| 1173 |
jp_milcent |
1 |
<?php
|
|
|
2 |
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
|
|
|
3 |
|
|
|
4 |
/**
|
|
|
5 |
* Storage driver for use against RADIUS servers
|
|
|
6 |
*
|
|
|
7 |
* PHP versions 4 and 5
|
|
|
8 |
*
|
|
|
9 |
* LICENSE: This source file is subject to version 3.01 of the PHP license
|
|
|
10 |
* that is available through the world-wide-web at the following URI:
|
|
|
11 |
* http://www.php.net/license/3_01.txt. If you did not receive a copy of
|
|
|
12 |
* the PHP License and are unable to obtain it through the web, please
|
|
|
13 |
* send a note to license@php.net so we can mail you a copy immediately.
|
|
|
14 |
*
|
|
|
15 |
* @category Authentication
|
|
|
16 |
* @package Auth
|
|
|
17 |
* @author Michael Bretterklieber <michael@bretterklieber.com>
|
|
|
18 |
* @author Adam Ashley <aashley@php.net>
|
|
|
19 |
* @copyright 2001-2006 The PHP Group
|
|
|
20 |
* @license http://www.php.net/license/3_01.txt PHP License 3.01
|
|
|
21 |
* @version CVS: $Id: RADIUS.php,v 1.2 2006-12-14 15:04:28 jp_milcent Exp $
|
|
|
22 |
* @link http://pear.php.net/package/Auth
|
|
|
23 |
* @since File available since Release 1.2.0
|
|
|
24 |
*/
|
|
|
25 |
|
|
|
26 |
/**
|
|
|
27 |
* Include Auth_Container base class
|
|
|
28 |
*/
|
|
|
29 |
require_once "Auth/Container.php";
|
|
|
30 |
/**
|
|
|
31 |
* Include PEAR Auth_RADIUS package
|
|
|
32 |
*/
|
|
|
33 |
require_once "Auth/RADIUS.php";
|
|
|
34 |
|
|
|
35 |
/**
|
|
|
36 |
* Storage driver for authenticating users against RADIUS servers.
|
|
|
37 |
*
|
|
|
38 |
* @category Authentication
|
|
|
39 |
* @package Auth
|
|
|
40 |
* @author Michael Bretterklieber <michael@bretterklieber.com>
|
|
|
41 |
* @author Adam Ashley <aashley@php.net>
|
|
|
42 |
* @copyright 2001-2006 The PHP Group
|
|
|
43 |
* @license http://www.php.net/license/3_01.txt PHP License 3.01
|
|
|
44 |
* @version Release: 1.4.3 File: $Revision: 1.2 $
|
|
|
45 |
* @link http://pear.php.net/package/Auth
|
|
|
46 |
* @since Class available since Release 1.2.0
|
|
|
47 |
*/
|
|
|
48 |
class Auth_Container_RADIUS extends Auth_Container
|
|
|
49 |
{
|
|
|
50 |
|
|
|
51 |
// {{{ properties
|
|
|
52 |
|
|
|
53 |
/**
|
|
|
54 |
* Contains a RADIUS object
|
|
|
55 |
* @var object
|
|
|
56 |
*/
|
|
|
57 |
var $radius;
|
|
|
58 |
|
|
|
59 |
/**
|
|
|
60 |
* Contains the authentication type
|
|
|
61 |
* @var string
|
|
|
62 |
*/
|
|
|
63 |
var $authtype;
|
|
|
64 |
|
|
|
65 |
// }}}
|
|
|
66 |
// {{{ Auth_Container_RADIUS() [constructor]
|
|
|
67 |
|
|
|
68 |
/**
|
|
|
69 |
* Constructor of the container class.
|
|
|
70 |
*
|
|
|
71 |
* $options can have these keys:
|
|
|
72 |
* 'servers' an array containing an array: servername, port,
|
|
|
73 |
* sharedsecret, timeout, maxtries
|
|
|
74 |
* 'configfile' The filename of the configuration file
|
|
|
75 |
* 'authtype' The type of authentication, one of: PAP, CHAP_MD5,
|
|
|
76 |
* MSCHAPv1, MSCHAPv2, default is PAP
|
|
|
77 |
*
|
|
|
78 |
* @param $options associative array
|
|
|
79 |
* @return object Returns an error object if something went wrong
|
|
|
80 |
*/
|
|
|
81 |
function Auth_Container_RADIUS($options)
|
|
|
82 |
{
|
|
|
83 |
$this->authtype = 'PAP';
|
|
|
84 |
if (isset($options['authtype'])) {
|
|
|
85 |
$this->authtype = $options['authtype'];
|
|
|
86 |
}
|
|
|
87 |
$classname = 'Auth_RADIUS_' . $this->authtype;
|
|
|
88 |
if (!class_exists($classname)) {
|
|
|
89 |
PEAR::raiseError("Unknown Authtype, please use one of: "
|
|
|
90 |
."PAP, CHAP_MD5, MSCHAPv1, MSCHAPv2!", 41, PEAR_ERROR_DIE);
|
|
|
91 |
}
|
|
|
92 |
|
|
|
93 |
$this->radius = new $classname;
|
|
|
94 |
|
|
|
95 |
if (isset($options['configfile'])) {
|
|
|
96 |
$this->radius->setConfigfile($options['configfile']);
|
|
|
97 |
}
|
|
|
98 |
|
|
|
99 |
$servers = $options['servers'];
|
|
|
100 |
if (is_array($servers)) {
|
|
|
101 |
foreach ($servers as $server) {
|
|
|
102 |
$servername = $server[0];
|
|
|
103 |
$port = isset($server[1]) ? $server[1] : 0;
|
|
|
104 |
$sharedsecret = isset($server[2]) ? $server[2] : 'testing123';
|
|
|
105 |
$timeout = isset($server[3]) ? $server[3] : 3;
|
|
|
106 |
$maxtries = isset($server[4]) ? $server[4] : 3;
|
|
|
107 |
$this->radius->addServer($servername, $port, $sharedsecret, $timeout, $maxtries);
|
|
|
108 |
}
|
|
|
109 |
}
|
|
|
110 |
|
|
|
111 |
if (!$this->radius->start()) {
|
|
|
112 |
PEAR::raiseError($this->radius->getError(), 41, PEAR_ERROR_DIE);
|
|
|
113 |
}
|
|
|
114 |
}
|
|
|
115 |
|
|
|
116 |
// }}}
|
|
|
117 |
// {{{ fetchData()
|
|
|
118 |
|
|
|
119 |
/**
|
|
|
120 |
* Authenticate
|
|
|
121 |
*
|
|
|
122 |
* @param string Username
|
|
|
123 |
* @param string Password
|
|
|
124 |
* @return bool true on success, false on reject
|
|
|
125 |
*/
|
|
|
126 |
function fetchData($username, $password, $challenge = null)
|
|
|
127 |
{
|
|
|
128 |
switch($this->authtype) {
|
|
|
129 |
case 'CHAP_MD5':
|
|
|
130 |
case 'MSCHAPv1':
|
|
|
131 |
if (isset($challenge)) {
|
|
|
132 |
$this->radius->challenge = $challenge;
|
|
|
133 |
$this->radius->chapid = 1;
|
|
|
134 |
$this->radius->response = pack('H*', $password);
|
|
|
135 |
} else {
|
|
|
136 |
require_once 'Crypt/CHAP.php';
|
|
|
137 |
$classname = 'Crypt_' . $this->authtype;
|
|
|
138 |
$crpt = new $classname;
|
|
|
139 |
$crpt->password = $password;
|
|
|
140 |
$this->radius->challenge = $crpt->challenge;
|
|
|
141 |
$this->radius->chapid = $crpt->chapid;
|
|
|
142 |
$this->radius->response = $crpt->challengeResponse();
|
|
|
143 |
break;
|
|
|
144 |
}
|
|
|
145 |
|
|
|
146 |
case 'MSCHAPv2':
|
|
|
147 |
require_once 'Crypt/CHAP.php';
|
|
|
148 |
$crpt = new Crypt_MSCHAPv2;
|
|
|
149 |
$crpt->username = $username;
|
|
|
150 |
$crpt->password = $password;
|
|
|
151 |
$this->radius->challenge = $crpt->authChallenge;
|
|
|
152 |
$this->radius->peerChallenge = $crpt->peerChallenge;
|
|
|
153 |
$this->radius->chapid = $crpt->chapid;
|
|
|
154 |
$this->radius->response = $crpt->challengeResponse();
|
|
|
155 |
break;
|
|
|
156 |
|
|
|
157 |
default:
|
|
|
158 |
$this->radius->password = $password;
|
|
|
159 |
break;
|
|
|
160 |
}
|
|
|
161 |
|
|
|
162 |
$this->radius->username = $username;
|
|
|
163 |
|
|
|
164 |
$this->radius->putAuthAttributes();
|
|
|
165 |
$result = $this->radius->send();
|
|
|
166 |
if (PEAR::isError($result)) {
|
|
|
167 |
return false;
|
|
|
168 |
}
|
|
|
169 |
|
|
|
170 |
$this->radius->getAttributes();
|
|
|
171 |
// just for debugging
|
|
|
172 |
// $this->radius->dumpAttributes();
|
|
|
173 |
|
|
|
174 |
return $result;
|
|
|
175 |
}
|
|
|
176 |
|
|
|
177 |
// }}}
|
|
|
178 |
|
|
|
179 |
}
|
|
|
180 |
?>
|