summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDave Olson <olson@cumulusnetworks.com>2017-06-21 13:48:40 -0700
committerDave Olson <olson@cumulusnetworks.com>2017-06-21 20:31:55 -0700
commit00f7cd23e3c1db8e64efc1275d83818b6f159668 (patch)
treeb00b3e6c1205c729d0af44d8c83754ecb3e9af44 /src
parenta7d1b782bce58a6434abbfa96ed4b2bcffce4f77 (diff)
downloadlibpam-radius-auth-00f7cd23e3c1db8e64efc1275d83818b6f159668.tar.gz
libpam-radius-auth-00f7cd23e3c1db8e64efc1275d83818b6f159668.zip
Fixed vrf support; broke in moving to upstream 1.4 version.
Minor fix, and repositioning of the code. Also needed to add the code for the IPv6 case as well. Minor formatting fix to man page.
Diffstat (limited to 'src')
-rw-r--r--src/pam_radius_auth.c35
1 files changed, 22 insertions, 13 deletions
diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c
index e1373e4..3631db7 100644
--- a/src/pam_radius_auth.c
+++ b/src/pam_radius_auth.c
@@ -524,7 +524,7 @@ static int initialize(radius_conf_t *conf, int accounting)
struct sockaddr_storage salocal6;
char hostname[BUFFER_SIZE];
char secret[BUFFER_SIZE];
- char *vrfname = NULL;
+ char vrfname[64];
char buffer[BUFFER_SIZE];
char *p;
@@ -549,6 +549,7 @@ static int initialize(radius_conf_t *conf, int accounting)
return PAM_ABORT;
}
+ vrfname[0] = '\0';
while (!feof(fserver) && (fgets (buffer, sizeof(buffer), fserver) != (char*) NULL) && (!ferror(fserver))) {
line++;
p = buffer;
@@ -580,7 +581,7 @@ static int initialize(radius_conf_t *conf, int accounting)
_pam_log(LOG_ERR, "ERROR reading %s, line %d: only %d fields\n",
conf->conf_file, line, scancnt);
else
- vrfname = strdup(secret);
+ snprintf(vrfname, sizeof vrfname, "%s", secret);
continue;
}
@@ -664,17 +665,6 @@ static int initialize(radius_conf_t *conf, int accounting)
return PAM_AUTHINFO_UNAVAIL;
}
- if (vrfname) {
- /* do not fail if the bind fails, connection may succeed */
- if (setsockopt(conf->sockfd, SOL_SOCKET, SO_BINDTODEVICE,
- vrfname, strlen(vrfname)+1) < 0)
- _pam_log(LOG_WARNING, "Binding socket to VRF %s failed: %m",
- vrfname);
- else if(conf->debug)
- _pam_log(LOG_DEBUG, "Configured vrf as: %s", vrfname);
- free(vrfname);
- }
-
#ifndef HAVE_POLL_H
if (conf->sockfd >= FD_SETSIZE) {
_pam_log(LOG_ERR, "Unusable socket, FD is larger than %d\n", FD_SETSIZE);
@@ -683,6 +673,16 @@ static int initialize(radius_conf_t *conf, int accounting)
}
#endif
+ if (vrfname[0]) {
+ /* do not fail if the bind fails, connection may succeed */
+ if (setsockopt(conf->sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+ vrfname, strlen(vrfname)+1) < 0)
+ _pam_log(LOG_WARNING, "Binding IPv4 socket to VRF %s failed: %m",
+ vrfname);
+ else if(conf->debug)
+ _pam_log(LOG_DEBUG, "Configured IPv4 vrf as: %s", vrfname);
+ }
+
/* set up the local end of the socket communications */
if (bind(conf->sockfd, (struct sockaddr *)&salocal4, sizeof (struct sockaddr_in)) < 0) {
char error_string[BUFFER_SIZE];
@@ -711,6 +711,15 @@ static int initialize(radius_conf_t *conf, int accounting)
return PAM_AUTHINFO_UNAVAIL;
}
#endif
+ if (vrfname[0]) {
+ /* do not fail if the bind fails, connection may succeed */
+ if (setsockopt(conf->sockfd6, SOL_SOCKET, SO_BINDTODEVICE,
+ vrfname, strlen(vrfname)+1) < 0)
+ _pam_log(LOG_WARNING, "Binding IPv6 socket to VRF %s failed: %m",
+ vrfname);
+ else if(conf->debug)
+ _pam_log(LOG_DEBUG, "Configured IPv6 vrf as: %s", vrfname);
+ }
/* set up the local end of the socket communications */
if (bind(conf->sockfd6, (struct sockaddr *)&salocal6, sizeof (struct sockaddr_in6)) < 0) {