From 48776e071742e45031b750a93f778d39a2a77d12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no>
Date: Mon, 27 Aug 2012 13:35:03 +0000
Subject: [PATCH] Multiple servers support in radius module. Implies new
configuration options (but is backwards compatible).
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3146 44740490-163a-0410-bde0-09ae8108e29a
---
.gitignore | 3 ++
modules/radius/lib/Auth/Source/Radius.php | 42 +++++++++++++++++++----
2 files changed, 39 insertions(+), 6 deletions(-)
create mode 100644 .gitignore
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..81e303c0e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+config
+metadata
+enable
diff --git a/modules/radius/lib/Auth/Source/Radius.php b/modules/radius/lib/Auth/Source/Radius.php
index 57c023c6c..917b6c1f0 100644
--- a/modules/radius/lib/Auth/Source/Radius.php
+++ b/modules/radius/lib/Auth/Source/Radius.php
@@ -10,6 +10,11 @@
*/
class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
+ /**
+ * The list of radius servers to use.
+ */
+ private $servers;
+
/**
* The hostname of the radius server.
*/
@@ -71,13 +76,21 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
$config = SimpleSAML_Configuration::loadFromArray($config,
'Authentication source ' . var_export($this->authId, TRUE));
- $this->hostname = $config->getString('hostname');
- $this->port = $config->getIntegerRange('port', 1, 65535, 1812);
- $this->secret = $config->getString('secret');
+ $this->servers = $config->getArray('servers', array());
+ /* For backwards compatibility. */
+ if (empty($this->servers)) {
+ $this->hostname = $config->getString('hostname');
+ $this->port = $config->getIntegerRange('port', 1, 65535, 1812);
+ $this->secret = $config->getString('secret');
+ $this->servers[] = array('hostname' => $this->hostname,
+ 'port' => $this->port,
+ 'secret' => $this->secret);
+ }
$this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3);
$this->usernameAttribute = $config->getString('username_attribute', NULL);
- $this->nasIdentifier = $config->getString('nas_identifier', NULL);
+ $this->nasIdentifier = $config->getString('nas_identifier',
+ isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost');
$this->vendor = $config->getInteger('attribute_vendor', NULL);
if ($this->vendor !== NULL) {
@@ -98,8 +111,19 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
assert('is_string($password)');
$radius = radius_auth_open();
- if (!radius_add_server($radius, $this->hostname, $this->port, $this->secret, $this->timeout, $this->retries)) {
- throw new Exception('Error connecting to radius server: ' . radius_strerror($radius));
+
+ /* Try to add all radius servers, trigger a failure if no one works. */
+ $success = false;
+ foreach ($this->servers as $server) {
+ if (!radius_add_server($radius, $server['hostname'], $server['port'], $server['secret'],
+ $this->timeout, $this->retries)) {
+ SimpleSAML_Logger::info("Could not connect to server: ".radius_strerror($radius));
+ continue;
+ }
+ $success = true;
+ }
+ if (!$success) {
+ throw new Exception('Error connecting to radius server, no servers available');
}
if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) {
@@ -148,6 +172,12 @@ class sspmod_radius_Auth_Source_Radius extends sspmod_core_Auth_UserPassBase {
throw new Exception('Error getting radius attributes: ' . radius_strerror($radius));
}
+ /* Use the received user name */
+ if ($attr_name == RADIUS_USER_NAME) {
+ $attributes[$this->usernameAttribute] = array($attr_value);
+ continue;
+ }
+
if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) {
continue;
}
--
GitLab