CoovaChilli FreeRADIUS setup with UAM

Jed Gainer jedgainer at gmail.com
Thu Feb 13 03:22:55 CET 2014


I check the login before sending it to the Chilli to login.

    public function get_user_password($username)
    {
        $stmt = $this->mysqli->prepare("SELECT value FROM radcheck WHERE
username = ? AND attribute = 'Cleartext-Password'");
        $stmt->bind_param('s', $username);
        $stmt->execute();
        $stmt->store_result();
        if ($stmt->num_rows() == 0)
            $return = NULL;
        else
        {
            $stmt->bind_result($password);
            $stmt->fetch();
            $return = $password;
        }
        $stmt->free_result();
        $stmt->close();
        return $return;
    }

...

function chilli_login()
{
    if (!empty($_GET['challenge']))
        $challenge = $_GET['challenge'];
    elseif (!empty($_SESSION['chilli']['challenge']))
        $challenge = $_SESSION['chilli']['challenge'];
    if (empty($challenge) || empty($_POST['username']) ||
empty($_POST['password']))
        error('CHILLI_LOGIN_FAILED');
    $_SESSION['login'] = $_POST;
    $uamsecret = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz';
    $hexchal = pack("H32", $challenge);
    $newchal = pack("H*", md5($hexchal . $uamsecret));
    $response = md5("\0" . $_POST['password'] . $newchal);
    $query = http_build_query(array(
        'username' => $_POST['username'],
        'response' => $response,
//        'userurl' => $_GET['userurl']
    ), '', '&', PHP_QUERY_RFC3986);
    header("Location: http://10.1.0.1:3990/login?" . $query);
    die();
}

...

if (isset($_GET['login']))
{
      if (!$db_radius->user_exists($_POST['username']))
        $errors[] = 'Name does not exist.';
    if ($_POST['password'] !=
$db_radius->get_user_password($_POST['username']))
        $errors[] = 'Password incorrect.';
    if (empty($errors))
    {
        chilli_login();
    }
}

if (!empty($_GET['res']))
{
    switch ($_GET['res'])
    {
        case 'failed':
            if (isset($_GET['reply']))
                if ($_GET['reply'] == 'Your maximum daily usage time has
been reached' ||
                    $_GET['reply'] == 'Your maximum weekly usage time has
been reached' ||
                    $_GET['reply'] == 'Your maximum monthly usage time has
been reached')
                {
                    $bandwidth =
$db_radius->get_user_bandwidth($_SESSION['login']['username']);
                    $bandwidth_types = array('all-time', 'daily', 'weekly',
'monthly');
                    $errors[] = "You have used your " .
format_bytes($bandwidth['limit']['bytes'], 2) . " of
{$bandwidth_types[$bandwidth['limit']['type']]} bandwidth!";
                    $remaining_time = ($bandwidth['remaining']['time'] > 0
? duration($bandwidth['remaining']['time']) : '∞');
                    $errors[] = "Your bandwidth resets in:
{$remaining_time}.";
                }
                elseif ($_GET['reply'] == 'Your maximum never usage time
has been reached')
                {
                    $errors[] = "You have used all your bandwidth.";
                    $errors[] = "You need to buy more to use the Internet.";
                }
                else
                    $errors[] = $_GET['reply'];
            else
                $errors[] = "Username and/or password rejected.";
    }
}


On Wed, Feb 12, 2014 at 6:16 AM, Alan DeKok <aland at deployingradius.com>wrote:

> Russell Mike wrote:
> >     1.) Dear Alan - What is site specific means ?
>
>   It means that the problem is specific to your site.  Most people don't
> do that kind of thing.
>
> >      2.) Since you advised the solution. Could you please kindly assist
> > little more by elaborating more. Which kind of program you are talking
> > about? i am asking because i could not understand fully. Please help me
> > with small example. I shall try to workout.
>
>   I'm not sure there's more to say.  You need to poke the UAM.  So...
> write a program to poke the UAM.  I have no idea how that's done,
> because I'm not using your UAM.
>
>   Then, make FreeRADIUS run the program.  That part should be simple.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140212/24c65636/attachment-0001.html>


More information about the Freeradius-Users mailing list