Revision: 3146
Author: jaim...@gmail.com
Date: Mon Aug 27 06:35:03 2012
Log: Multiple servers support in radius module. Implies new
configuration options (but is backwards compatible).
http://code.google.com/p/simplesamlphp/source/detail?r=3146
Added:
/trunk/.gitignore
Modified:
/trunk/modules/radius/lib/Auth/Source/Radius.php
=======================================
--- /dev/null
+++ /trunk/.gitignore Mon Aug 27 06:35:03 2012
@@ -0,0 +1,3 @@
+config
+metadata
+enable
=======================================
--- /trunk/modules/radius/lib/Auth/Source/Radius.php Fri May 4 01:18:10
2012
+++ /trunk/modules/radius/lib/Auth/Source/Radius.php Mon Aug 27 06:35:03
2012
@@ -10,6 +10,11 @@
*/
class sspmod_radius_Auth_Source_Radius extends
sspmod_core_Auth_UserPassBase {
+ /**
+ * The list of radius servers to use.
+ */
+ private $servers;
+
/**
* The hostname of the radius server.
*/
@@ -71,13 +76,21 @@
$config = SimpleSAML_Configuration::loadFromArray($config,
'Authentication source ' . var_export($this->authId,
TRUE));
- $this->hostname = $config->getString('hostname');
- $this->port = $config->getIntegerRange('port', 1, 65535, 1812);
- $this->secret = $config->getString('secret');
+ $this->servers = $config->getArray('servers', array());
+ /* For backwards compatibility. */
+ if (empty($this->servers)) {
+ $this->hostname = $config->getString('hostname');
+ $this->port = $config->getIntegerRange('port', 1,
65535, 1812);
+ $this->secret = $config->getString('secret');
+ $this->servers[] = array('hostname' => $this->hostname,
+ 'port' =>
$this->port,
+ 'secret'
=> $this->secret);
+ }
$this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3);
$this->usernameAttribute = $config->getString('username_attribute',
NULL);
- $this->nasIdentifier = $config->getString('nas_identifier',
NULL);
+ $this->nasIdentifier = $config->getString('nas_identifier',
+ isset($_SERVER['HTTP_HOST']) ?
$_SERVER['HTTP_HOST'] : 'localhost');
$this->vendor = $config->getInteger('attribute_vendor', NULL);
if ($this->vendor !== NULL) {
@@ -98,9 +111,20 @@
assert('is_string($password)');
$radius = radius_auth_open();
- if (!radius_add_server($radius, $this->hostname, $this->port,
$this->secret, $this->timeout, $this->retries)) {
- throw new Exception('Error connecting to radius server: ' .
radius_strerror($radius));
+
+ /* Try to add all radius servers, trigger a failure if no one
works. */
+ $success = false;
+ foreach ($this->servers as $server) {
+ if (!radius_add_server($radius, $server['hostname'], $server['port'],
$server['secret'],
+ $this->timeout,
$this->retries)) {
+ SimpleSAML_Logger::info("Could not connect to
server: ".radius_strerror($radius));
+ continue;
+ }
+ $success = true;
}
+ if (!$success) {
+ throw new Exception('Error connecting to radius server, no servers
available');
+ }
if (!radius_create_request($radius, RADIUS_ACCESS_REQUEST)) {
throw new Exception('Error creating radius request: ' .
radius_strerror($radius));
@@ -147,6 +171,12 @@
if (!is_array($resa)) {
throw new Exception('Error getting radius attributes: ' .
radius_strerror($radius));
}
+
+ /* Use the received user name */
+ if ($attr_name == RADIUS_USER_NAME) {
+ $attributes[$this->usernameAttribute] =
array($attr_value);
+ continue;
+ }
if ($resa['attr'] !== RADIUS_VENDOR_SPECIFIC) {
continue;
--
You received this message because you are subscribed to the Google Groups
"simpleSAMLphp commits" group.
To post to this group, send email to simplesamlphp-commits@googlegroups.com.
To unsubscribe from this group, send email to
simplesamlphp-commits+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/simplesamlphp-commits?hl=en.
