Permalink
Browse files

MDL-17549 auth/radius: add CHAP and MSCHAP auth support, detect PHP reqs

 * Added support for CHAP and MSCHAP authentication schemes
   contributed by Stanislav Tsymbalov http://www.tsymbalov.net/
   original code at http://sourceforge.net/projects/moodleradius/

 * Tweak the detection of PHP RADIUS extension and Pear code

 * Update the warning notices to use more Moodly CSS classes

 * Add PEAR Auth_RADIUS and Crypt_CHAP packages to lib/pear
  • Loading branch information...
1 parent a658b7f commit 501592d7be2c619a83933d5173e6c6142ae9f2db jonathanharker committed Dec 14, 2008
Showing with 1,565 additions and 6 deletions.
  1. +51 −1 auth/radius/auth.php
  2. +31 −4 auth/radius/config.html
  3. +7 −1 lang/en_utf8/auth.php
  4. +1,001 −0 lib/pear/Auth/RADIUS.php
  5. +464 −0 lib/pear/Crypt/CHAP.php
  6. +11 −0 lib/pear/README.txt
View
@@ -9,8 +9,10 @@
*
* Authenticates against a RADIUS server.
* Contributed by Clive Gould <clive@ce.bromley.ac.uk>
+ * CHAP support contributed by Stanislav Tsymbalov http://www.tsymbalov.net/
*
* 2006-08-31 File created.
+ * 2008-03-12 CHAP support added by Stanislav Tsymbalov.
*/
if (!defined('MOODLE_INTERNAL')) {
@@ -42,6 +44,7 @@ function auth_plugin_radius() {
*/
function user_login ($username, $password) {
require_once 'Auth/RADIUS.php';
+ require_once 'Crypt/CHAP.php';
// Added by Clive on 7th May for test purposes
// printf("Username: $username <br/>");
@@ -50,9 +53,52 @@ function user_login ($username, $password) {
// printf("nasport: $this->config->nasport <br/>");
// printf("secret: $this->config->secret <br/>");
- $rauth = new Auth_RADIUS_PAP(stripslashes($username), stripslashes($password));
+ // Added by Stanislav Tsymbalov on 12th March 2008 only for test purposes
+ //$type = 'PAP';
+ //$type = 'CHAP_MD5';
+ //$type = 'MSCHAPv1';
+ //$type = 'MSCHAPv2';
+ $type = $this->config->radiustype;
+ if (empty($type)) {
+ $type = 'PAP';
+ }
+
+ $classname = 'Auth_RADIUS_' . $type;
+ $rauth = new $classname(stripslashes($username), stripslashes($password));
$rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret);
+ $rauth->username = $username;
+
+ switch($type) {
+ case 'CHAP_MD5':
+ case 'MSCHAPv1':
+ $classname = $type == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
+ $crpt = new $classname;
+ $crpt->password = $password;
+ $rauth->challenge = $crpt->challenge;
+ $rauth->chapid = $crpt->chapid;
+ $rauth->response = $crpt->challengeResponse();
+ $rauth->flags = 1;
+ // If you must use deprecated and weak LAN-Manager-Responses use this:
+ // $rauth->lmResponse = $crpt->lmChallengeResponse();
+ // $rauth->flags = 0;
+ break;
+
+ case 'MSCHAPv2':
+ $crpt = new Crypt_CHAP_MSv2;
+ $crpt->username = $username;
+ $crpt->password = $password;
+ $rauth->challenge = $crpt->authChallenge;
+ $rauth->peerChallenge = $crpt->peerChallenge;
+ $rauth->chapid = $crpt->chapid;
+ $rauth->response = $crpt->challengeResponse();
+ break;
+
+ default:
+ $rauth->password = $password;
+ break;
+ }
+
if (!$rauth->start()) {
printf("Radius start: %s<br/>\n", $rauth->getError());
exit;
@@ -122,6 +168,9 @@ function process_config($config) {
if (!isset ($config->nasport)) {
$config->nasport = '1812';
}
+ if (!isset($config->radiustype)) {
+ $config->radiustype = 'PAP';
+ }
if (!isset ($config->secret)) {
$config->secret = '';
}
@@ -134,6 +183,7 @@ function process_config($config) {
set_config('nasport', $config->nasport, 'auth/radius');
set_config('secret', $config->secret, 'auth/radius');
set_config('changepasswordurl', $config->changepasswordurl, 'auth/radius');
+ set_config('radiustype', $config->radiustype, 'auth/radius');
return true;
}
View
@@ -1,10 +1,12 @@
<?php
-// TODO: this generates broken file errors, needs safer test -JH
-
// Is Auth/RADIUS really there?
-if (!defined('Auth_RADIUS_PAP') or !class_exists(Auth_RADIUS_PAP) or !include_once('Auth/RADIUS.php')) {
- print '<p style="text-align:center; color: red"><strong>Warning: The Auth_RADIUS module does not seem to be present. Please ensure it is installed and enabled.</strong></p>';
+if (!extension_loaded('radius')) {
+ print '<div class="box errorbox errorboxcontent"><p class="errormessage"><strong>Warning: The PHP RADIUS extension is not present. Please ensure it is installed and enabled.</strong></p></div>';
+}
+include_once 'Auth/RADIUS.php';
+if (!class_exists('Auth_RADIUS')) {
+ print '<div class="box errorbox errorboxcontent"><p class="errormessage"><strong>Warning: There is a problem with the PHP Pear Auth_RADIUS package. Please ensure it is installed correctly.</strong></p></div>';
}
// set to defaults if undefined
@@ -14,6 +16,9 @@
if (!isset($config->nasport)) {
$config->nasport = '1812';
}
+if (!isset($config->radiustype)) {
+ $config->radiustype = 'PAP';
+}
if (!isset($config->secret)) {
$config->secret = '';
}
@@ -55,6 +60,28 @@
</tr>
<tr valign="top" >
+ <td align="right"><?php print_string('auth_radiustype_key', 'auth') ?>: </td>
+ <td>
+<?php
+
+ $radiustype = array();
+ $radiustype['PAP'] = get_string('auth_radiustypepap', 'auth');
+ $radiustype['CHAP_MD5'] = get_string('auth_radiustypechapmd5', 'auth');
+ $radiustype['MSCHAPv1'] = get_string('auth_radiustypemschapv1', 'auth');
+ $radiustype['MSCHAPv2'] = get_string('auth_radiustypemschapv2', 'auth');
+ choose_from_menu($radiustype, 'radiustype', $config->radiustype, '');
+
+ if (isset($err['radiustype'])) {
+ formerr($err['radiustype']);
+ }
+
+?>
+ </td>
+ <td><?php print_string('auth_radiustype', 'auth') ?></td>
+</tr>
+
+
+<tr valign="top" >
<td align="right"><?php print_string('auth_radiussecret_key', 'auth') ?>: </td>
<td>
<input name="secret" type="text" size="6" value="<?php echo $config->secret ?>" />
View
@@ -315,10 +315,16 @@
$string['auth_radiushost'] = 'Address of the RADIUS server';
$string['auth_radiusnasport'] = 'Port to use to connect';
$string['auth_radiussecret'] = 'Shared secret';
+$string['auth_radiustype'] = 'Choose an authentication scheme to use with the RADIUS server.';
+$string['auth_radiustypepap'] = 'PAP';
+$string['auth_radiustypechapmd5'] = 'CHAP MD5';
+$string['auth_radiustypemschapv1'] = 'Microsoft CHAP version 1';
+$string['auth_radiustypemschapv2'] = 'Microsoft CHAP version 2';
$string['auth_radiuschangepasswordurl_key'] = 'Password-change URL';
$string['auth_radiusnasport_key'] = 'Port';
$string['auth_radiushost_key'] = 'Host';
$string['auth_radiussecret_key'] = 'Secret';
+$string['auth_radiustype_key'] = 'Authentication';
// Shibboleth plugin
$string['auth_shibbolethdescription'] = 'Using this method users are created and authenticated using <a href=\"http://shibboleth.internet2.edu/\">Shibboleth</a>.<br />Be sure to read the <a href=\"../auth/shibboleth/README.txt\">README</a> for Shibboleth on how to set up your Moodle with Shibboleth';
@@ -356,7 +362,7 @@
$string['authenticationoptions'] = 'Authentication options';
$string['authinstructions'] = 'Here you can provide instructions for your users, so they know which username and password they should be using. The text you enter here will appear on the login page. If you leave this blank then no instructions will be printed.';
$string['changepassword'] = 'Change password URL';
-$string['changepasswordhelp'] = 'Here you can specify a location at which your users can recover or change their username/password if they\'ve forgotten it. This will be provided to users as a button on the login page and their user page. if you leave this blank the button will not be printed.';
+$string['changepasswordhelp'] = 'Here you can specify a location at which your users can recover or change their username/password if they\'ve forgotten it. This will be provided to users as a button on the login page and their user page. If you leave this blank the button will not be printed.';
$string['chooseauthmethod'] = 'Choose an authentication method';
$string['createpasswordifneeded'] = 'Create password if needed';
$string['errorpasswordupdate'] = 'Error updating password, password not changed';
Oops, something went wrong.

0 comments on commit 501592d

Please sign in to comment.