1 | <?php |
---|
2 | /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */ |
---|
3 | |
---|
4 | /** |
---|
5 | * Storage driver for use against RADIUS servers |
---|
6 | * |
---|
7 | * PHP versions 4 and 5 |
---|
8 | * |
---|
9 | * LICENSE: This source file is subject to version 3.01 of the PHP license |
---|
10 | * that is available through the world-wide-web at the following URI: |
---|
11 | * http://www.php.net/license/3_01.txt. If you did not receive a copy of |
---|
12 | * the PHP License and are unable to obtain it through the web, please |
---|
13 | * send a note to license@php.net so we can mail you a copy immediately. |
---|
14 | * |
---|
15 | * @category Authentication |
---|
16 | * @package Auth |
---|
17 | * @author Michael Bretterklieber <michael@bretterklieber.com> |
---|
18 | * @author Adam Ashley <aashley@php.net> |
---|
19 | * @copyright 2001-2006 The PHP Group |
---|
20 | * @license http://www.php.net/license/3_01.txt PHP License 3.01 |
---|
21 | * @version CVS: $Id: RADIUS.php 8713 2006-12-01 05:08:34Z kakinaka $ |
---|
22 | * @link http://pear.php.net/package/Auth |
---|
23 | * @since File available since Release 1.2.0 |
---|
24 | */ |
---|
25 | |
---|
26 | /** |
---|
27 | * Include Auth_Container base class |
---|
28 | */ |
---|
29 | require_once "Auth/Container.php"; |
---|
30 | /** |
---|
31 | * Include PEAR Auth_RADIUS package |
---|
32 | */ |
---|
33 | require_once "Auth/RADIUS.php"; |
---|
34 | |
---|
35 | /** |
---|
36 | * Storage driver for authenticating users against RADIUS servers. |
---|
37 | * |
---|
38 | * @category Authentication |
---|
39 | * @package Auth |
---|
40 | * @author Michael Bretterklieber <michael@bretterklieber.com> |
---|
41 | * @author Adam Ashley <aashley@php.net> |
---|
42 | * @copyright 2001-2006 The PHP Group |
---|
43 | * @license http://www.php.net/license/3_01.txt PHP License 3.01 |
---|
44 | * @version Release: 1.4.2 File: $Revision: 8713 $ |
---|
45 | * @link http://pear.php.net/package/Auth |
---|
46 | * @since Class available since Release 1.2.0 |
---|
47 | */ |
---|
48 | class Auth_Container_RADIUS extends Auth_Container |
---|
49 | { |
---|
50 | |
---|
51 | // {{{ properties |
---|
52 | |
---|
53 | /** |
---|
54 | * Contains a RADIUS object |
---|
55 | * @var object |
---|
56 | */ |
---|
57 | var $radius; |
---|
58 | |
---|
59 | /** |
---|
60 | * Contains the authentication type |
---|
61 | * @var string |
---|
62 | */ |
---|
63 | var $authtype; |
---|
64 | |
---|
65 | // }}} |
---|
66 | // {{{ Auth_Container_RADIUS() [constructor] |
---|
67 | |
---|
68 | /** |
---|
69 | * Constructor of the container class. |
---|
70 | * |
---|
71 | * $options can have these keys: |
---|
72 | * 'servers' an array containing an array: servername, port, |
---|
73 | * sharedsecret, timeout, maxtries |
---|
74 | * 'configfile' The filename of the configuration file |
---|
75 | * 'authtype' The type of authentication, one of: PAP, CHAP_MD5, |
---|
76 | * MSCHAPv1, MSCHAPv2, default is PAP |
---|
77 | * |
---|
78 | * @param $options associative array |
---|
79 | * @return object Returns an error object if something went wrong |
---|
80 | */ |
---|
81 | function Auth_Container_RADIUS($options) |
---|
82 | { |
---|
83 | $this->authtype = 'PAP'; |
---|
84 | if (isset($options['authtype'])) { |
---|
85 | $this->authtype = $options['authtype']; |
---|
86 | } |
---|
87 | $classname = 'Auth_RADIUS_' . $this->authtype; |
---|
88 | if (!class_exists($classname)) { |
---|
89 | PEAR::raiseError("Unknown Authtype, please use one of: " |
---|
90 | ."PAP, CHAP_MD5, MSCHAPv1, MSCHAPv2!", 41, PEAR_ERROR_DIE); |
---|
91 | } |
---|
92 | |
---|
93 | $this->radius = new $classname; |
---|
94 | |
---|
95 | if (isset($options['configfile'])) { |
---|
96 | $this->radius->setConfigfile($options['configfile']); |
---|
97 | } |
---|
98 | |
---|
99 | $servers = $options['servers']; |
---|
100 | if (is_array($servers)) { |
---|
101 | foreach ($servers as $server) { |
---|
102 | $servername = $server[0]; |
---|
103 | $port = isset($server[1]) ? $server[1] : 0; |
---|
104 | $sharedsecret = isset($server[2]) ? $server[2] : 'testing123'; |
---|
105 | $timeout = isset($server[3]) ? $server[3] : 3; |
---|
106 | $maxtries = isset($server[4]) ? $server[4] : 3; |
---|
107 | $this->radius->addServer($servername, $port, $sharedsecret, $timeout, $maxtries); |
---|
108 | } |
---|
109 | } |
---|
110 | |
---|
111 | if (!$this->radius->start()) { |
---|
112 | PEAR::raiseError($this->radius->getError(), 41, PEAR_ERROR_DIE); |
---|
113 | } |
---|
114 | } |
---|
115 | |
---|
116 | // }}} |
---|
117 | // {{{ fetchData() |
---|
118 | |
---|
119 | /** |
---|
120 | * Authenticate |
---|
121 | * |
---|
122 | * @param string Username |
---|
123 | * @param string Password |
---|
124 | * @return bool true on success, false on reject |
---|
125 | */ |
---|
126 | function fetchData($username, $password, $challenge = null) |
---|
127 | { |
---|
128 | switch($this->authtype) { |
---|
129 | case 'CHAP_MD5': |
---|
130 | case 'MSCHAPv1': |
---|
131 | if (isset($challenge)) { |
---|
132 | $this->radius->challenge = $challenge; |
---|
133 | $this->radius->chapid = 1; |
---|
134 | $this->radius->response = pack('H*', $password); |
---|
135 | } else { |
---|
136 | require_once 'Crypt/CHAP.php'; |
---|
137 | $classname = 'Crypt_' . $this->authtype; |
---|
138 | $crpt = new $classname; |
---|
139 | $crpt->password = $password; |
---|
140 | $this->radius->challenge = $crpt->challenge; |
---|
141 | $this->radius->chapid = $crpt->chapid; |
---|
142 | $this->radius->response = $crpt->challengeResponse(); |
---|
143 | break; |
---|
144 | } |
---|
145 | |
---|
146 | case 'MSCHAPv2': |
---|
147 | require_once 'Crypt/CHAP.php'; |
---|
148 | $crpt = new Crypt_MSCHAPv2; |
---|
149 | $crpt->username = $username; |
---|
150 | $crpt->password = $password; |
---|
151 | $this->radius->challenge = $crpt->authChallenge; |
---|
152 | $this->radius->peerChallenge = $crpt->peerChallenge; |
---|
153 | $this->radius->chapid = $crpt->chapid; |
---|
154 | $this->radius->response = $crpt->challengeResponse(); |
---|
155 | break; |
---|
156 | |
---|
157 | default: |
---|
158 | $this->radius->password = $password; |
---|
159 | break; |
---|
160 | } |
---|
161 | |
---|
162 | $this->radius->username = $username; |
---|
163 | |
---|
164 | $this->radius->putAuthAttributes(); |
---|
165 | $result = $this->radius->send(); |
---|
166 | if (PEAR::isError($result)) { |
---|
167 | return false; |
---|
168 | } |
---|
169 | |
---|
170 | $this->radius->getAttributes(); |
---|
171 | // just for debugging |
---|
172 | // $this->radius->dumpAttributes(); |
---|
173 | |
---|
174 | return $result; |
---|
175 | } |
---|
176 | |
---|
177 | // }}} |
---|
178 | |
---|
179 | } |
---|
180 | ?> |
---|