<div>Since mod_auth_radius didn't seem to be handling authorization requests in apache 2.2 for me,</div>
<div>I added support for mod_auth's AuthBasicProvider directive in mod_auth_radius. This allows you to direct mod_auth to use mod_auth_radius as it's authentication provider.</div>
<div> </div>
<div>A patch for mod_auth_radius-2.0.c is provided below. To use: build with -DUSING_AUTHBASICPROVIDER and place</div>
<div> AuthBasicProvider radius</div>
<div>in the httpd.conf file at the Directory or Location level</div>
<div>------------------------------------------------Patch Follows------------------------------------</div>
<div>--- mod_auth_radius-1.5.7/mod_auth_radius-2.0.c 2003-03-24 14:16:15.000000000 -0500<br>+++ mod_auth_radius-2.0.c 2008-03-13 13:42:54.000000000 -0400<br>@@ -92,7 +92,13 @@<br> allows you to have mod_auth_radius authoritative by default, but NOT<br>
have it interfere with the rest of your configuration. The authentication<br> methods are tried from the bottom of the list, on up.<br>-<br>+ <br>+ If you are load mod_auth_radius before mod_auth or mod_auth_radius is still<br>
+ is not handling authentication requests, you can use the directive:<br>+ AuthBasicProvider radius<br>+ at the directory or Locatuion level. To use this you must have built this module<br>+ with the -DUSING_AUTHBASICPROVIDER directive<br>
+ <br> You must have at least one authentication method as authoritative. If<br> they all return "DECLINED", you get "server configuration error" message.<br> <br>@@ -232,7 +238,9 @@<br> <br> Version History<br>
===============<br>-<br>+ 1.5.8 Support for mod_auth provider plugin from Mike Maul <<a href="mailto:maul.mike@gmail.com">maul.mike@gmail.com</a>><br>+ AuthBasicProvider directive implemented value radius.<br>
+ <br> 1.5.4 Support for retries from John Lines <<a href="mailto:john.lines@integris.co.uk">john.lines@integris.co.uk</a>><br> Port to Apache 2.0 by Harrie Hazewinkel <<a href="mailto:harrie@mod-snmp.com">harrie@mod-snmp.com</a>><br>
<br>@@ -290,7 +298,10 @@<br> #include <netdb.h><br> #include <openssl/md5.h><br> #include <sys/stat.h><br>-<br>+#ifdef USING_AUTHBASICPROVIDER<br>+#include "ap_provider.h"<br>+#include "mod_auth.h"<br>
+#endif<br> #include "httpd.h"<br> #include "http_config.h"<br> #include "http_core.h"<br>@@ -301,6 +312,8 @@<br> #include "apr_tables.h"<br> #include "apr_strings.h"<br> <br>
+<br>+<br> module AP_MODULE_DECLARE_DATA radius_auth_module;<br> <br> <br>@@ -981,6 +994,12 @@<br> (STRING)[ATTR->length - 2] = 0;}<br> <br> <br>+<br>+<br>+ <br>+ /* authentication module utility functions */<br>
+<br>+<br> /* authentication module utility functions */<br> static int<br> check_pw(request_rec *r, radius_server_config_rec *scr, const char *user, const char *passwd_in, const char *state, char *message, char *errstr)<br>
@@ -1108,6 +1127,8 @@<br> apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), " for ", user, " '", message, "'", NULL));<br> }<br> }<br>+<br>+<br> /* These functions return 0 if client is OK, and proper error status<br>
* if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or<br> * SERVER_ERROR, if things are so totally confused that we couldn't<br>@@ -1226,10 +1247,35 @@<br> add_cookie(r, r->headers_out, cookie, expires);<br>
return OK;<br> }<br>+#if USING_AUTHBASICPROVIDER<br>+/* suport function for authn_provider */<br>+static authn_status authenticate_auth_basic_provider (request_rec * r, const char* user,<br>+ const char* password)<br>
+{<br>+ // Translate HTTP Response code into autn_status enum values<br>+ switch(authenticate_basic_user(r)) {<br>+ case DECLINED: return AUTH_DENIED;<br>+ case HTTP_UNAUTHORIZED: return AUTH_DENIED;<br>
+ case OK: return AUTH_GRANTED;<br>+ case HTTP_NOT_FOUND: return AUTH_DENIED;<br>+ }<br>+}<br>+<br>+static const authn_provider authn_radius_provider = {<br>+ &authenticate_auth_basic_provider,<br>
+ NULL<br>+};<br>+#endif<br> <br> static void register_hooks(apr_pool_t *p)<br> {<br>- ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE);<br>+#if USING_AUTHBASICPROVIDER<br>+ ap_register_provider(p, AUTHN_PROVIDER_GROUP, "radius", "0",<br>
+ &authn_radius_provider);<br>+#else<br>+ ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE);<br>+#endif<br>+ <br> }<br> <br> module AP_MODULE_DECLARE_DATA radius_auth_module =</div>