Article delegate-en/817 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A810@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: nntp/radius feature
31 May 2000 07:58:23 GMT ysato@etl.go.jp (Yutaka Sato)


Hi,

On 05/27/00(13:36) you Mike Jackson <pfibqbdyi-cgcyfeo36b3r.ml@ml.delegate.org> wrote
in <_A810@delegate-en.ML_>
 |I'd like to have the user prompted for a username/password in their news
 |reader (AUTHINFO) and then I'd like to take the username/password pair
 |and query my radius server to determine if authentication is suscessful.
 |If they authenticate, then I'd like to allow them to talk to the real news
 |server via the proxy just as if they matched the IP access list.
 |
 |I have the C code to query the radius server, but before I make patches
 |to the delegate code, I thought that I would ask to see if this has
 |already been done, is being done, or is planned.

Sorry but you are not recommended to make modification to DeleGate.

 |I would imagine that this could also be done for other protocols but it
 |may not be as useful as it would be with nntp.

I agree with you that certain standard protocol for authentication/
authorization like RADIUS should be supported in DeleGate.  But I
think it should be introduced carefully to be applicable to arbitrary
protocol replacing AUTH or AUTHORIZER parameters, in future.

For a while, I recommend you to use the "external filter" feature of
DeleGate, with which you can filter or convert communication between a
client probram and DeleGate.
(See <URL:http://www.delegate.org/delegate/Manual.htm#filter>)

FCL or FFROMCL will be useful for user defined authentication.  FCL
is flexible but can be a little bit complicated to implement. "SSLway"
(filters/sslway.c) is the example of a filter program for FCL.
FFROMCL is easy to use but you can only treat request messages from
a client while response messages are out of scope.  So I'll introduce
a simple way to generate a response message by client (from FFROMCL)
in NNTP.  It is "XECHO" command which will work like this:

  request: XECHO xxx line
  response: xxx line

For example:

  % telnet localhost 8119
  Connected to localhost
  Escape character is '^]'.
  200 localhost PROXY NNTP server  DeleGate/6.1.12 READY.
  XECHO 123 test of xecho
  123 test of xecho
  QUIT

% delegated -P8119 SERVER=nntp://server FFROMCL=your_auth_filter

[your_auth_filter] reads command line and output XECHO 480/000/000/00X
until appropriate AUTHINFO USER/PASS is given.  After authentication is
done, it transparently relays requests.  The framework might be like
this: 
  #!/bin/xxsh
  while 1
  do
   read COMMANDLINE
   decompose COMMANDLINE into COMMAND and ARGUMENT
   if [ $COMMAND != "AUTHINFO" ]; then
     echo "XECHO 480 Authentication required"
   elif [ $ARGUMENT = "USER" ]; then
     USER=$ARGUMENT
     echo "XECHO 381 Password required"
   elif [ $ARGUMENT = "PASS" ]; then
     PASS=$ARGUMENT
     if [ good-$USER-$PASS ]; then
        echo "XECHO 280 OK"
     else
        echo "XECHO 502 Authentication error"
        echo "QUIT"
        break
     fi
   fi
  done
  cat -u

Cheers,
Yutaka
--
Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_

*** ../../delegate6.1.11/src/nntp.c	Wed Jan 12 22:33:14 2000
--- nntp.c	Wed May 31 15:58:38 2000
***************
*** 2756,2761 ****
--- 2756,2762 ----
  #define DO_SUSPEND	12
  #define DO_PENALTY	13
  #define DO_CACHE	14
+ #define DO_ECHO		15
  
  typedef struct _Request {
  	int	 q_nsx;
***************
*** 3456,3461 ****
--- 3457,3466 ----
  			return C_EXIT;
  		}
  	}else
+ 	if( do_now == DO_ECHO ){
+ 		fprintf(tc,"%s\r\n",DO_arg);
+ 		return C_CONT;
+ 	}else
  	if( do_now == DO_CACHE ){
  		int serverx;
  		NewsServer *ns;
***************
*** 3843,3848 ****
--- 3848,3857 ----
  			}
  		}
  
+ 		if( strcasecmp(com,"XECHO") == 0 ){
+ 			setSync(DO_ECHO);
+ 			continue;
+ 		}
  		if( strcasecmp(com,"XSUSPEND") == 0 ){
  			fprintf(tc,"200 suspending...\r\n");
  			fflush(tc);

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V