Skip to content

O
OpnSense
Commit b50eee57 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(Auth) add radius accounting methods

parent dcd475dc
Show whitespace changes
Inline Side-by-side
Showing with 190 additions and 0 deletions
src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
View file @ b50eee57
......@@ -115,6 +115,194 @@ class Radius implements IAuthConnector
return $this->lastAuthProperties;
}
/**
* send start accounting message to radius
* @param $username username
* @param $sessionid session id to pass through
*/
public function startAccounting($username, $sessionid)
{
$radius = radius_auth_open();
$error = null;
if (!radius_add_server(
$radius,
$this->radiusHost,
$this->acctPort,
$this->sharedSecret,
$this->timeout,
$this->maxRetries
)) {
$error = radius_strerror($radius);
} elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_START)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
$error = radius_strerror($radius);
}
if ($error != null) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
} else {
$req = radius_send_request($radius);
if (!$req) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
exit;
}
switch($req) {
case RADIUS_ACCOUNTING_RESPONSE:
break;
default:
syslog(LOG_ERR, "Unexpected return value:$radius\n");
}
radius_close($radius);
}
}
/**
* stop radius accounting
* @param $username user name
* @param $sessionid session id
* @param $session_time total time spend on this session
*/
public function stopAccounting($username, $sessionid, $session_time)
{
$radius = radius_auth_open();
$error = null;
if (!radius_add_server(
$radius,
$this->radiusHost,
$this->acctPort,
$this->sharedSecret,
$this->timeout,
$this->maxRetries
)) {
$error = radius_strerror($radius);
} elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_STOP)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_SESSION_TIME, $session_time)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_TERMINATE_CAUSE, RADIUS_TERM_USER_REQUEST)) {
$error = radius_strerror($radius);
}
if ($error != null) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
} else {
$req = radius_send_request($radius);
if (!$req) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
exit;
}
switch($req) {
case RADIUS_ACCOUNTING_RESPONSE:
break;
default:
syslog(LOG_ERR, "Unexpected return value:$radius\n");
}
radius_close($radius);
}
}
/**
* update radius accounting (interim update)
* @param $username user name
* @param $sessionid session id
* @param $session_time total time spend on this session
*/
public function updateAccounting($username, $sessionid, $session_time)
{
$radius = radius_auth_open();
$error = null;
if (!radius_add_server(
$radius,
$this->radiusHost,
$this->acctPort,
$this->sharedSecret,
$this->timeout,
$this->maxRetries
)) {
$error = radius_strerror($radius);
} elseif (!radius_create_request($radius, RADIUS_ACCOUNTING_REQUEST)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_STATUS_TYPE, RADIUS_UPDATE)) {
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_ACCT_SESSION_ID, $sessionid)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_AUTHENTIC, RADIUS_AUTH_LOCAL)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_ACCT_SESSION_TIME, $session_time)) {
$error = radius_strerror($radius);
}
if ($error != null) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
} else {
$req = radius_send_request($radius);
if (!$req) {
syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error));
exit;
}
switch($req) {
case RADIUS_ACCOUNTING_RESPONSE:
break;
default:
syslog(LOG_ERR, "Unexpected return value:$radius\n");
}
radius_close($radius);
}
}
/**
* authenticate user against radius
* @param $username username to authenticate
......@@ -146,6 +334,8 @@ class Radius implements IAuthConnector
$error = radius_strerror($radius);
} elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) {
$error = radius_strerror($radius);
} elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) {
$error = radius_strerror($radius);
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023