1# -- 2# Copyright (C) 2001-2020 OTRS AG, https://otrs.com/ 3# -- 4# This software comes with ABSOLUTELY NO WARRANTY. For details, see 5# the enclosed file COPYING for license information (GPL). If you 6# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt. 7# -- 8 9package Kernel::System::Auth::Radius; 10 11use strict; 12use warnings; 13 14use Authen::Radius; 15 16our @ObjectDependencies = ( 17 'Kernel::Config', 18 'Kernel::System::Log', 19); 20 21sub new { 22 my ( $Type, %Param ) = @_; 23 24 # allocate new hash for object 25 my $Self = {}; 26 bless( $Self, $Type ); 27 28 # Debug 0=off 1=on 29 $Self->{Debug} = 0; 30 31 # get config object 32 my $ConfigObject = $Kernel::OM->Get('Kernel::Config'); 33 34 # get config 35 $Self->{Die} = $ConfigObject->Get( 'AuthModule::Radius::Die' . $Param{Count} ); 36 37 # get user table 38 $Self->{RadiusHost} = $ConfigObject->Get( 'AuthModule::Radius::Host' . $Param{Count} ) 39 || die "Need AuthModule::Radius::Host$Param{Count} in Kernel/Config.pm"; 40 $Self->{RadiusSecret} = $ConfigObject->Get( 'AuthModule::Radius::Password' . $Param{Count} ) 41 || die "Need AuthModule::Radius::Password$Param{Count} in Kernel/Config.pm"; 42 43 return $Self; 44} 45 46sub GetOption { 47 my ( $Self, %Param ) = @_; 48 49 # check needed stuff 50 if ( !$Param{What} ) { 51 $Kernel::OM->Get('Kernel::System::Log')->Log( 52 Priority => 'error', 53 Message => "Need What!" 54 ); 55 return; 56 } 57 58 # module options 59 my %Option = ( PreAuth => 0 ); 60 61 return $Option{ $Param{What} }; 62} 63 64sub Auth { 65 my ( $Self, %Param ) = @_; 66 67 # check needed stuff 68 if ( !$Param{User} ) { 69 $Kernel::OM->Get('Kernel::System::Log')->Log( 70 Priority => 'error', 71 Message => "Need User!" 72 ); 73 return; 74 } 75 76 # get params 77 my $User = $Param{User} || ''; 78 my $Pw = $Param{Pw} || ''; 79 my $RemoteAddr = $ENV{REMOTE_ADDR} || 'Got no REMOTE_ADDR env!'; 80 my $UserID = ''; 81 my $GetPw = ''; 82 83 # just in case for debug! 84 if ( $Self->{Debug} > 0 ) { 85 $Kernel::OM->Get('Kernel::System::Log')->Log( 86 Priority => 'notice', 87 Message => "User: '$User' tried to authenticate with Pw: '$Pw' ($RemoteAddr)", 88 ); 89 } 90 91 # just a note 92 if ( !$User ) { 93 $Kernel::OM->Get('Kernel::System::Log')->Log( 94 Priority => 'notice', 95 Message => "No User given!!! (REMOTE_ADDR: $RemoteAddr)", 96 ); 97 return; 98 } 99 100 # just a note 101 if ( !$Pw ) { 102 $Kernel::OM->Get('Kernel::System::Log')->Log( 103 Priority => 'notice', 104 Message => "User: $User authentication without Pw!!! (REMOTE_ADDR: $RemoteAddr)", 105 ); 106 return; 107 } 108 109 # Create a radius object 110 my $Radius = Authen::Radius->new( 111 Host => $Self->{RadiusHost}, 112 Secret => $Self->{RadiusSecret}, 113 ); 114 if ( !$Radius ) { 115 if ( $Self->{Die} ) { 116 die "Can't connect to $Self->{RadiusHost}: $@"; 117 } 118 else { 119 $Kernel::OM->Get('Kernel::System::Log')->Log( 120 Priority => 'error', 121 Message => "Can't connect to $Self->{RadiusHost}: $@", 122 ); 123 return; 124 } 125 } 126 my $AuthResult = $Radius->check_pwd( $User, $Pw ); 127 128 # login note 129 if ( defined($AuthResult) && $AuthResult == 1 ) { 130 $Kernel::OM->Get('Kernel::System::Log')->Log( 131 Priority => 'notice', 132 Message => "User: $User authentication ok (REMOTE_ADDR: $RemoteAddr).", 133 ); 134 return $User; 135 } 136 137 # just a note 138 else { 139 $Kernel::OM->Get('Kernel::System::Log')->Log( 140 Priority => 'notice', 141 Message => "User: $User authentication with wrong Pw!!! (REMOTE_ADDR: $RemoteAddr)" 142 ); 143 return; 144 } 145} 146 1471; 148