/** * Perform authentication using a RADIUS server. * * @param Mfa_OtpdeviceDao $otpDevice * @param Mfa_ApitokenDao $token * @throws Zend_Exception */ protected function _radiusauth($otpDevice, $token) { /** @var SettingModel $settingModel */ $settingModel = MidasLoader::loadModel('Setting'); $radiusserver = $settingModel->GetValueByName('radiusServer', 'mfa'); $radiusport = $settingModel->GetValueByName('radiusPort', 'mfa'); $radiuspw = $settingModel->GetValueByName('radiusPassword', 'mfa'); $radiusTimeout = $settingModel->GetValueByName('radiusTimeout', 'mfa'); $radiusMaxTries = $settingModel->GetValueByName('radiusMaxTries', 'mfa'); if (!function_exists('radius_auth_open')) { throw new Zend_Exception('RADIUS is not enabled on the server'); } $this->getLogger()->debug('Midas Server RADIUS trying to authenticate user: '******'Cannot connect to the RADIUS server: ' . radius_strerror($rh)); } if (!radius_create_request($rh, RADIUS_ACCESS_REQUEST)) { throw new Zend_Exception('Cannot process requests to RADIUS server: ' . radius_strerror($rh)); } /* this is the key parameter */ radius_put_attr($rh, RADIUS_USER_NAME, $otpDevice->getSecret()); /* this is the one time pin + 6-digit hard token or 8 digit smart token */ radius_put_attr($rh, RADIUS_USER_PASSWORD, $token); switch (radius_send_request($rh)) { case RADIUS_ACCESS_ACCEPT: $this->getLogger()->debug('Midas Server RADIUS successful authentication ' . 'for ' . $otpDevice->getSecret()); return true; case RADIUS_ACCESS_REJECT: $this->getLogger()->info('Midas Server RADIUS failed authentication for ' . $otpDevice->getSecret()); return false; case RADIUS_ACCESS_CHALLENGE: $this->getLogger()->info('Midas Server RADIUS challenge requested for ' . $otpDevice->getSecret()); return false; default: $this->getLogger()->info('Midas Server RADIUS error during authentication ' . 'for ' . $otpDevice->getSecret() . ' with Token: ' . $token . '. Error: ' . radius_strerror($rh)); throw new Zend_Exception('Error during RADIUS authentication: ' . radius_strerror($rh)); } }