[Summary view] [Print] [Text view]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Authentication Plugin: RADIUS Authentication
  19   *
  20   * Authenticates against a RADIUS server.
  21   * Contributed by Clive Gould <clive@ce.bromley.ac.uk>
  22   * CHAP support contributed by Stanislav Tsymbalov http://www.tsymbalov.net/
  23   *
  24   * @package auth_radius
  25   * @author Martin Dougiamas
  26   * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  27   */
  28  
  29  defined('MOODLE_INTERNAL') || die();
  30  
  31  require_once($CFG->libdir.'/authlib.php');
  32  
  33  /**
  34   * RADIUS authentication plugin.
  35   */
  36  class auth_plugin_radius extends auth_plugin_base {
  37  
  38      /**
  39       * Constructor.
  40       */
  41      public function __construct() {
  42          $this->authtype = 'radius';
  43          $this->config = get_config('auth/radius');
  44      }
  45  
  46      /**
  47       * Old syntax of class constructor. Deprecated in PHP7.
  48       *
  49       * @deprecated since Moodle 3.1
  50       */
  51      public function auth_plugin_radius() {
  52          debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER);
  53          self::__construct();
  54      }
  55  
  56      /**
  57       * Returns true if the username and password work and false if they are
  58       * wrong or don't exist.
  59       *
  60       * @param string $username The username
  61       * @param string $password The password
  62       * @return bool Authentication success or failure.
  63       */
  64      function user_login ($username, $password) {
  65          require_once 'Auth/RADIUS.php';
  66          require_once 'Crypt/CHAP.php';
  67  
  68          // Added by Clive on 7th May for test purposes
  69          // printf("Username: $username <br/>");
  70          // printf("Password: $password <br/>");
  71          // printf("host: $this->config->host <br/>");
  72          // printf("nasport: $this->config->nasport <br/>");
  73          // printf("secret: $this->config->secret <br/>");
  74  
  75          // Added by Stanislav Tsymbalov on 12th March 2008 only for test purposes
  76          //$type = 'PAP';
  77          //$type = 'CHAP_MD5';
  78          //$type = 'MSCHAPv1';
  79          //$type = 'MSCHAPv2';
  80          $type = $this->config->radiustype;
  81          if (empty($type)) {
  82              $type = 'PAP';
  83          }
  84  
  85          $classname = 'Auth_RADIUS_' . $type;
  86          $rauth = new $classname($username, $password);
  87          $rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret);
  88  
  89          $rauth->username = $username;
  90  
  91          switch($type) {
  92          case 'CHAP_MD5':
  93          case 'MSCHAPv1':
  94              $classname = $type == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
  95              $crpt = new $classname;
  96              $crpt->password = $password;
  97              $rauth->challenge = $crpt->challenge;
  98              $rauth->chapid = $crpt->chapid;
  99              $rauth->response = $crpt->challengeResponse();
 100              $rauth->flags = 1;
 101              // If you must use deprecated and weak LAN-Manager-Responses use this:
 102              // $rauth->lmResponse = $crpt->lmChallengeResponse();
 103              // $rauth->flags = 0;
 104              break;
 105  
 106          case 'MSCHAPv2':
 107              $crpt = new Crypt_CHAP_MSv2;
 108              $crpt->username = $username;
 109              $crpt->password = $password;
 110              $rauth->challenge = $crpt->authChallenge;
 111              $rauth->peerChallenge = $crpt->peerChallenge;
 112              $rauth->chapid = $crpt->chapid;
 113              $rauth->response = $crpt->challengeResponse();
 114              break;
 115  
 116          default:
 117              $rauth->password = $password;
 118              break;
 119          }
 120  
 121          if (!$rauth->start()) {
 122              printf("Radius start: %s<br/>\n", $rauth->getError());
 123              exit;
 124          }
 125  
 126          $result = $rauth->send();
 127          if ($rauth->isError($result)) {
 128              printf("Radius send failed: %s<br/>\n", $result->getMessage());
 129              exit;
 130          } else if ($result === true) {
 131              // printf("Radius Auth succeeded<br/>\n");
 132              return true;
 133          } else {
 134              // printf("Radius Auth rejected<br/>\n");
 135              return false;
 136          }
 137  
 138          // get attributes, even if auth failed
 139          if (!$rauth->getAttributes()) {
 140              printf("Radius getAttributes: %s<br/>\n", $rauth->getError());
 141          } else {
 142              $rauth->dumpAttributes();
 143          }
 144  
 145          $rauth->close();
 146      }
 147  
 148      function prevent_local_passwords() {
 149          return true;
 150      }
 151  
 152      /**
 153       * Returns true if this authentication plugin is 'internal'.
 154       *
 155       * @return bool
 156       */
 157      function is_internal() {
 158          return false;
 159      }
 160  
 161      /**
 162       * Returns true if this authentication plugin can change the user's
 163       * password.
 164       *
 165       * @return bool
 166       */
 167      function can_change_password() {
 168          return false;
 169      }
 170  
 171      /**
 172       * Prints a form for configuring this authentication plugin.
 173       *
 174       * This function is called from admin/auth.php, and outputs a full page with
 175       * a form for configuring this plugin.
 176       *
 177       * @param array $page An object containing all the data for this page.
 178       */
 179      function config_form($config, $err, $user_fields) {
 180          global $OUTPUT;
 181  
 182          include  "config.html";
 183      }
 184  
 185      /**
 186       * Processes and stores configuration data for this authentication plugin.
 187       */
 188      function process_config($config) {
 189          // set to defaults if undefined
 190          if (!isset ($config->host)) {
 191              $config->host = '127.0.0.1';
 192          }
 193          if (!isset ($config->nasport)) {
 194              $config->nasport = '1812';
 195          }
 196          if (!isset($config->radiustype)) {
 197              $config->radiustype = 'PAP';
 198          }
 199          if (!isset ($config->secret)) {
 200              $config->secret = '';
 201          }
 202          if (!isset($config->changepasswordurl)) {
 203              $config->changepasswordurl = '';
 204          }
 205  
 206          // save settings
 207          set_config('host',    $config->host,    'auth/radius');
 208          set_config('nasport', $config->nasport, 'auth/radius');
 209          set_config('secret',  $config->secret,  'auth/radius');
 210          set_config('changepasswordurl', $config->changepasswordurl, 'auth/radius');
 211          set_config('radiustype', $config->radiustype, 'auth/radius');
 212  
 213          return true;
 214      }
 215  
 216  }
 217  
 218