diff options
author | Dave Olson <olson@cumulusnetworks.com> | 2017-06-21 13:48:40 -0700 |
---|---|---|
committer | Dave Olson <olson@cumulusnetworks.com> | 2017-06-21 20:31:55 -0700 |
commit | 00f7cd23e3c1db8e64efc1275d83818b6f159668 (patch) | |
tree | b00b3e6c1205c729d0af44d8c83754ecb3e9af44 /src | |
parent | a7d1b782bce58a6434abbfa96ed4b2bcffce4f77 (diff) | |
download | libpam-radius-auth-00f7cd23e3c1db8e64efc1275d83818b6f159668.tar.gz libpam-radius-auth-00f7cd23e3c1db8e64efc1275d83818b6f159668.zip |
Fixed vrf support; broke in moving to upstream 1.4 version.
Minor fix, and repositioning of the code.
Also needed to add the code for the IPv6 case as well.
Minor formatting fix to man page.
Diffstat (limited to 'src')
-rw-r--r-- | src/pam_radius_auth.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index e1373e4..3631db7 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -524,7 +524,7 @@ static int initialize(radius_conf_t *conf, int accounting) struct sockaddr_storage salocal6; char hostname[BUFFER_SIZE]; char secret[BUFFER_SIZE]; - char *vrfname = NULL; + char vrfname[64]; char buffer[BUFFER_SIZE]; char *p; @@ -549,6 +549,7 @@ static int initialize(radius_conf_t *conf, int accounting) return PAM_ABORT; } + vrfname[0] = '\0'; while (!feof(fserver) && (fgets (buffer, sizeof(buffer), fserver) != (char*) NULL) && (!ferror(fserver))) { line++; p = buffer; @@ -580,7 +581,7 @@ static int initialize(radius_conf_t *conf, int accounting) _pam_log(LOG_ERR, "ERROR reading %s, line %d: only %d fields\n", conf->conf_file, line, scancnt); else - vrfname = strdup(secret); + snprintf(vrfname, sizeof vrfname, "%s", secret); continue; } @@ -664,17 +665,6 @@ static int initialize(radius_conf_t *conf, int accounting) return PAM_AUTHINFO_UNAVAIL; } - if (vrfname) { - /* do not fail if the bind fails, connection may succeed */ - if (setsockopt(conf->sockfd, SOL_SOCKET, SO_BINDTODEVICE, - vrfname, strlen(vrfname)+1) < 0) - _pam_log(LOG_WARNING, "Binding socket to VRF %s failed: %m", - vrfname); - else if(conf->debug) - _pam_log(LOG_DEBUG, "Configured vrf as: %s", vrfname); - free(vrfname); - } - #ifndef HAVE_POLL_H if (conf->sockfd >= FD_SETSIZE) { _pam_log(LOG_ERR, "Unusable socket, FD is larger than %d\n", FD_SETSIZE); @@ -683,6 +673,16 @@ static int initialize(radius_conf_t *conf, int accounting) } #endif + if (vrfname[0]) { + /* do not fail if the bind fails, connection may succeed */ + if (setsockopt(conf->sockfd, SOL_SOCKET, SO_BINDTODEVICE, + vrfname, strlen(vrfname)+1) < 0) + _pam_log(LOG_WARNING, "Binding IPv4 socket to VRF %s failed: %m", + vrfname); + else if(conf->debug) + _pam_log(LOG_DEBUG, "Configured IPv4 vrf as: %s", vrfname); + } + /* set up the local end of the socket communications */ if (bind(conf->sockfd, (struct sockaddr *)&salocal4, sizeof (struct sockaddr_in)) < 0) { char error_string[BUFFER_SIZE]; @@ -711,6 +711,15 @@ static int initialize(radius_conf_t *conf, int accounting) return PAM_AUTHINFO_UNAVAIL; } #endif + if (vrfname[0]) { + /* do not fail if the bind fails, connection may succeed */ + if (setsockopt(conf->sockfd6, SOL_SOCKET, SO_BINDTODEVICE, + vrfname, strlen(vrfname)+1) < 0) + _pam_log(LOG_WARNING, "Binding IPv6 socket to VRF %s failed: %m", + vrfname); + else if(conf->debug) + _pam_log(LOG_DEBUG, "Configured IPv6 vrf as: %s", vrfname); + } /* set up the local end of the socket communications */ if (bind(conf->sockfd6, (struct sockaddr *)&salocal6, sizeof (struct sockaddr_in6)) < 0) { |