documentation/moodle/auth_2radius_2auth_8php_source.html

00001 <?php
00002
00018 if (!defined('MOODLE_INTERNAL')) {
00019     die('Direct access to this script is forbidden.');
00020 }
00021
00022 require_once($CFG->libdir.'/authlib.php');
00023
00027 class auth_plugin_radius extends auth_plugin_base {
00028
00032     function auth_plugin_radius() {
00033         $this->authtype = 'radius';
00034         $this->config = get_config('auth/radius');
00035     }
00036
00045     function user_login ($username, $password) {
00046         require_once 'Auth/RADIUS.php';
00047         require_once 'Crypt/CHAP.php';
00048
00049         // Added by Clive on 7th May for test purposes
00050         // printf("Username: $username <br/>");
00051         // printf("Password: $password <br/>");
00052         // printf("host: $this->config->host <br/>");
00053         // printf("nasport: $this->config->nasport <br/>");
00054         // printf("secret: $this->config->secret <br/>");
00055
00056         // Added by Stanislav Tsymbalov on 12th March 2008 only for test purposes
00057         //$type = 'PAP';
00058         //$type = 'CHAP_MD5';
00059         //$type = 'MSCHAPv1';
00060         //$type = 'MSCHAPv2';
00061         $type = $this->config->radiustype;
00062         if (empty($type)) {
00063             $type = 'PAP';
00064         }
00065
00066         $classname = 'Auth_RADIUS_' . $type;
00067         $rauth = new $classname($username, $password);
00068         $rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret);
00069
00070         $rauth->username = $username;
00071
00072         switch($type) {
00073         case 'CHAP_MD5':
00074         case 'MSCHAPv1':
00075             $classname = $type == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
00076             $crpt = new $classname;
00077             $crpt->password = $password;
00078             $rauth->challenge = $crpt->challenge;
00079             $rauth->chapid = $crpt->chapid;
00080             $rauth->response = $crpt->challengeResponse();
00081             $rauth->flags = 1;
00082             // If you must use deprecated and weak LAN-Manager-Responses use this:
00083             // $rauth->lmResponse = $crpt->lmChallengeResponse();
00084             // $rauth->flags = 0;
00085             break;
00086
00087         case 'MSCHAPv2':
00088             $crpt = new Crypt_CHAP_MSv2;
00089             $crpt->username = $username;
00090             $crpt->password = $password;
00091             $rauth->challenge = $crpt->authChallenge;
00092             $rauth->peerChallenge = $crpt->peerChallenge;
00093             $rauth->chapid = $crpt->chapid;
00094             $rauth->response = $crpt->challengeResponse();
00095             break;
00096
00097         default:
00098             $rauth->password = $password;
00099             break;
00100         }
00101
00102         if (!$rauth->start()) {
00103             printf("Radius start: %s<br/>\n", $rauth->getError());
00104             exit;
00105         }
00106
00107         $result = $rauth->send();
00108         if (PEAR::isError($result)) {
00109             printf("Radius send failed: %s<br/>\n", $result->getMessage());
00110             exit;
00111         } else if ($result === true) {
00112             // printf("Radius Auth succeeded<br/>\n");
00113             return true;
00114         } else {
00115             // printf("Radius Auth rejected<br/>\n");
00116             return false;
00117         }
00118
00119         // get attributes, even if auth failed
00120         if (!$rauth->getAttributes()) {
00121             printf("Radius getAttributes: %s<br/>\n", $rauth->getError());
00122         } else {
00123             $rauth->dumpAttributes();
00124         }
00125
00126         $rauth->close();
00127     }
00128
00129     function prevent_local_passwords() {
00130         return true;
00131     }
00132
00138     function is_internal() {
00139         return false;
00140     }
00141
00148     function can_change_password() {
00149         return false;
00150     }
00151
00160     function config_form($config, $err, $user_fields) {
00161         global $OUTPUT;
00162
00163         include "config.html";
00164     }
00165
00169     function process_config($config) {
00170         // set to defaults if undefined
00171         if (!isset ($config->host)) {
00172             $config->host = '127.0.0.1';
00173         }
00174         if (!isset ($config->nasport)) {
00175             $config->nasport = '1812';
00176         }
00177         if (!isset($config->radiustype)) {
00178             $config->radiustype = 'PAP';
00179         }
00180         if (!isset ($config->secret)) {
00181             $config->secret = '';
00182         }
00183         if (!isset($config->changepasswordurl)) {
00184             $config->changepasswordurl = '';
00185         }
00186
00187         // save settings
00188         set_config('host',    $config->host,    'auth/radius');
00189         set_config('nasport', $config->nasport, 'auth/radius');
00190         set_config('secret',  $config->secret,  'auth/radius');
00191         set_config('changepasswordurl', $config->changepasswordurl, 'auth/radius');
00192         set_config('radiustype', $config->radiustype, 'auth/radius');
00193
00194         return true;
00195     }
00196
00197 }
00198
00199