diff options
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/captiveportal/radius_authentication.inc | 38 | ||||
-rwxr-xr-x | usr/local/www/services_captiveportal.php | 37 |
2 files changed, 71 insertions, 4 deletions
diff --git a/usr/local/captiveportal/radius_authentication.inc b/usr/local/captiveportal/radius_authentication.inc index 28802ee..da09fdc 100644 --- a/usr/local/captiveportal/radius_authentication.inc +++ b/usr/local/captiveportal/radius_authentication.inc @@ -46,6 +46,8 @@ RADIUS AUTHENTICATION --------------------- */ +require_once("CHAP.inc"); + function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$clientmac,$ruleno) { global $config, $cpzone; @@ -55,6 +57,7 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli $clientmac = mac_format($clientmac); $nas_port = $ruleno; $radiusvendor = $config['captiveportal'][$cpzone]['radiusvendor'] ? $config['captiveportal'][$cpzone]['radiusvendor'] : null; + $radius_protocol = $config['captiveportal'][$cpzone]['radius_protocol']; // Do we even need to set it to NULL? $retvalue['error'] = $retvalue['reply_message'] = $retvalue['url_redirection'] = $retvalue['session_timeout'] = $retvalue['idle_timeout'] = $retvalue['session_terminate_time'] = null; @@ -74,7 +77,8 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli } // Create our instance - $rauth = new Auth_RADIUS_PAP($username, $password); + $classname = 'Auth_RADIUS_' . $radius_protocol; + $rauth = new $classname($username, $password); /* * Add support for more then one radiusserver. @@ -89,7 +93,37 @@ function RADIUS_AUTHENTICATION($username,$password,$radiusservers,$clientip,$cli // Construct data package $rauth->username = $username; - $rauth->password = $password; + switch ($radius_protocol) { + case 'CHAP_MD5': + case 'MSCHAPv1': + $classname = $radius_protocol == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5'; + $crpt = new $classname; + $crpt->username = $username; + $crpt->password = $password; + $rauth->challenge = $crpt->challenge; + $rauth->chapid = $crpt->chapid; + $rauth->response = $crpt->challengeResponse(); + $rauth->flags = 1; + // If you must use deprecated and weak LAN-Manager-Responses use this: + //$rauth->lmResponse = $crpt->lmChallengeResponse(); + //$rauth->flags = 0; + break; + + case 'MSCHAPv2': + // Construct data package + $crpt = new Crypt_CHAP_MSv2; + $crpt->username = $username; + $crpt->password = $password; + $rauth->challenge = $crpt->authChallenge; + $rauth->peerChallenge = $crpt->peerChallenge; + $rauth->chapid = $crpt->chapid; + $rauth->response = $crpt->challengeResponse(); + break; + + default: + $rauth->password = $password; + break; + } if (PEAR::isError($rauth->start())) { $retvalue['auth_val'] = 1; diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 09aacb4..b1e9a6a 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -106,6 +106,7 @@ if (isset($cpzone) && $a_cp[$cpzone]) { $pconfig['bwdefaultup'] = $a_cp[$cpzone]['bwdefaultup']; $pconfig['nomacfilter'] = isset($a_cp[$cpzone]['nomacfilter']); $pconfig['noconcurrentlogins'] = isset($a_cp[$cpzone]['noconcurrentlogins']); + $pconfig['radius_protocol'] = $a_cp[$cpzone]['radius_protocol']; $pconfig['redirurl'] = $a_cp[$cpzone]['redirurl']; $pconfig['radiusip'] = $a_cp[$cpzone]['radiusip']; $pconfig['radiusip2'] = $a_cp[$cpzone]['radiusip2']; @@ -268,6 +269,7 @@ if ($_POST) { $newcp['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; $newcp['nomacfilter'] = $_POST['nomacfilter'] ? true : false; $newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; + $newcp['radius_protocol'] = $_POST['radius_protocol']; $newcp['redirurl'] = $_POST['redirurl']; if (isset($_POST['radiusip'])) $newcp['radiusip'] = $_POST['radiusip']; @@ -381,7 +383,10 @@ function enable_change(enable_change) { document.iform.auth_method[0].disabled = endis; document.iform.auth_method[1].disabled = endis; document.iform.auth_method[2].disabled = endis; - document.iform.auth_method[3].disabled = endis; + document.iform.radius_protocol[0].disabled = radius_endis; + document.iform.radius_protocol[1].disabled = radius_endis; + document.iform.radius_protocol[2].disabled = radius_endis; + document.iform.radius_protocol[3].disabled = radius_endis; document.iform.radmac_enable.disabled = radius_endis; document.iform.httpslogin_enable.disabled = endis; document.iform.radmac_format.disabled = radius_endis; @@ -593,7 +598,35 @@ function enable_change(enable_change) { <td> </td> <td> </td> </tr> - </table> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Radius Protocol"); ?></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="PAP" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']!="CHAP_MD5" && $pconfig['radius_protocol']!="MSCHAPv1" && $pconfig['radius_protocol']!="MSCHAPv2") echo "checked"; ?>> + <?=gettext("PAP"); ?></td> + </tr> + <tr> + <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="CHAP_MD5" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="CHAP_MD5") echo "checked"; ?>> + <?=gettext("CHAP_MD5"); ?></td> + </tr> + <tr> + <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv1" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv1") echo "checked"; ?>> + <?=gettext("MSCHAPv1"); ?></td> + </tr> + <tr> + <td colspan="2"><input name="radius_protocol" type="radio" id="radius_protocol" value="MSCHAPv2" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius" && $pconfig['radius_protocol']=="MSCHAPv2") echo "checked"; ?>> + <?=gettext("MSCHAPv2"); ?></td> + </tr><tr> + <td> </td> + <td> </td> + </tr> + </table> + </tr><tr> + <td> </td> + <td> </td> + </tr> + </table> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td colspan="2" valign="top" class="optsect_t2"><?=gettext("Primary RADIUS server"); ?></td> |