/usr/share/php/Horde/Auth/Radius.php is in php-horde-auth 2.2.2-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | <?php
/**
* Copyright 2002-2017 Horde LLC (http://www.horde.org/)
*
* See the enclosed file COPYING for license information (LGPL). If you did
* not receive this file, see http://www.horde.org/licenses/lgpl21.
*
* @author Michael Slusarz <slusarz@horde.org>
* @category Horde
* @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
* @package Auth
*/
/**
* The Horde_Auth_Radius class provides a RADIUS implementation of the Horde
* authentication system.
*
* This class requires the 'radius' PECL extension:
* http://pecl.php.net/package/radius
*
* @author Michael Slusarz <slusarz@horde.org>
* @category Horde
* @copyright 2002-2017 Horde LLC
* @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
* @package Auth
*/
class Horde_Auth_Radius extends Horde_Auth_Base
{
/**
* Constructor.
*
* @param array $params Connection parameters.
* <pre>
* 'host' - (string) [REQUIRED] The RADIUS host to use (IP address or
* fully qualified hostname).
* 'method' - (string) [REQUIRED] The RADIUS method to use for validating
* the request.
* Either: 'PAP', 'CHAP_MD5', 'MSCHAPv1', or 'MSCHAPv2'.
* ** CURRENTLY, only 'PAP' is supported. **
* 'nas' - (string) The RADIUS NAS identifier to use.
* DEFAULT: The value of $_SERVER['HTTP_HOST'] or, if not
* defined, then 'localhost'.
* 'port' - (integer) The port to use on the RADIUS server.
* DEFAULT: Whatever the local system identifies as the
* 'radius' UDP port
* 'retries' - (integer) The maximum number of repeated requests to make
* before giving up.
* DEFAULT: 3
* 'secret' - (string) [REQUIRED] The RADIUS shared secret string for the
* host. The RADIUS protocol ignores all but the leading 128
* bytes of the shared secret.
* 'suffix' - (string) The domain name to add to unqualified user names.
* DEFAULT: NONE
* 'timeout' - (integer) The timeout for receiving replies from the server
* (in seconds).
* DEFAULT: 3
* </pre>
*
* @throws InvalidArgumentException
*/
public function __construct(array $params = array())
{
if (!Horde_Util::extensionExists('radius')) {
throw new Horde_Auth_Exception(__CLASS__ . ': requires the radius PECL extension to be loaded.');
}
foreach (array('host', 'secret', 'method') as $val) {
if (!isset($params[$val])) {
throw new InvalidArgumentException('Missing ' . $val . ' parameter.');
}
}
$params = array_merge(array(
'nas' => (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost'),
'port' => 0,
'retries' => 3,
'suffix' => '',
'timeout' => 3
), $params);
parent::__construct($params);
}
/**
* Find out if a set of login credentials are valid.
*
* @param string $username The userId to check.
* @param array $credentials An array of login credentials.
* For radius, this must contain a password
* entry.
*
* @throws Horde_Auth_Exception
*/
protected function _authenticate($username, $credentials)
{
/* Password is required. */
if (!isset($credentials['password'])) {
throw new Horde_Auth_Exception('Password required for RADIUS authentication.');
}
$res = radius_auth_open();
radius_add_server($res, $this->_params['host'], $this->_params['port'], $this->_params['secret'], $this->_params['timeout'], $this->_params['retries']);
radius_create_request($res, RADIUS_ACCESS_REQUEST);
radius_put_attr($res, RADIUS_NAS_IDENTIFIER, $this->_params['nas']);
radius_put_attr($res, RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL);
radius_put_attr($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED);
radius_put_attr($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP);
radius_put_attr($res, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : '127.0.0.1');
/* Insert username/password into request. */
radius_put_attr($res, RADIUS_USER_NAME, $username);
radius_put_attr($res, RADIUS_USER_PASSWORD, $credentials['password']);
/* Send request. */
$success = radius_send_request($res);
switch ($success) {
case RADIUS_ACCESS_ACCEPT:
break;
case RADIUS_ACCESS_REJECT:
throw new Horde_Auth_Exception('Authentication rejected by RADIUS server.');
default:
throw new Horde_Auth_Exception(radius_strerror($res));
}
}
}
|