search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-27675 mod_feedback: Tidy up of phpdocs and scope within feedback mod
[moodle.git] / auth / radius / auth.php
blob5795978c4bad7da85f87ba866a2308973f53a80c
1 <?php
2
3 /**
4 * @author Martin Dougiamas
5 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
6 * @package moodle multiauth
7 *
8 * Authentication Plugin: RADIUS Authentication
9 *
10 * Authenticates against a RADIUS server.
11 * Contributed by Clive Gould <clive@ce.bromley.ac.uk>
12 * CHAP support contributed by Stanislav Tsymbalov http://www.tsymbalov.net/
13 *
14 * 2006-08-31 File created.
15 * 2008-03-12 CHAP support added by Stanislav Tsymbalov.
16 */
17
18 if (!defined('MOODLE_INTERNAL')) {
19 die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
20 }
21
22 require_once($CFG->libdir.'/authlib.php');
23
24 /**
25 * RADIUS authentication plugin.
26 */
27 class auth_plugin_radius extends auth_plugin_base {
28
29 /**
30 * Constructor.
31 */
32 function auth_plugin_radius() {
33 $this->authtype = 'radius';
34 $this->config = get_config('auth/radius');
35 }
36
37 /**
38 * Returns true if the username and password work and false if they are
39 * wrong or don't exist.
40 *
41 * @param string $username The username
42 * @param string $password The password
43 * @return bool Authentication success or failure.
44 */
45 function user_login ($username, $password) {
46 require_once 'Auth/RADIUS.php';
47 require_once 'Crypt/CHAP.php';
48
49 // Added by Clive on 7th May for test purposes
50 // printf("Username: $username <br/>");
51 // printf("Password: $password <br/>");
52 // printf("host: $this->config->host <br/>");
53 // printf("nasport: $this->config->nasport <br/>");
54 // printf("secret: $this->config->secret <br/>");
55
56 // Added by Stanislav Tsymbalov on 12th March 2008 only for test purposes
57 //$type = 'PAP';
58 //$type = 'CHAP_MD5';
59 //$type = 'MSCHAPv1';
60 //$type = 'MSCHAPv2';
61 $type = $this->config->radiustype;
62 if (empty($type)) {
63 $type = 'PAP';
64 }
65
66 $classname = 'Auth_RADIUS_' . $type;
67 $rauth = new $classname($username, $password);
68 $rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret);
69
70 $rauth->username = $username;
71
72 switch($type) {
73 case 'CHAP_MD5':
74 case 'MSCHAPv1':
75 $classname = $type == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
76 $crpt = new $classname;
77 $crpt->password = $password;
78 $rauth->challenge = $crpt->challenge;
79 $rauth->chapid = $crpt->chapid;
80 $rauth->response = $crpt->challengeResponse();
81 $rauth->flags = 1;
82 // If you must use deprecated and weak LAN-Manager-Responses use this:
83 // $rauth->lmResponse = $crpt->lmChallengeResponse();
84 // $rauth->flags = 0;
85 break;
86
87 case 'MSCHAPv2':
88 $crpt = new Crypt_CHAP_MSv2;
89 $crpt->username = $username;
90 $crpt->password = $password;
91 $rauth->challenge = $crpt->authChallenge;
92 $rauth->peerChallenge = $crpt->peerChallenge;
93 $rauth->chapid = $crpt->chapid;
94 $rauth->response = $crpt->challengeResponse();
95 break;
96
97 default:
98 $rauth->password = $password;
99 break;
100 }
101
102 if (!$rauth->start()) {
103 printf("Radius start: %s<br/>\n", $rauth->getError());
104 exit;
105 }
106
107 $result = $rauth->send();
108 if (PEAR::isError($result)) {
109 printf("Radius send failed: %s<br/>\n", $result->getMessage());
110 exit;
111 } else if ($result === true) {
112 // printf("Radius Auth succeeded<br/>\n");
113 return true;
114 } else {
115 // printf("Radius Auth rejected<br/>\n");
116 return false;
117 }
118
119 // get attributes, even if auth failed
120 if (!$rauth->getAttributes()) {
121 printf("Radius getAttributes: %s<br/>\n", $rauth->getError());
122 } else {
123 $rauth->dumpAttributes();
124 }
125
126 $rauth->close();
127 }
128
129 function prevent_local_passwords() {
130 return true;
131 }
132
133 /**
134 * Returns true if this authentication plugin is 'internal'.
135 *
136 * @return bool
137 */
138 function is_internal() {
139 return false;
140 }
141
142 /**
143 * Returns true if this authentication plugin can change the user's
144 * password.
145 *
146 * @return bool
147 */
148 function can_change_password() {
149 return false;
150 }
151
152 /**
153 * Prints a form for configuring this authentication plugin.
154 *
155 * This function is called from admin/auth.php, and outputs a full page with
156 * a form for configuring this plugin.
157 *
158 * @param array $page An object containing all the data for this page.
159 */
160 function config_form($config, $err, $user_fields) {
161 global $OUTPUT;
162
163 include "config.html";
164 }
165
166 /**
167 * Processes and stores configuration data for this authentication plugin.
168 */
169 function process_config($config) {
170 // set to defaults if undefined
171 if (!isset ($config->host)) {
172 $config->host = '127.0.0.1';
173 }
174 if (!isset ($config->nasport)) {
175 $config->nasport = '1812';
176 }
177 if (!isset($config->radiustype)) {
178 $config->radiustype = 'PAP';
179 }
180 if (!isset ($config->secret)) {
181 $config->secret = '';
182 }
183 if (!isset($config->changepasswordurl)) {
184 $config->changepasswordurl = '';
185 }
186
187 // save settings
188 set_config('host', $config->host, 'auth/radius');
189 set_config('nasport', $config->nasport, 'auth/radius');
190 set_config('secret', $config->secret, 'auth/radius');
191 set_config('changepasswordurl', $config->changepasswordurl, 'auth/radius');
192 set_config('radiustype', $config->radiustype, 'auth/radius');
193
194 return true;
195 }
196
197 }
198
199
Read-only mirror of the Moodle CVS