diff options
| -rw-r--r-- | libtac/lib/author_r.c | 7 | ||||
| -rw-r--r-- | pam_tacplus.c | 16 |
2 files changed, 13 insertions, 10 deletions
diff --git a/libtac/lib/author_r.c b/libtac/lib/author_r.c index bed9525..99998cb 100644 --- a/libtac/lib/author_r.c +++ b/libtac/lib/author_r.c @@ -160,6 +160,9 @@ int tac_author_read(int fd, struct areply *re) { free(smsg); } + TACDEBUG((LOG_DEBUG, "%s: authorization reply status=%d",\ + __FUNCTION__, tb->status)); + /* prepare status */ switch(tb->status) { /* success conditions */ @@ -179,6 +182,7 @@ int tac_author_read(int fd, struct areply *re) { pktp = (u_char *) tb + TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE; argp = pktp + (tb->arg_cnt * sizeof(u_char)) + tb->msg_len + tb->data_len; + TACSYSLOG((LOG_WARNING, "Args cnt %d", tb->arg_cnt)); /* argp points to current argument string pktp points to current argument length */ for(r=0; r < tb->arg_cnt; r++) { @@ -207,6 +211,7 @@ int tac_author_read(int fd, struct areply *re) { /* now buff points to attribute name, value to the attribute value */ } + TACSYSLOG((LOG_WARNING, "Adding buf/value pair (%s,%s)", buff, value)); tac_add_attrib_pair(&re->attr, buff, sepchar, value); argp += *pktp; pktp++; @@ -217,8 +222,6 @@ int tac_author_read(int fd, struct areply *re) { break; } - TACDEBUG((LOG_DEBUG, "%s: authorization failed, server reply status=%d",\ - __FUNCTION__, tb->status)) switch (tb->status) { /* authorization failure conditions */ /* failing to follow is allowed by RFC, page 23 */ diff --git a/pam_tacplus.c b/pam_tacplus.c index 3c8074f..b76b317 100644 --- a/pam_tacplus.c +++ b/pam_tacplus.c @@ -68,7 +68,8 @@ int _pam_send_account(int tac_fd, int type, const char *user, char *tty, sprintf(buf, "%hu", task_id); tac_add_attrib(&attr, "task_id", buf); tac_add_attrib(&attr, "service", tac_service); - tac_add_attrib(&attr, "protocol", tac_protocol); + if(tac_protocol != NULL && tac_protocol[0] != '\0') + tac_add_attrib(&attr, "protocol", tac_protocol); if (cmd != NULL) { tac_add_attrib(&attr, "cmd", cmd); } @@ -148,12 +149,11 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, /* checks for specific data required by TACACS+, which should be supplied in command line */ if(tac_service == NULL || *tac_service == '\0') { - _pam_log (LOG_ERR, "TACACS+ service type not configured"); + _pam_log (LOG_ERR, "ACC: TACACS+ service type not configured"); return PAM_AUTH_ERR; } if(tac_protocol == NULL || *tac_protocol == '\0') { - _pam_log (LOG_ERR, "TACACS+ protocol type not configured"); - return PAM_AUTH_ERR; + _pam_log (LOG_ERR, "ACC: TACACS+ protocol type not configured (IGNORED)"); } /* when this module is called from within pppd or other @@ -478,16 +478,16 @@ int pam_sm_acct_mgmt (pam_handle_t * pamh, int flags, /* checks for specific data required by TACACS+, which should be supplied in command line */ if(tac_service == NULL || !*tac_service) { - _pam_log (LOG_ERR, "TACACS+ service type not configured"); + _pam_log (LOG_ERR, "SM: TACACS+ service type not configured"); return PAM_AUTH_ERR; } if(tac_protocol == NULL || !*tac_protocol) { - _pam_log (LOG_ERR, "TACACS+ protocol type not configured"); - return PAM_AUTH_ERR; + _pam_log (LOG_ERR, "SM: TACACS+ protocol type not configured (IGNORED)"); } tac_add_attrib(&attr, "service", tac_service); - tac_add_attrib(&attr, "protocol", tac_protocol); + if(tac_protocol != NULL && tac_protocol[0] != '\0') + tac_add_attrib(&attr, "protocol", tac_protocol); tac_fd = tac_connect_single(active_server.addr, active_server.key); if(tac_fd < 0) { |