Skip to content
Snippets Groups Projects
Commit 48776e07 authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Multiple servers support in radius module. Implies new configuration options...

Multiple servers support in radius module. Implies new configuration options (but is backwards compatible).

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3146 44740490-163a-0410-bde0-09ae8108e29a
parent 015d449c
No related branches found
No related tags found
No related merge requests found
config
metadata
enable
...@@ -10,6 +10,11 @@ ...@@ -10,6 +10,11 @@
*/ */
class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase { class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
/**
* The list of radius servers to use.
*/
private $servers;
/** /**
* The hostname of the radius server. * The hostname of the radius server.
*/ */
...@@ -71,13 +76,21 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase { ...@@ -71,13 +76,21 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
$config = SimpleSAML_Configuration::loadFromArray($config, $config = SimpleSAML_Configuration::loadFromArray($config,
'Authentication source ' . var_export($this->authId, TRUE)); 'Authentication source ' . var_export($this->authId, TRUE));
$this->hostname = $config->getString('hostname'); $this->servers = $config->getArray('servers', array());
$this->port = $config->getIntegerRange('port', 1, 65535, 1812); /* For backwards compatibility. */
$this->secret = $config->getString('secret'); if (empty($this->servers)) {
$this->hostname = $config->getString('hostname');
$this->port = $config->getIntegerRange('port', 1, 65535, 1812);
$this->secret = $config->getString('secret');
$this->servers[] = array('hostname' => $this->hostname,
'port' => $this->port,
'secret' => $this->secret);
}
$this->timeout = $config->getInteger('timeout', 5); $this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3); $this->retries = $config->getInteger('retries', 3);
$this->usernameAttribute = $config->getString('username_attribute', NULL); $this->usernameAttribute = $config->getString('username_attribute', NULL);
$this->nasIdentifier = $config->getString('nas_identifier', NULL); $this->nasIdentifier = $config->getString('nas_identifier',
isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost');
$this->vendor = $config->getInteger('attribute_vendor', NULL); $this->vendor = $config->getInteger('attribute_vendor', NULL);
if ($this->vendor !== NULL) { if ($this->vendor !== NULL) {
...@@ -98,8 +111,19 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase { ...@@ -98,8 +111,19 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
assert('is_string($password)'); assert('is_string($password)');
$radius = radius_auth_open(); $radius = radius_auth_open();
if (!radius_add_server($radius, $this->hostname, $this->port, $this->secret, $this->timeout, $this->retries)) {
throw new Exception('Error connecting to radius server: ' . radius_strerror($radius)); /* Try to add all radius servers, trigger a failure if no one works. */
$success = false;
foreach ($this->servers as $server) {
if (!radius_add_server($radius, $server['hostname'], $server['port'], $server['secret'],
$this->timeout, $this->retries)) {
SimpleSAML_Logger::info("Could not connect to server: ".radius_strerror($radius));
continue;
}
$success = true;
}
if (!$success) {
throw new Exception('Error connecting to radius server, no servers available');
} }
if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) { if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) {
...@@ -148,6 +172,12 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase { ...@@ -148,6 +172,12 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
throw new Exception('Error getting radius attributes: ' . radius_strerror($radius)); throw new Exception('Error getting radius attributes: ' . radius_strerror($radius));
} }
/* Use the received user name */
if ($attr_name == RADIUS_USER_NAME) {
$attributes[$this->usernameAttribute] = array($attr_value);
continue;
}
if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) { if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) {
continue; continue;
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment