diff options
| author | Brian Russell <brussell@mail.eng.vyatta.net> | 2019-11-13 14:15:01 +0000 |
|---|---|---|
| committer | Brian Russell <brussell@mail.eng.vyatta.net> | 2019-11-13 14:15:01 +0000 |
| commit | 8696a1ff70bbdca3b20dc3e48fd5394fa49efa0c (patch) | |
| tree | 7adbb6a7d893836eb597f32c804ba05a78721466 /debian/patches/tac_connect_single_individual-timeout.patch | |
| parent | db09c62ce678dc292a328f7e982dcb8773194fad (diff) | |
| download | pam_tacplus-danos/1908.tar.gz pam_tacplus-danos/1908.zip | |
DANOS import masterHEADdebian/1.3.9-0vyatta12danos/1908master
Diffstat (limited to 'debian/patches/tac_connect_single_individual-timeout.patch')
| -rw-r--r-- | debian/patches/tac_connect_single_individual-timeout.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/debian/patches/tac_connect_single_individual-timeout.patch b/debian/patches/tac_connect_single_individual-timeout.patch new file mode 100644 index 0000000..3df2617 --- /dev/null +++ b/debian/patches/tac_connect_single_individual-timeout.patch @@ -0,0 +1,69 @@ +--- a/libtac/include/libtac.h ++++ b/libtac/include/libtac.h +@@ -126,7 +126,7 @@ + extern int tac_timeout; + + int tac_connect(struct addrinfo **, char **, int); +-int tac_connect_single(struct addrinfo *, const char *, struct addrinfo *); ++int tac_connect_single(struct addrinfo *, const char *, struct addrinfo *, int); + char *tac_ntop(const struct sockaddr *); + + int tac_authen_send(int, const char *, char *, char *, +--- a/libtac/lib/connect.c ++++ b/libtac/lib/connect.c +@@ -50,7 +50,7 @@ + TACSYSLOG((LOG_ERR, "%s: no TACACS+ servers defined", __FUNCTION__)) + } else { + for ( tries = 0; tries < servers; tries++ ) { +- if((fd=tac_connect_single(server[tries], key[tries], NULL)) >= 0 ) { ++ if((fd=tac_connect_single(server[tries], key[tries], NULL, tac_timeout)) >= 0 ) { + /* tac_secret was set in tac_connect_single on success */ + break; + } +@@ -67,7 +67,7 @@ + * >= 0 : valid fd + * < 0 : error status code, see LIBTAC_STATUS_... + */ +-int tac_connect_single(struct addrinfo *server, const char *key, struct addrinfo *srcaddr) { ++int tac_connect_single(struct addrinfo *server, const char *key, struct addrinfo *srcaddr, int timeout) { + int retval = LIBTAC_STATUS_CONN_ERR; /* default retval */ + int fd = -1; + int flags, rc; +@@ -128,7 +128,7 @@ + FD_SET(fd, &writefds); + + /* set timeout seconds */ +- tv.tv_sec = tac_timeout; ++ tv.tv_sec = timeout; + tv.tv_usec = 0; + + /* check if socket is ready for read and write */ +--- a/pam_tacplus.c ++++ b/pam_tacplus.c +@@ -169,7 +169,7 @@ + + status = PAM_SESSION_ERR; + for(srv_i = 0; srv_i < tac_srv_no; srv_i++) { +- tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL); ++ tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL, tac_timeout); + if (tac_fd < 0) { + _pam_log(LOG_WARNING, "%s: error sending %s (fd)", + __FUNCTION__, typemsg); +@@ -266,7 +266,7 @@ + if (ctrl & PAM_TAC_DEBUG) + syslog(LOG_DEBUG, "%s: trying srv %d", __FUNCTION__, srv_i ); + +- tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL); ++ tac_fd = tac_connect_single(tac_srv[srv_i].addr, tac_srv[srv_i].key, NULL, tac_timeout); + if (tac_fd < 0) { + _pam_log(LOG_ERR, "connection failed srv %d: %m", srv_i); + continue; +@@ -487,7 +487,7 @@ + if(tac_protocol != NULL && tac_protocol[0] != '\0') + tac_add_attrib(&attr, "protocol", tac_protocol); + +- tac_fd = tac_connect_single(active_server.addr, active_server.key, NULL); ++ tac_fd = tac_connect_single(active_server.addr, active_server.key, NULL, tac_timeout); + if(tac_fd < 0) { + _pam_log (LOG_ERR, "TACACS+ server unavailable"); + if(arep.msg != NULL) |