function login($username, $password) { $radius = radius_auth_open(); if (!radius_add_server($radius, RADIUS_HOST, RADIUS_PORT, RADIUS_SECRET, RADIUS_TIMEOUT, RADIUS_MAXTRIES)) { die('Radius Error: ' . radius_strerror($radius)); } if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) { die('Radius Error: ' . radius_strerror($radius)); } radius_put_attr($radius, RADIUS_USER_NAME, $username); radius_put_attr($radius, RADIUS_USER_PASSWORD, $password); radius_put_attr($radius, RADIUS_NAS_IDENTIFIER, RADIUS_IDENTIFIER); $response = radius_send_request($radius); if ($response == RADIUS_ACCESS_ACCEPT) { $_SESSION['loggedin'] = $username; $_SESSION['userlevel'] = RADIUS_USERLEVEL; //User level set in settings.php return true; } else { if ($response == RADIUS_ACCESS_CHALLENGE) { //Challenge return false; } } return false; }
/** * Constructor * * @param array $servers Array of arrays containing the servers to be used. {@see addServer()} * @param string $username The username of the account * @param string $password The password of the account * @throws Exception If the radius extension is not loaded or there is an error * calling radius_auth_open */ public function __construct($options = array(), $username = null, $password = null) { if (!extension_loaded('radius')) { throw new RuntimeException('The radius extension is not loaded'); } $this->radius = radius_auth_open(); if (!$this->radius) { throw new RuntimeException('Error creating RADIUS handle'); } $this->loadOptions($options); if (isset($username)) { $this->setUsername($username); } if (isset($password)) { $this->setPassword($password); } }
function radius_init() { global $rad, $config; if (!is_resource($rad)) { $success = 0; $rad = radius_auth_open(); foreach ($config['auth_radius_server'] as $server) { if (radius_add_server($rad, $server, $config['auth_radius_port'], $config['auth_radius_secret'], $config['auth_radius_timeout'], $config['auth_radius_retries'])) { $success = 1; } } if (!$success) { print_error("Fatal error: Could not connect to configured RADIUS server(s)."); session_logout(); exit; } } }
function radius_init() { global $rad, $config; if (!is_resource($rad)) { $success = 0; $rad = radius_auth_open(); foreach ($config['auth_radius_server'] as $server) { if (radius_add_server($rad, $server, $config['auth_radius_port'], $config['auth_radius_secret'], $config['auth_radius_timeout'], $config['auth_radius_retries'])) { $success = 1; } } if (!$success) { print_error("致命错误: 无法连接到配置RADIUS服务器."); session_logout(); exit; } } }
public function checkPassword($login, $pass, $seed) { if (!extension_loaded('radius')) { AJXP_Logger::logAction("RADIUS: php radius extension is missing, please install it."); return false; } $res = radius_auth_open(); $this->prepareRequest($res, $login, $pass, $seed); $req = radius_send_request($res); if (!$req) { AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: Could not send request (" . radius_strerror($res) . ")"); return false; } switch ($req) { case RADIUS_ACCESS_ACCEPT: AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: authentication for user \"" . $login . "\" successful"); radius_close($res); return true; case RADIUS_ACCESS_REJECT: AJXP_Logger::logAction("RADIUS: authentication for user \"" . $login . "\" failed"); break; default: AJXP_Logger::debug(__CLASS__, __FUNCTION__, "RADIUS: unknwon return value " . $req); break; } radius_close($res); return false; }
/** * Attempt to log in using the given username and password. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the user's attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); $radius = radius_auth_open(); /* Try to add all radius servers, trigger a failure if no one works. */ $success = false; foreach ($this->servers as $server) { if (!isset($server['port'])) { $server['port'] = 1812; } if (!radius_add_server($radius, $server['hostname'], $server['port'], $server['secret'], $this->timeout, $this->retries)) { SimpleSAML\Logger::info("Could not add radius server: " . radius_strerror($radius)); continue; } $success = true; } if (!$success) { throw new Exception('Error adding radius servers, no servers available'); } if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) { throw new Exception('Error creating radius request: ' . radius_strerror($radius)); } if ($this->realm === null) { radius_put_attr($radius, RADIUS_USER_NAME, $username); } else { radius_put_attr($radius, RADIUS_USER_NAME, $username . '@' . $this->realm); } radius_put_attr($radius, RADIUS_USER_PASSWORD, $password); if ($this->nasIdentifier !== null) { radius_put_attr($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier); } $res = radius_send_request($radius); if ($res != RADIUS_ACCESS_ACCEPT) { switch ($res) { case RADIUS_ACCESS_REJECT: /* Invalid username or password. */ throw new SimpleSAML_Error_Error('WRONGUSERPASS'); case RADIUS_ACCESS_CHALLENGE: throw new Exception('Radius authentication error: Challenge requested, but not supported.'); default: throw new Exception('Error during radius authentication: ' . radius_strerror($radius)); } } /* If we get this far, we have a valid login. */ $attributes = array(); if ($this->usernameAttribute !== null) { $attributes[$this->usernameAttribute] = array($username); } if ($this->vendor === null) { /* * We aren't interested in any vendor-specific attributes. We are * therefore done now. */ return $attributes; } /* get AAI attribute sets. Contributed by Stefan Winter, (c) RESTENA */ while ($resa = radius_get_attr($radius)) { if (!is_array($resa)) { throw new Exception('Error getting radius attributes: ' . radius_strerror($radius)); } /* Use the received user name */ if ($resa['attr'] == RADIUS_USER_NAME) { $attributes[$this->usernameAttribute] = array($resa['data']); continue; } if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) { continue; } $resv = radius_get_vendor_attr($resa['data']); if (!is_array($resv)) { throw new Exception('Error getting vendor specific attribute: ' . radius_strerror($radius)); } $vendor = $resv['vendor']; $attrv = $resv['attr']; $datav = $resv['data']; if ($vendor != $this->vendor || $attrv != $this->vendorType) { continue; } $attrib_name = strtok($datav, '='); $attrib_value = strtok('='); /* if the attribute name is already in result set, add another value */ if (array_key_exists($attrib_name, $attributes)) { $attributes[$attrib_name][] = $attrib_value; } else { $attributes[$attrib_name] = array($attrib_value); } } /* end of contribution */ return $attributes; }
/** * Autentica un usuario usando el adaptador * * @return boolean */ public function authenticate() { $radius = radius_auth_open(); if (!$radius) { throw new KumbiaException("No se pudo crear el autenticador de Radius"); } if (!radius_add_server($radius, $this->server, $this->port, $this->secret, $this->timeout, $this->max_retries)) { throw new KumbiaException(radius_strerror($radius)); } if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) { throw new KumbiaException(radius_strerror($radius)); } if (!radius_put_string($radius, RADIUS_USER_NAME, $this->username)) { throw new KumbiaException(radius_strerror($radius)); } if (!radius_put_string($radius, RADIUS_USER_PASSWORD, $this->password)) { throw new KumbiaException(radius_strerror($radius)); } if (!radius_put_int($radius, RADIUS_AUTHENTICATE_ONLY, 1)) { throw new KumbiaException(radius_strerror($radius)); } $this->resource = $radius; if (radius_send_request($radius) == RADIUS_ACCESS_ACCEPT) { return true; } else { return false; } }
/** * Creates a RADIUS resource * * Creates a RADIUS resource for authentication. This should be the first * call before you make any other things with the library. * * @return bool true on success, false on error */ function open() { $this->res = radius_auth_open(); if (!$this->res) { return false; } return true; }
function authExternalUser($login, $password) { $res = radius_auth_open(); if (!radius_add_server($res, $this->config['radius_server'], $this->config['radius_port'], $this->config['sharedsecret'], 3, 3)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if (!radius_create_request($res, RADIUS_ACCESS_REQUEST)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if (!radius_put_string($res, RADIUS_NAS_IDENTIFIER, isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost')) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if (!radius_put_string($res, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : '127.0.0.1') == -1) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if (!radius_put_string($res, RADIUS_USER_NAME, $login)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if ($password) { if (!radius_put_string($res, RADIUS_USER_PASSWORD, $password)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } } if (!radius_put_int($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } if (!radius_put_int($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } $req = radius_send_request($res); if (!$req) { debug('RadiusError:' . radius_strerror($res) . "\n", 'auth'); return false; } $user = false; switch ($req) { case RADIUS_ACCESS_ACCEPT: $userData = array(); $userData["name"] = $login; $userData["newpass1"] = '!'; $userData["newpass2"] = '!'; $user = $this->storeExternalUser($login, $userData); break; case RADIUS_ACCESS_REJECT: debug("RadiusError: Radius Request rejected\n", 'auth'); break; default: debug("RadiusError: Unknown answer\n", 'auth'); } return $user; }
/** * authenticate user against radius * @param $username username to authenticate * @param $password user password * @return bool authentication status */ public function authenticate($username, $password) { $this->lastAuthProperties = array(); // reset auth properties $radius = radius_auth_open(); $error = null; if (!radius_add_server($radius, $this->radiusHost, $this->authPort, $this->sharedSecret, $this->timeout, $this->maxRetries)) { $error = radius_strerror($radius); } elseif (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) { $error = radius_strerror($radius); } elseif (!radius_put_string($radius, RADIUS_USER_NAME, $username)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_SERVICE_TYPE, RADIUS_LOGIN)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_FRAMED_PROTOCOL, RADIUS_ETHERNET)) { $error = radius_strerror($radius); } elseif (!radius_put_string($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_NAS_PORT, 0)) { $error = radius_strerror($radius); } elseif (!radius_put_int($radius, RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET)) { $error = radius_strerror($radius); } else { // Implement extra protocols in this section. switch ($this->protocol) { case 'PAP': // do PAP authentication if (!radius_put_string($radius, RADIUS_USER_PASSWORD, $password)) { $error = radius_strerror($radius); } break; default: syslog(LOG_ERR, 'Unsupported protocol ' . $this->protocol); return false; } } // log errors and perform actual authentication request if ($error != null) { syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error)); } else { $request = radius_send_request($radius); if (!$radius) { syslog(LOG_ERR, 'RadiusError:' . radius_strerror($error)); } else { switch ($request) { case RADIUS_ACCESS_ACCEPT: while ($resa = radius_get_attr($radius)) { switch ($resa['attr']) { case RADIUS_SESSION_TIMEOUT: $this->lastAuthProperties['session_timeout'] = radius_cvt_int($resa['data']); break; case 85: // Acct-Interim-Interval $this->lastAuthProperties['Acct-Interim-Interval'] = radius_cvt_int($resa['data']); break; default: break; } } return true; break; case RADIUS_ACCESS_REJECT: return false; break; default: // unexpected result, log syslog(LOG_ERR, 'Radius unexpected response:' . $request); } } } return false; }
/** * Find out if a set of login credentials are valid. * * @param string $username The userId to check. * @param array $credentials An array of login credentials. * For radius, this must contain a password * entry. * * @throws Horde_Auth_Exception */ protected function _authenticate($username, $credentials) { /* Password is required. */ if (!isset($credentials['password'])) { throw new Horde_Auth_Exception('Password required for RADIUS authentication.'); } $res = radius_auth_open(); radius_add_server($res, $this->_params['host'], $this->_params['port'], $this->_params['secret'], $this->_params['timeout'], $this->_params['retries']); radius_create_request($res, RADIUS_ACCESS_REQUEST); radius_put_attr($res, RADIUS_NAS_IDENTIFIER, $this->_params['nas']); radius_put_attr($res, RADIUS_NAS_PORT_TYPE, RADIUS_VIRTUAL); radius_put_attr($res, RADIUS_SERVICE_TYPE, RADIUS_FRAMED); radius_put_attr($res, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP); radius_put_attr($res, RADIUS_CALLING_STATION_ID, isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : '127.0.0.1'); /* Insert username/password into request. */ radius_put_attr($res, RADIUS_USER_NAME, $username); radius_put_attr($res, RADIUS_USER_PASSWORD, $credentials['password']); /* Send request. */ $success = radius_send_request($res); switch ($success) { case RADIUS_ACCESS_ACCEPT: break; case RADIUS_ACCESS_REJECT: throw new Horde_Auth_Exception('Authentication rejected by RADIUS server.'); default: throw new Horde_Auth_Exception(radius_strerror($res)); } }
/** * This is the main authentication function of the plugin. Given both the * username and password it will make use of the options set to authenticate * against the configured RADIUS servers. */ function checkLogin($user, $username, $password) { if (is_a($user, 'WP_User')) { return $user; } if (empty($username)) { return self::wp_error('empty_username', __('The username field is empty.')); } if (empty($password)) { return self::wp_error('empty_password', __('The password field is empty.')); } $opts = TwoFactorRadiusAuth::getOptions(); // skip radius for user if (@array_search($username, $opts['skip_users']) !== false) { return; } remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3); $userdata = get_user_by('login', $username); if (!$userdata) { return self::wp_error('invalid_username', __('Invalid username.')); } if (is_multisite()) { // Is user marked as spam? if (1 == $userdata->spam) { return self::wp_error('invalid_username', __('Your account has been marked as a spammer.')); } // Is a user's blog marked as spam? if (!is_super_admin($userdata->ID) && isset($userdata->primary_blog)) { $details = get_blog_details($userdata->primary_blog); if (is_object($details) && $details->spam == 1) { return self::wp_error('blog_suspended', __('Site Suspended.')); } } } $OTP = trim($_POST['otp']); $radiuspass = $password; if (!empty($OTP)) { $radiuspass = $password . $opts['pwd_otp_sep'] . $OTP; } if (!function_exists('radius_auth_open')) { return self::wp_error('missing_php_radius', 'Missing php-radius'); } if (!TwoFactorRadiusAuth::isConfigured()) { return self::wp_error('missing_plugin_settings', __('Missing auth server settings')); } $reply_message = ''; try { $rad = radius_auth_open(); if (!radius_add_server($rad, $opts['s1_host'], $opts['s1_port'], $opts['s1_secr'], $opts['timeout'], $opts['max_tries'])) { throw new Exception(radius_strerror($rad)); } if (!empty($opts['s2_host']) && !empty($opts['s2_port']) && !empty($opts['s2_secr'])) { if (!radius_add_server($rad, $opts['s2_host'], $opts['s2_port'], $opts['s2_secr'], $opts['timeout'], $opts['max_tries'])) { throw new Exception(radius_strerror($rad)); } } if (!radius_create_request($rad, RADIUS_ACCESS_REQUEST)) { throw new Exception(radius_strerror($rad)); } if (!radius_put_string($rad, RADIUS_NAS_IDENTIFIER, '1')) { throw new Exception(radius_strerror($rad)); } if (!radius_put_int($rad, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { throw new Exception(radius_strerror($rad)); } if (!radius_put_int($rad, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) { throw new Exception(radius_strerror($rad)); } $station = isset($REMOTE_HOST) ? $REMOTE_HOST : '127.0.0.1'; if (!radius_put_string($rad, RADIUS_CALLING_STATION_ID, $station) == -1) { throw new Exception(radius_strerror($rad)); } if (!radius_put_string($rad, RADIUS_USER_NAME, $username)) { throw new Exception(radius_strerror($rad)); } if (!radius_put_string($rad, RADIUS_USER_PASSWORD, $radiuspass)) { throw new Exception(radius_strerror($rad)); } if (!radius_put_int($rad, RADIUS_SERVICE_TYPE, RADIUS_FRAMED)) { throw new Exception(radius_strerror($rad)); } if (!radius_put_int($rad, RADIUS_FRAMED_PROTOCOL, RADIUS_PPP)) { throw new Exception(radius_strerror($rad)); } $res = radius_send_request($rad); if (!$res) { throw new Exception(radius_strerror($rad)); } while ($rattr = radius_get_attr($rad)) { if ($rattr['attr'] == 18) { $reply_message = $rattr['data']; break; } } } catch (Exception $exp) { return self::wp_error('radius_error', $exp->getMessage()); } switch ($res) { case RADIUS_ACCESS_ACCEPT: $userdata->user_pass = wp_hash_password($password); return new WP_User($userdata->ID); break; case RADIUS_ACCESS_REJECT: switch ($reply_message) { case 'LDAP USER NOT FOUND': if ($opts['use_wp_auth'] == 'on') { add_filter('authenticate', 'wp_authenticate_username_password', 10, 3); return null; } else { return self::wp_error('invalid_username', __('Unknown user')); } case 'INVALID OTP': default: return self::wp_error('incorrect_password', __('Wrong password/OTP')); } break; default: return self::wp_error('denied', __('Unknown error')); } }
$module = 'radius'; $functions = get_extension_funcs($module); echo "Functions available in the test extension:<br>\n"; foreach ($functions as $func) { echo $func . "<br>\n"; } $username = '******'; $password = '******'; $radserver = 'localhost'; $radport = 1812; $sharedsecret = 'testing123'; $auth_type = 'pap'; //$auth_type = 'chap'; //$auth_type = 'mschapv1'; //$auth_type = 'mschapv2'; $res = radius_auth_open(); echo "{$res}<br>\n"; //if (!radius_config($res, '/etc/radius.conf')) { /*if (!radius_config($res, 'D:/php-devel/pear/PECL/radius/radius.conf')) { echo 'RadiusError:' . radius_strerror($res). "\n<br>"; exit; }*/ if (!radius_add_server($res, $radserver, $radport, $sharedsecret, 3, 3)) { echo 'RadiusError:' . radius_strerror($res) . "\n<br>"; exit; } if (!radius_add_server($res, $radserver, $radport, 'testing123', 3, 3)) { echo 'RadiusError:' . radius_strerror($res) . "\n<br>"; exit; } if (!radius_create_request($res, RADIUS_ACCESS_REQUEST)) {
/** * Attempt to log in using the given username and password. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); $radius = radius_auth_open(); if (!radius_add_server($radius, $this->hostname, $this->port, $this->secret, $this->timeout, $this->retries)) { throw new Exception('Error connecting to radius server: ' . radius_strerror($radius)); } if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) { throw new Exception('Error creating radius request: ' . radius_strerror($radius)); } radius_put_attr($radius, RADIUS_USER_NAME, $username); radius_put_attr($radius, RADIUS_USER_PASSWORD, $password); if ($this->nasIdentifier != NULL) { radius_put_attr($radius, RADIUS_NAS_IDENTIFIER, $this->nasIdentifier); } $res = radius_send_request($radius); if ($res != RADIUS_ACCESS_ACCEPT) { switch ($res) { case RADIUS_ACCESS_REJECT: /* Invalid username or password. */ throw new SimpleSAML_Error_Error('WRONGUSERPASS'); case RADIUS_ACCESS_CHALLENGE: throw new Exception('Radius authentication error: Challenge requested, but not supported.'); default: throw new Exception('Error during radius authentication: ' . radius_strerror($radius)); } } /* If we get this far, we have a valid login. */ $attributes = array(); if ($this->usernameAttribute !== NULL) { $attributes[$this->usernameAttribute] = array($username); } if ($this->vendor === NULL) { /* * We aren't interrested in any vendor-specific attributes. We are * therefore done now. */ return $attributes; } /* get AAI attribute sets. Contributed by Stefan Winter, (c) RESTENA */ while ($resa = radius_get_attr($radius)) { if (!is_array($resa)) { throw new Exception('Error getting radius attributes: ' . radius_strerror($radius)); } if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) { continue; } $resv = radius_get_vendor_attr($resa['data']); if (!is_array($resv)) { throw new Exception('Error getting vendor specific attribute: ' . radius_strerror($radius)); } $vendor = $resv['vendor']; $attrv = $resv['attr']; $datav = $resv['data']; /* * Uncomment this to debug vendor attributes. */ //printf("Got Vendor Attr:%d %d Bytes %s<br/>", $attrv, strlen($datav), bin2hex($datav)); if ($vendor != $this->vendor || $attrv != $this->vendorType) { continue; } $attrib_name = strtok($datav, '='); $attrib_value = strtok('='); /* if the attribute name is already in result set, add another value */ if (array_key_exists($attrib_name, $attributes)) { $attributes[$attrib_name][] = $attrib_value; } else { $attributes[$attrib_name] = array($attrib_value); } } /* end of contribution */ return $attributes; }
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getSessionFromRequest(); SimpleSAML_Logger::warning('The file auth/login-radius.php is deprecated and will be removed in future versions.'); SimpleSAML_Logger::info('AUTH - radius: Accessing auth endpoint login'); $error = null; $attributes = array(); /* Load the RelayState argument. The RelayState argument contains the address * we should redirect the user to after a successful authentication. */ if (!array_key_exists('RelayState', $_REQUEST)) { throw new SimpleSAML_Error_Error('NORELAYSTATE'); } $relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']); if (isset($_POST['username'])) { try { $radius = radius_auth_open(); // ( resource $radius_handle, string $hostname, int $port, string $secret, int $timeout, int $max_tries ) if (!radius_add_server($radius, $config->getValue('auth.radius.hostname'), $config->getValue('auth.radius.port'), $config->getValue('auth.radius.secret'), 5, 3)) { SimpleSAML_Logger::critical('AUTH - radius: Problem occurred when connecting to Radius server: ' . radius_strerror($radius)); throw new Exception('Problem occurred when connecting to Radius server: ' . radius_strerror($radius)); } if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) { SimpleSAML_Logger::critical('AUTH - radius: Problem occurred when creating the Radius request: ' . radius_strerror($radius)); throw new Exception('Problem occurred when creating the Radius request: ' . radius_strerror($radius)); } radius_put_attr($radius, RADIUS_USER_NAME, $_POST['username']); radius_put_attr($radius, RADIUS_USER_PASSWORD, $_POST['password']); switch (radius_send_request($radius)) { case RADIUS_ACCESS_ACCEPT: // GOOD Login :) $attributes = array($config->getValue('auth.radius.URNForUsername') => array($_POST['username']));
/** * Try to connect to a radius server * * @return boolean TRUE for success, FALSE for failure */ function connect() { if (!($this->connection = radius_auth_open())) { $this->makeErrorText('RADIUS open failed: '); return FALSE; } foreach ($this->server as $k => $s) { if (!radius_add_server($this->connection, $s, $this->port, $this->secret[$k], 15, 1)) { $this->makeErrorText('RADIUS add server failed: '); return FALSE; } } return TRUE; }
/** * Perform authentication using a RADIUS server. * * @param Mfa_OtpdeviceDao $otpDevice * @param Mfa_ApitokenDao $token * @throws Zend_Exception */ protected function _radiusauth($otpDevice, $token) { /** @var SettingModel $settingModel */ $settingModel = MidasLoader::loadModel('Setting'); $radiusserver = $settingModel->GetValueByName('radiusServer', 'mfa'); $radiusport = $settingModel->GetValueByName('radiusPort', 'mfa'); $radiuspw = $settingModel->GetValueByName('radiusPassword', 'mfa'); $radiusTimeout = $settingModel->GetValueByName('radiusTimeout', 'mfa'); $radiusMaxTries = $settingModel->GetValueByName('radiusMaxTries', 'mfa'); if (!function_exists('radius_auth_open')) { throw new Zend_Exception('RADIUS is not enabled on the server'); } $this->getLogger()->debug('Midas Server RADIUS trying to authenticate user: '******'Cannot connect to the RADIUS server: ' . radius_strerror($rh)); } if (!radius_create_request($rh, RADIUS_ACCESS_REQUEST)) { throw new Zend_Exception('Cannot process requests to RADIUS server: ' . radius_strerror($rh)); } /* this is the key parameter */ radius_put_attr($rh, RADIUS_USER_NAME, $otpDevice->getSecret()); /* this is the one time pin + 6-digit hard token or 8 digit smart token */ radius_put_attr($rh, RADIUS_USER_PASSWORD, $token); switch (radius_send_request($rh)) { case RADIUS_ACCESS_ACCEPT: $this->getLogger()->debug('Midas Server RADIUS successful authentication ' . 'for ' . $otpDevice->getSecret()); return true; case RADIUS_ACCESS_REJECT: $this->getLogger()->info('Midas Server RADIUS failed authentication for ' . $otpDevice->getSecret()); return false; case RADIUS_ACCESS_CHALLENGE: $this->getLogger()->info('Midas Server RADIUS challenge requested for ' . $otpDevice->getSecret()); return false; default: $this->getLogger()->info('Midas Server RADIUS error during authentication ' . 'for ' . $otpDevice->getSecret() . ' with Token: ' . $token . '. Error: ' . radius_strerror($rh)); throw new Zend_Exception('Error during RADIUS authentication: ' . radius_strerror($rh)); } }