diff options
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | debian/control | 7 | ||||
| -rw-r--r-- | nss_tacplus.c | 7 |
3 files changed, 12 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index ad8a1e1..fefa524 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,8 +9,9 @@ libnss-tacplus (1.0.2) unstable; urgency=low libraries can connect to a TACACS+ server without being tacacs aware. * Improved debugging messages. * Minor corrections to Copyright and licensing + * Added vrf config variable, so NSS lookups work correctly$ - -- Dave Olson <olson@cumulusnetworks.com> Tue, 29 Nov 2016 16:55:16 -0800 + -- Dave Olson <olson@cumulusnetworks.com> Tue, 07 Mar 2017 12:58:03 -0800 libnss-tacplus (1.0.2-1) unstable; urgency=low diff --git a/debian/control b/debian/control index 3d95156..ea65d0b 100644 --- a/debian/control +++ b/debian/control @@ -1,14 +1,17 @@ Source: libnss-tacplus Priority: optional Maintainer: Dave Olson <olson@cumulusnetworks.com> -Build-Depends: debhelper (>= 9), autotools-dev, libtac-dev, libtacplus-map-dev, libaudit-dev, autoconf, libpam-tacplus-dev, dpkg-dev (>= 1.16.1) +Build-Depends: debhelper (>= 9), autotools-dev, libtac-dev (>= 1.4.1~), + libtacplus-map-dev, libaudit-dev, autoconf, libpam-tacplus-dev, + dpkg-dev (>= 1.16.1), git Section: libs Standards-Version: 3.9.6 Homepage: http://www.cumulusnetworks.com Package: libnss-tacplus Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libtac2, libtacplus-map1, libaudit1 +Depends: ${shlibs:Depends}, ${misc:Depends}, libtac2 (>= 1.4.1~), + libtacplus-map1, libaudit1 Description: NSS module for TACACS+ authentication without local passwd entry Performs getpwname and getpwuid lookups via NSS for users logged in via tacacs authentication, and mapping done with libtacplus_map diff --git a/nss_tacplus.c b/nss_tacplus.c index 75cbdb7..635327a 100644 --- a/nss_tacplus.c +++ b/nss_tacplus.c @@ -67,6 +67,7 @@ static tacplus_server_t tac_srv[TAC_PLUS_MAXSERVERS]; static int tac_srv_no, tac_key_no; static char tac_service[] = "shell"; static char tac_protocol[] = "ssh"; +static char vrfname[64]; static char *exclude_users; static uid_t min_uid = ~0U; /* largest possible */ static int debug; @@ -157,6 +158,8 @@ static int nss_tacplus_config(int *errnop, const char *cfile, int top) if (valid > (lbuf+8)) min_uid = (uid_t)uid; } + else if(!strncmp(lbuf, "vrf=", 4)) + strncpy(vrfname, lbuf + 4, sizeof(vrfname)); else if(!strncmp(lbuf, "server=", 7)) { if(tac_srv_no < TAC_PLUS_MAXSERVERS) { struct addrinfo hints, *servers, *server; @@ -454,7 +457,8 @@ connect_tacacs(struct tac_attrib **attr, int srvr) if(!*tac_service) /* reported at config file processing */ return -1; - fd = tac_connect_single(tac_srv[srvr].addr, tac_srv[srvr].key, NULL); + fd = tac_connect_single(tac_srv[srvr].addr, tac_srv[srvr].key, NULL, + vrfname[0]?vrfname:NULL); if(fd >= 0) { *attr = NULL; /* so tac_add_attr() allocates memory */ tac_add_attrib(attr, "service", tac_service); @@ -505,7 +509,6 @@ lookup_tacacs_user(struct pwbuf *pb) return 2; } } - for(srvr=0; srvr < tac_srv_no && !done; srvr++) { arep.msg = NULL; arep.attr = NULL; |