @version v.1.2.2 - * @author SysCo/al - * - *********************************************************************/ -class Radius -{ - var $_ip_radius_server; // Radius server IP address - var $_shared_secret; // Shared secret with the radius server - var $_radius_suffix; // Radius suffix (default is ''); - var $_udp_timeout; // Timeout of the UDP connection in seconds (default value is 5) - var $_authentication_port; // Authentication port (default value is 1812) - var $_accounting_port; // Accouting port (default value is 1813) - var $_nas_ip_address; // NAS IP address - var $_nas_port; // NAS port - var $_encrypted_password; // Encrypted password, as described in the RFC 2865 - var $_user_ip_address; // Remote IP address of the user - var $_request_authenticator; // Request-Authenticator, 16 octets random number - var $_response_authenticator; // Request-Authenticator, 16 octets random number - var $_username; // Username to sent to the Radius server - var $_password; // Password to sent to the Radius server (clear password, must be encrypted) - var $_identifier_to_send; // Identifier field for the packet to be sent - var $_identifier_received; // Identifier field for the received packet - var $_radius_packet_to_send; // Radius packet code (1=Access-Request, 2=Access-Accept, 3=Access-Reject, 4=Accounting-Request, 5=Accounting-Response, 11=Access-Challenge, 12=Status-Server (experimental), 13=Status-Client (experimental), 255=Reserved - var $_radius_packet_received; // Radius packet code (1=Access-Request, 2=Access-Accept, 3=Access-Reject, 4=Accounting-Request, 5=Accounting-Response, 11=Access-Challenge, 12=Status-Server (experimental), 13=Status-Client (experimental), 255=Reserved - var $_attributes_to_send; // Radius attributes to send - var $_attributes_received; // Radius attributes received - var $_socket_to_server; // Socket connection - var $_debug_mode; // Debug mode flag - var $_attributes_info; // Attributes info array - var $_radius_packet_info; // Radius packet codes info array - var $_last_error_code; // Last error code - var $_last_error_message; // Last error message - - - /********************************************************************* - * - * Name: Radius - * short description: Radius class constructor - * - * Creation 2008-01-04 - * Update 2009-01-05 - * @version v.1.2.2 - * @author SysCo/al - * @param string ip address of the radius server - * @param string shared secret with the radius server - * @param string radius domain name suffix (default is empty) - * @param integer UDP timeout (default is 5) - * @param integer authentication port - * @param integer accounting port - * @return NULL - *********************************************************************/ - public function Radius($ip_radius_server = '127.0.0.1', $shared_secret = '', $radius_suffix = '', $udp_timeout = 5, $authentication_port = 1812, $accounting_port = 1813) - { - $this->_radius_packet_info[1] = 'Access-Request'; - $this->_radius_packet_info[2] = 'Access-Accept'; - $this->_radius_packet_info[3] = 'Access-Reject'; - $this->_radius_packet_info[4] = 'Accounting-Request'; - $this->_radius_packet_info[5] = 'Accounting-Response'; - $this->_radius_packet_info[11] = 'Access-Challenge'; - $this->_radius_packet_info[12] = 'Status-Server (experimental)'; - $this->_radius_packet_info[13] = 'Status-Client (experimental)'; - $this->_radius_packet_info[255] = 'Reserved'; - - $this->_attributes_info[1] = array('User-Name', 'S'); - $this->_attributes_info[2] = array('User-Password', 'S'); - $this->_attributes_info[3] = array('CHAP-Password', 'S'); // Type (1) / Length (1) / CHAP Ident (1) / String - $this->_attributes_info[4] = array('NAS-IP-Address', 'A'); - $this->_attributes_info[5] = array('NAS-Port', 'I'); - $this->_attributes_info[6] = array('Service-Type', 'I'); - $this->_attributes_info[7] = array('Framed-Protocol', 'I'); - $this->_attributes_info[8] = array('Framed-IP-Address', 'A'); - $this->_attributes_info[9] = array('Framed-IP-Netmask', 'A'); - $this->_attributes_info[10] = array('Framed-Routing', 'I'); - $this->_attributes_info[11] = array('Filter-Id', 'T'); - $this->_attributes_info[12] = array('Framed-MTU', 'I'); - $this->_attributes_info[13] = array('Framed-Compression', 'I'); - $this->_attributes_info[14] = array( 'Login-IP-Host', 'A'); - $this->_attributes_info[15] = array('Login-service', 'I'); - $this->_attributes_info[16] = array('Login-TCP-Port', 'I'); - $this->_attributes_info[17] = array('(unassigned)', ''); - $this->_attributes_info[18] = array('Reply-Message', 'T'); - $this->_attributes_info[19] = array('Callback-Number', 'S'); - $this->_attributes_info[20] = array('Callback-Id', 'S'); - $this->_attributes_info[21] = array('(unassigned)', ''); - $this->_attributes_info[22] = array('Framed-Route', 'T'); - $this->_attributes_info[23] = array('Framed-IPX-Network', 'I'); - $this->_attributes_info[24] = array('State', 'S'); - $this->_attributes_info[25] = array('Class', 'S'); - $this->_attributes_info[26] = array('Vendor-Specific', 'S'); // Type (1) / Length (1) / Vendor-Id (4) / Vendor type (1) / Vendor length (1) / Attribute-Specific... - $this->_attributes_info[27] = array('Session-Timeout', 'I'); - $this->_attributes_info[28] = array('Idle-Timeout', 'I'); - $this->_attributes_info[29] = array('Termination-Action', 'I'); - $this->_attributes_info[30] = array('Called-Station-Id', 'S'); - $this->_attributes_info[31] = array('Calling-Station-Id', 'S'); - $this->_attributes_info[32] = array('NAS-Identifier', 'S'); - $this->_attributes_info[33] = array('Proxy-State', 'S'); - $this->_attributes_info[34] = array('Login-LAT-Service', 'S'); - $this->_attributes_info[35] = array('Login-LAT-Node', 'S'); - $this->_attributes_info[36] = array('Login-LAT-Group', 'S'); - $this->_attributes_info[37] = array('Framed-AppleTalk-Link', 'I'); - $this->_attributes_info[38] = array('Framed-AppleTalk-Network', 'I'); - $this->_attributes_info[39] = array('Framed-AppleTalk-Zone', 'S'); - $this->_attributes_info[60] = array('CHAP-Challenge', 'S'); - $this->_attributes_info[61] = array('NAS-Port-Type', 'I'); - $this->_attributes_info[62] = array('Port-Limit', 'I'); - $this->_attributes_info[63] = array('Login-LAT-Port', 'S'); - $this->_attributes_info[76] = array('Prompt', 'I'); - - $this->_identifier_to_send = 0; - $this->_user_ip_address = (isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'0.0.0.0'); - - $this->GenerateRequestAuthenticator(); - $this->SetIpRadiusServer($ip_radius_server); - $this->SetSharedSecret($shared_secret); - $this->SetAuthenticationPort($authentication_port); - $this->SetAccountingPort($accounting_port); - $this->SetRadiusSuffix($radius_suffix); - $this->SetUdpTimeout($udp_timeout); - $this->SetUsername(); - $this->SetPassword(); - $this->SetNasIpAddress(); - $this->SetNasPort(); - - $this->ClearLastError(); - $this->ClearDataToSend(); - $this->ClearDataReceived(); - } - - - function GetNextIdentifier() - { - $this->_identifier_to_send = (($this->_identifier_to_send + 1) % 256); - return $this->_identifier_to_send; - } - - - function GenerateRequestAuthenticator() - { - $this->_request_authenticator = ''; - for ($ra_loop = 0; $ra_loop <= 15; $ra_loop++) - { - $this->_request_authenticator .= chr(rand(1, 255)); - } - } - - - function GetRequestAuthenticator() - { - return $this->_request_authenticator; - } - - - function GetLastError() - { - if (0 < $this->_last_error_code) - { - return $this->_last_error_message.' ('.$this->_last_error_code.')'; - } - else - { - return ''; - } - } - - - function ClearDataToSend() - { - $this->_radius_packet_to_send = 0; - $this->_attributes_to_send = NULL; - } - - - function ClearDataReceived() - { - $this->_radius_packet_received = 0; - $this->_attributes_received = NULL; - } - - - function SetPacketCodeToSend($packet_code) - { - $this->_radius_packet_to_send = $packet_code; - } - - - function SetDebugMode($debug_mode) - { - $this->_debug_mode = (TRUE === $debug_mode); - } - - - function SetIpRadiusServer($ip_radius_server) - { - $this->_ip_radius_server = gethostbyname($ip_radius_server); - } - - - function SetSharedSecret($shared_secret) - { - $this->_shared_secret = $shared_secret; - } - - - function SetRadiusSuffix($radius_suffix) - { - $this->_radius_suffix = $radius_suffix; - } - - - function SetUsername($username = '') - { - $temp_username = $username; - if (false === strpos($temp_username, '@')) - { - $temp_username .= $this->_radius_suffix; - } - - $this->_username = $temp_username; - $this->SetAttribute(1, $this->_username); - } - - - function SetPassword($password = '') - { - $this->_password = $password; - $encrypted_password = ''; - $padded_password = $password; - - if (0 != (strlen($password)%16)) - { - $padded_password .= str_repeat(chr(0),(16-strlen($password)%16)); - } - - $previous_result = $this->_request_authenticator; - - for ($full_loop = 0; $full_loop < (strlen($padded_password)/16); $full_loop++) - { - $xor_value = md5($this->_shared_secret.$previous_result); - - $previous_result = ''; - for ($xor_loop = 0; $xor_loop <= 15; $xor_loop++) - { - $value1 = ord(substr($padded_password, ($full_loop * 16) + $xor_loop, 1)); - $value2 = hexdec(substr($xor_value, 2*$xor_loop, 2)); - $xor_result = $value1 ^ $value2; - $previous_result .= chr($xor_result); - } - $encrypted_password .= $previous_result; - } - - $this->_encrypted_password = $encrypted_password; - $this->SetAttribute(2, $this->_encrypted_password); - } - - - function SetNasIPAddress($nas_ip_address = '') - { - if (0 < strlen($nas_ip_address)) - { - $this->_nas_ip_address = gethostbyname($nas_ip_address); - } - else - { - $this->_nas_ip_address = gethostbyname(isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'0.0.0.0'); - } - $this->SetAttribute(4, $this->_nas_ip_address); - } - - - function SetNasPort($nas_port = 0) - { - $this->_nas_port = intval($nas_port); - $this->SetAttribute(5, $this->_nas_port); - } - - - function SetUdpTimeout($udp_timeout = 5) - { - if (intval($udp_timeout) > 0) - { - $this->_udp_timeout = intval($udp_timeout); - } - } - - - function ClearLastError() - { - $this->_last_error_code = 0; - $this->_last_error_message = ''; - } - - - function SetAuthenticationPort($authentication_port) - { - if ((intval($authentication_port) > 0) && (intval($authentication_port) < 65536)) - { - $this->_authentication_port = intval($authentication_port); - } - } - - - function SetAccountingPort($accounting_port) - { - if ((intval($accounting_port) > 0) && (intval($accounting_port) < 65536)) - { - $this->_accounting_port = intval($accounting_port); - } - } - - - function GetReceivedPacket() - { - return $this->_radius_packet_received; - } - - - function GetReceivedAttributes() - { - return $this->_attributes_received; - } - - - function GetReadableReceivedAttributes() - { - $readable_attributes = ''; - if (isset($this->_attributes_received)) - { - foreach($this->_attributes_received as $one_received_attribute) - { - $attributes_info = $this->GetAttributesInfo($one_received_attribute[0]); - $readable_attributes .= $attributes_info[0].": "; - if (26 == $one_received_attribute[0]) - { - $vendor_array = $this->DecodeVendorSpecificContent($one_received_attribute[1]); - foreach($vendor_array as $vendor_one) - { - $readable_attributes .= 'Vendor-Id: '.$vendor_one[0].", Vendor-type: ".$vendor_one[1].", Attribute-specific: ".$vendor_one[2]; - } - } - else - { - $readable_attributes .= $one_received_attribute[1]; - } - $readable_attributes .= "
\n"; - } - } - return $readable_attributes; - } - - - function GetAttribute($attribute_type) - { - $attribute_value = NULL; - foreach($this->_attributes_received as $one_received_attribute) - { - if (intval($attribute_type) == $one_received_attribute[0]) - { - $attribute_value = $one_received_attribute[1]; - break; - } - } - return $attribute_value; - } - - - function GetRadiusPacketInfo($info_index) - { - if (isset($this->_radius_packet_info[intval($info_index)])) - { - return $this->_radius_packet_info[intval($info_index)]; - } - else - { - return ''; - } - } - - - function GetAttributesInfo($info_index) - { - if (isset($this->_attributes_info[intval($info_index)])) - { - return $this->_attributes_info[intval($info_index)]; - } - else - { - return array('',''); - } - } - - - function DebugInfo($debug_info) - { - if ($this->_debug_mode) - { - echo date('Y-m-d H:i:s').' DEBUG: '; - echo $debug_info; - echo '
'; - flush(); - } - } - - - function SetAttribute($type, $value) - { - $attribute_index = -1; - for ($attributes_loop = 0; $attributes_loop < count($this->_attributes_to_send); $attributes_loop++) - { - if ($type == ord(substr($this->_attributes_to_send[$attributes_loop], 0, 1))) - { - $attribute_index = $attributes_loop; - break; - } - } - - $temp_attribute = NULL; - - if (isset($this->_attributes_info[$type])) - { - switch ($this->_attributes_info[$type][1]) - { - case 'T': // Text, 1-253 octets containing UTF-8 encoded ISO 10646 characters (RFC 2279). - $temp_attribute = chr($type).chr(2+strlen($value)).$value; - break; - case 'S': // String, 1-253 octets containing binary data (values 0 through 255 decimal, inclusive). - $temp_attribute = chr($type).chr(2+strlen($value)).$value; - break; - case 'A': // Address, 32 bit value, most significant octet first. - $ip_array = explode(".", $value); - $temp_attribute = chr($type).chr(6).chr($ip_array[0]).chr($ip_array[1]).chr($ip_array[2]).chr($ip_array[3]); - break; - case 'I': // Integer, 32 bit unsigned value, most significant octet first. - $temp_attribute = chr($type).chr(6).chr(($value/(256*256*256))%256).chr(($value/(256*256))%256).chr(($value/(256))%256).chr($value%256); - break; - case 'D': // Time, 32 bit unsigned value, most significant octet first -- seconds since 00:00:00 UTC, January 1, 1970. (not used in this RFC) - $temp_attribute = NULL; - break; - default: - $temp_attribute = NULL; - } - } - - if ($attribute_index > -1) - { - $this->_attributes_to_send[$attribute_index] = $temp_attribute; - $additional_debug = 'Modified'; - } - else - { - $this->_attributes_to_send[] = $temp_attribute; - $additional_debug = 'Added'; - } - $attribute_info = $this->GetAttributesInfo($type); - $this->DebugInfo($additional_debug.' Attribute '.$type.' ('.$attribute_info[0].'), format '.$attribute_info[1].', value '.$value.''); - } - - - function DecodeAttribute($attribute_raw_value, $attribute_format) - { - $attribute_value = NULL; - - if (isset($this->_attributes_info[$attribute_format])) - { - switch ($this->_attributes_info[$attribute_format][1]) - { - case 'T': // Text, 1-253 octets containing UTF-8 encoded ISO 10646 characters (RFC 2279). - $attribute_value = $attribute_raw_value; - break; - case 'S': // String, 1-253 octets containing binary data (values 0 through 255 decimal, inclusive). - $attribute_value = $attribute_raw_value; - break; - case 'A': // Address, 32 bit value, most significant octet first. - $attribute_value = ord(substr($attribute_raw_value, 0, 1)).'.'.ord(substr($attribute_raw_value, 1, 1)).'.'.ord(substr($attribute_raw_value, 2, 1)).'.'.ord(substr($attribute_raw_value, 3, 1)); - break; - case 'I': // Integer, 32 bit unsigned value, most significant octet first. - $attribute_value = (ord(substr($attribute_raw_value, 0, 1))*256*256*256)+(ord(substr($attribute_raw_value, 1, 1))*256*256)+(ord(substr($attribute_raw_value, 2, 1))*256)+ord(substr($attribute_raw_value, 3, 1)); - break; - case 'D': // Time, 32 bit unsigned value, most significant octet first -- seconds since 00:00:00 UTC, January 1, 1970. (not used in this RFC) - $attribute_value = NULL; - break; - default: - $attribute_value = NULL; - } - } - return $attribute_value; - } - - - /********************************************************************* - * Array returned: array(array(Vendor-Id1, Vendor type1, Attribute-Specific1), ..., array(Vendor-IdN, Vendor typeN, Attribute-SpecificN) - *********************************************************************/ - function DecodeVendorSpecificContent($vendor_specific_raw_value) - { - $result = array(); - $offset_in_raw = 0; - $vendor_id = (ord(substr($vendor_specific_raw_value, 0, 1))*256*256*256)+(ord(substr($vendor_specific_raw_value, 1, 1))*256*256)+(ord(substr($vendor_specific_raw_value, 2, 1))*256)+ord(substr($vendor_specific_raw_value, 3, 1)); - $offset_in_raw += 4; - while ($offset_in_raw < strlen($vendor_specific_raw_value)) - { - $vendor_type = (ord(substr($vendor_specific_raw_value, 0+$offset_in_raw, 1))); - $vendor_length = (ord(substr($vendor_specific_raw_value, 1+$offset_in_raw, 1))); - $attribute_specific = substr($vendor_specific_raw_value, 2+$offset_in_raw, $vendor_length); - $result[] = array($vendor_id, $vendor_type, $attribute_specific); - $offset_in_raw += ($vendor_length); - } - - return $result; - } - - - /* - * Function : AccessRequest - * - * Return TRUE if Access-Request is accepted, FALSE otherwise - */ - function AccessRequest($username = '', $password = '', $udp_timeout = 0, $state = NULL) - { - $this->ClearDataReceived(); - $this->ClearLastError(); - - $this->SetPacketCodeToSend(1); // Access-Request - - if (0 < strlen($username)) - { - $this->SetUsername($username); - } - - if (0 < strlen($password)) - { - $this->SetPassword($password); - } - - if ($state!==NULL) - { - $this->SetAttribute(24, $state); - } - else - { - $this->SetAttribute(6, 1); // 1=Login - } - - if (intval($udp_timeout) > 0) - { - $this->SetUdpTimeout($udp_timeout); - } - - $attributes_content = ''; - for ($attributes_loop = 0; $attributes_loop < count($this->_attributes_to_send); $attributes_loop++) - { - $attributes_content .= $this->_attributes_to_send[$attributes_loop]; - } - - $packet_length = 4; // Radius packet code + Identifier + Length high + Length low - $packet_length += strlen($this->_request_authenticator); // Request-Authenticator - $packet_length += strlen($attributes_content); // Attributes - - $packet_data = chr($this->_radius_packet_to_send); - $packet_data .= chr($this->GetNextIdentifier()); - $packet_data .= chr(intval($packet_length/256)); - $packet_data .= chr(intval($packet_length%256)); - $packet_data .= $this->_request_authenticator; - $packet_data .= $attributes_content; - - $_socket_to_server = socket_create(AF_INET, SOCK_DGRAM, 17); // UDP packet = 17 - - if ($_socket_to_server === FALSE) - { - $this->_last_error_code = socket_last_error(); - $this->_last_error_message = socket_strerror($this->_last_error_code); - } - elseif (FALSE === socket_connect($_socket_to_server, $this->_ip_radius_server, $this->_authentication_port)) - { - $this->_last_error_code = socket_last_error(); - $this->_last_error_message = socket_strerror($this->_last_error_code); - } - elseif (FALSE === socket_write($_socket_to_server, $packet_data, $packet_length)) - { - $this->_last_error_code = socket_last_error(); - $this->_last_error_message = socket_strerror($this->_last_error_code); - } - else - { - $this->DebugInfo('Packet type '.$this->_radius_packet_to_send.' ('.$this->GetRadiusPacketInfo($this->_radius_packet_to_send).')'.' sent'); - if ($this->_debug_mode) - { - $readable_attributes = ''; - foreach($this->_attributes_to_send as $one_attribute_to_send) - { - $attribute_info = $this->GetAttributesInfo(ord(substr($one_attribute_to_send,0,1))); - $this->DebugInfo('Attribute '.ord(substr($one_attribute_to_send,0,1)).' ('.$attribute_info[0].'), length '.(ord(substr($one_attribute_to_send,1,1))-2).', format '.$attribute_info[1].', value '.$this->DecodeAttribute(substr($one_attribute_to_send,2), ord(substr($one_attribute_to_send,0,1))).''); - } - } - $read_socket_array = array($_socket_to_server); - $write_socket_array = NULL; - $except_socket_array = NULL; - - $received_packet = chr(0); - - if (!(FALSE === socket_select($read_socket_array, $write_socket_array, $except_socket_array, $this->_udp_timeout))) - { - if (in_array($_socket_to_server, $read_socket_array)) - { - if (FALSE === ($received_packet = @socket_read($_socket_to_server, 1024))) // @ used, than no error is displayed if the connection is closed by the remote host - { - $received_packet = chr(0); - $this->_last_error_code = socket_last_error(); - $this->_last_error_message = socket_strerror($this->_last_error_code); - } - else - { - socket_close($_socket_to_server); - } - } - } - else - { - socket_close($_socket_to_server); - } - } - - $this->_radius_packet_received = intval(ord(substr($received_packet, 0, 1))); - - $this->DebugInfo('Packet type '.$this->_radius_packet_received.' ('.$this->GetRadiusPacketInfo($this->_radius_packet_received).')'.' received'); - - if ($this->_radius_packet_received > 0) - { - $this->_identifier_received = intval(ord(substr($received_packet, 1, 1))); - $packet_length = (intval(ord(substr($received_packet, 2, 1))) * 256) + (intval(ord(substr($received_packet, 3, 1)))); - $this->_response_authenticator = substr($received_packet, 4, 16); - $attributes_content = substr($received_packet, 20, ($packet_length - 4 - 16)); - while (strlen($attributes_content) > 2) - { - $attribute_type = intval(ord(substr($attributes_content,0,1))); - $attribute_length = intval(ord(substr($attributes_content,1,1))); - $attribute_raw_value = substr($attributes_content,2,$attribute_length-2); - $attributes_content = substr($attributes_content, $attribute_length); - - $attribute_value = $this->DecodeAttribute($attribute_raw_value, $attribute_type); - - $attribute_info = $this->GetAttributesInfo($attribute_type); - if (26 == $attribute_type) - { - $vendor_array = $this->DecodeVendorSpecificContent($attribute_value); - foreach($vendor_array as $vendor_one) - { - $this->DebugInfo('Attribute '.$attribute_type.' ('.$attribute_info[0].'), length '.($attribute_length-2).', format '.$attribute_info[1].', Vendor-Id: '.$vendor_one[0].", Vendor-type: ".$vendor_one[1].", Attribute-specific: ".$vendor_one[2]); - } - } - else - { - $this->DebugInfo('Attribute '.$attribute_type.' ('.$attribute_info[0].'), length '.($attribute_length-2).', format '.$attribute_info[1].', value '.$attribute_value.''); - } - - $this->_attributes_received[] = array($attribute_type, $attribute_value); - } - } - - return (2 == ($this->_radius_packet_received)); - } -} - -?> -- cgit v1.2.3-54-g00ecf