source: moodle/trunk/fuentes/auth/radius/auth.php @ 1331

Last change on this file since 1331 was 1331, checked in by jrpelegrina, 3 years ago

Updated to moodle 3.0.3

File size: 6.4 KB
Line 
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Authentication Plugin: RADIUS Authentication
19 *
20 * Authenticates against a RADIUS server.
21 * Contributed by Clive Gould <clive@ce.bromley.ac.uk>
22 * CHAP support contributed by Stanislav Tsymbalov http://www.tsymbalov.net/
23 *
24 * @package auth_radius
25 * @author Martin Dougiamas
26 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
27 */
28
29defined('MOODLE_INTERNAL') || die();
30
31require_once($CFG->libdir.'/authlib.php');
32
33/**
34 * RADIUS authentication plugin.
35 */
36class auth_plugin_radius extends auth_plugin_base {
37
38    /**
39     * Constructor.
40     */
41    public function __construct() {
42        $this->authtype = 'radius';
43        $this->config = get_config('auth/radius');
44    }
45
46    /**
47     * Old syntax of class constructor for backward compatibility.
48     */
49    public function auth_plugin_radius() {
50        self::__construct();
51    }
52
53    /**
54     * Returns true if the username and password work and false if they are
55     * wrong or don't exist.
56     *
57     * @param string $username The username
58     * @param string $password The password
59     * @return bool Authentication success or failure.
60     */
61    function user_login ($username, $password) {
62        require_once 'Auth/RADIUS.php';
63        require_once 'Crypt/CHAP.php';
64
65        // Added by Clive on 7th May for test purposes
66        // printf("Username: $username <br/>");
67        // printf("Password: $password <br/>");
68        // printf("host: $this->config->host <br/>");
69        // printf("nasport: $this->config->nasport <br/>");
70        // printf("secret: $this->config->secret <br/>");
71
72        // Added by Stanislav Tsymbalov on 12th March 2008 only for test purposes
73        //$type = 'PAP';
74        //$type = 'CHAP_MD5';
75        //$type = 'MSCHAPv1';
76        //$type = 'MSCHAPv2';
77        $type = $this->config->radiustype;
78        if (empty($type)) {
79            $type = 'PAP';
80        }
81
82        $classname = 'Auth_RADIUS_' . $type;
83        $rauth = new $classname($username, $password);
84        $rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret);
85
86        $rauth->username = $username;
87
88        switch($type) {
89        case 'CHAP_MD5':
90        case 'MSCHAPv1':
91            $classname = $type == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
92            $crpt = new $classname;
93            $crpt->password = $password;
94            $rauth->challenge = $crpt->challenge;
95            $rauth->chapid = $crpt->chapid;
96            $rauth->response = $crpt->challengeResponse();
97            $rauth->flags = 1;
98            // If you must use deprecated and weak LAN-Manager-Responses use this:
99            // $rauth->lmResponse = $crpt->lmChallengeResponse();
100            // $rauth->flags = 0;
101            break;
102
103        case 'MSCHAPv2':
104            $crpt = new Crypt_CHAP_MSv2;
105            $crpt->username = $username;
106            $crpt->password = $password;
107            $rauth->challenge = $crpt->authChallenge;
108            $rauth->peerChallenge = $crpt->peerChallenge;
109            $rauth->chapid = $crpt->chapid;
110            $rauth->response = $crpt->challengeResponse();
111            break;
112
113        default:
114            $rauth->password = $password;
115            break;
116        }
117
118        if (!$rauth->start()) {
119            printf("Radius start: %s<br/>\n", $rauth->getError());
120            exit;
121        }
122
123        $result = $rauth->send();
124        if ($rauth->isError($result)) {
125            printf("Radius send failed: %s<br/>\n", $result->getMessage());
126            exit;
127        } else if ($result === true) {
128            // printf("Radius Auth succeeded<br/>\n");
129            return true;
130        } else {
131            // printf("Radius Auth rejected<br/>\n");
132            return false;
133        }
134
135        // get attributes, even if auth failed
136        if (!$rauth->getAttributes()) {
137            printf("Radius getAttributes: %s<br/>\n", $rauth->getError());
138        } else {
139            $rauth->dumpAttributes();
140        }
141
142        $rauth->close();
143    }
144
145    function prevent_local_passwords() {
146        return true;
147    }
148
149    /**
150     * Returns true if this authentication plugin is 'internal'.
151     *
152     * @return bool
153     */
154    function is_internal() {
155        return false;
156    }
157
158    /**
159     * Returns true if this authentication plugin can change the user's
160     * password.
161     *
162     * @return bool
163     */
164    function can_change_password() {
165        return false;
166    }
167
168    /**
169     * Prints a form for configuring this authentication plugin.
170     *
171     * This function is called from admin/auth.php, and outputs a full page with
172     * a form for configuring this plugin.
173     *
174     * @param array $page An object containing all the data for this page.
175     */
176    function config_form($config, $err, $user_fields) {
177        global $OUTPUT;
178
179        include "config.html";
180    }
181
182    /**
183     * Processes and stores configuration data for this authentication plugin.
184     */
185    function process_config($config) {
186        // set to defaults if undefined
187        if (!isset ($config->host)) {
188            $config->host = '127.0.0.1';
189        }
190        if (!isset ($config->nasport)) {
191            $config->nasport = '1812';
192        }
193        if (!isset($config->radiustype)) {
194            $config->radiustype = 'PAP';
195        }
196        if (!isset ($config->secret)) {
197            $config->secret = '';
198        }
199        if (!isset($config->changepasswordurl)) {
200            $config->changepasswordurl = '';
201        }
202
203        // save settings
204        set_config('host',    $config->host,    'auth/radius');
205        set_config('nasport', $config->nasport, 'auth/radius');
206        set_config('secret',  $config->secret,  'auth/radius');
207        set_config('changepasswordurl', $config->changepasswordurl, 'auth/radius');
208        set_config('radiustype', $config->radiustype, 'auth/radius');
209
210        return true;
211    }
212
213}
214
215
Note: See TracBrowser for help on using the repository browser.