dapphp/radius

基于SysCo/al实现的纯PHP RADIUS客户端

维护者

详细信息

github.com/dapphp/radius

主页

源代码

问题

安装量: 621 903

依赖项: 3

建议者: 0

安全: 0

星标: 79

关注者: 10

分支: 44

公开问题: 14

v3.0.0 2022-01-26 04:33 UTC

Requires

  • php: ^7.3 || ^8.0

Requires (Dev)

Suggests

LGPL-3.0-or-later 023f538e46d20fa285f55dd65d7054fb9b370a82

authorizationAuthenticationradiuspapchapms-chapms-chap v2rfc2865rfc1994rfc2284rfc2869rfc2759

This package is auto-updated.

Last update: 2024-08-26 10:22:10 UTC

README

Build Status Total Downloads Latest Stable Version

名称

Dapphp\Radius - 基于SysCo/al实现的纯PHP RADIUS客户端

作者

描述

Dapphp\Radius 是一个纯PHP RADIUS客户端,用于在PHP中验证用户与RADIUS服务器。它目前支持使用PAP、CHAP (MD5)、MSCHAP v1和EAP-MSCHAP v2进行基本的RADIUS认证。当前的2.5.x分支经过测试,可以与以下RADIUS服务器一起使用

  • Microsoft Windows Server 2019 网络策略服务器
  • Microsoft Windows Server 2016 网络策略服务器
  • Microsoft Windows Server 2012 网络策略服务器
  • FreeRADIUS 2及更高版本

PAP认证已在以下服务器上测试

  • Microsoft Radius服务器IAS
  • Mideye RADIUS服务器
  • Radl
  • RSA SecurID
  • VASCO Middleware 3.0服务器
  • WinRadius
  • ZyXEL ZyWALL OTP

如果使用MSCHAP v1或v2,则需要PHP openssl扩展。对于没有openssl支持的旧版PHP版本,则使用mcrypt。

安装

安装 dapphp/radius 的推荐方法是使用Composer。如果您已经使用Composer,只需运行composer require dapphp/radius或将dapphp/radius添加到您的composer.json文件的require部分。

也支持独立安装,并提供SPL自动加载器。(如果您使用Composer,请勿使用独立自动加载器!)

要独立安装,请下载发行版存档并将其解压到您的服务器上的一个位置。在您的应用程序中,执行require_once 'radius/autoload.php';然后您就可以使用该类。

示例

请参阅examples/目录中的示例。RADIUS服务器地址、密钥和凭据从环境变量中读取,默认为

RADIUS_SERVER_ADDR=192.168.0.20
RADIUS_USER=nemo
RADIUS_PASS=arctangent
RADIUS_SECRET=xyzzy5461

要打印RADIUS调试信息,请指定-v选项。

示例

RADIUS_SERVER_ADDR=10.0.100.1 RADIUS_USER=radtest php example/client.php -v

概要

<?php

use Dapphp\Radius\Radius;

require_once '/path/to/radius/autoload.php';
// or, if using composer
require_once '/path/to/vendor/autoload.php';

$client = new Radius();

// set server, secret, and basic attributes
$client->setServer('12.34.56.78') // RADIUS server address
       ->setSecret('radius shared secret')
       ->setNasIpAddress('10.0.1.2') // NAS server address
       ->setAttribute(32, 'login');  // NAS identifier

// PAP authentication; returns true if successful, false otherwise
$authenticated = $client->accessRequest($username, $password);

// CHAP-MD5 authentication
$client->setChapPassword($password); // set chap password
$authenticated = $client->accessRequest($username); // authenticate, don't specify pw here

// MSCHAP v1 authentication
$client->setMSChapPassword($password); // set ms chap password (uses openssl or mcrypt)
$authenticated = $client->accessRequest($username);

// EAP-MSCHAP v2 authentication
$authenticated = $client->accessRequestEapMsChapV2($username, $password);

if ($authenticated === false) {
    // false returned on failure
    echo sprintf(
        "Access-Request failed with error %d (%s).\n",
        $client->getErrorCode(),
        $client->getErrorMessage()
    );
} else {
    // access request was accepted - client authenticated successfully
    echo "Success!  Received Access-Accept response from RADIUS server.\n";
}

高级用法

// Authenticating against a RADIUS cluster (each server needs the same secret).
// Each server in the list is tried until auth success or failure.  The
// next server is tried on timeout or other error.
// Set the secret and any required attributes first.

$servers = [ 'server1.radius.domain', 'server2.radius.domain' ];
// or
$servers = gethostbynamel("radius.site.domain"); // gets list of IPv4 addresses to a given host

$authenticated = $client->accessRequestList($servers, $username, $password);
// or
$authenticated = $client->accessRequestEapMsChapV2List($servers, $username, $password);


// Setting vendor specific attributes
// Many vendor IDs are available in \Dapphp\Radius\VendorId
// e.g. \Dapphp\Radius\VendorId::MICROSOFT
$client->setVendorSpecificAttribute($vendorId, $attributeNumber, $rawValue);

// Retrieving attributes from RADIUS responses after receiving a failure or success response
$value = $client->getAttribute($attributeId);

// Get an array of all received attributes
$attributes = getReceivedAttributes();

// Debugging
// Prior to sending a request, call
$client->setDebug(true); // enable debug output on console
// Shows what attributes are sent and received, and info about the request/response

需求

  • PHP 5.3或更高版本

TODO

  • 通过名称而不是数字设置属性
  • 供应商特定属性字典?
  • 使用更多实现进行测试并确认其可用性
  • 计费?

版权

Copyright (c) 2008, SysCo systemes de communication sa
SysCo (tm) is a trademark of SysCo systemes de communication sa
(http://www.sysco.ch/)
All rights reserved.

Copyright (c) 2018, Drew Phillips
(https://drew-phillips.com)

Pure PHP radius class is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.

Pure PHP radius class is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with Pure PHP radius class.
If not, see <https://gnu.ac.cn/licenses/>

许可证

此库使用了Crypt_CHAP PEAR库。请参阅lib/Pear_CHAP.php

Copyright (c) 2002-2010, Michael Bretterklieber <michael@bretterklieber.com>
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
3. The names of the authors may not be used to endorse or promote products
   derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This code cannot simply be copied and put under the GNU Public License or
any other GPL-like (LGPL, GPL2) License.