mod_auth_radius AuthBasicProvider Directive Support
Michael Maul
mike.maul at gmail.com
Thu Mar 13 19:00:53 CET 2008
Since mod_auth_radius didn't seem to be handling authorization requests in
apache 2.2 for me,
I added support for mod_auth's AuthBasicProvider directive in
mod_auth_radius. This allows you to direct mod_auth to use mod_auth_radius
as it's authentication provider.
A patch for mod_auth_radius-2.0.c is provided below. To use: build with
-DUSING_AUTHBASICPROVIDER and place
AuthBasicProvider radius
in the httpd.conf file at the Directory or Location level
------------------------------------------------Patch
Follows------------------------------------
--- mod_auth_radius-1.5.7/mod_auth_radius-2.0.c 2003-03-24 14:16:
15.000000000 -0500
+++ mod_auth_radius-2.0.c 2008-03-13 13:42:54.000000000 -0400
@@ -92,7 +92,13 @@
allows you to have mod_auth_radius authoritative by default, but NOT
have it interfere with the rest of your configuration. The
authentication
methods are tried from the bottom of the list, on up.
-
+
+ If you are load mod_auth_radius before mod_auth or mod_auth_radius is
still
+ is not handling authentication requests, you can use the directive:
+ AuthBasicProvider radius
+ at the directory or Locatuion level. To use this you must have built this
module
+ with the -DUSING_AUTHBASICPROVIDER directive
+
You must have at least one authentication method as authoritative. If
they all return "DECLINED", you get "server configuration error" message.
@@ -232,7 +238,9 @@
Version History
===============
-
+ 1.5.8 Support for mod_auth provider plugin from Mike Maul <
maul.mike at gmail.com>
+ AuthBasicProvider directive implemented value radius.
+
1.5.4 Support for retries from John Lines <john.lines at integris.co.uk>
Port to Apache 2.0 by Harrie Hazewinkel <harrie at mod-snmp.com>
@@ -290,7 +298,10 @@
#include <netdb.h>
#include <openssl/md5.h>
#include <sys/stat.h>
-
+#ifdef USING_AUTHBASICPROVIDER
+#include "ap_provider.h"
+#include "mod_auth.h"
+#endif
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
@@ -301,6 +312,8 @@
#include "apr_tables.h"
#include "apr_strings.h"
+
+
module AP_MODULE_DECLARE_DATA radius_auth_module;
@@ -981,6 +994,12 @@
(STRING)[ATTR->length - 2] = 0;}
+
+
+
+ /* authentication module utility functions */
+
+
/* authentication module utility functions */
static int
check_pw(request_rec *r, radius_server_config_rec *scr, const char *user,
const char *passwd_in, const char *state, char *message, char *errstr)
@@ -1108,6 +1127,8 @@
apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), " for ", user, "
'", message, "'", NULL));
}
}
+
+
/* These functions return 0 if client is OK, and proper error status
* if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed,
or
* SERVER_ERROR, if things are so totally confused that we couldn't
@@ -1226,10 +1247,35 @@
add_cookie(r, r->headers_out, cookie, expires);
return OK;
}
+#if USING_AUTHBASICPROVIDER
+/* suport function for authn_provider */
+static authn_status authenticate_auth_basic_provider (request_rec * r,
const char* user,
+ const char* password)
+{
+ // Translate HTTP Response code into autn_status enum values
+ switch(authenticate_basic_user(r)) {
+ case DECLINED: return AUTH_DENIED;
+ case HTTP_UNAUTHORIZED: return AUTH_DENIED;
+ case OK: return AUTH_GRANTED;
+ case HTTP_NOT_FOUND: return AUTH_DENIED;
+ }
+}
+
+static const authn_provider authn_radius_provider = {
+ &authenticate_auth_basic_provider,
+ NULL
+};
+#endif
static void register_hooks(apr_pool_t *p)
{
-
ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE);
+#if USING_AUTHBASICPROVIDER
+ ap_register_provider(p, AUTHN_PROVIDER_GROUP, "radius", "0",
+ &authn_radius_provider);
+#else
+
ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE);
+#endif
+
}
module AP_MODULE_DECLARE_DATA radius_auth_module =
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20080313/4e63cf4a/attachment.html>
More information about the Freeradius-Devel
mailing list