| # This Source Code Form is subject to the terms of the Mozilla Public |
| # License, v. 2.0. If a copy of the MPL was not distributed with this |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| # |
| # This Source Code Form is "Incompatible With Secondary Licenses", as |
| # defined by the Mozilla Public License, v. 2.0. |
| |
| package Bugzilla::Auth::Verify::RADIUS; |
| |
| use 5.10.1; |
| use strict; |
| use warnings; |
| |
| use parent qw(Bugzilla::Auth::Verify); |
| |
| use Bugzilla::Constants; |
| use Bugzilla::Error; |
| use Bugzilla::Util; |
| |
| use Authen::Radius; |
| |
| use constant admin_can_create_account => 0; |
| use constant user_can_create_account => 0; |
| |
| sub check_credentials { |
| my ($self, $params) = @_; |
| my $dbh = Bugzilla->dbh; |
| my $address_suffix = Bugzilla->params->{'RADIUS_email_suffix'}; |
| my $username = $params->{username}; |
| |
| # If we're using RADIUS_email_suffix, we may need to cut it off from |
| # the login name. |
| if ($address_suffix) { |
| $username =~ s/\Q$address_suffix\E$//i; |
| } |
| |
| # Create RADIUS object. |
| my $radius = |
| new Authen::Radius(Host => Bugzilla->params->{'RADIUS_server'}, |
| Secret => Bugzilla->params->{'RADIUS_secret'}) |
| || return { failure => AUTH_ERROR, error => 'radius_preparation_error', |
| details => {errstr => Authen::Radius::strerror() } }; |
| |
| # Check the password. |
| $radius->check_pwd($username, $params->{password}, |
| Bugzilla->params->{'RADIUS_NAS_IP'} || undef) |
| || return { failure => AUTH_LOGINFAILED }; |
| |
| # Build the user account's e-mail address. |
| $params->{bz_username} = $username . $address_suffix; |
| |
| return $params; |
| } |
| |
| 1; |
