diff -urN mod_auth_xradius-0.4.6/include/mod_auth_xradius.h.in mod_auth_xradius-0.4.6-folke/include/mod_auth_xradius.h.in --- mod_auth_xradius-0.4.6/include/mod_auth_xradius.h.in 2005-04-28 09:30:43.000000000 +0200 +++ mod_auth_xradius-0.4.6-folke/include/mod_auth_xradius.h.in 2006-02-23 08:57:21.000000000 +0100 @@ -104,6 +104,8 @@ int maxtries; /* Should we reject any requests with a blank password */ int reject_blank; + /* nas identifier to be sent */ + char *nasname; } xrad_dirconf_rec; /* Server Configuration Structure */ diff -urN mod_auth_xradius-0.4.6/src/mod_auth_xradius.c mod_auth_xradius-0.4.6-folke/src/mod_auth_xradius.c --- mod_auth_xradius-0.4.6/src/mod_auth_xradius.c 2005-04-28 09:58:25.000000000 +0200 +++ mod_auth_xradius-0.4.6-folke/src/mod_auth_xradius.c 2006-02-23 14:34:03.000000000 +0100 @@ -66,6 +66,9 @@ xrad_server_info *sr; apr_md5_ctx_t md5ctx; char* digest = NULL; + + char* nas_identifier = NULL; + char* user_nas = NULL; xrad_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, &auth_xradius_module); @@ -92,17 +95,30 @@ apr_proc_mutex_unlock(gmutex); } + + /* RADIUS NAS_IDENTIFIER */ + /* Use r->hostname if nothing set or dc->nasname */ + nas_identifier=(char*)(dc->nasname ? dc->nasname : r->hostname); + /* + * setup 'user_nas' for caching ('user@nas_identifier') + * only caching 'user' wouldn't be enough if radius-server + * uses nas_identifier + */ + user_nas = apr_pstrcat(r->pool, user, "@", nas_identifier, NULL); + + /** * Step 1: Check the Positive and Negative Cache Backends. * Only one cache type can be active at a time. */ + if (sc->cache_type != xrad_cache_none) { apr_md5_init(&md5ctx); apr_md5_update(&md5ctx, password, strlen(password)); digest = ap_md5contextTo64(r->pool, &md5ctx); if (sc->cache_type == xrad_cache_dbm) { - rc = xrad_cache_dbm_check(r, sc, user, digest); + rc = xrad_cache_dbm_check(r, sc, user_nas, digest); if (rc != DECLINED) { ret = rc; goto run_cleanup; @@ -110,7 +126,7 @@ } #if HAVE_APR_MEMCACHE else if (sc->cache_type == xrad_cache_memcache) { - rc = xrad_cache_mc_check(r, sc, user, digest); + rc = xrad_cache_mc_check(r, sc, user_nas, digest); if (rc != DECLINED) { ret = rc; goto run_cleanup; @@ -142,7 +158,7 @@ * Variables set for the RADIUS Authentication Request: * request type: RAD_ACCESS_REQUEST; * service type: RAD_SERVICE_TYPE : RAD_AUTHENTICATE_ONLY - * nas host: RAD_NAS_IDENTIFIER : r->hostname + * nas host: RAD_NAS_IDENTIFIER : dc->nasname || r->hostname * nas Port: RAD_NAS_PORT_TYPE : RAD_VIRTUAL * username: RAD_USER_NAME : user * password: RAD_PASSWORD : password @@ -161,7 +177,7 @@ _xrad_put_int(rc, rctx, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY); _xrad_put_int(rc, rctx, RAD_NAS_PORT_TYPE, RAD_VIRTUAL); _xrad_put_string(rc, rctx, RAD_USER_NAME, user); - _xrad_put_string(rc, rctx, RAD_NAS_IDENTIFIER, r->hostname); + _xrad_put_string(rc, rctx, RAD_NAS_IDENTIFIER, nas_identifier); _xrad_put_string(rc, rctx, RAD_USER_PASSWORD, password); /* Step 2.3: Send the Request to the server(s). This is a blocking Operation.*/ @@ -216,11 +232,11 @@ /* Step 3: Store Result into the Cache. */ if (can_cache) { if (sc->cache_type == xrad_cache_dbm) { - rc = xrad_cache_dbm_store(r, sc, user, digest, ret); + rc = xrad_cache_dbm_store(r, sc, user_nas, digest, ret); } #if HAVE_APR_MEMCACHE else if (sc->cache_type == xrad_cache_memcache) { - rc = xrad_cache_mc_store(r, sc, user, digest, ret); + rc = xrad_cache_mc_store(r, sc, user_nas, digest, ret); } #endif } @@ -416,6 +432,7 @@ dc->timeout = RAD_DEFAULT_TIMEOUT; dc->maxtries = RAD_DEFAULT_MAX_TRIES; dc->servers = NULL; + dc->nasname = NULL; return dc; } @@ -575,6 +592,9 @@ (void*)APR_OFFSETOF(xrad_dirconf_rec, reject_blank), OR_AUTHCFG, "Reject all Blank Passwords from users."), + AP_INIT_TAKE1("AuthXRadiusNasName", ap_set_string_slot, + (void*)APR_OFFSETOF(xrad_dirconf_rec, nasname), OR_AUTHCFG, + "per-directory nas name sent to radius server." ), {NULL} };