From 6a58d3ebb9fc536ba8c16a374787077f21b94c89 Mon Sep 17 00:00:00 2001
From: "wurblzap%gmail.com" <>
Date: Fri, 3 Aug 2007 03:38:37 +0000
Subject: Bug 380187 – Bugzilla should support RADIUS authentication. Patch by
 Marc Schumann <wurblzap@gmail.com>; r=mkanat, a=mkanat
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bugzilla/Auth/Verify/RADIUS.pm   | 64 ++++++++++++++++++++++++++++++++++++++++
 Bugzilla/Config/Auth.pm          |  4 +--
 Bugzilla/Config/Common.pm        | 34 ++++++++++++++-------
 Bugzilla/Config/RADIUS.pm        | 60 +++++++++++++++++++++++++++++++++++++
 Bugzilla/Install/Requirements.pm |  6 ++++
 5 files changed, 156 insertions(+), 12 deletions(-)
 create mode 100755 Bugzilla/Auth/Verify/RADIUS.pm
 create mode 100755 Bugzilla/Config/RADIUS.pm

(limited to 'Bugzilla')

diff --git a/Bugzilla/Auth/Verify/RADIUS.pm b/Bugzilla/Auth/Verify/RADIUS.pm
new file mode 100755
index 000000000..da36c3bd1
--- /dev/null
+++ b/Bugzilla/Auth/Verify/RADIUS.pm
@@ -0,0 +1,64 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Marc Schumann.
+# Portions created by Marc Schumann are Copyright (c) 2007 Marc Schumann.
+# All rights reserved.
+#
+# Contributor(s): Marc Schumann <wurblzap@gmail.com>
+
+package Bugzilla::Auth::Verify::RADIUS;
+use strict;
+use base qw(Bugzilla::Auth::Verify);
+
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Util;
+
+use Authen::Radius;
+
+use constant admin_can_create_account => 0;
+use constant user_can_create_account  => 0;
+
+sub check_credentials {
+    my ($self, $params) = @_;
+    my $dbh = Bugzilla->dbh;
+    my $address_suffix = Bugzilla->params->{'RADIUS_email_suffix'};
+    my $username = $params->{username};
+
+    # If we're using RADIUS_email_suffix, we may need to cut it off from
+    # the login name.
+    if ($address_suffix) {
+        $username =~ s/\Q$address_suffix\E$//i;
+    }
+
+    # Create RADIUS object.
+    my $radius =
+        new Authen::Radius(Host   => Bugzilla->params->{'RADIUS_server'},
+                           Secret => Bugzilla->params->{'RADIUS_secret'})
+        || return { failure => AUTH_ERROR, error => 'radius_preparation_error',
+                    details => {errstr => Authen::Radius::strerror() } };
+
+    # Check the password.
+    $radius->check_pwd($username, $params->{password},
+                       Bugzilla->params->{'RADIUS_NAS_IP'} || undef)
+        || return { failure => AUTH_LOGINFAILED };
+
+    # Build the user account's e-mail address.
+    $params->{bz_username} = $username . $address_suffix;
+
+    return $params;
+}
+
+1;
diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm
index 65ebc1b79..cbd94617a 100644
--- a/Bugzilla/Config/Auth.pm
+++ b/Bugzilla/Config/Auth.pm
@@ -76,8 +76,8 @@ sub get_param_list {
 
   {
    name => 'user_verify_class',
-   type => 's',
-   choices => [ 'DB', 'LDAP', 'DB,LDAP', 'LDAP,DB' ],
+   type => 'o',
+   choices => [ 'DB', 'RADIUS', 'LDAP' ],
    default => 'DB',
    checker => \&check_user_verify_class
   },
diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm
index 188ef0c90..14406019d 100644
--- a/Bugzilla/Config/Common.pm
+++ b/Bugzilla/Config/Common.pm
@@ -27,6 +27,7 @@
 #                 Joseph Heenan <joseph@heenan.me.uk>
 #                 Erik Stambaugh <erik@dasbistro.com>
 #                 Frédéric Buclin <LpSolit@gmail.com>
+#                 Marc Schumann <wurblzap@gmail.com>
 #
 
 package Bugzilla::Config::Common;
@@ -64,8 +65,8 @@ sub check_multi {
 
         return "";
     }
-    elsif ($param->{'type'} eq "m") {
-        foreach my $chkParam (@$value) {
+    elsif ($param->{'type'} eq 'm' || $param->{'type'} eq 'o') {
+        foreach my $chkParam (split(',', $value)) {
             unless (scalar(grep {$_ eq $chkParam} (@{$param->{'choices'}}))) {
                 return "Invalid choice '$chkParam' for multi-select list param '$param->{'name'}'";
             }
@@ -268,18 +269,27 @@ sub check_user_verify_class {
     # So don't do that.
 
     my ($list, $entry) = @_;
+    $list || return 'You need to specify at least one authentication mechanism';
     for my $class (split /,\s*/, $list) {
         my $res = check_multi($class, $entry);
         return $res if $res;
         if ($class eq 'DB') {
             # No params
-        } elsif ($class eq 'LDAP') {
+        }
+        elsif ($class eq 'RADIUS') {
+            eval "require Authen::Radius";
+            return "Error requiring Authen::Radius: '$@'" if $@;
+            return "RADIUS servername (RADIUS_server) is missing" unless Bugzilla->params->{"RADIUS_server"};
+            return "RADIUS_secret is empty" unless Bugzilla->params->{"RADIUS_secret"};
+        }
+        elsif ($class eq 'LDAP') {
             eval "require Net::LDAP";
             return "Error requiring Net::LDAP: '$@'" if $@;
-            return "LDAP servername is missing" unless Bugzilla->params->{"LDAPserver"};
+            return "LDAP servername (LDAPserver) is missing" unless Bugzilla->params->{"LDAPserver"};
             return "LDAPBaseDN is empty" unless Bugzilla->params->{"LDAPBaseDN"};
-        } else {
-                return "Unknown user_verify_class '$class' in check_user_verify_class";
+        }
+        else {
+            return "Unknown user_verify_class '$class' in check_user_verify_class";
         }
     }
     return "";
@@ -363,9 +373,8 @@ sub check_timezone {
 # b -- A boolean value (either 1 or 0)
 # m -- A list of values, with many selectable (shows up as a select box)
 #      To specify the list of values, make the 'choices' key be an array
-#      reference of the valid choices. The 'default' key should be an array
-#      reference for the list of selected values (which must appear in the
-#      first anonymous array), i.e.:
+#      reference of the valid choices. The 'default' key should be a string
+#      with a list of selected values (as a comma-separated list), i.e.:
 #       {
 #         name => 'multiselect',
 #         desc => 'A list of options, choose many',
@@ -381,6 +390,11 @@ sub check_timezone {
 #      &check_multi should always be used as the param verification function
 #      for list (single and multiple) parameter types.
 #
+# o -- A list of values, orderable, and with many selectable (shows up as a
+#      JavaScript-enhanced select box if JavaScript is enabled, and a text
+#      entry field if not)
+#      Set up in the same way as type m.
+#
 # s -- A list of values, with one selectable (shows up as a select box)
 #      To specify the list of values, make the 'choices' key be an array
 #      reference of the valid choices. The 'default' key should be one of
@@ -422,7 +436,7 @@ All parameter checking functions are called with two parameters:
 
 =item C<check_multi>
 
-Checks that a multi-valued parameter (ie type C<s> or type C<m>) satisfies
+Checks that a multi-valued parameter (ie types C<s>, C<o> or C<m>) satisfies
 its contraints.
 
 =item C<check_numeric>
diff --git a/Bugzilla/Config/RADIUS.pm b/Bugzilla/Config/RADIUS.pm
new file mode 100755
index 000000000..6701d6f08
--- /dev/null
+++ b/Bugzilla/Config/RADIUS.pm
@@ -0,0 +1,60 @@
+# -*- Mode: perl; indent-tabs-mode: nil -*-
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is the Bugzilla Bug Tracking System.
+#
+# The Initial Developer of the Original Code is Marc Schumann.
+# Portions created by Marc Schumann are Copyright (c) 2007 Marc Schumann.
+# All rights reserved.
+#
+# Contributor(s): Marc Schumann <wurblzap@gmail.com>
+#
+
+package Bugzilla::Config::RADIUS;
+
+use strict;
+
+use Bugzilla::Config::Common;
+
+$Bugzilla::Config::RADIUS::sortkey = "09";
+
+sub get_param_list {
+  my $class = shift;
+  my @param_list = (
+  {
+   name =>    'RADIUS_server',
+   type =>    't',
+   default => ''
+  },
+
+  {
+   name =>    'RADIUS_secret',
+   type =>    't',
+   default => ''
+  },
+
+  {
+   name =>    'RADIUS_NAS_IP',
+   type =>    't',
+   default => ''
+  },
+
+  {
+   name =>    'RADIUS_email_suffix',
+   type =>    't',
+   default => ''
+  },
+  );
+  return @param_list;
+}
+
+1;
diff --git a/Bugzilla/Install/Requirements.pm b/Bugzilla/Install/Requirements.pm
index 7cc51a5e6..321f90f8d 100644
--- a/Bugzilla/Install/Requirements.pm
+++ b/Bugzilla/Install/Requirements.pm
@@ -169,6 +169,12 @@ sub OPTIONAL_MODULES {
         version => 0,
         feature => 'LDAP Authentication'
     },
+    {
+        package => 'RadiusPerl',
+        module  => 'Authen::Radius',
+        version => 0,
+        feature => 'RADIUS Authentication'
+    },
     {
         package => 'SOAP-Lite',
         module  => 'SOAP::Lite',
-- 
cgit v1.2.3-24-g4f1b