ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Radius.php
Go to the documentation of this file.
1<?php
2
11{
15 private $servers;
16
20 private $hostname;
21
25 private $port;
26
30 private $secret;
31
35 private $timeout;
36
40 private $retries;
41
45 private $realm;
46
51
55 private $vendor;
56
61 private $vendorType;
62
67
74 public function __construct($info, $config)
75 {
76 assert('is_array($info)');
77 assert('is_array($config)');
78
79 // Call the parent constructor first, as required by the interface
80 parent::__construct($info, $config);
81
82 // Parse configuration.
84 'Authentication source ' . var_export($this->authId, true));
85
86 $this->servers = $config->getArray('servers', array());
87 /* For backwards compatibility. */
88 if (empty($this->servers)) {
89 $this->hostname = $config->getString('hostname');
90 $this->port = $config->getIntegerRange('port', 1, 65535, 1812);
91 $this->secret = $config->getString('secret');
92 $this->servers[] = array('hostname' => $this->hostname,
93 'port' => $this->port,
94 'secret' => $this->secret);
95 }
96 $this->timeout = $config->getInteger('timeout', 5);
97 $this->retries = $config->getInteger('retries', 3);
98 $this->realm = $config->getString('realm', null);
99 $this->usernameAttribute = $config->getString('username_attribute', null);
100 $this->nasIdentifier = $config->getString('nas_identifier',
101 \SimpleSAML\Utils\HTTP::getSelfHost());
102
103 $this->vendor = $config->getInteger('attribute_vendor', null);
104 if ($this->vendor !== null) {
105 $this->vendorType = $config->getInteger('attribute_vendor_type');
106 }
107 }
108
109
117 protected function login($username, $password)
118 {
119 assert('is_string($username)');
120 assert('is_string($password)');
121
122 $radius = radius_auth_open();
123
124 /* Try to add all radius servers, trigger a failure if no one works. */
125 $success = false;
126 foreach ($this->servers as $server) {
127 if (!isset($server['port'])) {
128 $server['port'] = 1812;
129 }
130 if (!radius_add_server($radius,
131 $server['hostname'], $server['port'], $server['secret'],
132 $this->timeout, $this->retries)) {
133 SimpleSAML\Logger::info("Could not add radius server: " .
134 radius_strerror($radius));
135 continue;
136 }
137 $success = true;
138 }
139 if (!$success) {
140 throw new Exception('Error adding radius servers, no servers available');
141 }
142
143 if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) {
144 throw new Exception('Error creating radius request: ' .
145 radius_strerror($radius));
146 }
147
148 if ($this->realm === null) {
149 radius_put_attr($radius, RADIUS_USER_NAME, $username);
150 } else {
151 radius_put_attr($radius, RADIUS_USER_NAME, $username . '@' . $this->realm);
152 }
153 radius_put_attr($radius, RADIUS_USER_PASSWORD, $password);
154
155 if ($this->nasIdentifier !== null) {
156 radius_put_attr($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier);
157 }
158
159 $res = radius_send_request($radius);
160 if ($res != RADIUS_ACCESS_ACCEPT) {
161 switch ($res) {
162 case RADIUS_ACCESS_REJECT:
163 /* Invalid username or password. */
164 throw new SimpleSAML_Error_Error('WRONGUSERPASS');
165 case RADIUS_ACCESS_CHALLENGE:
166 throw new Exception('Radius authentication error: Challenge requested, but not supported.');
167 default:
168 throw new Exception('Error during radius authentication: ' .
169 radius_strerror($radius));
170 }
171 }
172
173 /* If we get this far, we have a valid login. */
174
175 $attributes = array();
176
177 if ($this->usernameAttribute !== null) {
178 $attributes[$this->usernameAttribute] = array($username);
179 }
180
181 if ($this->vendor === null) {
182 /*
183 * We aren't interested in any vendor-specific attributes. We are
184 * therefore done now.
185 */
186 return $attributes;
187 }
188
189 /* get AAI attribute sets. Contributed by Stefan Winter, (c) RESTENA */
190 while ($resa = radius_get_attr($radius)) {
191
192 if (!is_array($resa)) {
193 throw new Exception('Error getting radius attributes: ' .
194 radius_strerror($radius));
195 }
196
197 /* Use the received user name */
198 if ($resa['attr'] == RADIUS_USER_NAME) {
199 $attributes[$this->usernameAttribute] = array($resa['data']);
200 continue;
201 }
202
203 if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) {
204 continue;
205 }
206
207 $resv = radius_get_vendor_attr($resa['data']);
208 if (!is_array($resv)) {
209 throw new Exception('Error getting vendor specific attribute: ' .
210 radius_strerror($radius));
211 }
212
213 $vendor = $resv['vendor'];
214 $attrv = $resv['attr'];
215 $datav = $resv['data'];
216
217 if ($vendor != $this->vendor || $attrv != $this->vendorType) {
218 continue;
219 }
220
221 $attrib_name = strtok($datav,'=');
222 $attrib_value = strtok('=');
223
224 /* if the attribute name is already in result set,
225 add another value */
226 if (array_key_exists($attrib_name, $attributes)) {
227 $attributes[$attrib_name][] = $attrib_value;
228 } else {
229 $attributes[$attrib_name] = array($attrib_value);
230 }
231 }
232 /* end of contribution */
233
234 return $attributes;
235 }
236}
$success
Definition: Utf8Test.php:86
An exception for terminatinating execution or to throw for unit testing.
static info($string)
Definition: Logger.php:201
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
$secret
The secret used when communicating with the radius server.
Definition: Radius.php:30
login($username, $password)
Attempt to log in using the given username and password.
Definition: Radius.php:117
$servers
The list of radius servers to use.
Definition: Radius.php:15
__construct($info, $config)
Constructor for this authentication source.
Definition: Radius.php:74
$port
The port of the radius server.
Definition: Radius.php:25
$nasIdentifier
The NAS-Identifier that should be set in Access-Request packets.
Definition: Radius.php:66
$usernameAttribute
The attribute name where the username should be stored.
Definition: Radius.php:50
$timeout
The timeout for contacting the radius server.
Definition: Radius.php:35
$retries
The number of retries which should be attempted.
Definition: Radius.php:40
$hostname
The hostname of the radius server.
Definition: Radius.php:20
$vendorType
The vendor-specific attribute for the RADIUS attributes we are interrested in.
Definition: Radius.php:61
$vendor
The vendor for the RADIUS attributes we are interrested in.
Definition: Radius.php:55
$realm
The realm to be added to the entered username.
Definition: Radius.php:45
$server
Definition: getUserInfo.php:12
$info
Definition: index.php:5
Attribute-related utility methods.
$password
Definition: pwgen.php:17
foreach($_POST as $key=> $value) $res
$attributes