Hi I recently installed a module called mod_auth_xradius on my server. This module is available from :- http://www.outoforder.cc/projects/apache/mod_auth_xradius/ It provides authentication against RAIDUS which is exaclty what I need but unfortunately I have found a bug which is causing me problems. I tried to contact the author but have had no response and the bug has been sat in their bug tracking system for several months. I am not an expert programmer but I do know a little and I wondered if the folks on this mailing list would be able to help me track down the bug?
The bug is essentially that the module fails if I specify more than one RADIUS server in my configuration. This is the link to the outoforder bug tracker: http://issues.outoforder.cc/view.php?id=43 Here are the details :- When I configure my directories like this it works fine :- <Location /content> Options Indexes FollowSymLinks ExecCGI AuthXRadiusRetries 5 AuthXRadiusTimeout 2 AuthXRadiusAddServer "192.168.1.10" "mysecret1" AuthName "RADIUS" AuthBasicProvider xradius AuthType basic AuthPlainAuthoritative off AuthBasicAuthoritative off require valid-user </Location> But when I add a second server entry like this the program fails :- <Location /content> Options Indexes FollowSymLinks ExecCGI AuthXRadiusRetries 5 AuthXRadiusTimeout 2 AuthXRadiusAddServer "192.168.1.10" "mysecret1" AuthXRadiusAddServer "192.168.1.11" "mysecret2" AuthName "RADIUS" AuthBasicProvider xradius AuthType basic AuthPlainAuthoritative off AuthBasicAuthoritative off require valid-user </Location> I have had a look through the source code and I think this is the area where the failure occurs :- int xrad_run_auth_check(request_rec* r, const char* user, const char* password) { int i; int rc; int can_cache = 0; int ret = HTTP_UNAUTHORIZED; struct xrad_handle* rctx = NULL; xrad_server_info *sr; apr_md5_ctx_t md5ctx; char* digest = NULL; xrad_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, &auth_xradius_module); xrad_serverconf_rec *sc = ap_get_module_config(r->server->module_config, &auth_xradius_module); ......snip........... rctx = xrad_auth_open(); /* Loop through the array of RADIUS Servers, adding them to the rctx object */ sr = (xrad_server_info *) dc->servers->elts; for (i = 0; i < dc->servers->nelts; ++i) { rc = xrad_add_server(rctx, sr[i].hostname, sr[i].port, sr[i].secret, dc->timeout, dc->maxtries); if (rc != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "xradius: Failed to add server '%s:%d': (%d) %s", sr[i].hostname, sr[i].port, rc, xrad_strerror(rctx)); goto run_cleanup; } } The "Failed to add server" error shown above is the error I see when the module fails. >From the header files, here are the structs :- /* Simple Repsersentation of a RADIUS Server */ typedef struct { /* Port number of the RADIUS Server*/ apr_port_t port; /* Hostname of the RADIUS Server */ char* hostname; /* Shared Secert for the RADIUS Server */ const char* secret; } xrad_server_info; /* Directory Configuration Structure */ typedef struct { /* Array of xrad_server_info for this directory */ apr_array_header_t* servers; /* How long to wait for a reply from any server */ int timeout; /* How many attempts to transmit the Authentication Request */ int maxtries; /* Should we reject any requests with a blank password */ int reject_blank; } xrad_dirconf_rec; I have tried running the server in GDB and this is the sort of things I am seeing :- (gdb) n 131 for (i = 0; i < dc->servers->nelts; ++i) { (gdb) n 132 rc = xrad_add_server(rctx, sr[i].hostname, sr[i].port, sr[i].secret, (gdb) print sr[1].hostname $10 = 0x2e343431 <Address 0x2e343431 out of bounds> (gdb) print sr[0].hostname $11 = 0x8140714 "horitative" (gdb) print sr[0].port $12 = 1812 (gdb) print sr[0].secret $13 = 0x8140610 "192.168.1.11" (gdb) print sr[1].hostname $14 = 0x2e343431 <Address 0x2e343431 out of bounds> (gdb) print sr[1].port $15 = 1568 (gdb) print sr[1].secret $16 = 0x312e3233 <Address 0x312e3233 out of bounds> (gdb) print dc->servers->nelts $17 = 2 As can be seen here the data looks to be jumbled up. It looks like bits of the data are there but sr[0].hostname (first server address) contains some other part of my apache config. The correct information for sr[1].hostname (second server address) can actually be seen at the memory location pointed to by print sr[0].secret. Could anyone on this mailing list advise what might be going wrong here? Thanks Ben Thompson
