diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | README | 4 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | libtac/include/libtac.h | 6 | ||||
| -rw-r--r-- | libtac/include/tacplus.h | 6 | ||||
| -rw-r--r-- | libtac/lib/acct_s.c | 12 | ||||
| -rw-r--r-- | libtac/lib/authen_s.c | 16 | ||||
| -rw-r--r-- | libtac/lib/author_s.c | 12 | ||||
| -rw-r--r-- | pam_tacplus.c | 34 |
10 files changed, 55 insertions, 46 deletions
@@ -1,3 +1,6 @@ +1.3.8 +* Renamed rem_addr, rem_addr_len to r_addr and r_addr_len + 1.3.7 * Tac_encryption fully handled by libtac no need to enable it manually * Fixed connection handling in _pam_account, @@ -1,6 +1,6 @@ -pam_tacplus v1.3.7 -May 19 2012 +pam_tacplus v1.3.8 +Sep 8 2012 This PAM module support the following functions: diff --git a/configure.ac b/configure.ac index 3ae767c..e38e146 100644 --- a/configure.ac +++ b/configure.ac @@ -14,7 +14,7 @@ AC_PREREQ(2.59) AC_COPYRIGHT([ See the included file: COPYING for copyright information. ]) -AC_INIT(pam_tacplus, 1.3.7, [jeroen@jeroennijhof.nl,pawel.krawczyk@hush.com]) +AC_INIT(pam_tacplus, 1.3.8, [jeroen@jeroennijhof.nl,pawel.krawczyk@hush.com]) AC_CONFIG_AUX_DIR(config) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([pam_tacplus.c]) diff --git a/debian/changelog b/debian/changelog index b06c509..bd3d6b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libpam-tacplus (1.3.8-1) unstable; urgency=low + + * New upstream release. + + -- Jeroen Nijhof <jeroen@jeroennijhof.nl> Sat, 8 Sep 2012 12:20:00 +0100 + libpam-tacplus (1.3.7-1) unstable; urgency=low * New upstream release. diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h index 2e1881f..5b85eac 100644 --- a/libtac/include/libtac.h +++ b/libtac/include/libtac.h @@ -124,7 +124,7 @@ extern int tac_connect_single(struct addrinfo *server, char *key); extern char *tac_ntop(const struct sockaddr *sa, size_t ai_addrlen); extern int tac_authen_send(int fd, const char *user, char *pass, char *tty, - char *rem_addr); + char *r_addr); extern int tac_authen_read(int fd); extern int tac_cont_send(int fd, char *pass); extern HDR *_tac_req_header(u_char type, int cont_session); @@ -133,13 +133,13 @@ extern u_char *_tac_md5_pad(int len, HDR *hdr); extern void tac_add_attrib(struct tac_attrib **attr, char *name, char *value); extern void tac_free_attrib(struct tac_attrib **attr); extern char *tac_acct_flag2str(int flag); -extern int tac_acct_send(int fd, int type, const char *user, char *tty, char *rem_addr, +extern int tac_acct_send(int fd, int type, const char *user, char *tty, char *r_addr, struct tac_attrib *attr); extern int tac_acct_read(int fd, struct areply *arep); extern void *xcalloc(size_t nmemb, size_t size); extern void *xrealloc(void *ptr, size_t size); extern char *_tac_check_header(HDR *th, int type); -extern int tac_author_send(int fd, const char *user, char *tty, char *rem_addr, +extern int tac_author_send(int fd, const char *user, char *tty, char *r_addr, struct tac_attrib *attr); extern int tac_author_read(int fd, struct areply *arep); extern void tac_add_attrib_pair(struct tac_attrib **attr, char *name, char sep, diff --git a/libtac/include/tacplus.h b/libtac/include/tacplus.h index b5bc1a7..8f4ff6d 100644 --- a/libtac/include/tacplus.h +++ b/libtac/include/tacplus.h @@ -103,7 +103,7 @@ struct authen_start { u_char user_len; u_char port_len; - u_char rem_addr_len; + u_char r_addr_len; u_char data_len; }; @@ -178,7 +178,7 @@ struct acct { u_char authen_service; u_char user_len; u_char port_len; - u_char rem_addr_len; + u_char r_addr_len; u_char arg_cnt; /* the number of cmd args */ }; @@ -206,7 +206,7 @@ struct author { u_char user_len; u_char port_len; - u_char rem_addr_len; + u_char r_addr_len; u_char arg_cnt; /* the number of args */ }; diff --git a/libtac/lib/acct_s.c b/libtac/lib/acct_s.c index c1de720..fe86cdb 100644 --- a/libtac/lib/acct_s.c +++ b/libtac/lib/acct_s.c @@ -47,11 +47,11 @@ char *tac_acct_flag2str(int flag) { * LIBTAC_STATUS_ASSEMBLY_ERR (pending impl) */ int tac_acct_send(int fd, int type, const char *user, char *tty, - char *rem_addr, struct tac_attrib *attr) { + char *r_addr, struct tac_attrib *attr) { HDR *th; struct acct tb; - u_char user_len, port_len, rem_addr_len; + u_char user_len, port_len, r_addr_len; struct tac_attrib *a; int i = 0; /* arg count */ int pkt_len = 0; @@ -68,13 +68,13 @@ int tac_acct_send(int fd, int type, const char *user, char *tty, th->encryption=tac_encryption ? TAC_PLUS_ENCRYPTED_FLAG : TAC_PLUS_UNENCRYPTED_FLAG; TACDEBUG((LOG_DEBUG, "%s: user '%s', tty '%s', rem_addr '%s', encrypt: %s, type: %s", \ - __FUNCTION__, user, tty, rem_addr, \ + __FUNCTION__, user, tty, r_addr, \ (tac_encryption) ? "yes" : "no", \ tac_acct_flag2str(type))) user_len=(u_char) strlen(user); port_len=(u_char) strlen(tty); - rem_addr_len=(u_char) strlen(rem_addr); + r_addr_len=(u_char) strlen(r_addr); tb.flags=(u_char) type; tb.authen_method=tac_authen_method; @@ -94,7 +94,7 @@ int tac_acct_send(int fd, int type, const char *user, char *tty, tb.authen_service=tac_authen_service; tb.user_len=user_len; tb.port_len=port_len; - tb.rem_addr_len=rem_addr_len; + tb.r_addr_len=r_addr_len; /* allocate packet */ pkt=(u_char *) xcalloc(1, TAC_ACCT_REQ_FIXED_FIELDS_SIZE); @@ -139,7 +139,7 @@ int tac_acct_send(int fd, int type, const char *user, char *tty, /* fill user and port fields */ PUTATTR(user, user_len) PUTATTR(tty, port_len) - PUTATTR(rem_addr, rem_addr_len) + PUTATTR(r_addr, r_addr_len) /* fill attributes */ a = attr; diff --git a/libtac/lib/authen_s.c b/libtac/lib/authen_s.c index 0cbf606..6a9a70c 100644 --- a/libtac/lib/authen_s.c +++ b/libtac/lib/authen_s.c @@ -35,12 +35,12 @@ * LIBTAC_STATUS_ASSEMBLY_ERR */ int tac_authen_send(int fd, const char *user, char *pass, char *tty, - char *rem_addr) { + char *r_addr) { HDR *th; /* TACACS+ packet header */ struct authen_start tb; /* message body */ int user_len, port_len, chal_len, mdp_len, token_len, bodylength, w; - int rem_addr_len; + int r_addr_len; int pkt_len = 0; int ret = 0; char *chal = "1234123412341234"; @@ -60,7 +60,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty, th->encryption = tac_encryption ? TAC_PLUS_ENCRYPTED_FLAG : TAC_PLUS_UNENCRYPTED_FLAG; TACDEBUG((LOG_DEBUG, "%s: user '%s', tty '%s', rem_addr '%s', encrypt: %s", \ - __FUNCTION__, user, tty, rem_addr, \ + __FUNCTION__, user, tty, r_addr, \ (tac_encryption) ? "yes" : "no")) if ((tac_login != NULL) && (strcmp(tac_login,"chap") == 0)) { @@ -85,7 +85,7 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty, /* get size of submitted data */ user_len = strlen(user); port_len = strlen(tty); - rem_addr_len = strlen(rem_addr); + r_addr_len = strlen(r_addr); token_len = strlen(token); /* fill the body of message */ @@ -106,12 +106,12 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty, tb.service = tac_authen_service; tb.user_len = user_len; tb.port_len = port_len; - tb.rem_addr_len = rem_addr_len; /* may be e.g Caller-ID in future */ + tb.r_addr_len = r_addr_len; /* may be e.g Caller-ID in future */ tb.data_len = token_len; /* fill body length in header */ bodylength = sizeof(tb) + user_len - + port_len + rem_addr_len + token_len; + + port_len + r_addr_len + token_len; th->datalength = htonl(bodylength); @@ -136,8 +136,8 @@ int tac_authen_send(int fd, const char *user, char *pass, char *tty, pkt_len += user_len; bcopy(tty, pkt+pkt_len, port_len); /* tty */ pkt_len += port_len; - bcopy(rem_addr, pkt+pkt_len, rem_addr_len); /* rem addr */ - pkt_len += rem_addr_len; + bcopy(r_addr, pkt+pkt_len, r_addr_len); /* rem addr */ + pkt_len += r_addr_len; bcopy(token, pkt+pkt_len, token_len); /* password */ pkt_len += token_len; diff --git a/libtac/lib/author_s.c b/libtac/lib/author_s.c index 7148e80..489d8ee 100644 --- a/libtac/lib/author_s.c +++ b/libtac/lib/author_s.c @@ -33,12 +33,12 @@ * LIBTAC_STATUS_WRITE_TIMEOUT (pending impl) * LIBTAC_STATUS_ASSEMBLY_ERR (pending impl) */ -int tac_author_send(int fd, const char *user, char *tty, char *rem_addr, +int tac_author_send(int fd, const char *user, char *tty, char *r_addr, struct tac_attrib *attr) { HDR *th; struct author tb; - u_char user_len, port_len, rem_addr_len; + u_char user_len, port_len, r_addr_len; struct tac_attrib *a; int i = 0; /* attributes count */ int pkt_len = 0; /* current packet length */ @@ -56,11 +56,11 @@ int tac_author_send(int fd, const char *user, char *tty, char *rem_addr, TACDEBUG((LOG_DEBUG, "%s: user '%s', tty '%s', rem_addr '%s', encrypt: %s", \ __FUNCTION__, user, \ - tty, rem_addr, tac_encryption ? "yes" : "no")) + tty, r_addr, tac_encryption ? "yes" : "no")) user_len = (u_char) strlen(user); port_len = (u_char) strlen(tty); - rem_addr_len = (u_char) strlen(rem_addr); + r_addr_len = (u_char) strlen(r_addr); tb.authen_method = tac_authen_method; tb.priv_lvl = tac_priv_lvl; @@ -79,7 +79,7 @@ int tac_author_send(int fd, const char *user, char *tty, char *rem_addr, tb.service = tac_authen_service; tb.user_len = user_len; tb.port_len = port_len; - tb.rem_addr_len = rem_addr_len; + tb.r_addr_len = r_addr_len; /* allocate packet */ pkt = (u_char *) xcalloc(1, TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE); @@ -125,7 +125,7 @@ int tac_author_send(int fd, const char *user, char *tty, char *rem_addr, /* fill user and port fields */ PUTATTR(user, user_len) PUTATTR(tty, port_len) - PUTATTR(rem_addr, rem_addr_len) + PUTATTR(r_addr, r_addr_len) /* fill attributes */ a = attr; diff --git a/pam_tacplus.c b/pam_tacplus.c index 0e25cd5..4a37ff7 100644 --- a/pam_tacplus.c +++ b/pam_tacplus.c @@ -84,7 +84,7 @@ static short int task_id = 0; /* Helper functions */ int _pam_send_account(int tac_fd, int type, const char *user, char *tty, - char *rem_addr, char *cmd) { + char *r_addr, char *cmd) { char buf[40]; struct tac_attrib *attr; @@ -111,7 +111,7 @@ int _pam_send_account(int tac_fd, int type, const char *user, char *tty, tac_add_attrib(&attr, "cmd", cmd); } - retval = tac_acct_send(tac_fd, type, user, tty, rem_addr, attr); + retval = tac_acct_send(tac_fd, type, user, tty, r_addr, attr); /* this is no longer needed */ tac_free_attrib(&attr); @@ -148,7 +148,7 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, static int ctrl; char *user = NULL; char *tty = NULL; - char *rem_addr = NULL; + char *r_addr = NULL; char *typemsg; int status = PAM_SESSION_ERR; @@ -173,9 +173,9 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: tty [%s] obtained", __FUNCTION__, tty); - rem_addr = _pam_get_rhost(pamh); + r_addr = _pam_get_rhost(pamh); if (ctrl & PAM_TAC_DEBUG) - syslog(LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, rem_addr); + syslog(LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, r_addr); /* checks for specific data required by TACACS+, which should be supplied in command line */ @@ -218,7 +218,7 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: connected with fd=%d (srv %d)", __FUNCTION__, tac_fd, srv_i); - retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd); + retval = _pam_send_account(tac_fd, type, user, tty, r_addr, cmd); /* return code from function in this mode is status of the last server we tried to send packet to */ @@ -252,7 +252,7 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: connected with fd=%d (srv %d)", __FUNCTION__, tac_fd, srv_i); - retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd); + retval = _pam_send_account(tac_fd, type, user, tty, r_addr, cmd); /* return code from function in this mode is status of the last server we tried to send packet to */ @@ -292,12 +292,12 @@ int pam_sm_authenticate (pam_handle_t * pamh, int flags, char *user; char *pass; char *tty; - char *rem_addr; + char *r_addr; int srv_i; int tac_fd; int status = PAM_AUTH_ERR; - user = pass = tty = rem_addr = NULL; + user = pass = tty = r_addr = NULL; ctrl = _pam_parse (argc, argv); @@ -334,9 +334,9 @@ int pam_sm_authenticate (pam_handle_t * pamh, int flags, if (ctrl & PAM_TAC_DEBUG) syslog (LOG_DEBUG, "%s: tty [%s] obtained", __FUNCTION__, tty); - rem_addr = _pam_get_rhost(pamh); + r_addr = _pam_get_rhost(pamh); if (ctrl & PAM_TAC_DEBUG) - syslog (LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, rem_addr); + syslog (LOG_DEBUG, "%s: rhost [%s] obtained", __FUNCTION__, r_addr); for (srv_i = 0; srv_i < tac_srv_no; srv_i++) { int msg = TAC_PLUS_AUTHEN_STATUS_FAIL; @@ -353,7 +353,7 @@ int pam_sm_authenticate (pam_handle_t * pamh, int flags, continue; } - if (tac_authen_send(tac_fd, user, pass, tty, rem_addr) < 0) { + if (tac_authen_send(tac_fd, user, pass, tty, r_addr) < 0) { _pam_log (LOG_ERR, "error sending auth req to TACACS+ server"); status = PAM_AUTHINFO_UNAVAIL; } else { @@ -432,12 +432,12 @@ int pam_sm_acct_mgmt (pam_handle_t * pamh, int flags, int retval, ctrl, status=PAM_AUTH_ERR; char *user; char *tty; - char *rem_addr; + char *r_addr; struct areply arep; struct tac_attrib *attr = NULL; int tac_fd; - user = tty = rem_addr = NULL; + user = tty = r_addr = NULL; /* this also obtains service name for authorization this should be normally performed by pam_get_item(PAM_SERVICE) @@ -462,9 +462,9 @@ int pam_sm_acct_mgmt (pam_handle_t * pamh, int flags, if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: tty obtained [%s]", __FUNCTION__, tty); - rem_addr = _pam_get_rhost(pamh); + r_addr = _pam_get_rhost(pamh); if (ctrl & PAM_TAC_DEBUG) - syslog(LOG_DEBUG, "%s: rhost obtained [%s]", __FUNCTION__, rem_addr); + syslog(LOG_DEBUG, "%s: rhost obtained [%s]", __FUNCTION__, r_addr); /* checks if user has been successfully authenticated by TACACS+; we cannot solely authorize user if it hasn't @@ -500,7 +500,7 @@ int pam_sm_acct_mgmt (pam_handle_t * pamh, int flags, return PAM_AUTH_ERR; } - retval = tac_author_send(tac_fd, user, tty, rem_addr, attr); + retval = tac_author_send(tac_fd, user, tty, r_addr, attr); tac_free_attrib(&attr); |