php-horde-auth 2.1.11-1ubuntu1 / usr / share / php / Horde / Auth / Radius.php

This file is indexed.

/usr/share/php/Horde/Auth/Radius.php is in php-horde-auth 2.1.11-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
/**
 * Copyright 2002-2016 Horde LLC (http://www.horde.org/)
 *
 * See the enclosed file COPYING for license information (LGPL). If you did
 * not receive this file, http://www.horde.org/licenses/lgpl21
 *
 * @author   Michael Slusarz <slusarz@horde.org>
 * @category Horde
 * @license  http://www.horde.org/licenses/lgpl21 LGPL-2.1
 * @package  Auth
 */

/**
 * The Horde_Auth_Radius class provides a RADIUS implementation of the Horde
 * authentication system.
 *
 * This class requires the 'radius' PECL extension:
 *   http://pecl.php.net/package/radius
 *
 * @author   Michael Slusarz <slusarz@horde.org>
 * @category Horde
 * @license  http://www.horde.org/licenses/lgpl21 LGPL-2.1
 * @package  Auth
 */
class Horde_Auth_Radius extends Horde_Auth_Base
{
    /**
     * Constructor.
     *
     * @param array $params  Connection parameters.
     * <pre>
     * 'host' - (string) [REQUIRED] The RADIUS host to use (IP address or
     *          fully qualified hostname).
     * 'method' - (string) [REQUIRED] The RADIUS method to use for validating
     *            the request.
     *            Either: 'PAP', 'CHAP_MD5', 'MSCHAPv1', or 'MSCHAPv2'.
     *            ** CURRENTLY, only 'PAP' is supported. **
     * 'nas' - (string) The RADIUS NAS identifier to use.
     *         DEFAULT: The value of $_SERVER['HTTP_HOST'] or, if not
     *                  defined, then 'localhost'.
     * 'port' - (integer) The port to use on the RADIUS server.
     *          DEFAULT: Whatever the local system identifies as the
     *                   'radius' UDP port
     * 'retries' - (integer) The maximum number of repeated requests to make
     *             before giving up.
     *             DEFAULT: 3
     * 'secret' - (string) [REQUIRED] The RADIUS shared secret string for the
     *            host. The RADIUS protocol ignores all but the leading 128
     *            bytes of the shared secret.
     * 'suffix' - (string) The domain name to add to unqualified user names.
     *             DEFAULT: NONE
     * 'timeout' - (integer) The timeout for receiving replies from the server
     *             (in seconds).
     *             DEFAULT: 3
     * </pre>
     *
     * @throws InvalidArgumentException
     */
    public function __construct(array $params = array())
    {
        if (!Horde_Util::extensionExists('radius')) {
            throw new Horde_Auth_Exception(__CLASS__ . ': requires the radius PECL extension to be loaded.');
        }

        foreach (array('host', 'secret', 'method') as $val) {
            if (!isset($params[$val])) {
                throw new InvalidArgumentException('Missing ' . $val . ' parameter.');
            }
        }

        $params = array_merge(array(
            'nas' => (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost'),
            'port' => 0,
            'retries' => 3,
            'suffix' => '',
            'timeout' => 3
        ), $params);

        parent::__construct($params);
    }

    /**
     * Find out if a set of login credentials are valid.
     *
     * @param string $username    The userId to check.
     * @param array $credentials  An array of login credentials.
     *                            For radius, this must contain a password
     *                            entry.
     *
     * @throws Horde_Auth_Exception
     */
    protected function _authenticate($username, $credentials)
    {
        /* Password is required. */
        if (!isset($credentials['password'])) {
            throw new Horde_Auth_Exception('Password required for RADIUS authentication.');
        }

        $res = radius_auth_open();
        radius_add_server($res, $this->_params['host'], $this->_params['port'], $this->_params['secret'], $this->_params['timeout'], $this->_params['retries']);
        radius_create_request($res, RADIUS_ACCESS_REQUEST);
        radius_put_attr($res, RADIUS_NAS_IDENTIFIER, $this->_params['nas']);
        radius_put_attr($res, RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL);
        radius_put_attr($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED);
        radius_put_attr($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP);
        radius_put_attr($res, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : '127.0.0.1');

        /* Insert username/password into request. */
        radius_put_attr($res, RADIUS_USER_NAME, $username);
        radius_put_attr($res, RADIUS_USER_PASSWORD, $credentials['password']);

        /* Send request. */
        $success = radius_send_request($res);

        switch ($success) {
        case RADIUS_ACCESS_ACCEPT:
            break;

        case RADIUS_ACCESS_REJECT:
            throw new Horde_Auth_Exception('Authentication rejected by RADIUS server.');

        default:
            throw new Horde_Auth_Exception(radius_strerror($res));
        }
    }

}

APT Browse - Built by Thomas Orozco.