SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Apache authentication module for SMB v0.3

What has changed since 0.02e ?

After over a year doing nothing with the source this morning I decided to implement \\DOMAIN\USER support in mod_auth_smb. This code is ALPHA EXPIREMENTAL !

New directive
Auth_SMB_Userdomain (on|off)

Only if Auth_SMB_Userdomain is enabled, a user can enter

\\HISDOMAIN\HISUSER
at the passwort prompt.

Related information:

http://www.via.ecp.fr/poubelles/poubelle1/htdocs/smblib/ http://www.csn.ul.ie/~airlied/pam_smb/
http://pserver.samba.org/cgi-bin/cvsweb/pam_smb/smbval/ http://www.mibsoftware.com/userkt/inn/dev/inn2.0-beta/inn/authprogs/smbval/ http://freshmeat.net/projects/authensmb/?highlight=Authen%3A%3ASmb http://sourceforge.net/project/showfiles.php?group_id=4906 http://sourceforge.net/projects/modauthsamba/

<PRE>
This module has been developed and tested on Gnu/Linux (potato) with gcc 2.95.2, Apache 1.3.12 and on Solaris 7, Apache 1.3.11/PHP 4RC1, Samba 2.0.7.
</PRE>

What's this ?

It's a simple apache module designed to authenticate users against PDC/BDC when used in heterogenous networks.
License is the GPLv2 of course (inluded in the tarball as gpl.txt).

Installation

I asume you are familiar with Apache installation and configuration. If you are lucky you should just need to type 

        make
        cp mod_auth_smb.so <where_your_apache_is>/libexec/
then edit your httpd.conf and add
        LoadModule auth_smb_module      libexec/mod_auth_smb.so
and
        AddModule mod_auth_smb.c

to your module configuration section.

In case you got a problem with make, this sould also do it : apxs -c -I. mod_auth_smb.c md4.c rfcnb-io.c rfcnb-util.c session.c smbdes.c\ smbencrypt.c smblib-util.c smblib.c valid.c and then copy it to your appropriate mod_so dir. (In case of big troubles also see ./compile ) The binary *.so in this tar has been created under the conditions mention at the beginning of this file.

How to use it

Create an appropriate .htaccess files with this new directives :

Auth_SMB (on|off) 

        enable (On) or disable (Off) SMB auth. at all. When off,
        authentication is passed to other auth module
        Default On

Auth_SMB_Authoritative (on|off) 

        Pass the request to other module (Off) if user does not exist (if user
        fails, auth. fails at all) or don't pass auth. request (On)
        Default On

Auth_SMB_Server <pdc> 

        your PDC to authenticate against
        Defaults to Auth_SMB_Global_Server if set, else no default.

Auth_SMB_Backup <bdc> 

        your BDC (in case auth. against PDC fails)
        Defaults to Auth_SMB_Global_Backup if set, else no default.

Auth_SMB_Domain <domain> 

        your Domain (Currently there's a bug an it NEEDS a value
        Defaults to Auth_SMB_Global_Domain if set, else no default.
        BUG For now a Auth_SMB_Domain must be defined (or module segfaults)

You can also specify default smb server/backup/domain in httpd.conf with these directives :

Auth_SMB_Global_Server <default pdc> 

        set default pdc (can be overridden by Auth_SMB_Server for per directory
        access )
        No default

Auth_SMB_Global_Backup <default bdc> 

        set default bdc (can be overridden by Auth_SMB_Backup for per directory
        access )

Auth_SMB_Global_Domain <default domain> 

        set default domain (can be overridden by Auth_SMB_Domain for per
        directory access)
        No default

A basic .htaccess looks like this :

---------- weld off here -------- 

Authname                "smbtest"
AuthType                Basic
Auth_SMB_Server         PROJPDC01
Auth_SMB_Server         PROJBDC01
Auth_SMB_Domain         PROJ01
require                 valid-user

---------- weld off here --------

or of you used the Global directives it can even look this way:

---------- weld off here -------- 

Authname                "smbtest"
AuthType                Basic
require                 valid-user

---------- weld off here --------

Note that you also need an appropriate <Directory> or <Location> Statement like
<Directory "/this/is/my/holy/dir/">

AllowOverride AuthConfig
</Directory>

Disclamer

<INSERT YOUR STANDARD DISCLAIMER HERE>

and
This comes with no warranty of any kind whatsoever, including but not limited to everything you can think of, and everything your lawyers can think of.

Background

This module code is 

        *) work of just one hour
        *) therefore ugly
        *) quick
        *) dirty
        *) ...

I was tired to enter every user again with name/pass when there is allready a PDC around which holds all the data.
This module is originally based on

mod_auth_mysql by Zeev Suraski <bourbon@netvision.net.il> and

Auth::Smb by Patrick Michael Kane <modus@pr.es.to> which is based on smblib from the samba distribution. Regards should mostly go to these people because i just clued together code of both from them.
Thanks to Norbert Kolb <nkolb@htl.de> for cleaning up this mess of code !

Bugs

-> See 'How to use it' Section
Of course there are, some known, some not known, some which i dont want to know about. However, send me mail and i try to fix it or fix it and send me patch or release your own version ;) Older version had possibly buffer overflows, they are fixed (hopefully all, thanks to Patrick Michael Kane).

Portability

I've been told it compiles on Solaris too, but I only developed and tested it on Linux so far.

Author

Email: Markus Fischer <mfischer@josefine.ben.tuwien.ac.at>

Homepage of the module is at

http://josefine.ben.tuwien.ac.at/~mfischer/developing/mod_auth_smb/


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.