1# This Source Code Form is subject to the terms of the Mozilla Public 2# License, v. 2.0. If a copy of the MPL was not distributed with this 3# file, You can obtain one at http://mozilla.org/MPL/2.0/. 4# 5# This Source Code Form is "Incompatible With Secondary Licenses", as 6# defined by the Mozilla Public License, v. 2.0. 7 8package Bugzilla::Auth::Verify::RADIUS; 9 10use 5.10.1; 11use strict; 12use warnings; 13 14use parent qw(Bugzilla::Auth::Verify); 15 16use Bugzilla::Constants; 17use Bugzilla::Error; 18use Bugzilla::Util; 19 20use Authen::Radius; 21 22use constant admin_can_create_account => 0; 23use constant user_can_create_account => 0; 24 25sub check_credentials { 26 my ($self, $params) = @_; 27 my $dbh = Bugzilla->dbh; 28 my $address_suffix = Bugzilla->params->{'RADIUS_email_suffix'}; 29 my $username = $params->{username}; 30 31 # If we're using RADIUS_email_suffix, we may need to cut it off from 32 # the login name. 33 if ($address_suffix) { 34 $username =~ s/\Q$address_suffix\E$//i; 35 } 36 37 # Create RADIUS object. 38 my $radius = 39 new Authen::Radius(Host => Bugzilla->params->{'RADIUS_server'}, 40 Secret => Bugzilla->params->{'RADIUS_secret'}) 41 || return { failure => AUTH_ERROR, error => 'radius_preparation_error', 42 details => {errstr => Authen::Radius::strerror() } }; 43 44 # Check the password. 45 $radius->check_pwd($username, $params->{password}, 46 Bugzilla->params->{'RADIUS_NAS_IP'} || undef) 47 || return { failure => AUTH_LOGINFAILED }; 48 49 # Build the user account's e-mail address. 50 $params->{bz_username} = $username . $address_suffix; 51 52 return $params; 53} 54 551; 56