From: paulr Date: Wed, 8 Dec 2010 15:44:55 +0000 (+1100) Subject: Radius clients X-Git-Url: http://git.pjr.cc/?p=ga4php.git;a=commitdiff_plain;h=da4ac26dcfd94c9f8b7e8e43f50f671bdd94dfd0 Radius clients --- diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php index 520a39f..df57ed1 100644 --- a/authserver/authd/authd.php +++ b/authserver/authd/authd.php @@ -44,6 +44,7 @@ if($pid == -1) { $clients[$i]["ip"] = $row["rad_ip"]; $clients[$i]["secret"] = $row["rad_secret"]; $clients[$i]["desc"] = $row["rad_desc"]; + $i++; } msg_send($cl_queue, MSG_GET_RADIUS_CLIENTS, $clients); break; @@ -62,11 +63,31 @@ if($pid == -1) { $clientsecret = $msg["clientsecret"]; $clientip = $msg["clientip"]; $clientdesc = $msg["clientdescription"]; - $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')"; $dbo = getDatabase(); + + // check for existing clients with same name + $sql = "select * from radclients where rad_name='$client'"; + echo "doing select, $sql\n"; $res = $dbo->query($sql); - updateRadius(); - msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, true); + if($res->fetchColumn() > 0) { + msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, "name"); + + } else { + // check for existing clients with same ip + $sql = "select * from radclients where rad_ip='$clientip'"; + $res = $dbo->query($sql); + echo "doing select, $sql\n"; + if($res->fetchColumn() > 0) { + msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, "ip"); + + } else { + $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')"; + $res = $dbo->query($sql); + updateRadius(); + msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, true); + break; + } + } break; case MSG_DELETE_USER_TOKEN: $username = $msg["username"]; diff --git a/authserver/lib/authClient.php b/authserver/lib/authClient.php index 9b8480f..dbce3c3 100644 --- a/authserver/lib/authClient.php +++ b/authserver/lib/authClient.php @@ -30,6 +30,54 @@ class GAAuthClient { msg_receive($cl_queue, 0, $msg_type, 16384, $msg); return $msg; } + + function deleteRadiusClient($clientname) { + global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; + + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) { + return false; + } + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) { + return false; + } + // TODO we need to setup a client queue sem lock here + + $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT); + $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER); + + + $message["clientname"] = $clientname; + msg_send($sr_queue, MSG_REMOVE_RADIUS_CLIENT, $message, true, true, $msg_err); + + msg_receive($cl_queue, 0, $msg_type, 16384, $msg); + return $msg; + } + + function getRadiusClients() { + global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; + + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_SERVER)) { + return false; + } + + if(!msg_queue_exists($MSG_QUEUE_KEY_ID_CLIENT)) { + return false; + } + // TODO we need to setup a client queue sem lock here + + $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT); + $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER); + + + msg_send($sr_queue, MSG_GET_RADIUS_CLIENTS, "", true, true, $msg_err); + + msg_receive($cl_queue, 0, $msg_type, 16384, $msg); + return $msg; + } + function syncUserToken($username, $tokenone, $tokentwo) { global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT; diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php index 0d6ab36..c938b8e 100644 --- a/authserver/lib/lib.php +++ b/authserver/lib/lib.php @@ -23,6 +23,7 @@ define("MSG_REMOVE_RADIUS_CLIENT", 16); define("MSG_ADD_RADIUS_CLIENT", 17); // BASE_DIR = +// messy $BASE_DIR = realpath(dirname(__FILE__)."/../../"); global $BASE_DIR; @@ -44,7 +45,9 @@ function generateRandomString() function updateRadius() { // this is hardcoded for now. + //$clientfile = "/etc/freeradius/clients.conf"; $clientfile = "/tmp/clients.conf"; + $reloadinit = "/etc/init.d/freeradius restart"; $db = getDatabase(); @@ -56,10 +59,12 @@ function updateRadius() $cname = $row["rad_name"]; $cip = $row["rad_ip"]; $csec = $row["rad_secret"]; - $lines = "client $cname {\nipaddr = $cip\nsecret = $csec\nrequire_message_authenticator = no\n}"; + $lines = "client $cname {\nipaddr = $cip\nsecret = $csec\nrequire_message_authenticator = no\n}\n\n"; fwrite($hand, $lines); } fclose($hand); + // not yet + //system($reloadinit); } diff --git a/authserver/usercmd.php b/authserver/usercmd.php index 3adf835..3525cbe 100644 --- a/authserver/usercmd.php +++ b/authserver/usercmd.php @@ -39,17 +39,35 @@ if(!isset($argv[1])) { echo "\tradauth: radauth - for radius, only returns a code\n"; echo "\tsynctoken: synctoken - resync's a hotp token based on two token codes\n"; echo "\ttokentype: tokentype - gets the token type for a user\n"; - echo "\taddradclient: addradclient \n"; + echo "\taddradclient: addradclient \"\"- adds a radius client\n"; + echo "\trmradclient: rmradclient - removes a radius client with the name \n"; + echo "\tgetradclients: getradclients - returns a list of radius clients\n"; return 0; } switch($argv[1]) { - case "addradclient": - $msg = $myAC->addRadiusClient($argv[2], $argv[3], $argv[4], ""); + case "rmradclient": + $msg = $myAC->deleteRadiusClient($argv[2]); if($msg) { + echo "Successfully deleted\n"; + } + break; + case "getradclients": + $msg = $myAC->getRadiusClients(); + foreach($msg as $client) { + if($client["desc"]=="") $desc = "no description set"; + else $desc = $client["desc"]; + echo $client["name"]." is ".$client["ip"].", $desc\n"; + } + break; + case "addradclient": + $msg = $myAC->addRadiusClient($argv[2], $argv[3], $argv[4], $argv[5]); + if($msg === true) { echo "Added successfully\n"; - } else { - echo "Not added\n"; + } else if ($msg == "name") { + echo "Client with same name exists already\n"; + } else if ($msg == "ip") { + echo "Client with same IP already exists\n"; } break; case "tokentype": diff --git a/authserver/www/admin.php b/authserver/www/admin.php index 7f2c8a3..d277772 100644 --- a/authserver/www/admin.php +++ b/authserver/www/admin.php @@ -84,6 +84,11 @@ Token Type +this page is for editing radius clients, it doesnt exist yet.. What you need to do is delete the client and re-add it... go back + +

Users

@@ -132,8 +137,30 @@ if(isset($_REQUEST["action"])) if($_REQUEST["action"] == "getotk") { ?>

Radius Clients

-Not yet implemented - + + +getRadiusClients(); +foreach($msg as $client) { + if($client["desc"]=="") $desc = "no description set"; + else $desc = $client["desc"]; + $clientname = $client["name"]; + $clientip = $client["ip"]; + echo ""; +} +?> +
NameIP AddressDescriptionDelete
$clientname$clientip$descDelete
+
+

Add a Radius Client

+
+ + + + + +
Client Name
Client IP
Client Secret
Client Description
+ +
Logout Home deleteRadiusClient($clientname); + header("Location: ?message=".urlencode("Client Deleted")); + exit(0); + break; + case "addradclient": + $clientname = $_REQUEST["clientname"]; + $clientip = $_REQUEST["clientip"]; + $clientsecret = $_REQUEST["clientsecret"]; + $clientdesc = $_REQUEST["clientdesc"]; + $ret = $myAC->addRadiusClient($clientname, $clientip, $clientsecret, $clientdesc); + if($ret === true) { + header("Location: ?message=".urlencode("Client Added")); + } else if ($ret == "name") { + header("Location: ?error=".urlencode("Client Name Already Existed")); + } else if ($ret == "ip") { + header("Location: ?error=".urlencode("Client IP Already Existed")); + } + exit(0); + break; case "customtoken": $ttype = $_REQUEST["tokentype"]; $tkey = $_REQUEST["tokenkey"];