ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Auth_RADIUS Class Reference
+ Inheritance diagram for Auth_RADIUS:
+ Collaboration diagram for Auth_RADIUS:

Public Member Functions

 Auth_RADIUS ()
 Constructor. More...
 
 addServer ($servername='localhost', $port=0, $sharedSecret='testing123', $timeout=3, $maxtries=3)
 Adds a RADIUS server to the list of servers for requests. More...
 
 getError ()
 Returns an error message, if an error occurred. More...
 
 setConfigfile ($file)
 Sets the configuration-file. More...
 
 putAttribute ($attrib, $value, $type=null)
 Puts an attribute. More...
 
 putVendorAttribute ($vendor, $attrib, $value, $type=null)
 Puts a vendor-specific attribute. More...
 
 dumpAttributes ()
 Prints known attributes received from the server. More...
 
 open ()
 Overwrite this. More...
 
 createRequest ()
 Overwrite this. More...
 
 putStandardAttributes ()
 Puts standard attributes. More...
 
 putAuthAttributes ()
 Puts custom attributes. More...
 
 putServer ($servername, $port=0, $sharedsecret='testing123', $timeout=3, $maxtries=3)
 Configures the radius library. More...
 
 putConfigfile ($file)
 Configures the radius library via external configurationfile. More...
 
 start ()
 Initiates a RADIUS request. More...
 
 send ()
 Sends a prepared RADIUS request and waits for a response. More...
 
 getAttributes ()
 Reads all received attributes after sending the request. More...
 
 close ()
 Frees resources. More...
 
- Public Member Functions inherited from PEAR
 PEAR ($error_class=null)
 Constructor. More...
 
 _PEAR ()
 Destructor (the emulated type of...). More...
 
getStaticProperty ($class, $var)
 If you have a class that's mostly/entirely static, and you need static properties, you can use this method to simulate them. More...
 
 registerShutdownFunc ($func, $args=array())
 Use this function to register a shutdown method for static classes. More...
 
 isError ($data, $code=null)
 Tell whether a value is a PEAR error. More...
 
 setErrorHandling ($mode=null, $options=null)
 Sets how errors generated by this object should be handled. More...
 
 expectError ($code=' *')
 This method is used to tell which errors you expect to get. More...
 
 popExpect ()
 This method pops one element off the expected error codes stack. More...
 
 _checkDelExpect ($error_code)
 This method checks unsets an error code if available. More...
 
 delExpect ($error_code)
 This method deletes all occurences of the specified element from the expected error codes stack. More...
 
raiseError ($message=null, $code=null, $mode=null, $options=null, $userinfo=null, $error_class=null, $skipmsg=false)
 This method is a wrapper that returns an instance of the configured error class with this object's default error handling applied. More...
 
throwError ($message=null, $code=null, $userinfo=null)
 Simpler form of raiseError with fewer options. More...
 
 staticPushErrorHandling ($mode, $options=null)
 
 staticPopErrorHandling ()
 
 pushErrorHandling ($mode, $options=null)
 Push a new error handler on top of the error handler options stack. More...
 
 popErrorHandling ()
 Pop the last error handler used. More...
 
 loadExtension ($ext)
 OS independant PHP extension load. More...
 

Data Fields

 $_servers = array()
 
 $_configfile = null
 
 $res = null
 
 $username = null
 
 $password = null
 
 $attributes = array()
 
 $rawAttributes = array()
 
 $rawVendorAttributes = array()
 
 $useStandardAttributes = true
 
- Data Fields inherited from PEAR
 $_debug = false
 
 $_default_error_mode = null
 
 $_default_error_options = null
 
 $_default_error_handler = ''
 
 $_error_class = 'PEAR_Error'
 
 $_expected_errors = array()
 

Detailed Description

Definition at line 58 of file RADIUS.php.

Member Function Documentation

◆ addServer()

Auth_RADIUS::addServer (   $servername = 'localhost',
  $port = 0,
  $sharedSecret = 'testing123',
  $timeout = 3,
  $maxtries = 3 
)

Adds a RADIUS server to the list of servers for requests.

At most 10 servers may be specified. When multiple servers are given, they are tried in round-robin fashion until a valid response is received

@access public

Parameters
string$servernameServername or IP-Address
integer$portPortnumber
string$sharedSecretShared secret
integer$timeoutTimeout for each request
integer$maxtriesMax. retries for each request
Returns
void

Definition at line 148 of file RADIUS.php.

149 {
150 $this->_servers[] = array($servername, $port, $sharedSecret, $timeout, $maxtries);
151 }

◆ Auth_RADIUS()

Auth_RADIUS::Auth_RADIUS ( )

Constructor.

Loads the RADIUS PECL/extension

Returns
void

Definition at line 128 of file RADIUS.php.

129 {
130 $this->PEAR();
131 }
PEAR($error_class=null)
Constructor.
Definition: PEAR.php:170

References PEAR\PEAR().

Referenced by Auth_RADIUS_Acct\Auth_RADIUS_Acct(), and Auth_RADIUS_PAP\Auth_RADIUS_PAP().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ close()

Auth_RADIUS::close ( )

Frees resources.

Calling this method is always a good idea, because all security relevant attributes are filled with Nullbytes to leave nothing in the mem.

@access public

Reimplemented in Auth_RADIUS_CHAP_MD5, and Auth_RADIUS_MSCHAPv2.

Definition at line 549 of file RADIUS.php.

550 {
551 if ($this->res != null) {
552 radius_close($this->res);
553 $this->res = null;
554 }
555 $this->username = str_repeat("\0", strlen($this->username));
556 $this->password = str_repeat("\0", strlen($this->password));
557 }

Referenced by Auth_RADIUS_CHAP_MD5\close().

+ Here is the caller graph for this function:

◆ createRequest()

Auth_RADIUS::createRequest ( )

Overwrite this.

@access public

Reimplemented in Auth_RADIUS_PAP, and Auth_RADIUS_Acct.

Definition at line 264 of file RADIUS.php.

265 {
266 }

Referenced by start().

+ Here is the caller graph for this function:

◆ dumpAttributes()

Auth_RADIUS::dumpAttributes ( )

Prints known attributes received from the server.

@access public

Definition at line 243 of file RADIUS.php.

244 {
245 foreach ($this->attributes as $name => $data) {
246 echo "$name:$data<br>\n";
247 }
248 }
$data

References $data.

◆ getAttributes()

Auth_RADIUS::getAttributes ( )

Reads all received attributes after sending the request.

This methods stores known attributes in the property attributes, all attributes (including known attibutes) are stored in rawAttributes or rawVendorAttributes. NOTE: call this function also even if the request was rejected, because the Server returns usualy an errormessage

@access public

Returns
bool true on success, false on error

Definition at line 416 of file RADIUS.php.

417 {
418
419 while ($attrib = radius_get_attr($this->res)) {
420
421 if (!is_array($attrib)) {
422 return false;
423 }
424
425 $attr = $attrib['attr'];
426 $data = $attrib['data'];
427
428 $this->rawAttributes[$attr] = $data;
429
430 switch ($attr) {
431 case RADIUS_FRAMED_IP_ADDRESS:
432 $this->attributes['framed_ip'] = radius_cvt_addr($data);
433 break;
434
435 case RADIUS_FRAMED_IP_NETMASK:
436 $this->attributes['framed_mask'] = radius_cvt_addr($data);
437 break;
438
439 case RADIUS_FRAMED_MTU:
440 $this->attributes['framed_mtu'] = radius_cvt_int($data);
441 break;
442
443 case RADIUS_FRAMED_COMPRESSION:
444 $this->attributes['framed_compression'] = radius_cvt_int($data);
445 break;
446
447 case RADIUS_SESSION_TIMEOUT:
448 $this->attributes['session_timeout'] = radius_cvt_int($data);
449 break;
450
451 case RADIUS_IDLE_TIMEOUT:
452 $this->attributes['idle_timeout'] = radius_cvt_int($data);
453 break;
454
455 case RADIUS_SERVICE_TYPE:
456 $this->attributes['service_type'] = radius_cvt_int($data);
457 break;
458
459 case RADIUS_CLASS:
460 $this->attributes['class'] = radius_cvt_string($data);
461 break;
462
463 case RADIUS_FRAMED_PROTOCOL:
464 $this->attributes['framed_protocol'] = radius_cvt_int($data);
465 break;
466
467 case RADIUS_FRAMED_ROUTING:
468 $this->attributes['framed_routing'] = radius_cvt_int($data);
469 break;
470
471 case RADIUS_FILTER_ID:
472 $this->attributes['filter_id'] = radius_cvt_string($data);
473 break;
474
475 case RADIUS_REPLY_MESSAGE:
476 $this->attributes['reply_message'] = radius_cvt_string($data);
477 break;
478
479 case RADIUS_VENDOR_SPECIFIC:
480 $attribv = radius_get_vendor_attr($data);
481 if (!is_array($attribv)) {
482 return false;
483 }
484
485 $vendor = $attribv['vendor'];
486 $attrv = $attribv['attr'];
487 $datav = $attribv['data'];
488
489 $this->rawVendorAttributes[$vendor][$attrv] = $datav;
490
491 if ($vendor == RADIUS_VENDOR_MICROSOFT) {
492
493 switch ($attrv) {
494 case RADIUS_MICROSOFT_MS_CHAP2_SUCCESS:
495 $this->attributes['ms_chap2_success'] = radius_cvt_string($datav);
496 break;
497
498 case RADIUS_MICROSOFT_MS_CHAP_ERROR:
499 $this->attributes['ms_chap_error'] = radius_cvt_string(substr($datav,1));
500 break;
501
502 case RADIUS_MICROSOFT_MS_CHAP_DOMAIN:
503 $this->attributes['ms_chap_domain'] = radius_cvt_string($datav);
504 break;
505
506 case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
507 $this->attributes['ms_mppe_encryption_policy'] = radius_cvt_int($datav);
508 break;
509
510 case RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:
511 $this->attributes['ms_mppe_encryption_types'] = radius_cvt_int($datav);
512 break;
513
514 case RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS:
515 $demangled = radius_demangle($this->res, $datav);
516 $this->attributes['ms_chap_mppe_lm_key'] = substr($demangled, 0, 8);
517 $this->attributes['ms_chap_mppe_nt_key'] = substr($demangled, 8, RADIUS_MPPE_KEY_LEN);
518 break;
519
520 case RADIUS_MICROSOFT_MS_MPPE_SEND_KEY:
521 $this->attributes['ms_chap_mppe_send_key'] = radius_demangle_mppe_key($this->res, $datav);
522 break;
523
524 case RADIUS_MICROSOFT_MS_MPPE_RECV_KEY:
525 $this->attributes['ms_chap_mppe_recv_key'] = radius_demangle_mppe_key($this->res, $datav);
526 break;
527
528 case RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER:
529 $this->attributes['ms_primary_dns_server'] = radius_cvt_string($datav);
530 break;
531 }
532 }
533 break;
534
535 }
536 }
537
538 return true;
539 }
$attrib
Regular expression to match HTML/XML attribute pairs within a tag.
Definition: Sanitizer.php:41

References $attrib, and $data.

◆ getError()

Auth_RADIUS::getError ( )

Returns an error message, if an error occurred.

@access public

Returns
string

Definition at line 159 of file RADIUS.php.

160 {
161 return radius_strerror($this->res);
162 }

Referenced by send().

+ Here is the caller graph for this function:

◆ open()

Auth_RADIUS::open ( )

Overwrite this.

@access public

Reimplemented in Auth_RADIUS_PAP, and Auth_RADIUS_Acct.

Definition at line 255 of file RADIUS.php.

256 {
257 }

Referenced by start().

+ Here is the caller graph for this function:

◆ putAttribute()

Auth_RADIUS::putAttribute (   $attrib,
  $value,
  $type = null 
)

Puts an attribute.

@access public

Parameters
integer$attribAttribute-number
mixed$portAttribute-value
type$typeAttribute-type
Returns
bool true on success, false on error

Definition at line 185 of file RADIUS.php.

186 {
187 if ($type == null) {
188 $type = gettype($value);
189 }
190
191 switch ($type) {
192 case 'integer':
193 case 'double':
194 return radius_put_int($this->res, $attrib, $value);
195
196 case 'addr':
197 return radius_put_addr($this->res, $attrib, $value);
198
199 case 'string':
200 default:
201 return radius_put_attr($this->res, $attrib, $value);
202 }
203
204 }

References $attrib.

Referenced by putAuthAttributes(), Auth_RADIUS_PAP\putAuthAttributes(), Auth_RADIUS_CHAP_MD5\putAuthAttributes(), Auth_RADIUS_MSCHAPv1\putAuthAttributes(), Auth_RADIUS_MSCHAPv2\putAuthAttributes(), Auth_RADIUS_Acct\putAuthAttributes(), and putStandardAttributes().

+ Here is the caller graph for this function:

◆ putAuthAttributes()

Auth_RADIUS::putAuthAttributes ( )

Puts custom attributes.

@access public

Reimplemented in Auth_RADIUS_PAP, Auth_RADIUS_CHAP_MD5, Auth_RADIUS_MSCHAPv1, Auth_RADIUS_MSCHAPv2, and Auth_RADIUS_Acct.

Definition at line 296 of file RADIUS.php.

297 {
298 if (isset($this->username)) {
299 $this->putAttribute(RADIUS_USER_NAME, $this->username);
300 }
301 }
putAttribute($attrib, $value, $type=null)
Puts an attribute.
Definition: RADIUS.php:185

References putAttribute().

Referenced by start().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ putConfigfile()

Auth_RADIUS::putConfigfile (   $file)

Configures the radius library via external configurationfile.

@access public

Parameters
string$servernameServername or IP-Address
Returns
bool true on success, false on error

Definition at line 330 of file RADIUS.php.

331 {
332 if (!radius_config($this->res, $file)) {
333 return false;
334 }
335 return true;
336 }
print $file

References $file.

Referenced by start().

+ Here is the caller graph for this function:

◆ putServer()

Auth_RADIUS::putServer (   $servername,
  $port = 0,
  $sharedsecret = 'testing123',
  $timeout = 3,
  $maxtries = 3 
)

Configures the radius library.

@access public

Parameters
string$servernameServername or IP-Address
integer$portPortnumber
string$sharedSecretShared secret
integer$timeoutTimeout for each request
integer$maxtriesMax. retries for each request
Returns
bool true on success, false on error
See also
addServer()

Definition at line 315 of file RADIUS.php.

316 {
317 if (!radius_add_server($this->res, $servername, $port, $sharedsecret, $timeout, $maxtries)) {
318 return false;
319 }
320 return true;
321 }

Referenced by start().

+ Here is the caller graph for this function:

◆ putStandardAttributes()

Auth_RADIUS::putStandardAttributes ( )

Puts standard attributes.

@access public

Definition at line 273 of file RADIUS.php.

274 {
275 if (!$this->useStandardAttributes)
276 return;
277
278 if (isset($_SERVER)) {
279 $var = &$_SERVER;
280 } else {
281 $var = &$GLOBALS['HTTP_SERVER_VARS'];
282 }
283
284 $this->putAttribute(RADIUS_NAS_IDENTIFIER, isset($var['HTTP_HOST']) ? $var['HTTP_HOST'] : 'localhost');
285 $this->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL);
286 $this->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_FRAMED);
287 $this->putAttribute(RADIUS_FRAMED_PROTOCOL, RADIUS_PPP);
288 $this->putAttribute(RADIUS_CALLING_STATION_ID, isset($var['REMOTE_HOST']) ? $var['REMOTE_HOST'] : '127.0.0.1');
289 }
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']

References $_SERVER, $GLOBALS, and putAttribute().

Referenced by start().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ putVendorAttribute()

Auth_RADIUS::putVendorAttribute (   $vendor,
  $attrib,
  $value,
  $type = null 
)

Puts a vendor-specific attribute.

@access public

Parameters
integer$vendorVendor (MSoft, Cisco, ...)
integer$attribAttribute-number
mixed$portAttribute-value
type$typeAttribute-type
Returns
bool true on success, false on error

Definition at line 216 of file RADIUS.php.

217 {
218
219 if ($type == null) {
220 $type = gettype($value);
221 }
222
223 switch ($type) {
224 case 'integer':
225 case 'double':
226 return radius_put_vendor_int($this->res, $vendor, $attrib, $value);
227
228 case 'addr':
229 return radius_put_vendor_addr($this->res, $vendor,$attrib, $value);
230
231 case 'string':
232 default:
233 return radius_put_vendor_attr($this->res, $vendor, $attrib, $value);
234 }
235
236 }

References $attrib.

Referenced by Auth_RADIUS_MSCHAPv1\putAuthAttributes(), and Auth_RADIUS_MSCHAPv2\putAuthAttributes().

+ Here is the caller graph for this function:

◆ send()

Auth_RADIUS::send ( )

Sends a prepared RADIUS request and waits for a response.

@access public

Returns
mixed true on success, false on reject, PEAR_Error on error

Definition at line 375 of file RADIUS.php.

376 {
377 $req = radius_send_request($this->res);
378 if (!$req) {
379 return $this->raiseError('Error sending request: ' . $this->getError());
380 }
381
382 switch($req) {
383 case RADIUS_ACCESS_ACCEPT:
384 if (is_subclass_of($this, 'auth_radius_acct')) {
385 return $this->raiseError('RADIUS_ACCESS_ACCEPT is unexpected for accounting');
386 }
387 return true;
388
389 case RADIUS_ACCESS_REJECT:
390 return false;
391
392 case RADIUS_ACCOUNTING_RESPONSE:
393 if (is_subclass_of($this, 'auth_radius_pap')) {
394 return $this->raiseError('RADIUS_ACCOUNTING_RESPONSE is unexpected for authentication');
395 }
396 return true;
397
398 default:
399 return $this->raiseError("Unexpected return value: $req");
400 }
401
402 }
getError()
Returns an error message, if an error occurred.
Definition: RADIUS.php:159
& raiseError($message=null, $code=null, $mode=null, $options=null, $userinfo=null, $error_class=null, $skipmsg=false)
This method is a wrapper that returns an instance of the configured error class with this object's de...
Definition: PEAR.php:524

References getError(), and PEAR\raiseError().

+ Here is the call graph for this function:

◆ setConfigfile()

Auth_RADIUS::setConfigfile (   $file)

Sets the configuration-file.

@access public

Parameters
string$filePath to the configuration file
Returns
void

Definition at line 171 of file RADIUS.php.

172 {
173 $this->_configfile = $file;
174 }

References $file.

◆ start()

Auth_RADIUS::start ( )

Initiates a RADIUS request.

@access public

Returns
bool true on success, false on errors

Definition at line 344 of file RADIUS.php.

345 {
346 if (!$this->open()) {
347 return false;
348 }
349
350 foreach ($this->_servers as $s) {
351 // Servername, port, sharedsecret, timeout, retries
352 if (!$this->putServer($s[0], $s[1], $s[2], $s[3], $s[4])) {
353 return false;
354 }
355 }
356
357 if (!empty($this->_configfile)) {
358 if (!$this->putConfigfile($this->_configfile)) {
359 return false;
360 }
361 }
362
363 $this->createRequest();
364 $this->putStandardAttributes();
365 $this->putAuthAttributes();
366 return true;
367 }
createRequest()
Overwrite this.
Definition: RADIUS.php:264
open()
Overwrite this.
Definition: RADIUS.php:255
putStandardAttributes()
Puts standard attributes.
Definition: RADIUS.php:273
putAuthAttributes()
Puts custom attributes.
Definition: RADIUS.php:296
putServer($servername, $port=0, $sharedsecret='testing123', $timeout=3, $maxtries=3)
Configures the radius library.
Definition: RADIUS.php:315
putConfigfile($file)
Configures the radius library via external configurationfile.
Definition: RADIUS.php:330

References createRequest(), open(), putAuthAttributes(), putConfigfile(), putServer(), and putStandardAttributes().

+ Here is the call graph for this function:

Field Documentation

◆ $_configfile

Auth_RADIUS::$_configfile = null

Definition at line 72 of file RADIUS.php.

◆ $_servers

Auth_RADIUS::$_servers = array()

Definition at line 65 of file RADIUS.php.

◆ $attributes

Auth_RADIUS::$attributes = array()

Definition at line 98 of file RADIUS.php.

◆ $password

Auth_RADIUS::$password = null

Definition at line 91 of file RADIUS.php.

Referenced by Auth_RADIUS_PAP\Auth_RADIUS_PAP().

◆ $rawAttributes

Auth_RADIUS::$rawAttributes = array()

Definition at line 105 of file RADIUS.php.

◆ $rawVendorAttributes

Auth_RADIUS::$rawVendorAttributes = array()

Definition at line 112 of file RADIUS.php.

◆ $res

Auth_RADIUS::$res = null

Definition at line 79 of file RADIUS.php.

◆ $username

Auth_RADIUS::$username = null

◆ $useStandardAttributes

Auth_RADIUS::$useStandardAttributes = true

Definition at line 119 of file RADIUS.php.


The documentation for this class was generated from the following file: