Commit b307b472 authored by Thijs Kinkhorst's avatar Thijs Kinkhorst Committed by Ondrej Sury

Imported Debian patch 1.2.5-2.4

parent 2d18614f
Version 1.2.5 - 2007-03-18 (stable)
----------------------------------------
Notes:
- amd64 arch fixes
Version 0.9 - 2002-12-11 (beta)
----------------------------------------
Notes:
- Well tested under Linux, FreeBSD and Windows
Version 1.0 - 2002-12-17 (stable)
----------------------------------------
Notes:
- Release 1.0
Version 1.1 - 2002-12-22 (stable)
----------------------------------------
Notes:
- Release 1.1 - Fixed source code style - added examples directory - added
examples for MS-CHAPv1 and MS-CHAPv2
Version 1.2 - 2003-01-11 (stable)
----------------------------------------
Notes:
- Release 1.2 - BugFix: a to short challenge was generated sometimes
(MS-CHAPv1, MS-CHAPv2) - New functions: radius_demangle: demangles radius
passwords and mppe MS-CHAPv1 Keys radius_demangle_mppe_key: demangles mppe
send- and recvkey (MS-CHAPv2) - Provide examples for radius-accounting -
Replaced mcrypt-functions with own des-ecb-encryption function - Some minor
changes in radius-auth.php - Added php-script for testing MS-CHAP functions
Version 1.2.1 - 2003-05-02 (stable)
----------------------------------------
Notes:
- Release 1.2.1 - Change License to BSD - BugFix: The MS-CHAPv2
Authenticator-Challenge has 16 Bytes and not 8 Bytes - BugFix: build under
Solaris - Generate better challenges - Many source-code-style fixes -
Removed unneeded sources - Some cleanup's
Version 1.2.2 - 2003-07-17 (stable)
----------------------------------------
Notes:
- Release 1.2.2 - Changed role for example-files to doc - Removed
deprecated files - Added IPv6 related attributes defined in RFC3162
Version 1.2.3 - 2003-11-04 (stable)
----------------------------------------
Notes:
- Release 1.2.3 - Fixed a typo in radius_init_const.h wich caused
RADIUS_ACCT_STATUS_TYPE to be undefined. - Re-added Makefile.in
Version 1.2.4 - 2003-11-17 (stable)
----------------------------------------
Notes:
- Release 1.2.4 - Forgot including updated radius_init_const.h
Version 1.2.5 - 2007-03-18 (stable)
----------------------------------------
Notes:
- Release 1.2.5 - amd64 arch fixes
php-radius (1.2.5-2.4) unstable; urgency=high
* Non-maintainer upload.
* Fix security issue in radius_get_vendor_attr()
(CVE-2013-2220, closes: #714362)
-- Thijs Kinkhorst <thijs@debian.org> Thu, 25 Jul 2013 14:28:53 +0200
php-radius (1.2.5-2.3) unstable; urgency=high
* Non-maintainer upload.
* Initialise type parameter to radius_create_request() as long, to avoid
segfaulting in zend_parse_parameters() (Closes: #702872).
-- Thijs Kinkhorst <thijs@debian.org> Tue, 12 Mar 2013 15:04:53 +0100
php-radius (1.2.5-2.2) unstable; urgency=low
* Non-maintainer upload.
* Update zoph to PHP 5.4: fix "Call-time pass-by-reference" error.
Affected file is php-radius-1.2/radius_authentication.inc
(Closes: #658956)
-- Mònica Ramírez Arceda <monica@debian.org> Sat, 28 Apr 2012 14:20:00 +0200
php-radius (1.2.5-2.1) unstable; urgency=low
* Non-maintainer upload.
* Fix build with PHP 5.4 (Closes: #656490)
* Replace dependency of xlstproc with dh-make-php to generate the changelog
-- Lior Kaplan <kaplan@debian.org> Sat, 21 Jan 2012 17:21:14 +0200
php-radius (1.2.5-2) unstable; urgency=low
* Do not call clean-v4 target in clean (Closes: #472321).
-- Roberto Lumbreras <rover@debian.org> Sun, 23 Mar 2008 14:08:06 +0100
php-radius (1.2.5-1) unstable; urgency=low
* Merge with radius PECL module (Closes: #458438).
* Rename php-radius binary package to php-radius-legacy.
-- Roberto Lumbreras <rover@debian.org> Mon, 17 Mar 2008 01:27:06 +0100
php-radius (1.2-4) unstable; urgency=low
* Depend on php5 instead of php4 (Closes: #418303).
* debian/rules: switched to debhelper.
* debian/control: lintian & linda clean.
* Upgraded to standards 3.7.2 (no changes).
-- Roberto Lumbreras <rover@debian.org> Tue, 17 Apr 2007 16:56:29 +0200
php-radius (1.2-3) unstable; urgency=low
* Fixed NAS-IP-Port length in the radius packet (Closes: #338152).
* Send $_SERVER['SERVER_PORT'] as the NAS-IP-Port, and
$_SERVER['SERVER_ADDR'] instead of $SERVER_ADDR as the NAS-IP-Address.
* Use SOL_UDP as protocol instead of 17. Increased socket_select timeout to
60 seconds to be sure that the answer is received. Look at the id of the
answer and reject access if not the same as the request (this should be
done in a better way)
-- Roberto Lumbreras <rover@debian.org> Tue, 08 Nov 2005 20:47:01 +0100
php-radius (1.2-2) unstable; urgency=low
* Depend on php4-cli instead of php4-cgi. (Closes: #337440)
* Upgraded to standards 3.6.2 (no changes).
-- Roberto Lumbreras <rover@debian.org> Fri, 04 Nov 2005 20:15:07 +0100
php-radius (1.2-1) unstable; urgency=low
* New package. (closes: #239244)
* Fixed select calls (socket_fd_* no longer exist).
Added error checks to socket function calls.
Use mt_rand instead of rand, it is faster and better.
Added code so more than one config file can be used.
-- Roberto Lumbreras <rover@debian.org> Tue, 03 Aug 2004 15:24:26 +0200
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:util="urn:xslt:functions:util" xmlns:func="http://exslt.org/functions" xmlns:str="http://exslt.org/strings" extension-element-prefixes="func str">
<xsl:output method="text"/>
<func:function name="util:maximize">
<xsl:param name="string"/>
<xsl:param name="line-length"/>
<func:result>
<xsl:variable name="tmp" select="string-length(substring-before($string,' '))"/>
<xsl:choose>
<xsl:when test="($tmp &gt; $line-length) or (not(contains($string, ' ')))">0</xsl:when>
<xsl:when test="(substring($string,$line-length,1) = ' ')">
<xsl:value-of select="$line-length"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="util:maximize(substring-after($string, ' '), $line-length - $tmp - 1) + 1 + $tmp"/>
</xsl:otherwise>
</xsl:choose>
</func:result>
</func:function>
<func:function name="util:format">
<xsl:param name="string"/>
<xsl:param name="indent" select="2"/>
<xsl:param name="line-length" select="76"/>
<func:result>
<xsl:choose>
<xsl:when test="contains($string,'&#xA;') or contains($string,'&#xD;')">
<xsl:for-each select="str:tokenize($string,'&#xA;&#xD;')">
<xsl:value-of select="util:format(., $indent, $line-length)"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="string-length($string) &gt; $line-length">
<xsl:variable name="tmp" select="util:maximize($string, $line-length)"/>
<xsl:value-of select="str:padding($indent,' ')"/>
<xsl:value-of select="substring($string, 1, $tmp)"/>
<xsl:text>&#xA;</xsl:text>
<xsl:value-of select="util:format(substring($string, $tmp + 1))"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="str:padding($indent,' ')"/>
<xsl:value-of select="$string"/>
<xsl:text>&#xA;</xsl:text>
</xsl:otherwise>
</xsl:choose>
</func:result>
</func:function>
<func:function name="util:norm">
<xsl:param name="num"/>
<xsl:param name="length" select="4"/>
<xsl:choose>
<xsl:when test="$length &gt; string-length($num)">
<func:result select="concat('0',util:norm($num, $length - 1))"/>
</xsl:when>
<xsl:otherwise>
<func:result select="$num"/>
</xsl:otherwise>
</xsl:choose>
</func:function>
<func:function name="util:extractnum">
<xsl:param name="string"/>
<xsl:choose>
<xsl:when test="$string = ''">
<func:result select="0"/>
</xsl:when>
<xsl:when test="$string &lt;= '9' and $string &gt;= '0'">
<func:result select="$string"/>
</xsl:when>
<xsl:otherwise>
<func:result select="util:extractnum(substring($string,1,string-length($string)-1))"/>
</xsl:otherwise>
</xsl:choose>
</func:function>
<func:function name="util:ver2num">
<xsl:param name="version"/>
<xsl:choose>
<xsl:when test="contains($version,'.')">
<func:result select="concat(util:norm(substring-before($version,'.')), util:ver2num(substring-after($version,'.')))"/>
</xsl:when>
<xsl:when test="$version = number($version)">
<func:result select="concat(util:norm($version), util:norm(0))"/>
</xsl:when>
<xsl:otherwise>
<xsl:variable name="tmp" select="util:extractnum($version)"/>
<func:result select="concat(util:norm($tmp),' ', substring($version, string-length($tmp) + 1))"/>
</xsl:otherwise>
</xsl:choose>
</func:function>
<xsl:template match="package">
<xsl:apply-templates select="release">
<xsl:sort order="descending" select="util:ver2num(normalize-space(version))" data-type="text"/>
</xsl:apply-templates>
<xsl:apply-templates select="changelog/release">
<xsl:sort order="descending" select="util:ver2num(normalize-space(version))" data-type="text"/>
</xsl:apply-templates>
</xsl:template>
<xsl:template match="release">
<xsl:text>Version </xsl:text>
<xsl:value-of select="version"/>
<xsl:text> - </xsl:text>
<xsl:value-of select="date"/>
<xsl:if test="state">
<xsl:text> (</xsl:text>
<xsl:value-of select="state"/>
<xsl:text>)</xsl:text>
</xsl:if>
<xsl:text>&#xA;----------------------------------------&#xA;Notes:&#xA;</xsl:text>
<xsl:value-of select="util:format(notes)"/>
<xsl:text>&#xA;</xsl:text>
</xsl:template>
</xsl:stylesheet>
Source: php-radius
Section: web
Priority: optional
Maintainer: Roberto Lumbreras <rover@debian.org>
Build-Depends: debhelper (>= 5), po-debconf, php5-dev, dh-make-php
Standards-Version: 3.7.3
Package: php5-radius
Architecture: any
Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}
Description: PECL radius module for PHP 5
This PECL provides full support for RADIUS authentication (RFC 2865)
and RADIUS accounting (RFC 2866),
Package: php-radius-legacy
Architecture: all
Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5 | php5-cgi, apache | httpd-cgi
Replaces: php-radius (<< 1.2.5)
Provides: php-radius
Conflicts: php-radius (<< 1.2.5)
Description: Radius protocol implementation in PHP
Implementation of the Radius protocol in PHP, so you can use it to
authenticate against Radius servers in PHP scripts.
radius PECL module (php?-radius packages)
This package was debianized by Roberto Lumbreras <rover@debian.org>
using dh-make-pecl on Tue, 11 Mar 2008 12:43:37 +0100.
It was downloaded from http://pecl.php.net/package/radius
Upstream Author: Michael Bretterklieber
Copyright (C) 2007 Michael Bretterklieber
License: BSD
Redistribution and use in source and binary forms, with or without
modification, are permitted under the terms of the BSD License.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
On Debian systems, the complete text of the BSD License can be
found in `/usr/share/common-licenses/BSD'.
-------------------------------------------------------------------------------
old php-radius implementation (php-radius-legacy package):
This package was debianized by Roberto Lumbreras <rover@debian.org> on
Tue, 23 Mar 2004 00:13:41 +0100.
It was downloaded from http://www.mavetju.org/programming/php.php
Upstream Author: Edwin Groothuis <edwin@mavetju.org>
Warning: the following license is NOT compatible with GNU GPL2, because
of the third clause. Please see /usr/share/common-licenses/GPL and the
following pages for more details:
http://www.gnu.org/licenses/info/BSD_4Clause.html
http://www.gnu.org/philosophy/bsd.html
I think that you can use php-radius with your GPL2 program, if you
put "with the exceptions needed so it can be used with BSD with
advertising clause". But I'm not a lawyer, so you check it first.
Copyright 2000, 2001, 2002 by Edwin Groothuis. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Edwin Groothuis.
4. Neither the name of Edwin Groothuis may be used to endorse or
promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
modules/radius.so
usr/share/php-radius
usr/share/doc/php-radius-legacy/examples
etc/php-radius
php-radius-*/CONTACT
php-radius-*/README
php-radius-*/radius.php
php-radius-*/check_login_pass.php
extension=radius.so
#!/usr/bin/make -f
# template debian/rules provided by dh-make-php.
# GNU copyright 2005 by Uwe Steinmann.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
# This has to be exported to make some magic below work.
export DH_OPTIONS
CFLAGS = -O2 -Wall
CFLAGS += -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
CFLAGS += -g
DEBUG := --enable-debug
else
DEBUG := --disable-debug
endif
TAR=tar
PECL_PKG_NAME=radius
PECL_PKG_REALNAME=radius
PECL_PKG_VERSION=1.2.5
PACKAGE_NAME=php-radius
BIN_PACKAGE_NAME=php$*-radius
PHPIZE=/usr/bin/phpize
PHPCONFIG=/usr/bin/php-config
EXT_DIR=$(shell $(PHPCONFIG)$* --extension-dir)
SOURCE_DIR=$(shell ls -d $(PECL_PKG_REALNAME)-*)
BINARYTARGETS=binary-arch-v5
BUILDTARGETS=build-v5
CLEANTARGETS=clean-v5
# Sarge doesn't support --phpapi option (Bug #365667)
phpapiver4=$(shell /usr/bin/php-config4 --phpapi)
#phpapiver4=$(/usr/bin/php-config4 --extension-dir | xargs basename)
phpapiver5=$(shell /usr/bin/php-config5 --phpapi)
configure-v4 configure-v5: configure-v%: configure-stamp-v%
configure-stamp-v4 configure-stamp-v5: configure-stamp-v%:
dh_testdir
# Add here commands to configure the package.
(cd $(SOURCE_DIR); \
$(PHPIZE)$*; \
./configure --with-php-config=$(PHPCONFIG)$* --prefix=/usr)
# rm -f configure-stamp-v*
touch $@
build: $(BUILDTARGETS)
build-v4 build-v5: build-v%: build-stamp-v%
build-stamp:
# xsltproc --nonet --novalid debian/changelog.xsl package.xml > debian/Changelog
$(shell /usr/share/dh-make-php/phppkginfo . changelog > debian/Changelog)
touch build-stamp
build-stamp-v4 build-stamp-v5: build-stamp-v%: build-stamp configure-stamp-v%
dh_testdir
# Add here commands to compile the package.
(cd $(SOURCE_DIR); $(MAKE); mkdir -p ../tmp/modules$*; cp modules/* ../tmp/modules$*; $(MAKE) clean)
# rm -f build-stamp-v*
touch $@
clean: $(CLEANTARGETS)
dh_clean
clean-v4 clean-v5: clean-v%:
dh_testdir
dh_testroot
rm -f build-stamp* configure-stamp*
# Add here commands to clean up after the build process.
(cd $(SOURCE_DIR); \
$(MAKE) clean; \
$(PHPIZE)$* --clean)
rm -rf tmp/modules$*
install-v4 install-v5: install-v%: build-v%
dh_testdir
dh_testroot
# can't dh_clean here without specifically excluding the possibly existing installed dirs
# for other version.
#dh_clean -k
dh_installdirs
# dh_pecl
# Add here commands to install the package into debian/$(PACKAGE_NAME).
# $(MAKE) INSTALL_ROOT=$(CURDIR)/debian/$(PACKAGE_NAME) install
# sh -c 'VERSION=`egrep "#define ZEND_MODULE_API_NO" \
# /usr/include/php4/Zend/zend_modules.h \
# | sed "s/#define ZEND_MODULE_API_NO //"`; \
# chmod 644 debian/$(PACKAGE_NAME)/usr/lib/php4/$$VERSION/*.so'
mkdir -p debian/$(BIN_PACKAGE_NAME)/$(EXT_DIR)
install -m 644 -o root -g root tmp/modules$*/$(PECL_PKG_NAME).so debian/$(BIN_PACKAGE_NAME)/$(EXT_DIR)/$(PECL_PKG_NAME).so
if [ -f "debian/$(PECL_PKG_NAME).ini" ]; then \
mkdir -p debian/$(BIN_PACKAGE_NAME)/etc/php$*/conf.d; \
cp debian/$(PECL_PKG_NAME).ini debian/$(BIN_PACKAGE_NAME)/etc/php$*/conf.d; \
fi
# Build architecture-independent files here.
binary-indep:
dh_testdir
dh_testroot
dh_installdirs
dh_installchangelogs -i php-radius-*/CHANGES
dh_installdocs -i
dh_installexamples -i
cp php-radius-*/radius_authentication.inc debian/php-radius-legacy/usr/share/php-radius/radius_authentication.inc.php
cp php-radius-*/radius_authentication.conf.template debian/php-radius-legacy/usr/share/doc/php-radius-legacy/examples/server.conf
cp php-radius-*/CHANGES debian/php-radius-legacy/usr/share/doc/php-radius-legacy/changelog
ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
dh_strip -i
endif
dh_compress -i
dh_fixperms -i
dh_installdeb -i
dh_shlibdeps -i
dh_gencontrol -i
dh_md5sums -i
dh_builddeb -i
# Build architecture-dependent files here.
binary-arch-v4 binary-arch-v5: binary-arch-v%: install-v%
echo "php:Depends=phpapi-$(phpapiver$*)" >> debian/$(BIN_PACKAGE_NAME).substvars
binary-arch: $(BINARYTARGETS)
dh_testdir
dh_testroot
dh_installchangelogs -a debian/Changelog
dh_installdocs -a
dh_installexamples -a
dh_installdebconf -a
ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
dh_strip -a
endif
dh_compress -a
dh_fixperms -a
dh_installdeb -a
dh_shlibdeps -a
dh_gencontrol -a
dh_md5sums -a
dh_builddeb -a
binary: binary-indep binary-arch
.PHONY: build build-v4 build-v5 clean clean-v4 clean-v5 binary-indep binary-arch binary-arch-v4 binary-arch-v5 binary install-v4 install-v5 configure-v4 configure-v5
version=3
http://pecl.php.net/package/radius \
/get/radius-([\d\.]*).tgz debian uupdate
$Id: CHANGES,v 1.2 2002/01/23 23:21:20 mavetju Exp $
v1.2
- Michael Long <mlong@infoave.net> suggested a select
timeout feature.
v1.1
- PHP 4.1.1 is out, and the socket functions have been
renamed. Updated for this.
- Added sample script with caching
v1.0
- Initial release
$Id: CONTACT,v 1.1 2002/01/20 22:28:11 mavetju Exp $
HOW TO CONTACT
Via email: edwin@mavetju.org
Via snail-mail: Edwin Groothuis
7 Islington Crescent
Greenacre NSW2190
AUSTRALIA
I have two mailing-lists:
announce@lists.mavetju.org <- low traffic announcements only
questions@lists.mavetju.org <- general questions
See http://www.mavetju.org/contacts.php on how to subscribe to them.
Copyright 2000, 2001, 2002 by Edwin Groothuis. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Edwin Groothuis.
4. Neither the name of Edwin Groothuis may be used to endorse or
promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
$Id: README,v 1.3 2002/01/23 23:21:20 mavetju Exp $
This script allows you to do authentication against Radius servers.
It's updated for PHP 4.1.1, with new names for the sockets-functions.
Edwin Groothuis
edwin@mavetju.org
http://www.mavetju.org/programming/php.php
<?php
/*
* Copyright (C) 2004 Roberto Lumbreras <rover@debian.org>
* License: public domain.
*/
function check_login_pass($username, $password) {
require("/usr/share/php-radius/radius_authentication.inc.php");
$retval = RADIUS_AUTHENTICATION($username, $password);
switch ($retval) {
case 2:
/* 2 -> Access-Accept */
return TRUE;
break;
case 3:
/* 3 -> Access-Reject */
echo "login incorrect";
break;
default:
echo "temporally failure or other error";
break;
}
return FALSE;
}
?>
<?php
//
// $Id: radius.php,v 1.1 2002/01/20 11:52:59 mavetju Exp $
//
//
// This script is protected. Only people who are able to
// authenticate themselves against a Radius server will be
// allowed to watch this.
//
//
// To make sure that the radius-server isn't overflown by
// requests and that it still works if the Radius server
// is using a one-time-password, we keep a local cache
// of the already authenticated people. The cache is valid
// for 15 minutes, but refreshed everytime a user is
// requesting this page (within the 15 minutes of course).
//
// The name of the cache is /tmp/radiuscache
// The name of the cookie is radius_test
//
// To use dbm-files you should compile PHP with --with-ndbm --with-db
if ($PHP_AUTH_USER=="") {
header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"PHP Radius test script\"");
echo "<html><head><title>401 Unauthorized access</title></head><body>";
echo "<h1>401 Unauthorized access</h1>";
echo "You must login using your username and password.</body></html>";
exit;
}
require "radius_authentication.inc";
function radius_authenticate($user,$password) {
global $HTTP_COOKIE_VARS;
global $REMOTE_ADDR;
if (($db=dba_open("/tmp/radiuscache","c","ndbm"))==FALSE) {
echo "Couldn't open /tmp/radiuscache<br>\n";
}
$cookie=$HTTP_COOKIE_VARS["radius_test"];
if ($cookie!="") {
$lastid=dba_fetch($cookie."_id",$db);
$laston=dba_fetch($cookie."_laston",$db);
$lasthost=dba_fetch($cookie."_fromip",$db);
$lastuserid=dba_fetch($cookie."_userid",$db);
}
//
// Sanity checking
//
if ($cookie=="" || $lastid=="" ||
$laston==0 || $laston<time()-15*60 ||
$lasthost!=$REMOTE_ADDR || $lastuserid!=$user) {
// 2 -> Access-Accept
// 3 -> Access-Reject
if (($retval=RADIUS_AUTHENTICATION($user,$password))==2) {
if ($cookie=="") $cookie=md5(uniqid(rand()));
setcookie("radius_test",$cookie);
dba_replace($cookie."_id",$cookie,$db);
dba_replace($cookie."_userid",$user,$db);
dba_replace($cookie."_fromip",$REMOTE_ADDR,$db);
dba_replace($cookie."_laston",time(),$db);
}
} else {
setcookie("radius_test",$cookie);
dba_replace($cookie."_laston",time(),$db);
$retval=2;
}
dba_close($db);
return $retval==2;
}
if (!radius_authenticate($PHP_AUTH_USER,$PHP_AUTH_PW)) {
header("HTTP/1.0 401 Unauthorized");
Header("WWW-Authenticate: Basic realm=\"PHP Radius test script\"");
echo "<html><head><title>401 Unauthorized access</title></head><body>";
echo "<h1>401 Unauthorized access</h1>";
echo "You must login using a valid username and password</body></html>";
echo "Used was '$PHP_AUTH_USER' '$PHP_AUTH_PW'<br>\n";
exit;
}
echo "<html><head><title>200 Welcome!</title></head><body>";
echo "<h1>200 Welcome</h1>";
echo "You logged in using a valid username and password</body></html>";
?>
#
# $Id: radius_authentication.conf.template,v 1.1 2001/08/24 14:19:10 mavetju Exp $
#
# The IP address or hostname of the radius server
#
server a.b.c.d
#
# The port of the radius-server, if it is zero it will take the
# one specified in /etc/services. 1645 is a well known one.
#
port 0
#
# Suffix for the userids (if no @ in the userid yet)
#
# This might be a little bit tricky to understand. Normally, you can
# authenticate via "user" or "user@domain". To make it easier for
# people, the "@domain" is often defaulted to a special domain. For
# example, if the suffix is foo.bar, the users will be authenticated
# as "user@foo.bar", while it is still possible for somebody else,
# who is not in domain foo.bar to give "admin@foo2.bar" for his userid.