/usr/local/captiveportal/radius_accounting.inc - Annotate - pfSense - pfSense bugtracker

5b237745

Scott Ullrich

<?php

2

/*

3

	radius_accounting.inc

4

	part of m0n0wall (http://m0n0.ch/wall)

5

6

	Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>

7

	All rights reserved.

8

9

	Redistribution and use in source and binary forms, with or without

10

	modification, are permitted provided that the following conditions are met:

11

12

	1. Redistributions of source code must retain the above copyright notice,

13

	   this list of conditions and the following disclaimer.

14

15

	2. Redistributions in binary form must reproduce the above copyright

16

	   notice, this list of conditions and the following disclaimer in the

17

	   documentation and/or other materials provided with the distribution.

18

19

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,

20

	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY

21

	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

22

	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

23

	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

24

	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

25

	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

26

	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

27

	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

28

	POSSIBILITY OF SUCH DAMAGE.

29

*/

30

31

32

function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey) {

33

	$sharedsecret=$radiuskey ;

34

	# $debug = 1 ;

35

36

	exec("/bin/hostname", $nasHostname) ;

37

	if(!$nasHostname[0])

38

		$nasHostname[0] = "m0n0wall" ;

39

40

	$fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;

41

	if(!$fd)

42

		return 1 ; /* error return */

43

44

	/* set 5 second timeout on socket i/o */

45

	stream_set_timeout($fd, 5) ;

46

47

	if ($debug)

48

	    echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";

49

50

	$thisidentifier=rand()%256;

51

52

	$length=4+				// header

53

		16+				// auth code

54

		6+				// service type

55

		2+strlen($username)+		// username

56

		2+strlen($nasHostname[0])+			// nasIdentifier

57

		6+				// nasPort

58

		6+				// nasPortType

59

		6+				// Acct Status Type

60

		6+				// Acct RADIUS Authenticated

61

		2+strlen($sessionid);	// Acct SessionID

62

63

	//          v   v   v     v   v   v     v     v     v     1   v

64

	// Line #   1   2   3     4   5   6     7     8     9     0   E

65

	$data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*",

66

	    4,$thisidentifier,$length/256,$length%256,		// header

67

	    0,0,0,0,						// authcode

68

	    6,6,0,0,0,1,					// service type

69

	    1,2+strlen($username),$username,			// username

70

	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier

71

	    5,6,0,0,0,0,						// nasPort

72

	    61,6,0,0,0,15,						// nasPortType = Ethernet

73

		40,6,0,0,0,1,						// Acct Status Type = Start

74

		45,6,0,0,0,1,						// Acct RADIUS Authenticated

75

		44,2+strlen($sessionid),$sessionid	// Acct Session ID

76

);

77

78

	/* Generate Accounting Request Authenticator */

79

	$RA = md5($data.$radiuskey) ;

80

81

	//          v   v v     v   v   v     v     v     v     1   v

82

	// Line #   1   2 3     4   5   6     7     8     9     0   E

83

	$data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*",

84

	    4,$thisidentifier,$length/256,$length%256,		// header

85

	    $RA,						// authcode

86

	    6,6,0,0,0,1,					// service type

87

	    1,2+strlen($username),$username,			// username

88

	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier

89

	    5,6,0,0,0,0,						// nasPort

90

	    61,6,0,0,0,15,						// nasPortType = Ethernet

91

		40,6,0,0,0,1,						// Acct Status Type = Start

92

		45,6,0,0,0,1,						// Acct RADIUS Authenticated

93

		44,2+strlen($sessionid),$sessionid	// Acct Session ID

94

);

95

96

	if($debug) {

97

		echo "username is $username with len " . strlen($username) ."\n" ;

98

		echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;

99

100

101

	$ret = fwrite($fd,$data) ;

102

	if( !$ret || ($ret != $length) )

103

		return 1; /* error return */

104

105

	if ($debug)

106

	    echo "<br>writing $length bytes<hr>\n";

107

108

	$readdata = fgets($fd,2) ; /* read 1 byte */

109

	$status = socket_get_status($fd) ;

110

	fclose($fd) ;

111

112

	if($status['timed_out'])

113

		$retvalue = 1 ;

114

	else

115

		$retvalue = ord($readdata) ;

116

117

	return $retvalue ;

118

	// 5 -> Accounting-Response

119

	// See RFC2866 for this.

120

121

122

function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey) {

123

	$sharedsecret=$radiuskey ;

124

	# $debug = 1 ;

125

126

	exec("/bin/hostname", $nasHostname) ;

127

	if(!$nasHostname[0])

128

		$nasHostname[0] = "quewall" ;

129

130

	$input_pkts = $input_bytes = $output_pkts = $output_bytes = 0 ;

131

132

	exec("/sbin/ipfw show {$ruleno}", $ipfw) ;

133

	preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ;

134

	$output_pkts = $matches[2] ;

135

	$output_bytes = $matches[3] ;

136

137

	unset($matches) ;

138

	preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ;

139

	$input_pkts = $matches[2] ;

140

	$input_bytes = $matches[3] ;

141

142

	$fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;

143

	if(!$fd)

144

		return 1 ; /* error return */

145

146

	/* set 5 second timeout on socket i/o */

147

	stream_set_timeout($fd, 5) ;

148

149

	if ($debug)

150

	    echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";

151

152

	$thisidentifier=rand()%256;

153

154

	$length=4+				// header

155

		16+				// auth code

156

		6+				// service type

157

		2+strlen($username)+		// username

158

		2+strlen($nasHostname[0])+			// nasIdentifier

159

		6+				// nasPort

160

		6+				// nasPortType

161

		6+				// Acct Status Type

162

		6+				// Acct RADIUS Authenticated

163

		2+strlen($sessionid)+	// Acct SessionID

164

		6+				// Acct terminate

165

		6+				// Session time

166

		6+				// input bytes

167

		6+				// input packets

168

		6+				// output bytes

169

		6;				// output packets

170

171

	//          v   v   v     v   v   v     v     v     v     1   1  1  1  1  1  1  v

172

	// Line #   1   2   3     4   5   6     7     8     9     0   1  2  3  4  5  6  E

173

	$data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN",

174

	    4,$thisidentifier,$length/256,$length%256,		// header

175

	    0,0,0,0,						// authcode

176

	    6,6,0,0,0,1,					// service type

177

	    1,2+strlen($username),$username,			// username

178

	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier

179

	    5,6,0,0,0,0,						// nasPort

180

	    61,6,0,0,0,15,						// nasPortType = Ethernet

181

		40,6,0,0,0,2,						// Acct Status Type = Stop

182

		45,6,0,0,0,1,						// Acct RADIUS Authenticated

183

		44,2+strlen($sessionid),$sessionid,	// Acct Session ID

184

		49,6,1,		// Acct Terminate = User Request

185

		46,6,time() - $start_time,			// Session Time

186

		42,6,$input_bytes,	// Input Octets

187

		47,6,$input_pkts,	// Input Packets

188

		43,6,$output_bytes, // Output Octets

189

		48,6,$output_pkts	// Output Packets

190

);

191

192

	/* Generate Accounting Request Authenticator */

193

	$RA = md5($data.$radiuskey) ;

194

195

	//          v   v v     v   v   v     v     v     v     1   1  1  1  1  1  1  v

196

	// Line #   1   2 3     4   5   6     7     8     9     0   1  2  3  4  5  6  E

197

	$data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN",

198

	    4,$thisidentifier,$length/256,$length%256,		// header

199

	    $RA,						// authcode

200

	    6,6,0,0,0,1,					// service type

201

	    1,2+strlen($username),$username,			// username

202

	    32,2+strlen($nasHostname[0]),$nasHostname[0],	// nasIdentifier

203

	    5,6,0,0,0,0,						// nasPort

204

	    61,6,0,0,0,15,						// nasPortType = Ethernet

205

		40,6,0,0,0,2,						// Acct Status Type = Stop

206

		45,6,0,0,0,1,						// Acct RADIUS Authenticated

207

		44,2+strlen($sessionid),$sessionid,	// Acct Session ID

208

		49,6,1,		// Acct Terminate = User Request

209

		46,6,time() - $start_time,			// Session Time

210

		42,6,$input_bytes,	// Input Octets

211

		47,6,$input_pkts,	// Input Packets

212

		43,6,$output_bytes, // Output Octets

213

		48,6,$output_pkts	// Output Packets

214

);

215

216

	if($debug) {

217

		echo "username is $username with len " . strlen($username) ."\n" ;

218

		echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;

219

220

221

	$ret = fwrite($fd,$data) ;

222

	if( !$ret || ($ret != $length) )

223

		return 1; /* error return */

224

225

	if ($debug)

226

	    echo "<br>writing $length bytes<hr>\n";

227

228

	$readdata = fgets($fd,2) ; /* read 1 byte */

229

	$status = socket_get_status($fd) ;

230

	fclose($fd) ;

231

232

	if($status['timed_out'])

233

		$retvalue = 1 ;

234

	else

235

		$retvalue = ord($readdata) ;

236

237

	return $retvalue ;

238

	// 5 -> Accounting-Response

239

	// See RFC2866 for this.

240

241

?>

Project

General

Profile

pfSense

Project

General

Profile

pfSense

root/usr/local/captiveportal/radius_accounting.inc @ 5b237745