CoovaChilli FreeRADIUS setup with UAM
Jed Gainer
jedgainer at gmail.com
Thu Feb 13 03:22:55 CET 2014
I check the login before sending it to the Chilli to login.
public function get_user_password($username)
{
$stmt = $this->mysqli->prepare("SELECT value FROM radcheck WHERE
username = ? AND attribute = 'Cleartext-Password'");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows() == 0)
$return = NULL;
else
{
$stmt->bind_result($password);
$stmt->fetch();
$return = $password;
}
$stmt->free_result();
$stmt->close();
return $return;
}
...
function chilli_login()
{
if (!empty($_GET['challenge']))
$challenge = $_GET['challenge'];
elseif (!empty($_SESSION['chilli']['challenge']))
$challenge = $_SESSION['chilli']['challenge'];
if (empty($challenge) || empty($_POST['username']) ||
empty($_POST['password']))
error('CHILLI_LOGIN_FAILED');
$_SESSION['login'] = $_POST;
$uamsecret = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz';
$hexchal = pack("H32", $challenge);
$newchal = pack("H*", md5($hexchal . $uamsecret));
$response = md5("\0" . $_POST['password'] . $newchal);
$query = http_build_query(array(
'username' => $_POST['username'],
'response' => $response,
// 'userurl' => $_GET['userurl']
), '', '&', PHP_QUERY_RFC3986);
header("Location: http://10.1.0.1:3990/login?" . $query);
die();
}
...
if (isset($_GET['login']))
{
if (!$db_radius->user_exists($_POST['username']))
$errors[] = 'Name does not exist.';
if ($_POST['password'] !=
$db_radius->get_user_password($_POST['username']))
$errors[] = 'Password incorrect.';
if (empty($errors))
{
chilli_login();
}
}
if (!empty($_GET['res']))
{
switch ($_GET['res'])
{
case 'failed':
if (isset($_GET['reply']))
if ($_GET['reply'] == 'Your maximum daily usage time has
been reached' ||
$_GET['reply'] == 'Your maximum weekly usage time has
been reached' ||
$_GET['reply'] == 'Your maximum monthly usage time has
been reached')
{
$bandwidth =
$db_radius->get_user_bandwidth($_SESSION['login']['username']);
$bandwidth_types = array('all-time', 'daily', 'weekly',
'monthly');
$errors[] = "You have used your " .
format_bytes($bandwidth['limit']['bytes'], 2) . " of
{$bandwidth_types[$bandwidth['limit']['type']]} bandwidth!";
$remaining_time = ($bandwidth['remaining']['time'] > 0
? duration($bandwidth['remaining']['time']) : '∞');
$errors[] = "Your bandwidth resets in:
{$remaining_time}.";
}
elseif ($_GET['reply'] == 'Your maximum never usage time
has been reached')
{
$errors[] = "You have used all your bandwidth.";
$errors[] = "You need to buy more to use the Internet.";
}
else
$errors[] = $_GET['reply'];
else
$errors[] = "Username and/or password rejected.";
}
}
On Wed, Feb 12, 2014 at 6:16 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Russell Mike wrote:
> > 1.) Dear Alan - What is site specific means ?
>
> It means that the problem is specific to your site. Most people don't
> do that kind of thing.
>
> > 2.) Since you advised the solution. Could you please kindly assist
> > little more by elaborating more. Which kind of program you are talking
> > about? i am asking because i could not understand fully. Please help me
> > with small example. I shall try to workout.
>
> I'm not sure there's more to say. You need to poke the UAM. So...
> write a program to poke the UAM. I have no idea how that's done,
> because I'm not using your UAM.
>
> Then, make FreeRADIUS run the program. That part should be simple.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140212/24c65636/attachment-0001.html>
More information about the Freeradius-Users
mailing list