mod_auth_radius AuthBasicProvider Directive Support
Since mod_auth_radius didn't seem to be handling authorization requests in apache 2.2 for me, I added support for mod_auth's AuthBasicProvider directive in mod_auth_radius. This allows you to direct mod_auth to use mod_auth_radius as it's authentication provider. A patch for mod_auth_radius-2.0.c is provided below. To use: build with -DUSING_AUTHBASICPROVIDER and place AuthBasicProvider radius in the httpd.conf file at the Directory or Location level ------------------------------------------------Patch Follows------------------------------------ --- mod_auth_radius-1.5.7/mod_auth_radius-2.0.c 2003-03-24 14:16: 15.000000000 -0500 +++ mod_auth_radius-2.0.c 2008-03-13 13:42:54.000000000 -0400 @@ -92,7 +92,13 @@ allows you to have mod_auth_radius authoritative by default, but NOT have it interfere with the rest of your configuration. The authentication methods are tried from the bottom of the list, on up. - + + If you are load mod_auth_radius before mod_auth or mod_auth_radius is still + is not handling authentication requests, you can use the directive: + AuthBasicProvider radius + at the directory or Locatuion level. To use this you must have built this module + with the -DUSING_AUTHBASICPROVIDER directive + You must have at least one authentication method as authoritative. If they all return "DECLINED", you get "server configuration error" message. @@ -232,7 +238,9 @@ Version History =============== - + 1.5.8 Support for mod_auth provider plugin from Mike Maul < maul.mike@gmail.com> + AuthBasicProvider directive implemented value radius. + 1.5.4 Support for retries from John Lines <john.lines@integris.co.uk> Port to Apache 2.0 by Harrie Hazewinkel <harrie@mod-snmp.com> @@ -290,7 +298,10 @@ #include <netdb.h> #include <openssl/md5.h> #include <sys/stat.h> - +#ifdef USING_AUTHBASICPROVIDER +#include "ap_provider.h" +#include "mod_auth.h" +#endif #include "httpd.h" #include "http_config.h" #include "http_core.h" @@ -301,6 +312,8 @@ #include "apr_tables.h" #include "apr_strings.h" + + module AP_MODULE_DECLARE_DATA radius_auth_module; @@ -981,6 +994,12 @@ (STRING)[ATTR->length - 2] = 0;} + + + + /* authentication module utility functions */ + + /* authentication module utility functions */ static int check_pw(request_rec *r, radius_server_config_rec *scr, const char *user, const char *passwd_in, const char *state, char *message, char *errstr) @@ -1108,6 +1127,8 @@ apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), " for ", user, " '", message, "'", NULL)); } } + + /* These functions return 0 if client is OK, and proper error status * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or * SERVER_ERROR, if things are so totally confused that we couldn't @@ -1226,10 +1247,35 @@ add_cookie(r, r->headers_out, cookie, expires); return OK; } +#if USING_AUTHBASICPROVIDER +/* suport function for authn_provider */ +static authn_status authenticate_auth_basic_provider (request_rec * r, const char* user, + const char* password) +{ + // Translate HTTP Response code into autn_status enum values + switch(authenticate_basic_user(r)) { + case DECLINED: return AUTH_DENIED; + case HTTP_UNAUTHORIZED: return AUTH_DENIED; + case OK: return AUTH_GRANTED; + case HTTP_NOT_FOUND: return AUTH_DENIED; + } +} + +static const authn_provider authn_radius_provider = { + &authenticate_auth_basic_provider, + NULL +}; +#endif static void register_hooks(apr_pool_t *p) { - ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); +#if USING_AUTHBASICPROVIDER + ap_register_provider(p, AUTHN_PROVIDER_GROUP, "radius", "0", + &authn_radius_provider); +#else + ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); +#endif + } module AP_MODULE_DECLARE_DATA radius_auth_module =
participants (1)
-
Michael Maul