Thanks. I found ipfauth and I am looking at it now. I also found
userauth.c in the source samples directory.
One last question, I don't see anything that may specify what process
and/or user a packet is associated with. Is this information any place
I could reference? If not, is there any chance it may be added at some
point?
What I am trying to do here is setup an authentication daemon to
allow/deny outgoing connections based on the user who initiated the
packet. It will check a configuration file/db to see what protocols,
networks, etc a user can send packets to.
Thanks again for the quick response to my initial message.
--Dave
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Reed
Sent: Sunday, May 06, 2007 3:21 PM
To: French, David
Cc: [email protected]
Subject: Re: auth keyword help
French, David wrote:
>
> I'm new to the list so I apologize if this has been asked and answered
> before, but after extensive searching I have found nothing to help me
> on this.
>
> I am interested in finding how to write an ipf user land client for
> use with the "auth" action. All I have found are references to using
> this to authorize a user possibly with a password before allowing the
> packet through. No information is supplied on how to write this
> program. I see there is a device called /dev/ipauth and ioctls in
> ip_auth.[ch], but I don't see the overall flow of what happens. If the
> program opens the device, how does it get the information to
> authorize? What is passed and how? Is it received via a read of
> /dev/ipauth and a response sent back via a write to /dev/ipauth? Or is
> it handled via structs being passed via ioctl?
>
> Before I spend too much time trying to figure this out from the source
> I was hoping there may be something to help me faster. Maybe there is
> a how to or an example program available I could be directed to for
help.
>
There are two ioctls to use, SIOCAUTHW (to wait for a packet) and
SIOCAUTHR
(for the program to send its reply back.)
For an example of how to use them, look for a program called "ipfauth'.
Darren
