ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5
Auth_RADIUS Class Reference
+ Inheritance diagram for Auth_RADIUS:
+ Collaboration diagram for Auth_RADIUS:

Public Member Functions

 Auth_RADIUS ()
 Constructor. More...
 
 addServer ($servername='localhost', $port=0, $sharedSecret='testing123', $timeout=3, $maxtries=3)
 Adds a RADIUS server to the list of servers for requests. More...
 
 getError ()
 Returns an error message, if an error occurred. More...
 
 setConfigfile ($file)
 Sets the configuration-file. More...
 
 putAttribute ($attrib, $value, $type=null)
 Puts an attribute. More...
 
 putVendorAttribute ($vendor, $attrib, $value, $type=null)
 Puts a vendor-specific attribute. More...
 
 dumpAttributes ()
 Prints known attributes received from the server. More...
 
 open ()
 Overwrite this. More...
 
 createRequest ()
 Overwrite this. More...
 
 putStandardAttributes ()
 Puts standard attributes. More...
 
 putAuthAttributes ()
 Puts custom attributes. More...
 
 putServer ($servername, $port=0, $sharedsecret='testing123', $timeout=3, $maxtries=3)
 Configures the radius library. More...
 
 putConfigfile ($file)
 Configures the radius library via external configurationfile. More...
 
 start ()
 Initiates a RADIUS request. More...
 
 send ()
 Sends a prepared RADIUS request and waits for a response. More...
 
 getAttributes ()
 Reads all received attributes after sending the request. More...
 
 close ()
 Frees resources. More...
 
- Public Member Functions inherited from PEAR
 PEAR ($error_class=null)
 Constructor. More...
 
 _PEAR ()
 Destructor (the emulated type of...). More...
 
getStaticProperty ($class, $var)
 If you have a class that's mostly/entirely static, and you need static properties, you can use this method to simulate them. More...
 
 registerShutdownFunc ($func, $args=array())
 Use this function to register a shutdown method for static classes. More...
 
 isError ($data, $code=null)
 Tell whether a value is a PEAR error. More...
 
 setErrorHandling ($mode=null, $options=null)
 Sets how errors generated by this object should be handled. More...
 
 expectError ($code=' *')
 This method is used to tell which errors you expect to get. More...
 
 popExpect ()
 This method pops one element off the expected error codes stack. More...
 
 _checkDelExpect ($error_code)
 This method checks unsets an error code if available. More...
 
 delExpect ($error_code)
 This method deletes all occurences of the specified element from the expected error codes stack. More...
 
raiseError ($message=null, $code=null, $mode=null, $options=null, $userinfo=null, $error_class=null, $skipmsg=false)
 This method is a wrapper that returns an instance of the configured error class with this object's default error handling applied. More...
 
throwError ($message=null, $code=null, $userinfo=null)
 Simpler form of raiseError with fewer options. More...
 
 staticPushErrorHandling ($mode, $options=null)
 
 staticPopErrorHandling ()
 
 pushErrorHandling ($mode, $options=null)
 Push a new error handler on top of the error handler options stack. More...
 
 popErrorHandling ()
 Pop the last error handler used. More...
 
 loadExtension ($ext)
 OS independant PHP extension load. More...
 

Data Fields

 $_servers = array()
 
 $_configfile = null
 
 $res = null
 
 $username = null
 
 $password = null
 
 $attributes = array()
 
 $rawAttributes = array()
 
 $rawVendorAttributes = array()
 
 $useStandardAttributes = true
 
- Data Fields inherited from PEAR
 $_debug = false
 
 $_default_error_mode = null
 
 $_default_error_options = null
 
 $_default_error_handler = ''
 
 $_error_class = 'PEAR_Error'
 
 $_expected_errors = array()
 

Detailed Description

Definition at line 58 of file RADIUS.php.

Member Function Documentation

◆ addServer()

Auth_RADIUS::addServer (   $servername = 'localhost',
  $port = 0,
  $sharedSecret = 'testing123',
  $timeout = 3,
  $maxtries = 3 
)

Adds a RADIUS server to the list of servers for requests.

At most 10 servers may be specified. When multiple servers are given, they are tried in round-robin fashion until a valid response is received

public

Parameters
string$servernameServername or IP-Address
integer$portPortnumber
string$sharedSecretShared secret
integer$timeoutTimeout for each request
integer$maxtriesMax. retries for each request
Returns
void

Definition at line 148 of file RADIUS.php.

149  {
150  $this->_servers[] = array($servername, $port, $sharedSecret, $timeout, $maxtries);
151  }

◆ Auth_RADIUS()

Auth_RADIUS::Auth_RADIUS ( )

Constructor.

Loads the RADIUS PECL/extension

Returns
void

Definition at line 128 of file RADIUS.php.

References PEAR\PEAR().

Referenced by Auth_RADIUS_Acct\Auth_RADIUS_Acct(), and Auth_RADIUS_PAP\Auth_RADIUS_PAP().

129  {
130  $this->PEAR();
131  }
PEAR($error_class=null)
Constructor.
Definition: PEAR.php:170
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ close()

Auth_RADIUS::close ( )

Frees resources.

Calling this method is always a good idea, because all security relevant attributes are filled with Nullbytes to leave nothing in the mem.

public

Definition at line 549 of file RADIUS.php.

Referenced by Auth_RADIUS_CHAP_MD5\close().

550  {
551  if ($this->res != null) {
552  radius_close($this->res);
553  $this->res = null;
554  }
555  $this->username = str_repeat("\0", strlen($this->username));
556  $this->password = str_repeat("\0", strlen($this->password));
557  }
+ Here is the caller graph for this function:

◆ createRequest()

Auth_RADIUS::createRequest ( )

Overwrite this.

public

Definition at line 264 of file RADIUS.php.

Referenced by start().

265  {
266  }
+ Here is the caller graph for this function:

◆ dumpAttributes()

Auth_RADIUS::dumpAttributes ( )

Prints known attributes received from the server.

public

Definition at line 243 of file RADIUS.php.

References $data.

244  {
245  foreach ($this->attributes as $name => $data) {
246  echo "$name:$data<br>\n";
247  }
248  }
$data

◆ getAttributes()

Auth_RADIUS::getAttributes ( )

Reads all received attributes after sending the request.

This methods stores known attributes in the property attributes, all attributes (including known attibutes) are stored in rawAttributes or rawVendorAttributes. NOTE: call this function also even if the request was rejected, because the Server returns usualy an errormessage

public

Returns
bool true on success, false on error

Definition at line 416 of file RADIUS.php.

References $attrib, and $data.

417  {
418 
419  while ($attrib = radius_get_attr($this->res)) {
420 
421  if (!is_array($attrib)) {
422  return false;
423  }
424 
425  $attr = $attrib['attr'];
426  $data = $attrib['data'];
427 
428  $this->rawAttributes[$attr] = $data;
429 
430  switch ($attr) {
431  case RADIUS_FRAMED_IP_ADDRESS:
432  $this->attributes['framed_ip'] = radius_cvt_addr($data);
433  break;
434 
435  case RADIUS_FRAMED_IP_NETMASK:
436  $this->attributes['framed_mask'] = radius_cvt_addr($data);
437  break;
438 
439  case RADIUS_FRAMED_MTU:
440  $this->attributes['framed_mtu'] = radius_cvt_int($data);
441  break;
442 
443  case RADIUS_FRAMED_COMPRESSION:
444  $this->attributes['framed_compression'] = radius_cvt_int($data);
445  break;
446 
447  case RADIUS_SESSION_TIMEOUT:
448  $this->attributes['session_timeout'] = radius_cvt_int($data);
449  break;
450 
451  case RADIUS_IDLE_TIMEOUT:
452  $this->attributes['idle_timeout'] = radius_cvt_int($data);
453  break;
454 
455  case RADIUS_SERVICE_TYPE:
456  $this->attributes['service_type'] = radius_cvt_int($data);
457  break;
458 
459  case RADIUS_CLASS:
460  $this->attributes['class'] = radius_cvt_string($data);
461  break;
462 
463  case RADIUS_FRAMED_PROTOCOL:
464  $this->attributes['framed_protocol'] = radius_cvt_int($data);
465  break;
466 
467  case RADIUS_FRAMED_ROUTING:
468  $this->attributes['framed_routing'] = radius_cvt_int($data);
469  break;
470 
471  case RADIUS_FILTER_ID:
472  $this->attributes['filter_id'] = radius_cvt_string($data);
473  break;
474 
475  case RADIUS_REPLY_MESSAGE:
476  $this->attributes['reply_message'] = radius_cvt_string($data);
477  break;
478 
479  case RADIUS_VENDOR_SPECIFIC:
480  $attribv = radius_get_vendor_attr($data);
481  if (!is_array($attribv)) {
482  return false;
483  }
484 
485  $vendor = $attribv['vendor'];
486  $attrv = $attribv['attr'];
487  $datav = $attribv['data'];
488 
489  $this->rawVendorAttributes[$vendor][$attrv] = $datav;
490 
491  if ($vendor == RADIUS_VENDOR_MICROSOFT) {
492 
493  switch ($attrv) {
494  case RADIUS_MICROSOFT_MS_CHAP2_SUCCESS:
495  $this->attributes['ms_chap2_success'] = radius_cvt_string($datav);
496  break;
497 
498  case RADIUS_MICROSOFT_MS_CHAP_ERROR:
499  $this->attributes['ms_chap_error'] = radius_cvt_string(substr($datav,1));
500  break;
501 
502  case RADIUS_MICROSOFT_MS_CHAP_DOMAIN:
503  $this->attributes['ms_chap_domain'] = radius_cvt_string($datav);
504  break;
505 
506  case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
507  $this->attributes['ms_mppe_encryption_policy'] = radius_cvt_int($datav);
508  break;
509 
510  case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:
511  $this->attributes['ms_mppe_encryption_types'] = radius_cvt_int($datav);
512  break;
513 
514  case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS:
515  $demangled = radius_demangle($this->res, $datav);
516  $this->attributes['ms_chap_mppe_lm_key'] = substr($demangled, 0, 8);
517  $this->attributes['ms_chap_mppe_nt_key'] = substr($demangled, 8, RADIUS_MPPE_KEY_LEN);
518  break;
519 
520  case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY:
521  $this->attributes['ms_chap_mppe_send_key'] = radius_demangle_mppe_key($this->res, $datav);
522  break;
523 
524  case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY:
525  $this->attributes['ms_chap_mppe_recv_key'] = radius_demangle_mppe_key($this->res, $datav);
526  break;
527 
528  case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER:
529  $this->attributes['ms_primary_dns_server'] = radius_cvt_string($datav);
530  break;
531  }
532  }
533  break;
534 
535  }
536  }
537 
538  return true;
539  }
$attrib
Regular expression to match HTML/XML attribute pairs within a tag.
Definition: Sanitizer.php:41
$data

◆ getError()

Auth_RADIUS::getError ( )

Returns an error message, if an error occurred.

public

Returns
string

Definition at line 159 of file RADIUS.php.

Referenced by send().

160  {
161  return radius_strerror($this->res);
162  }
+ Here is the caller graph for this function:

◆ open()

Auth_RADIUS::open ( )

Overwrite this.

public

Definition at line 255 of file RADIUS.php.

Referenced by start().

256  {
257  }
+ Here is the caller graph for this function:

◆ putAttribute()

Auth_RADIUS::putAttribute (   $attrib,
  $value,
  $type = null 
)

Puts an attribute.

public

Parameters
integer$attribAttribute-number
mixed$portAttribute-value
type$typeAttribute-type
Returns
bool true on success, false on error

Definition at line 185 of file RADIUS.php.

References $attrib.

Referenced by putAuthAttributes(), Auth_RADIUS_PAP\putAuthAttributes(), Auth_RADIUS_CHAP_MD5\putAuthAttributes(), Auth_RADIUS_MSCHAPv1\putAuthAttributes(), Auth_RADIUS_MSCHAPv2\putAuthAttributes(), Auth_RADIUS_Acct\putAuthAttributes(), and putStandardAttributes().

186  {
187  if ($type == null) {
188  $type = gettype($value);
189  }
190 
191  switch ($type) {
192  case 'integer':
193  case 'double':
194  return radius_put_int($this->res, $attrib, $value);
195 
196  case 'addr':
197  return radius_put_addr($this->res, $attrib, $value);
198 
199  case 'string':
200  default:
201  return radius_put_attr($this->res, $attrib, $value);
202  }
203 
204  }
$attrib
Regular expression to match HTML/XML attribute pairs within a tag.
Definition: Sanitizer.php:41
+ Here is the caller graph for this function:

◆ putAuthAttributes()

Auth_RADIUS::putAuthAttributes ( )

Puts custom attributes.

public

Definition at line 296 of file RADIUS.php.

References putAttribute().

Referenced by start().

297  {
298  if (isset($this->username)) {
299  $this->putAttribute(RADIUS_USER_NAME, $this->username);
300  }
301  }
putAttribute($attrib, $value, $type=null)
Puts an attribute.
Definition: RADIUS.php:185
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ putConfigfile()

Auth_RADIUS::putConfigfile (   $file)

Configures the radius library via external configurationfile.

public

Parameters
string$servernameServername or IP-Address
Returns
bool true on success, false on error

Definition at line 330 of file RADIUS.php.

References $file.

Referenced by start().

331  {
332  if (!radius_config($this->res, $file)) {
333  return false;
334  }
335  return true;
336  }
print $file
+ Here is the caller graph for this function:

◆ putServer()

Auth_RADIUS::putServer (   $servername,
  $port = 0,
  $sharedsecret = 'testing123',
  $timeout = 3,
  $maxtries = 3 
)

Configures the radius library.

public

Parameters
string$servernameServername or IP-Address
integer$portPortnumber
string$sharedSecretShared secret
integer$timeoutTimeout for each request
integer$maxtriesMax. retries for each request
Returns
bool true on success, false on error
See also
addServer()

Definition at line 315 of file RADIUS.php.

Referenced by start().

316  {
317  if (!radius_add_server($this->res, $servername, $port, $sharedsecret, $timeout, $maxtries)) {
318  return false;
319  }
320  return true;
321  }
+ Here is the caller graph for this function:

◆ putStandardAttributes()

Auth_RADIUS::putStandardAttributes ( )

Puts standard attributes.

public

Definition at line 273 of file RADIUS.php.

References $_SERVER, $GLOBALS, and putAttribute().

Referenced by start().

274  {
275  if (!$this->useStandardAttributes)
276  return;
277 
278  if (isset($_SERVER)) {
279  $var = &$_SERVER;
280  } else {
281  $var = &$GLOBALS['HTTP_SERVER_VARS'];
282  }
283 
284  $this->putAttribute(RADIUS_NAS_IDENTIFIER, isset($var['HTTP_HOST']) ? $var['HTTP_HOST'] : 'localhost');
285  $this->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL);
286  $this->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_FRAMED);
287  $this->putAttribute(RADIUS_FRAMED_PROTOCOL, RADIUS_PPP);
288  $this->putAttribute(RADIUS_CALLING_STATION_ID, isset($var['REMOTE_HOST']) ? $var['REMOTE_HOST'] : '127.0.0.1');
289  }
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
putAttribute($attrib, $value, $type=null)
Puts an attribute.
Definition: RADIUS.php:185
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ putVendorAttribute()

Auth_RADIUS::putVendorAttribute (   $vendor,
  $attrib,
  $value,
  $type = null 
)

Puts a vendor-specific attribute.

public

Parameters
integer$vendorVendor (MSoft, Cisco, ...)
integer$attribAttribute-number
mixed$portAttribute-value
type$typeAttribute-type
Returns
bool true on success, false on error

Definition at line 216 of file RADIUS.php.

References $attrib.

Referenced by Auth_RADIUS_MSCHAPv1\putAuthAttributes(), and Auth_RADIUS_MSCHAPv2\putAuthAttributes().

217  {
218 
219  if ($type == null) {
220  $type = gettype($value);
221  }
222 
223  switch ($type) {
224  case 'integer':
225  case 'double':
226  return radius_put_vendor_int($this->res, $vendor, $attrib, $value);
227 
228  case 'addr':
229  return radius_put_vendor_addr($this->res, $vendor,$attrib, $value);
230 
231  case 'string':
232  default:
233  return radius_put_vendor_attr($this->res, $vendor, $attrib, $value);
234  }
235 
236  }
$attrib
Regular expression to match HTML/XML attribute pairs within a tag.
Definition: Sanitizer.php:41
+ Here is the caller graph for this function:

◆ send()

Auth_RADIUS::send ( )

Sends a prepared RADIUS request and waits for a response.

public

Returns
mixed true on success, false on reject, PEAR_Error on error

Definition at line 375 of file RADIUS.php.

References getError(), and PEAR\raiseError().

376  {
377  $req = radius_send_request($this->res);
378  if (!$req) {
379  return $this->raiseError('Error sending request: ' . $this->getError());
380  }
381 
382  switch($req) {
383  case RADIUS_ACCESS_ACCEPT:
384  if (is_subclass_of($this, 'auth_radius_acct')) {
385  return $this->raiseError('RADIUS_ACCESS_ACCEPT is unexpected for accounting');
386  }
387  return true;
388 
389  case RADIUS_ACCESS_REJECT:
390  return false;
391 
392  case RADIUS_ACCOUNTING_RESPONSE:
393  if (is_subclass_of($this, 'auth_radius_pap')) {
394  return $this->raiseError('RADIUS_ACCOUNTING_RESPONSE is unexpected for authentication');
395  }
396  return true;
397 
398  default:
399  return $this->raiseError("Unexpected return value: $req");
400  }
401 
402  }
& raiseError($message=null, $code=null, $mode=null, $options=null, $userinfo=null, $error_class=null, $skipmsg=false)
This method is a wrapper that returns an instance of the configured error class with this object&#39;s de...
Definition: PEAR.php:524
getError()
Returns an error message, if an error occurred.
Definition: RADIUS.php:159
+ Here is the call graph for this function:

◆ setConfigfile()

Auth_RADIUS::setConfigfile (   $file)

Sets the configuration-file.

public

Parameters
string$filePath to the configuration file
Returns
void

Definition at line 171 of file RADIUS.php.

References $file.

172  {
173  $this->_configfile = $file;
174  }
print $file

◆ start()

Auth_RADIUS::start ( )

Initiates a RADIUS request.

public

Returns
bool true on success, false on errors

Definition at line 344 of file RADIUS.php.

References createRequest(), open(), putAuthAttributes(), putConfigfile(), putServer(), and putStandardAttributes().

345  {
346  if (!$this->open()) {
347  return false;
348  }
349 
350  foreach ($this->_servers as $s) {
351  // Servername, port, sharedsecret, timeout, retries
352  if (!$this->putServer($s[0], $s[1], $s[2], $s[3], $s[4])) {
353  return false;
354  }
355  }
356 
357  if (!empty($this->_configfile)) {
358  if (!$this->putConfigfile($this->_configfile)) {
359  return false;
360  }
361  }
362 
363  $this->createRequest();
364  $this->putStandardAttributes();
365  $this->putAuthAttributes();
366  return true;
367  }
createRequest()
Overwrite this.
Definition: RADIUS.php:264
putAuthAttributes()
Puts custom attributes.
Definition: RADIUS.php:296
putConfigfile($file)
Configures the radius library via external configurationfile.
Definition: RADIUS.php:330
putStandardAttributes()
Puts standard attributes.
Definition: RADIUS.php:273
open()
Overwrite this.
Definition: RADIUS.php:255
putServer($servername, $port=0, $sharedsecret='testing123', $timeout=3, $maxtries=3)
Configures the radius library.
Definition: RADIUS.php:315
+ Here is the call graph for this function:

Field Documentation

◆ $_configfile

Auth_RADIUS::$_configfile = null

Definition at line 72 of file RADIUS.php.

◆ $_servers

Auth_RADIUS::$_servers = array()

Definition at line 65 of file RADIUS.php.

◆ $attributes

Auth_RADIUS::$attributes = array()

Definition at line 98 of file RADIUS.php.

◆ $password

Auth_RADIUS::$password = null

Definition at line 91 of file RADIUS.php.

Referenced by Auth_RADIUS_PAP\Auth_RADIUS_PAP().

◆ $rawAttributes

Auth_RADIUS::$rawAttributes = array()

Definition at line 105 of file RADIUS.php.

◆ $rawVendorAttributes

Auth_RADIUS::$rawVendorAttributes = array()

Definition at line 112 of file RADIUS.php.

◆ $res

Auth_RADIUS::$res = null

Definition at line 79 of file RADIUS.php.

◆ $username

Auth_RADIUS::$username = null

◆ $useStandardAttributes

Auth_RADIUS::$useStandardAttributes = true

Definition at line 119 of file RADIUS.php.


The documentation for this class was generated from the following file: