2 // This file is part of Moodle - http://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
18 * Authentication Plugin: RADIUS Authentication
20 * Authenticates against a RADIUS server.
21 * Contributed by Clive Gould <clive@ce.bromley.ac.uk>
22 * CHAP support contributed by Stanislav Tsymbalov http://www.tsymbalov.net/
24 * @package auth_radius
25 * @author Martin Dougiamas
26 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
29 defined('MOODLE_INTERNAL') ||
die();
31 require_once($CFG->libdir
.'/authlib.php');
34 * RADIUS authentication plugin.
36 class auth_plugin_radius
extends auth_plugin_base
{
41 public function __construct() {
42 $this->authtype
= 'radius';
43 $this->config
= get_config('auth/radius');
47 * Old syntax of class constructor for backward compatibility.
49 public function auth_plugin_radius() {
54 * Returns true if the username and password work and false if they are
55 * wrong or don't exist.
57 * @param string $username The username
58 * @param string $password The password
59 * @return bool Authentication success or failure.
61 function user_login ($username, $password) {
62 require_once 'Auth/RADIUS.php';
63 require_once 'Crypt/CHAP.php';
65 // Added by Clive on 7th May for test purposes
66 // printf("Username: $username <br/>");
67 // printf("Password: $password <br/>");
68 // printf("host: $this->config->host <br/>");
69 // printf("nasport: $this->config->nasport <br/>");
70 // printf("secret: $this->config->secret <br/>");
72 // Added by Stanislav Tsymbalov on 12th March 2008 only for test purposes
77 $type = $this->config
->radiustype
;
82 $classname = 'Auth_RADIUS_' . $type;
83 $rauth = new $classname($username, $password);
84 $rauth->addServer($this->config
->host
, $this->config
->nasport
, $this->config
->secret
);
86 $rauth->username
= $username;
91 $classname = $type == 'MSCHAPv1' ?
'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
92 $crpt = new $classname;
93 $crpt->password
= $password;
94 $rauth->challenge
= $crpt->challenge
;
95 $rauth->chapid
= $crpt->chapid
;
96 $rauth->response
= $crpt->challengeResponse();
98 // If you must use deprecated and weak LAN-Manager-Responses use this:
99 // $rauth->lmResponse = $crpt->lmChallengeResponse();
100 // $rauth->flags = 0;
104 $crpt = new Crypt_CHAP_MSv2
;
105 $crpt->username
= $username;
106 $crpt->password
= $password;
107 $rauth->challenge
= $crpt->authChallenge
;
108 $rauth->peerChallenge
= $crpt->peerChallenge
;
109 $rauth->chapid
= $crpt->chapid
;
110 $rauth->response
= $crpt->challengeResponse();
114 $rauth->password
= $password;
118 if (!$rauth->start()) {
119 printf("Radius start: %s<br/>\n", $rauth->getError());
123 $result = $rauth->send();
124 if ($rauth->isError($result)) {
125 printf("Radius send failed: %s<br/>\n", $result->getMessage());
127 } else if ($result === true) {
128 // printf("Radius Auth succeeded<br/>\n");
131 // printf("Radius Auth rejected<br/>\n");
135 // get attributes, even if auth failed
136 if (!$rauth->getAttributes()) {
137 printf("Radius getAttributes: %s<br/>\n", $rauth->getError());
139 $rauth->dumpAttributes();
145 function prevent_local_passwords() {
150 * Returns true if this authentication plugin is 'internal'.
154 function is_internal() {
159 * Returns true if this authentication plugin can change the user's
164 function can_change_password() {
169 * Prints a form for configuring this authentication plugin.
171 * This function is called from admin/auth.php, and outputs a full page with
172 * a form for configuring this plugin.
174 * @param array $page An object containing all the data for this page.
176 function config_form($config, $err, $user_fields) {
179 include "config.html";
183 * Processes and stores configuration data for this authentication plugin.
185 function process_config($config) {
186 // set to defaults if undefined
187 if (!isset ($config->host
)) {
188 $config->host
= '127.0.0.1';
190 if (!isset ($config->nasport
)) {
191 $config->nasport
= '1812';
193 if (!isset($config->radiustype
)) {
194 $config->radiustype
= 'PAP';
196 if (!isset ($config->secret
)) {
197 $config->secret
= '';
199 if (!isset($config->changepasswordurl
)) {
200 $config->changepasswordurl
= '';
204 set_config('host', $config->host
, 'auth/radius');
205 set_config('nasport', $config->nasport
, 'auth/radius');
206 set_config('secret', $config->secret
, 'auth/radius');
207 set_config('changepasswordurl', $config->changepasswordurl
, 'auth/radius');
208 set_config('radiustype', $config->radiustype
, 'auth/radius');