1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# --
# Kernel/System/Auth/Radius.pm - provides the radius authentification
# based on Martin Edenhofer's Kernel::System::Auth::DB
# Copyright (C) 2004 Andreas Jobs <Andreas.Jobs+dev@ruhr-uni-bochum.de>
# --
# $Id: Radius.pm,v 1.1 2004/08/10 10:33:10 martin Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see http://www.gnu.org/licenses/gpl.txt.
# --
# Note:
# available objects are: ConfigObject, LogObject and DBObject
# --
package Kernel::System::Auth::Radius;
use strict;
use Authen::Radius;
use vars qw($VERSION);
$VERSION = '$Revision: 1.1 $';
$VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;
# --
sub new {
my $Type = shift;
my %Param = @_;
# allocate new hash for object
my $Self = {};
bless ($Self, $Type);
# check needed objects
foreach (qw(LogObject ConfigObject DBObject)) {
$Self->{$_} = $Param{$_} || die "No $_!";
}
# Debug 0=off 1=on
$Self->{Debug} = 0;
# get user table
$Self->{RadiusHost} = $Self->{ConfigObject}->Get('AuthModule::Radius::Host')
|| die 'Need AuthModule::Radius::Host in Kernel/Config.pm';
$Self->{RadiusSecret} = $Self->{ConfigObject}->Get('AuthModule::Radius::Password')
|| die 'Need AuthModule::Radius::Password in Kernel/Config.pm';
return $Self;
}
# --
sub GetOption {
my $Self = shift;
my %Param = @_;
# check needed stuff
if (!$Param{What}) {
$Self->{LogObject}->Log(Priority => 'error', Message => "Need What!");
return;
}
# module options
my %Option = (
PreAuth => 0,
);
# return option
return $Option{$Param{What}};
}
# --
sub Auth {
my $Self = shift;
my %Param = @_;
# check needed stuff
if (!$Param{User}) {
$Self->{LogObject}->Log(Priority => 'error', Message => "Need User!");
return;
}
# get params
my $User = $Param{User} || '';
my $Pw = $Param{Pw} || '';
my $RemoteAddr = $ENV{REMOTE_ADDR} || 'Got no REMOTE_ADDR env!';
my $UserID = '';
my $GetPw = '';
# just in case for debug!
if ($Self->{Debug} > 0) {
$Self->{LogObject}->Log(
Priority => 'notice',
Message => "User: '$User' tried to authenticate with Pw: '$Pw' ($RemoteAddr)",
);
}
# just a note
if (!$User) {
$Self->{LogObject}->Log(
Priority => 'notice',
Message => "No User given!!! (REMOTE_ADDR: $RemoteAddr)",
);
return;
}
# just a note
if (!$Pw) {
$Self->{LogObject}->Log(
Priority => 'notice',
Message => "User: $User authentication without Pw!!! (REMOTE_ADDR: $RemoteAddr)",
);
return;
}
# Create a radius object
my $Radius = new Authen::Radius (Host => $Self->{RadiusHost}, Secret => $Self->{RadiusSecret});
my $AuthResult = $Radius->check_pwd ($User, $Pw);
# login note
if (defined($AuthResult) && $AuthResult == 1) {
$Self->{LogObject}->Log(
Priority => 'notice',
Message => "User: $User authentication ok (REMOTE_ADDR: $RemoteAddr).",
);
return $User;
}
# just a note
else {
$Self->{LogObject}->Log(
Priority => 'notice',
Message => "User: $User authentication with wrong Pw!!! (REMOTE_ADDR: $RemoteAddr)"
);
return;
}
}
# --
1;
|
