ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions | Private Attributes
sspmod_radius_Auth_Source_Radius Class Reference
+ Inheritance diagram for sspmod_radius_Auth_Source_Radius:
+ Collaboration diagram for sspmod_radius_Auth_Source_Radius:

Public Member Functions

 __construct ($info, $config)
 Constructor for this authentication source. More...
 
- Public Member Functions inherited from sspmod_core_Auth_UserPassBase
 __construct ($info, &$config)
 Constructor for this authentication source. More...
 
 setForcedUsername ($forcedUsername)
 Set forced username. More...
 
 getLoginLinks ()
 Return login links from configuration. More...
 
 getRememberUsernameEnabled ()
 Getter for the authsource config option remember.username.enabled. More...
 
 getRememberUsernameChecked ()
 Getter for the authsource config option remember.username.checked. More...
 
 isRememberMeEnabled ()
 Check if the "remember me" feature is enabled. More...
 
 isRememberMeChecked ()
 Check if the "remember me" checkbox should be checked. More...
 
 authenticate (&$state)
 Initialize login. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Protected Member Functions

 login ($username, $password)
 Attempt to log in using the given username and password. More...
 
- Protected Member Functions inherited from sspmod_core_Auth_UserPassBase
 login ($username, $password)
 Attempt to log in using the given username and password. More...
 
- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Private Attributes

 $servers
 The list of radius servers to use. More...
 
 $hostname
 The hostname of the radius server. More...
 
 $port
 The port of the radius server. More...
 
 $secret
 The secret used when communicating with the radius server. More...
 
 $timeout
 The timeout for contacting the radius server. More...
 
 $retries
 The number of retries which should be attempted. More...
 
 $realm
 The realm to be added to the entered username. More...
 
 $usernameAttribute
 The attribute name where the username should be stored. More...
 
 $vendor
 The vendor for the RADIUS attributes we are interrested in. More...
 
 $vendorType
 The vendor-specific attribute for the RADIUS attributes we are interrested in. More...
 
 $nasIdentifier
 The NAS-Identifier that should be set in Access-Request packets. More...
 

Additional Inherited Members

- Static Public Member Functions inherited from sspmod_core_Auth_UserPassBase
static handleLogin ($authStateId, $username, $password)
 Handle login request. More...
 
- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 
- Data Fields inherited from sspmod_core_Auth_UserPassBase
const STAGEID = 'sspmod_core_Auth_UserPassBase.state'
 The string used to identify our states. More...
 
const AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId'
 The key of the AuthId field in the state. More...
 
- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 
- Protected Attributes inherited from sspmod_core_Auth_UserPassBase
 $loginLinks
 Links to pages from login page. More...
 
 $rememberUsernameEnabled = FALSE
 
 $rememberUsernameChecked = FALSE
 
 $rememberMeEnabled = FALSE
 
 $rememberMeChecked = FALSE
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Detailed Description

Definition at line 10 of file Radius.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_radius_Auth_Source_Radius::__construct (   $info,
  $config 
)

Constructor for this authentication source.

Parameters
array$infoInformation about this authentication source.
array$configConfiguration.

Definition at line 74 of file Radius.php.

References $config, $info, array, and SimpleSAML_Configuration\loadFromArray().

75  {
76  assert('is_array($info)');
77  assert('is_array($config)');
78 
79  // Call the parent constructor first, as required by the interface
80  parent::__construct($info, $config);
81 
82  // Parse configuration.
83  $config = SimpleSAML_Configuration::loadFromArray($config,
84  'Authentication source ' . var_export($this->authId, true));
85 
86  $this->servers = $config->getArray('servers', array());
87  /* For backwards compatibility. */
88  if (empty($this->servers)) {
89  $this->hostname = $config->getString('hostname');
90  $this->port = $config->getIntegerRange('port', 1, 65535, 1812);
91  $this->secret = $config->getString('secret');
92  $this->servers[] = array('hostname' => $this->hostname,
93  'port' => $this->port,
94  'secret' => $this->secret);
95  }
96  $this->timeout = $config->getInteger('timeout', 5);
97  $this->retries = $config->getInteger('retries', 3);
98  $this->realm = $config->getString('realm', null);
99  $this->usernameAttribute = $config->getString('username_attribute', null);
100  $this->nasIdentifier = $config->getString('nas_identifier',
101  \SimpleSAML\Utils\HTTP::getSelfHost());
102 
103  $this->vendor = $config->getInteger('attribute_vendor', null);
104  if ($this->vendor !== null) {
105  $this->vendorType = $config->getInteger('attribute_vendor_type');
106  }
107  }
SimpleSAML
Attribute-related utility methods.
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$info
$info
Definition: index.php:5
SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:269
+ Here is the call graph for this function:

Member Function Documentation

◆ login()

sspmod_radius_Auth_Source_Radius::login (   $username,
  $password 
)
protected

Attempt to log in using the given username and password.

Parameters
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.
Returns
array Associative array with the user's attributes.

Definition at line 117 of file Radius.php.

References $attributes, $password, $res, $server, $success, $usernameAttribute, $vendor, array, and SimpleSAML\Logger\info().

118  {
119  assert('is_string($username)');
120  assert('is_string($password)');
121 
122  $radius = radius_auth_open();
123 
124  /* Try to add all radius servers, trigger a failure if no one works. */
125  $success = false;
126  foreach ($this->servers as $server) {
127  if (!isset($server['port'])) {
128  $server['port'] = 1812;
129  }
130  if (!radius_add_server($radius,
131  $server['hostname'], $server['port'], $server['secret'],
132  $this->timeout, $this->retries)) {
133  SimpleSAML\Logger::info("Could not add radius server: " .
134  radius_strerror($radius));
135  continue;
136  }
137  $success = true;
138  }
139  if (!$success) {
140  throw new Exception('Error adding radius servers, no servers available');
141  }
142 
143  if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) {
144  throw new Exception('Error creating radius request: ' .
145  radius_strerror($radius));
146  }
147 
148  if ($this->realm === null) {
149  radius_put_attr($radius, RADIUS_USER_NAME, $username);
150  } else {
151  radius_put_attr($radius, RADIUS_USER_NAME, $username . '@' . $this->realm);
152  }
153  radius_put_attr($radius, RADIUS_USER_PASSWORD, $password);
154 
155  if ($this->nasIdentifier !== null) {
156  radius_put_attr($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier);
157  }
158 
159  $res = radius_send_request($radius);
160  if ($res != RADIUS_ACCESS_ACCEPT) {
161  switch ($res) {
162  case RADIUS_ACCESS_REJECT:
163  /* Invalid username or password. */
164  throw new SimpleSAML_Error_Error('WRONGUSERPASS');
165  case RADIUS_ACCESS_CHALLENGE:
166  throw new Exception('Radius authentication error: Challenge requested, but not supported.');
167  default:
168  throw new Exception('Error during radius authentication: ' .
169  radius_strerror($radius));
170  }
171  }
172 
173  /* If we get this far, we have a valid login. */
174 
175  $attributes = array();
176 
177  if ($this->usernameAttribute !== null) {
178  $attributes[$this->usernameAttribute] = array($username);
179  }
180 
181  if ($this->vendor === null) {
182  /*
183  * We aren't interested in any vendor-specific attributes. We are
184  * therefore done now.
185  */
186  return $attributes;
187  }
188 
189  /* get AAI attribute sets. Contributed by Stefan Winter, (c) RESTENA */
190  while ($resa = radius_get_attr($radius)) {
191 
192  if (!is_array($resa)) {
193  throw new Exception('Error getting radius attributes: ' .
194  radius_strerror($radius));
195  }
196 
197  /* Use the received user name */
198  if ($resa['attr'] == RADIUS_USER_NAME) {
199  $attributes[$this->usernameAttribute] = array($resa['data']);
200  continue;
201  }
202 
203  if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) {
204  continue;
205  }
206 
207  $resv = radius_get_vendor_attr($resa['data']);
208  if (!is_array($resv)) {
209  throw new Exception('Error getting vendor specific attribute: ' .
210  radius_strerror($radius));
211  }
212 
213  $vendor = $resv['vendor'];
214  $attrv = $resv['attr'];
215  $datav = $resv['data'];
216 
217  if ($vendor != $this->vendor || $attrv != $this->vendorType) {
218  continue;
219  }
220 
221  $attrib_name = strtok($datav,'=');
222  $attrib_value = strtok('=');
223 
224  /* if the attribute name is already in result set,
225  add another value */
226  if (array_key_exists($attrib_name, $attributes)) {
227  $attributes[$attrib_name][] = $attrib_value;
228  } else {
229  $attributes[$attrib_name] = array($attrib_value);
230  }
231  }
232  /* end of contribution */
233 
234  return $attributes;
235  }
sspmod_radius_Auth_Source_Radius\$usernameAttribute
$usernameAttribute
The attribute name where the username should be stored.
Definition: Radius.php:50
$attributes
$attributes
Definition: serviceValidate.php:33
$password
$password
Definition: pwgen.php:17
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
$success
$success
Definition: Utf8Test.php:86
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
sspmod_radius_Auth_Source_Radius\$vendor
$vendor
The vendor for the RADIUS attributes we are interrested in.
Definition: Radius.php:55
SimpleSAML_Error_Error
Definition: Error.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$server
$server
Definition: getUserInfo.php:12
+ Here is the call graph for this function:

Field Documentation

◆ $hostname

sspmod_radius_Auth_Source_Radius::$hostname
private

The hostname of the radius server.

Definition at line 20 of file Radius.php.

◆ $nasIdentifier

sspmod_radius_Auth_Source_Radius::$nasIdentifier
private

The NAS-Identifier that should be set in Access-Request packets.

Definition at line 66 of file Radius.php.

◆ $port

sspmod_radius_Auth_Source_Radius::$port
private

The port of the radius server.

Definition at line 25 of file Radius.php.

◆ $realm

sspmod_radius_Auth_Source_Radius::$realm
private

The realm to be added to the entered username.

Definition at line 45 of file Radius.php.

◆ $retries

sspmod_radius_Auth_Source_Radius::$retries
private

The number of retries which should be attempted.

Definition at line 40 of file Radius.php.

◆ $secret

sspmod_radius_Auth_Source_Radius::$secret
private

The secret used when communicating with the radius server.

Definition at line 30 of file Radius.php.

◆ $servers

sspmod_radius_Auth_Source_Radius::$servers
private

The list of radius servers to use.

Definition at line 15 of file Radius.php.

◆ $timeout

sspmod_radius_Auth_Source_Radius::$timeout
private

The timeout for contacting the radius server.

Definition at line 35 of file Radius.php.

◆ $usernameAttribute

sspmod_radius_Auth_Source_Radius::$usernameAttribute
private

The attribute name where the username should be stored.

Definition at line 50 of file Radius.php.

Referenced by login().

◆ $vendor

sspmod_radius_Auth_Source_Radius::$vendor
private

The vendor for the RADIUS attributes we are interrested in.

Definition at line 55 of file Radius.php.

Referenced by login().

◆ $vendorType

sspmod_radius_Auth_Source_Radius::$vendorType
private

The vendor-specific attribute for the RADIUS attributes we are interrested in.

Definition at line 61 of file Radius.php.

The documentation for this class was generated from the following file: