diff options
| author | Jeroen Nijhof <jeroen@jeroennijhof.nl> | 2012-06-12 17:16:05 +0200 |
|---|---|---|
| committer | Jeroen Nijhof <jeroen@jeroennijhof.nl> | 2012-06-12 17:16:05 +0200 |
| commit | f56d9e4acba1e49db2659b95fb6b3c8f8fd70f0f (patch) | |
| tree | 65d02d02cf91b83f2156804299bc95e5092ba63f | |
| parent | b8dcd8f5c3f4cd582c88bbfd93d0909277eca3f0 (diff) | |
| download | pam_tacplus-f56d9e4acba1e49db2659b95fb6b3c8f8fd70f0f.tar.gz pam_tacplus-f56d9e4acba1e49db2659b95fb6b3c8f8fd70f0f.zip | |
Handle attributes which contains no value
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | libtac/lib/acct_s.c | 15 | ||||
| -rw-r--r-- | libtac/lib/attrib.c | 15 | ||||
| -rw-r--r-- | libtac/lib/authen_s.c | 19 | ||||
| -rw-r--r-- | libtac/lib/author_s.c | 15 | ||||
| -rw-r--r-- | libtac/lib/crypt.c | 2 | ||||
| -rw-r--r-- | libtac/lib/header.c | 4 | ||||
| -rw-r--r-- | libtac/lib/magic.c | 3 | ||||
| -rw-r--r-- | libtac/lib/version.c | 2 |
9 files changed, 54 insertions, 26 deletions
@@ -1,4 +1,9 @@ 1.3.7 +* Handle attributes which contains no value, + thanks to James Allwright <jamesallwright@yahoo.co.uk> +* Global variables tac_login and tac_secret not static anymore, + pointed out by James Allwright <jamesallwright@yahoo.co.uk> +* version.c: libtac version 1.8.1 * pam_tacplus.c: moved debug message after active_server validation, avoiding null pointer exception * attrib.c: explicity setting *attr to NULL after free(), diff --git a/libtac/lib/acct_s.c b/libtac/lib/acct_s.c index f297530..c1de720 100644 --- a/libtac/lib/acct_s.c +++ b/libtac/lib/acct_s.c @@ -79,12 +79,17 @@ int tac_acct_send(int fd, int type, const char *user, char *tty, tb.flags=(u_char) type; tb.authen_method=tac_authen_method; tb.priv_lvl=tac_priv_lvl; - if (strcmp(tac_login,"chap") == 0) { - tb.authen_type=TAC_PLUS_AUTHEN_TYPE_CHAP; - } else if(strcmp(tac_login,"login") == 0) { - tb.authen_type=TAC_PLUS_AUTHEN_TYPE_ASCII; + if (tac_login == NULL) { + /* default to PAP */ + tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP; } else { - tb.authen_type=TAC_PLUS_AUTHEN_TYPE_PAP; + if (strcmp(tac_login,"chap") == 0) { + tb.authen_type=TAC_PLUS_AUTHEN_TYPE_CHAP; + } else if(strcmp(tac_login,"login") == 0) { + tb.authen_type=TAC_PLUS_AUTHEN_TYPE_ASCII; + } else { + tb.authen_type=TAC_PLUS_AUTHEN_TYPE_PAP; + } } tb.authen_service=tac_authen_service; tb.user_len=user_len; diff --git a/libtac/lib/attrib.c b/libtac/lib/attrib.c index 1257ff6..9d71ee2 100644 --- a/libtac/lib/attrib.c +++ b/libtac/lib/attrib.c @@ -31,8 +31,15 @@ void tac_add_attrib(struct tac_attrib **attr, char *name, char *value) { void tac_add_attrib_pair(struct tac_attrib **attr, char *name, char sep, char *value) { struct tac_attrib *a; u_char l1 = (u_char) strlen(name); - u_char l2 = (u_char) strlen(value); - int total_len = l1 + l2 + 1; /* "name" + "=" + "value" */ + u_char l2; + int total_len; + + if (value == NULL) { + l2 = 0; + } else { + l2 = (u_char) strlen(value); + } + total_len = l1 + l2 + 1; /* "name" + "=" + "value" */ if (total_len > 255) { TACSYSLOG((LOG_WARNING,\ @@ -64,7 +71,9 @@ void tac_add_attrib_pair(struct tac_attrib **attr, char *name, char sep, char *v a->attr = (char *) xcalloc(1, total_len+1); bcopy(name, a->attr, l1); /* paste name */ *(a->attr+l1)=sep; /* insert seperator "[=*]" */ - bcopy(value, (a->attr+l1+1), l2); /* paste value */ + if (value != NULL) { + bcopy(value, (a->attr+l1+1), l2); /* paste value */ + } *(a->attr+total_len) = '\0'; /* add 0 for safety */ a->next = NULL; /* make sure it's null */ } diff --git a/libtac/lib/authen_s.c b/libtac/lib/authen_s.c index c987c1f..0cbf606 100644 --- a/libtac/lib/authen_s.c +++ b/libtac/lib/authen_s.c @@ -52,7 +52,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty, th=_tac_req_header(TAC_PLUS_AUTHEN, 0); /* set some header options */ - if(strcmp(tac_login,"login") == 0) { + if ((tac_login != NULL) && (strcmp(tac_login,"login") == 0)) { th->version = TAC_PLUS_VER_0; } else { th->version = TAC_PLUS_VER_1; @@ -63,7 +63,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty, __FUNCTION__, user, tty, rem_addr, \ (tac_encryption) ? "yes" : "no")) - if(strcmp(tac_login,"chap") == 0) { + if ((tac_login != NULL) && (strcmp(tac_login,"chap") == 0)) { chal_len = strlen(chal); mdp_len = sizeof(u_char) + strlen(pass) + chal_len; mdp = (u_char *) xcalloc(1, mdp_len); @@ -91,12 +91,17 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty, /* fill the body of message */ tb.action = TAC_PLUS_AUTHEN_LOGIN; tb.priv_lvl = tac_priv_lvl; - if (strcmp(tac_login,"chap") == 0) { - tb.authen_type = TAC_PLUS_AUTHEN_TYPE_CHAP; - } else if (strcmp(tac_login,"login") == 0) { - tb.authen_type = TAC_PLUS_AUTHEN_TYPE_ASCII; - } else { + if (tac_login == NULL) { + /* default to PAP */ tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP; + } else { + if (strcmp(tac_login,"chap") == 0) { + tb.authen_type = TAC_PLUS_AUTHEN_TYPE_CHAP; + } else if (strcmp(tac_login,"login") == 0) { + tb.authen_type = TAC_PLUS_AUTHEN_TYPE_ASCII; + } else { + tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP; + } } tb.service = tac_authen_service; tb.user_len = user_len; diff --git a/libtac/lib/author_s.c b/libtac/lib/author_s.c index 627acb9..7148e80 100644 --- a/libtac/lib/author_s.c +++ b/libtac/lib/author_s.c @@ -64,12 +64,17 @@ int tac_author_send(int fd, const char *user, char *tty, char *rem_addr, tb.authen_method = tac_authen_method; tb.priv_lvl = tac_priv_lvl; - if (strcmp(tac_login,"chap") == 0) { - tb.authen_type = TAC_PLUS_AUTHEN_TYPE_CHAP; - } else if (strcmp(tac_login,"login") == 0) { - tb.authen_type = TAC_PLUS_AUTHEN_TYPE_ASCII; - } else { + if (tac_login == NULL) { + /* default to PAP */ tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP; + } else { + if (strcmp(tac_login,"chap") == 0) { + tb.authen_type = TAC_PLUS_AUTHEN_TYPE_CHAP; + } else if (strcmp(tac_login,"login") == 0) { + tb.authen_type = TAC_PLUS_AUTHEN_TYPE_ASCII; + } else { + tb.authen_type = TAC_PLUS_AUTHEN_TYPE_PAP; + } } tb.service = tac_authen_service; tb.user_len = user_len; diff --git a/libtac/lib/crypt.c b/libtac/lib/crypt.c index 04d29a6..d06f4f7 100644 --- a/libtac/lib/crypt.c +++ b/libtac/lib/crypt.c @@ -91,7 +91,7 @@ void _tac_crypt(u_char *buf, HDR *th, int length) { u_char *pad; /* null operation if no encryption requested */ - if(th->encryption == TAC_PLUS_ENCRYPTED_FLAG) { + if((tac_secret != NULL) && (th->encryption == TAC_PLUS_ENCRYPTED_FLAG)) { pad = _tac_md5_pad(length, th); for (i=0; i<length; i++) { diff --git a/libtac/lib/header.c b/libtac/lib/header.c index 393ce7a..349c563 100644 --- a/libtac/lib/header.c +++ b/libtac/lib/header.c @@ -34,10 +34,10 @@ int session_id; int tac_encryption = 0; /* Pointer to TACACS+ shared secret string. */ -char *tac_secret = ""; +char *tac_secret = NULL; /* Pointer to TACACS+ shared login string. */ -char *tac_login = "pap"; +char *tac_login = NULL; /* default is PAP */ /* priv_lvl */ int tac_priv_lvl = TAC_PLUS_PRIV_LVL_MIN; diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c index 2741760..89bf023 100644 --- a/libtac/lib/magic.c +++ b/libtac/lib/magic.c @@ -77,13 +77,12 @@ magic() { #ifdef __linux__ u_int32_t ret = 0; - int bytes = 0; if (magic_inited == 0 ) magic_init(); if(rfd > -1) { - bytes = read(rfd, &ret, sizeof(ret)); + read(rfd, &ret, sizeof(ret)); return ret; } else diff --git a/libtac/lib/version.c b/libtac/lib/version.c index 470be16..5075831 100644 --- a/libtac/lib/version.c +++ b/libtac/lib/version.c @@ -20,5 +20,5 @@ */ int tac_ver_major = 1; -int tac_ver_minor = 7; +int tac_ver_minor = 8; int tac_ver_patch = 1; /* patchlevel */ |