/usr/share/perl5/Apache2/SiteControl/Radius.pm is in libapache2-sitecontrol-perl 1.05-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | package Apache2::SiteControl::Radius;
use 5.008;
use strict;
use warnings;
use Carp;
use Authen::Radius;
#use Apache2::Connection;
#use Apache2::RequestRec;
#use APR::SockAddr;
sub check_credentials
{
my $r = shift; # Apache request object
my $username = shift;
my $password = shift;
my $host = $r->dir_config("RadiusSiteControlHost") || "localhost";
my $secret = $r->dir_config("RadiusSiteControlSecret") || "unknown";
my $radius;
# Get my IP address to pass as the
# Source IP and NAS IP Address
# TODO: Only works with apache 2...uncommented for now
#my $c = $r->connection;
#my $sockaddr = $c->local_addr if defined($c);
my $nas_ip_address = undef; # $sockaddr->ip_get if defined($sockaddr);
$r->log_error("WARNING: Shared secret is not set. Use RadiusSiteControlSecret in httpd.conf") if $secret eq "unknown";
$radius = new Authen::Radius(Host => $host, Secret => $secret);
if(!$radius) {
$r->log_error("Could not contact radius server!");
return 0;
}
if($radius->check_pwd($username, $password, $nas_ip_address)) {
return 1;
}
$r->log_error("User $username failed authentication:" . $radius->strerror);
return 0;
}
1;
__END__
=head1 NAME
Apache2::SiteControl::Radius - Raduis authentication module for SiteControl
=head1 SYNOPSIS
In Apache/mod_perl's configuration:
=over 4
PerlModule Apache2::SiteControl
<Location /sample>
...
PerlSetVar SiteControlMethod Apache2::SiteControl::Radius
...
</Location>
<FilesMatch "\.pl$">
...
PerlSetVar RadiusSiteControlHost "localhost"
PerlSetVar RadiusSiteControlSecret "mysecret"
...
</FilesMatch>
<Location /SampleLogin>
...
PerlSetVar RadiusSiteControlHost "localhost"
PerlSetVar RadiusSiteControlSecret "mysecret"
...
</Location>
=back
=head1 DESCRIPTION
Apache2::SiteControl::Radius uses Authen::Radius to do the actual authentication
of login attempts for the SiteControl system. See the SiteControl documentation
for a complete apache configuration example. The synopsis above shows the
configuration parameters for the radius module only, which is not a stand-alone
thing.
The proper variables for the apache configuration of this modules are shown in
the synopsis above. You must set the radius host and shared secret in all
sections that will use the SiteControl system for authentication.
=head1 SEE ALSO
Apache2::SiteControl
=head1 AUTHOR
This module was written by Tony Kay, E<lt>tkay@uoregon.eduE<gt>.
=head1 COPYRIGHT AND LICENSE
=cut
|