auth:radius
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
auth:radius [2009-04-06 11:14] – 193.198.97.3 | auth:radius [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== RADIUS Authentication Backend ====== | ||
- | Radius is a authentication and accounting protocol for large departments, | ||
- | |||
- | ===== Requirements ===== | ||
- | |||
- | * a radius server: host, port, sharedsecret | ||
- | * perl (depends on distribution, | ||
- | * phpize (depends on distribution, | ||
- | * php radius extension. | ||
- | < | ||
- | |||
- | |||
- | |||
- | ===== Code ===== | ||
- | |||
- | Save this under .../ | ||
- | |||
- | <code php> | ||
- | <?php | ||
- | /** | ||
- | * RADIUS authentication backend | ||
- | * | ||
- | * @license | ||
- | * @author | ||
- | */ | ||
- | |||
- | define(' | ||
- | require_once(DOKU_AUTH.'/ | ||
- | |||
- | // FIXME: needed? | ||
- | // we only accept page ids for auth_plain | ||
- | // | ||
- | // $_REQUEST[' | ||
- | // | ||
- | // $_REQUEST[' | ||
- | //// the same goes for password reset requests | ||
- | // | ||
- | // $_POST[' | ||
- | //} | ||
- | |||
- | // FIXME: better way to do this? must we support windows? | ||
- | //load radius extension if required | ||
- | if(!extension_loaded(' | ||
- | if (preg_match('/ | ||
- | dl(' | ||
- | } else { | ||
- | dl(' | ||
- | } | ||
- | } | ||
- | |||
- | class auth_radius extends auth_plain { | ||
- | |||
- | /** | ||
- | * handle to the radius server | ||
- | | ||
- | var $radius = null; | ||
- | |||
- | |||
- | /** | ||
- | * radius config | ||
- | */ | ||
- | var $cnf = null; | ||
- | |||
- | /** | ||
- | * Constructor | ||
- | * | ||
- | * Carry out sanity checks to ensure the object is | ||
- | * able to operate. Sets no capabilities because we only auhtenticate via radius | ||
- | * | ||
- | * @author | ||
- | */ | ||
- | function auth_radius() { | ||
- | |||
- | parent:: | ||
- | |||
- | global $conf; | ||
- | $this-> | ||
- | |||
- | // radius extension is needed | ||
- | if(!function_exists(' | ||
- | if ($this-> | ||
- | msg(" | ||
- | $this-> | ||
- | return; | ||
- | } | ||
- | |||
- | // FIXME: defaults like this: (e.g. localhost: | ||
- | // if(empty($this-> | ||
- | |||
- | // get parameters from config | ||
- | $host = $this-> | ||
- | $port = $this-> | ||
- | $secret | ||
- | $timeout = $this-> | ||
- | $tries | ||
- | |||
- | |||
- | //create handle and add server | ||
- | $this-> | ||
- | |||
- | //try to connect | ||
- | if (!radius_add_server($this-> | ||
- | msg(" | ||
- | $this-> | ||
- | return; | ||
- | } | ||
- | |||
- | // set additional capabilities | ||
- | $this-> | ||
- | $this-> | ||
- | // $this-> | ||
- | // $this-> | ||
- | |||
- | return; | ||
- | } | ||
- | |||
- | /** | ||
- | * Check user+password [required auth function] | ||
- | * | ||
- | * Checks if the given user exists and the given | ||
- | * plaintext password is correct | ||
- | * | ||
- | * @author | ||
- | * @return | ||
- | */ | ||
- | function checkPass($user, | ||
- | if (! radius_create_request($this-> | ||
- | msg(" | ||
- | } | ||
- | |||
- | radius_put_attr($this-> | ||
- | radius_put_attr($this-> | ||
- | |||
- | //send the actual request and return result | ||
- | switch (radius_send_request($this-> | ||
- | case RADIUS_ACCESS_ACCEPT: | ||
- | $data = $this-> | ||
- | return true; | ||
- | break; | ||
- | case RADIUS_ACCESS_REJECT: | ||
- | return false; | ||
- | break; | ||
- | case RADIUS_ACCESS_CHALLENGE: | ||
- | // | ||
- | return false; | ||
- | break; | ||
- | default: | ||
- | msg(' | ||
- | } | ||
- | return false; | ||
- | } | ||
- | |||
- | /** | ||
- | * Return user info | ||
- | * | ||
- | * Returns info about the given user needs to contain | ||
- | * at least these fields: | ||
- | * | ||
- | * name string | ||
- | * mail string | ||
- | | ||
- | * grps array list of groups the user is in, for now empty. | ||
- | | ||
- | * | ||
- | * @author | ||
- | */ | ||
- | function getUserData($user) { | ||
- | |||
- | if($this-> | ||
- | $plain_data = isset($this-> | ||
- | |||
- | if ($plain_data) { | ||
- | | ||
- | $data[' | ||
- | $data[' | ||
- | $data[' | ||
- | |||
- | } else { | ||
- | |||
- | $data[' | ||
- | $data[' | ||
- | $data[' | ||
- | |||
- | } | ||
- | |||
- | //if no email address is set, use login@mailhost | ||
- | if (count ($data[' | ||
- | $data[' | ||
- | } | ||
- | | ||
- | //if no groups are found place the user in ' | ||
- | if (count ($data[' | ||
- | $data[' | ||
- | } | ||
- | | ||
- | return $data; | ||
- | } | ||
- | |||
- | |||
- | |||
- | /** | ||
- | * Return local user info | ||
- | * | ||
- | * Returns info about the given user from the local db. | ||
- | * Needs to contain | ||
- | * at least these fields: | ||
- | * | ||
- | * name string | ||
- | * mail string | ||
- | * grps array list of groups the user is in | ||
- | * | ||
- | * @author | ||
- | */ | ||
- | function getLocalUserData($user){ | ||
- | |||
- | if($this-> | ||
- | return isset($this-> | ||
- | } | ||
- | |||
- | /** | ||
- | * Create a new User | ||
- | * | ||
- | * Returns false if the user already exists, null when an error | ||
- | * occured and true if everything went well. | ||
- | * | ||
- | * The new user will be added to the default group by this | ||
- | * function if grps are not specified (default behaviour). | ||
- | * | ||
- | * @author | ||
- | * @author | ||
- | */ | ||
- | function createUser($user, | ||
- | global $conf; | ||
- | |||
- | // user mustn' | ||
- | if ($this-> | ||
- | | ||
- | $pass = " | ||
- | |||
- | // set default group if no groups specified | ||
- | if (!is_array($grps)) $grps = array($conf[' | ||
- | |||
- | // prepare user line | ||
- | $groups = join(',', | ||
- | $userline = join(':', | ||
- | |||
- | if (io_saveFile(AUTH_USERFILE, | ||
- | $this-> | ||
- | return $pwd; | ||
- | } | ||
- | |||
- | msg(' | ||
- | return null; | ||
- | } | ||
- | |||
- | |||
- | |||
- | |||
- | } | ||
- | |||
- | //Setup VIM: ex: et ts=2 enc=utf-8 : | ||
- | |||
- | </ | ||
- | |||
- | |||
- | |||
- | |||
- | ===== Configuration ===== | ||
- | |||
- | <code php> | ||
- | //enable radius auth | ||
- | $conf[' | ||
- | |||
- | //radius Config | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | Put the following in .../ | ||
- | <code php> | ||
- | // | ||
- | $meta[' | ||
- | $meta[' | ||
- | $meta[' | ||
- | $meta[' | ||
- | $meta[' | ||
- | $meta[' | ||
- | $meta[' | ||
- | </ | ||
- | |||
- | |||
- | Users can be managed via the user-manager plugin now. The password of users.auth.php is ignored. Just put a dummy value in there. | ||
- | THIS ISN'T WORKING |
auth/radius.1239009293.txt.gz · Last modified: 2010-07-21 12:29 (external edit)