diff options
Diffstat (limited to 'plugins/auth_radius/init.php')
-rw-r--r-- | plugins/auth_radius/init.php | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/plugins/auth_radius/init.php b/plugins/auth_radius/init.php new file mode 100644 index 000000000..b08654549 --- /dev/null +++ b/plugins/auth_radius/init.php @@ -0,0 +1,76 @@ +<?php +/* +Tiny Tiny RSS plugin for RADIUS authentication +@author alsvartr ([email protected]) +@copyright GPL2 + +Requires php radius class (comes with plugin) +Put the following options in config.php: + + define('RADIUS_AUTH_SERVER', 'radius_server_address'); + define('RADIUS_AUTH_SECRET', 'radius_shared_secret'); + +Optional: + + //Default: 1812 + define('RADIUS_AUTH_PORT', radius_auth_port); +*/ + +class Auth_Radius extends Plugin implements IAuthModule { + + private $link; + private $host; + private $base; + private $debug; + + function about() { + return array(0.1, + "Authenticates against an RADIUS server (configured in config.php)", + "alsvartr", + true); + } + + function init($host) { + $this->link = $host->get_link(); + $this->host = $host; + $this->base = new Auth_Base($this->link); + $this->debug = FALSE; + + $host->add_hook($host::HOOK_AUTH_USER, $this); + } + + private function _log($msg) { + if ($this->debug) trigger_error($msg, E_USER_WARNING); + } + + function authenticate($login, $password) { + if (!require_once('php-radius/radius.php')) { + $this->_log('Cannot require radius class files!'); + return FALSE; + } + + if ($login && $password) { + if ( (!defined('RADIUS_AUTH_SERVER')) OR (!defined('RADIUS_AUTH_SECRET')) ) { + $this->_log('Could not parse RADIUS_AUTH_ options from config.php!'); + return FALSE; + } elseif (!defined('RADIUS_AUTH_PORT')) + define('RADIUS_AUTH_PORT', 1812); + + $radius = new Radius(RADIUS_AUTH_SERVER, RADIUS_AUTH_SECRET, '', 5, RADIUS_AUTH_PORT); + $radius->SetNasIpAddress('1.2.3.4'); + $auth = $radius->AccessRequest($login, $password); + + if ($auth) + return $this->base->auto_create_user($login); + else { + $this->_log('Radius authentication rejected!'); + return FALSE; + } + } + + return FALSE; + } + +} + +?> |