~ubuntu-branches/ubuntu/vivid/libpam-tacplus/vivid

« back to all changes in this revision

Viewing changes to pam_tacplus.c

Committer: Package Import Robot
Author(s): Jeroen Nijhof
Date: 2012-05-19 19:25:00 UTC
mfrom: (1.1.2)
Revision ID: package-import@ubuntu.com-20120519192500-n8ymcwdck1lv2401

Tags: 1.3.7-1

* New upstream release.
* Changed compat level to 9 for hardening
* Fixed license link

Show diffs side-by-side

added added

removed removed

pam_tacplus.c

/* magic.c */

extern u_int32_t magic();

/* libtac */

extern int tac_encryption;

/* address of server discovered by pam_sm_authenticate */

static struct addrinfo *active_server;

char *active_key;

204

201

205

202

if(!(ctrl & PAM_TAC_ACCT)) {

206

203

/* normal mode, send packet to the first available server */

207

int tac_fd;

208

209

status = PAM_SUCCESS;

210

211

tac_fd = tac_connect(tac_srv, tac_srv_key, tac_srv_no);

212

if(tac_fd < 0) {

213

_pam_log(LOG_ERR, "%s: error sending %s - no servers",

214

__FUNCTION__, typemsg);

215

status = PAM_SESSION_ERR;

216

}

217

if (ctrl & PAM_TAC_DEBUG)

218

syslog(LOG_DEBUG, "%s: connected with fd=%d", __FUNCTION__, tac_fd);

219

220

retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd);

221

if(retval < 0) {

222

_pam_log(LOG_ERR, "%s: error sending %s",

223

__FUNCTION__, typemsg);

224

status = PAM_SESSION_ERR;

225

}

226

close(tac_fd);

227

228

if (ctrl & PAM_TAC_DEBUG) {

229

syslog(LOG_DEBUG, "%s: [%s] for [%s] sent",

230

__FUNCTION__, typemsg,user);

204

int srv_i = 0;

205

206

status = PAM_SESSION_ERR;

207

while ((status == PAM_SESSION_ERR) && (srv_i < tac_srv_no)) {

208

int tac_fd;

209

210

tac_fd = tac_connect_single(tac_srv[srv_i], tac_srv_key[srv_i]);

211

if(tac_fd < 0) {

212

_pam_log(LOG_WARNING, "%s: error sending %s (fd)",

213

__FUNCTION__, typemsg);

214

srv_i++;

215

continue;

216

}

217

218

if (ctrl & PAM_TAC_DEBUG)

219

syslog(LOG_DEBUG, "%s: connected with fd=%d (srv %d)", __FUNCTION__, tac_fd, srv_i);

220

221

retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd);

222

/* return code from function in this mode is

223

status of the last server we tried to send

224

packet to */

225

if(retval < 0) {

226

_pam_log(LOG_WARNING, "%s: error sending %s (acct)",

227

__FUNCTION__, typemsg);

228

} else {

229

status = PAM_SUCCESS;

230

if (ctrl & PAM_TAC_DEBUG)

231

syslog(LOG_DEBUG, "%s: [%s] for [%s] sent",

232

__FUNCTION__, typemsg,user);

233

}

234

close(tac_fd);

235

srv_i++;

231

236

}

232

237

} else {

233

238

/* send packet to all servers specified */

441

446

solution is found ;) */

442

447

ctrl = _pam_parse (argc, argv);

443

448

444

if (ctrl & PAM_TAC_DEBUG) {

449

if (ctrl & PAM_TAC_DEBUG)

445

450

syslog (LOG_DEBUG, "%s: called (pam_tacplus v%hu.%hu.%hu)"

446

451

, __FUNCTION__, PAM_TAC_VMAJ, PAM_TAC_VMIN, PAM_TAC_VPAT);

447

syslog (LOG_DEBUG, "%s: active server is [%s]", __FUNCTION__,

448

tac_ntop(active_server->ai_addr, active_server->ai_addrlen));

449

}

450

452

451

453

if ((user = _pam_get_user(pamh)) == NULL)

452

454

return PAM_USER_UNKNOWN;

472

474

_pam_log (LOG_ERR, "user not authenticated by TACACS+");

473

475

return PAM_AUTH_ERR;

474

476

}

477

if (ctrl & PAM_TAC_DEBUG)

478

syslog (LOG_DEBUG, "%s: active server is [%s]", __FUNCTION__,

479

tac_ntop(active_server->ai_addr, active_server->ai_addrlen));

475

480

476

481

/* checks for specific data required by TACACS+, which should

477

482

be supplied in command line */

Older »