205
202
if(!(ctrl & PAM_TAC_ACCT)) {
206
203
/* normal mode, send packet to the first available server */
209
status = PAM_SUCCESS;
211
tac_fd = tac_connect(tac_srv, tac_srv_key, tac_srv_no);
213
_pam_log(LOG_ERR, "%s: error sending %s - no servers",
214
__FUNCTION__, typemsg);
215
status = PAM_SESSION_ERR;
217
if (ctrl & PAM_TAC_DEBUG)
218
syslog(LOG_DEBUG, "%s: connected with fd=%d", __FUNCTION__, tac_fd);
220
retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd);
222
_pam_log(LOG_ERR, "%s: error sending %s",
223
__FUNCTION__, typemsg);
224
status = PAM_SESSION_ERR;
228
if (ctrl & PAM_TAC_DEBUG) {
229
syslog(LOG_DEBUG, "%s: [%s] for [%s] sent",
230
__FUNCTION__, typemsg,user);
206
status = PAM_SESSION_ERR;
207
while ((status == PAM_SESSION_ERR) && (srv_i < tac_srv_no)) {
210
tac_fd = tac_connect_single(tac_srv[srv_i], tac_srv_key[srv_i]);
212
_pam_log(LOG_WARNING, "%s: error sending %s (fd)",
213
__FUNCTION__, typemsg);
218
if (ctrl & PAM_TAC_DEBUG)
219
syslog(LOG_DEBUG, "%s: connected with fd=%d (srv %d)", __FUNCTION__, tac_fd, srv_i);
221
retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd);
222
/* return code from function in this mode is
223
status of the last server we tried to send
226
_pam_log(LOG_WARNING, "%s: error sending %s (acct)",
227
__FUNCTION__, typemsg);
229
status = PAM_SUCCESS;
230
if (ctrl & PAM_TAC_DEBUG)
231
syslog(LOG_DEBUG, "%s: [%s] for [%s] sent",
232
__FUNCTION__, typemsg,user);
233
238
/* send packet to all servers specified */
441
446
solution is found ;) */
442
447
ctrl = _pam_parse (argc, argv);
444
if (ctrl & PAM_TAC_DEBUG) {
449
if (ctrl & PAM_TAC_DEBUG)
445
450
syslog (LOG_DEBUG, "%s: called (pam_tacplus v%hu.%hu.%hu)"
446
451
, __FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);
447
syslog (LOG_DEBUG, "%s: active server is [%s]", __FUNCTION__,
448
tac_ntop(active_server->ai_addr, active_server->ai_addrlen));
451
453
if ((user = _pam_get_user(pamh)) == NULL)
452
454
return PAM_USER_UNKNOWN;
472
474
_pam_log (LOG_ERR, "user not authenticated by TACACS+");
473
475
return PAM_AUTH_ERR;
477
if (ctrl & PAM_TAC_DEBUG)
478
syslog (LOG_DEBUG, "%s: active server is [%s]", __FUNCTION__,
479
tac_ntop(active_server->ai_addr, active_server->ai_addrlen));
476
481
/* checks for specific data required by TACACS+, which should
477
482
be supplied in command line */