'Apache2 mod-auth-radius - include client IP address'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-devel
Subject:    Apache2 mod-auth-radius - include client IP address
From:       Matthew Newton <mcn4 () leicester ! ac ! uk>
Date:       2012-05-01 14:28:09
Message-ID: 20120501142809.GC12400 () rootmail ! cc ! le ! ac ! uk
[Download RAW message or body]

Hi,

Not sure if this is the correct list - if not, apologies.

I've set up mod_auth_radius, which is working great, but it
doesn't include the user's IP address in the radius query. It
would be nice to be able to check against this in certain
circumstances. Of course, proxies and other things can mess with
this, so it can't always be trusted for authorization purposes,
but on corporate LANs where the network is known it should be safe
to use, and is always good to log.

The following mini patch adds the Calling-Station-Id attribute to
the RADIUS request, with apache's remote_ip as the value.

Cheers,

Matthew


From 08cbb6eb5df3246c602fbce54c61ae3f124ca415 Mon Sep 17 00:00:00 2001
From: Matthew Newton <mcn4@leicester.ac.uk>
Date: Tue, 1 May 2012 15:08:52 +0100
Subject: [PATCH] add calling-station-id = client ip to radius request

---
 mod_auth_radius-2.0.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/mod_auth_radius-2.0.c b/mod_auth_radius-2.0.c
index 8b659f4..08671ef 100644
--- a/mod_auth_radius-2.0.c
+++ b/mod_auth_radius-2.0.c
@@ -348,6 +348,7 @@ typedef struct radius_packet_t {
 #define RADIUS_REPLY_MESSAGE          18
 #define RADIUS_STATE		      24
 #define RADIUS_SESSION_TIMEOUT        27
+#define	RADIUS_CALLING_STATION_ID     31
 #define	RADIUS_NAS_IDENTIFIER	      32
 
 /* service types : authenticate only for now */
@@ -883,6 +884,10 @@ radius_authenticate(request_rec *r, radius_server_config_rec \
*scr,  
   
   /* ************************************************************ */
+  /* add client IP address */
+  add_attribute(packet, RADIUS_CALLING_STATION_ID, r->connection->remote_ip, \
strlen(r->connection->remote_ip)); +
+  /* ************************************************************ */
   /* add state, if requested */
   if (state != NULL) {
     add_attribute(packet, RADIUS_STATE, state, strlen(state));
-- 
1.7.2.5



-- 
Matthew Newton, Ph.D. <mcn4@le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic