During login from ssh, send remote host IP address in AUTH request - libnss-tacplus.git - NSS plugin to lookup tacacs client username, and match mapped user after login (mirror of https://github.com/vyos/libnss-tacplus.git)

diff options

author	Dave Olson <olson@cumulusnetworks.com>	2017-03-30 09:42:45 -0700
committer	Dave Olson <olson@cumulusnetworks.com>	2017-05-23 16:39:52 -0700
commit	f9f714b3b7b9f77c0165c0850bd816cac0d46292 (patch)
tree	f98dfa2ad98e4c6a0ceb734d106a0a1eb80fba9c /auto.sh
parent	1e18c99eada15bb8efa0ecf0c6600d358f11b48e (diff)
download	libnss-tacplus-f9f714b3b7b9f77c0165c0850bd816cac0d46292.tar.gz libnss-tacplus-f9f714b3b7b9f77c0165c0850bd816cac0d46292.zip

During login from ssh, send remote host IP address in AUTH request

The hack is to run getpeername on fd 0, because during ssh connections, it is a socket from the remote host. This is a bit fragile... Normally fd 0 interactively will be a pty or tty, so getpeername() will fail. There may be some daemons where fd0 is a socket, and returns a local or some other remote IP address, and if so, it could lead to some confusion, but it shouldn't ever break anything. I ran with tshark watching the packet exchange, and verified that the remote address field is set for ssh sessions at the start of the ssh session, and not when run in other uses. The customer ran a 3.2.1 package with this change, and it resolved their issue.

Diffstat (limited to 'auto.sh')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: