diff options
| -rw-r--r-- | AUTHORS | 2 | ||||
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | INSTALL | 2 | ||||
| -rw-r--r-- | README | 6 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | debian/README.Debian | 2 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | debian/copyright | 2 | ||||
| -rw-r--r-- | libtac/include/cdefs.h | 2 | ||||
| -rw-r--r-- | libtac/include/libtac.h | 7 | ||||
| -rw-r--r-- | libtac/include/tacplus.h | 2 | ||||
| -rw-r--r-- | libtac/lib/acct_r.c | 4 | ||||
| -rw-r--r-- | libtac/lib/acct_s.c | 21 | ||||
| -rw-r--r-- | libtac/lib/attrib.c | 2 | ||||
| -rw-r--r-- | libtac/lib/authen_r.c | 2 | ||||
| -rw-r--r-- | libtac/lib/authen_s.c | 2 | ||||
| -rw-r--r-- | libtac/lib/author_r.c | 2 | ||||
| -rw-r--r-- | libtac/lib/author_s.c | 2 | ||||
| -rw-r--r-- | libtac/lib/connect.c | 2 | ||||
| -rw-r--r-- | libtac/lib/cont_s.c | 2 | ||||
| -rw-r--r-- | libtac/lib/crypt.c | 2 | ||||
| -rw-r--r-- | libtac/lib/hdr_check.c | 2 | ||||
| -rw-r--r-- | libtac/lib/header.c | 2 | ||||
| -rw-r--r-- | libtac/lib/messages.c | 2 | ||||
| -rw-r--r-- | libtac/lib/messages.h | 2 | ||||
| -rw-r--r-- | libtac/lib/version.c | 2 | ||||
| -rw-r--r-- | libtac/lib/xalloc.c | 2 | ||||
| -rw-r--r-- | libtac/lib/xalloc.h | 2 | ||||
| -rw-r--r-- | pam_tacplus.c | 39 | ||||
| -rw-r--r-- | pam_tacplus.h | 4 | ||||
| -rw-r--r-- | pam_tacplus.spec.in | 2 | ||||
| -rw-r--r-- | support.c | 2 | ||||
| -rw-r--r-- | support.h | 2 |
34 files changed, 89 insertions, 56 deletions
@@ -1,5 +1,5 @@ Primary Author: Pawel Krawczyk <pawel.krawczyk@hush.com> Other Authors and Major Contributors: - Jeroen Nijhof <jeroen@nijhofnet.nl> + Jeroen Nijhof <jeroen@jeroennijhof.nl> @@ -1,3 +1,11 @@ +1.3.6 +* Changed e-mail adres to jeroen@jeroennijhof.nl +* Improved accounting, added cmd attribute for command logging. +* Added tac_acct_flag2str() +* Renamed tac_account_read, tac_account_send to tac_acct_read and tac_acct_send +* pam_tacplus.spec.in: fixed static library path and pam_tacplus.so location. +* Debian packaging improvements + 1.3.5 * This version will be dedicated to Darren Besler, thank you for your major contribution! @@ -19,6 +19,6 @@ This code is known to work on Linux, Solaris and AIX for now. Dec 22 2010 -Jeroen Nijhof <jeroen@nijhofnet.nl> +Jeroen Nijhof <jeroen@jeroennijhof.nl> Pawel Krawczyk <pawel.krawczyk@hush.com> @@ -1,6 +1,6 @@ -pam_tacplus v1.3.5 -Aug 19 2011 +pam_tacplus v1.3.6 +Mar 18 2012 This PAM module support the following functions: @@ -180,4 +180,4 @@ Authors: Pawel Krawczyk <pawel.krawczyk@hush.com> http://ipsec.pl -Jeroen Nijhof <jeroen@nijhofnet.nl> +Jeroen Nijhof <jeroen@jeroennijhof.nl> diff --git a/configure.ac b/configure.ac index d714f30..d1abf02 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl dnl File: configure.in dnl Revision: $Id: configure.ac,v 1.4 2010/06/11 12:04:29 j-nijhof Exp $ dnl Created: 2010/06/09 -dnl Author: Jeroen Nijhof <jeroen@nijhofnet.nl> +dnl Author: Jeroen Nijhof <jeroen@jeroennijhof.nl> dnl Benoit Donneaux <benoit.donneaux@gmail.com> dnl dnl Process this file with autoconf to produce a configure script @@ -14,7 +14,7 @@ AC_PREREQ(2.59) AC_COPYRIGHT([ See the included file: COPYING for copyright information. ]) -AC_INIT(pam_tacplus, 1.3.5, [jeroen@nijhofnet.nl,pawel.krawczyk@hush.com]) +AC_INIT(pam_tacplus, 1.3.6, [jeroen@jeroennijhof.nl,pawel.krawczyk@hush.com]) AC_CONFIG_AUX_DIR(config) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([pam_tacplus.c]) diff --git a/debian/README.Debian b/debian/README.Debian index 1e131c9..418c18f 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -15,4 +15,4 @@ Look at the content list of the deb file with "dpkg -c" Change the version number by running "debchange -i" and add in the NEWS entries for the given version. - -- J. Nijhof <jeroen@nijhofnet.nl>, Sun, 14 Feb 2010 + -- J. Nijhof <jeroen@jeroennijhof.nl>, Sun, 14 Feb 2010 diff --git a/debian/changelog b/debian/changelog index 8be7615..d13493c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,5 +2,5 @@ libpam-tacplus (1.3.5-1) unstable; urgency=low * First version of pam_tacplus debian package. Closes: #588172 - -- Jeroen Nijhof <jeroen@nijhofnet.nl> Mon, 5 Sep 2011 16:01:00 +0100 + -- Jeroen Nijhof <jeroen@jeroennijhof.nl> Mon, 5 Sep 2011 16:01:00 +0100 diff --git a/debian/control b/debian/control index 78509c1..9e4a9c2 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: libpam-tacplus Section: admin Priority: extra -Maintainer: Jeroen Nijhof <jeroen@nijhofnet.nl> +Maintainer: Jeroen Nijhof <jeroen@jeroennijhof.nl> Build-Depends: debhelper (>= 7.0.50~), libpam-dev Standards-Version: 3.9.2 Homepage: http://sourceforge.net/projects/tacplus diff --git a/debian/copyright b/debian/copyright index 79cf416..3ddc601 100644 --- a/debian/copyright +++ b/debian/copyright @@ -2,7 +2,7 @@ libpam-tacplus Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> - and Jeroen Nijhof <jeroen@nijhofnet.nl>. + and Jeroen Nijhof <jeroen@jeroennijhof.nl>. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/libtac/include/cdefs.h b/libtac/include/cdefs.h index 2297d93..98ae7a5 100644 --- a/libtac/include/cdefs.h +++ b/libtac/include/cdefs.h @@ -1,7 +1,7 @@ /* cdefs.h * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h index d7a2071..2e1881f 100644 --- a/libtac/include/libtac.h +++ b/libtac/include/libtac.h @@ -1,7 +1,7 @@ /* libtac.h * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -132,9 +132,10 @@ extern void _tac_crypt(u_char *buf, HDR *th, int length); extern u_char *_tac_md5_pad(int len, HDR *hdr); extern void tac_add_attrib(struct tac_attrib **attr, char *name, char *value); extern void tac_free_attrib(struct tac_attrib **attr); -extern int tac_account_send(int fd, int type, const char *user, char *tty, char *rem_addr, +extern char *tac_acct_flag2str(int flag); +extern int tac_acct_send(int fd, int type, const char *user, char *tty, char *rem_addr, struct tac_attrib *attr); -extern int tac_account_read(int fd, struct areply *arep); +extern int tac_acct_read(int fd, struct areply *arep); extern void *xcalloc(size_t nmemb, size_t size); extern void *xrealloc(void *ptr, size_t size); extern char *_tac_check_header(HDR *th, int type); diff --git a/libtac/include/tacplus.h b/libtac/include/tacplus.h index 0838325..b5bc1a7 100644 --- a/libtac/include/tacplus.h +++ b/libtac/include/tacplus.h @@ -1,7 +1,7 @@ /* tacplus.h * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/acct_r.c b/libtac/lib/acct_r.c index ff651d3..45e1c5a 100644 --- a/libtac/lib/acct_r.c +++ b/libtac/lib/acct_r.c @@ -1,7 +1,7 @@ /* acct_r.c - Read accounting reply from server. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,7 +33,7 @@ * LIBTAC_STATUS_PROTOCOL_ERR * >= 0 : server response, see TAC_PLUS_AUTHEN_STATUS_... */ -int tac_account_read(int fd, struct areply *re) { +int tac_acct_read(int fd, struct areply *re) { HDR th; struct acct_reply *tb = NULL; int len_from_header, r, len_from_body; diff --git a/libtac/lib/acct_s.c b/libtac/lib/acct_s.c index 51d2715..f297530 100644 --- a/libtac/lib/acct_s.c +++ b/libtac/lib/acct_s.c @@ -1,7 +1,7 @@ /* acct_s.c - Send accounting event information to server. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,6 +23,21 @@ #include "libtac.h" #include "xalloc.h" +char *tac_acct_flag2str(int flag) { + switch(flag) { + case TAC_PLUS_ACCT_FLAG_MORE: + return "more"; + case TAC_PLUS_ACCT_FLAG_START: + return "start"; + case TAC_PLUS_ACCT_FLAG_STOP: + return "stop"; + case TAC_PLUS_ACCT_FLAG_WATCHDOG: + return "update"; + default: + return "unknown"; + } +} + /* * return value: * 0 : success @@ -31,7 +46,7 @@ * LIBTAC_STATUS_WRITE_TIMEOUT (pending impl) * LIBTAC_STATUS_ASSEMBLY_ERR (pending impl) */ -int tac_account_send(int fd, int type, const char *user, char *tty, +int tac_acct_send(int fd, int type, const char *user, char *tty, char *rem_addr, struct tac_attrib *attr) { HDR *th; @@ -55,7 +70,7 @@ int tac_account_send(int fd, int type, const char *user, char *tty, TACDEBUG((LOG_DEBUG, "%s: user '%s', tty '%s', rem_addr '%s', encrypt: %s, type: %s", \ __FUNCTION__, user, tty, rem_addr, \ (tac_encryption) ? "yes" : "no", \ - (type == TAC_PLUS_ACCT_FLAG_START) ? "START" : "STOP")) + tac_acct_flag2str(type))) user_len=(u_char) strlen(user); port_len=(u_char) strlen(tty); diff --git a/libtac/lib/attrib.c b/libtac/lib/attrib.c index f409796..adba6d7 100644 --- a/libtac/lib/attrib.c +++ b/libtac/lib/attrib.c @@ -2,7 +2,7 @@ * for accounting and authorization functions. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/authen_r.c b/libtac/lib/authen_r.c index 7d54cbc..566b747 100644 --- a/libtac/lib/authen_r.c +++ b/libtac/lib/authen_r.c @@ -1,7 +1,7 @@ /* authen_r.c - Read authentication reply from server. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/authen_s.c b/libtac/lib/authen_s.c index 4983a01..c987c1f 100644 --- a/libtac/lib/authen_s.c +++ b/libtac/lib/authen_s.c @@ -1,7 +1,7 @@ /* authen_s.c - Send authentication request to the server. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/author_r.c b/libtac/lib/author_r.c index 915d7fd..43531a2 100644 --- a/libtac/lib/author_r.c +++ b/libtac/lib/author_r.c @@ -1,7 +1,7 @@ /* author_r.c - Reads authorization reply from the server. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/author_s.c b/libtac/lib/author_s.c index c82d6e4..627acb9 100644 --- a/libtac/lib/author_s.c +++ b/libtac/lib/author_s.c @@ -1,7 +1,7 @@ /* author_s.c - Send authorization request to the server. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/connect.c b/libtac/lib/connect.c index 15dc756..ef4d706 100644 --- a/libtac/lib/connect.c +++ b/libtac/lib/connect.c @@ -1,7 +1,7 @@ /* connect.c - Open connection to server. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/cont_s.c b/libtac/lib/cont_s.c index 8382bc5..b155cdc 100644 --- a/libtac/lib/cont_s.c +++ b/libtac/lib/cont_s.c @@ -1,6 +1,6 @@ /* cont_s.c - Send continue request to the server. * - * Copyright (C) 2010, Jeroen Nijhof <jeroen@nijhofnet.nl> + * Copyright (C) 2010, Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/crypt.c b/libtac/lib/crypt.c index 51ea669..04d29a6 100644 --- a/libtac/lib/crypt.c +++ b/libtac/lib/crypt.c @@ -1,7 +1,7 @@ /* crypt.c - TACACS+ encryption related functions * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/hdr_check.c b/libtac/lib/hdr_check.c index 75c13d4..3766744 100644 --- a/libtac/lib/hdr_check.c +++ b/libtac/lib/hdr_check.c @@ -1,7 +1,7 @@ /* hdr_check.c - Perform basic sanity checks on received packet. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/header.c b/libtac/lib/header.c index 1ae5c17..393ce7a 100644 --- a/libtac/lib/header.c +++ b/libtac/lib/header.c @@ -1,7 +1,7 @@ /* header.c - Create pre-filled header for TACACS+ request. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/messages.c b/libtac/lib/messages.c index d24a809..0c77df3 100644 --- a/libtac/lib/messages.c +++ b/libtac/lib/messages.c @@ -1,7 +1,7 @@ /* messages.c - Various messages returned to user. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/messages.h b/libtac/lib/messages.h index 041195f..a7c34e9 100644 --- a/libtac/lib/messages.h +++ b/libtac/lib/messages.h @@ -1,7 +1,7 @@ /* messages.h * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/version.c b/libtac/lib/version.c index 16c8c7b..470be16 100644 --- a/libtac/lib/version.c +++ b/libtac/lib/version.c @@ -1,7 +1,7 @@ /* version.c - TACACS+ library version. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/xalloc.c b/libtac/lib/xalloc.c index a8e8302..de6a5fb 100644 --- a/libtac/lib/xalloc.c +++ b/libtac/lib/xalloc.c @@ -2,7 +2,7 @@ * Taken from excellent glibc.info ;) * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/libtac/lib/xalloc.h b/libtac/lib/xalloc.h index 3573567..79b12f9 100644 --- a/libtac/lib/xalloc.h +++ b/libtac/lib/xalloc.h @@ -1,7 +1,7 @@ /* xalloc.h * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/pam_tacplus.c b/pam_tacplus.c index b6f8003..5a7040f 100644 --- a/pam_tacplus.c +++ b/pam_tacplus.c @@ -1,7 +1,7 @@ /* pam_tacplus.c - PAM interface for TACACS+ protocol. * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -86,7 +86,9 @@ static short int task_id = 0; /* Helper functions */ -int _pam_send_account(int tac_fd, int type, const char *user, char *tty, char *rem_addr) { +int _pam_send_account(int tac_fd, int type, const char *user, char *tty, + char *rem_addr, char *cmd) { + char buf[40]; struct tac_attrib *attr; int retval; @@ -99,15 +101,20 @@ int _pam_send_account(int tac_fd, int type, const char *user, char *tty, char *r sprintf(buf, "%lu", (long unsigned int)time(0)); #endif - tac_add_attrib(&attr, - (type == TAC_PLUS_ACCT_FLAG_START) ? "start_time" : "stop_time" - , buf); + if (type == TAC_PLUS_ACCT_FLAG_START) { + tac_add_attrib(&attr, "start_time", buf); + } else if (type == TAC_PLUS_ACCT_FLAG_STOP) { + tac_add_attrib(&attr, "stop_time", buf); + } sprintf(buf, "%hu", task_id); tac_add_attrib(&attr, "task_id", buf); tac_add_attrib(&attr, "service", tac_service); tac_add_attrib(&attr, "protocol", tac_protocol); + if (cmd != NULL) { + tac_add_attrib(&attr, "cmd", cmd); + } - retval = tac_account_send(tac_fd, type, user, tty, rem_addr, attr); + retval = tac_acct_send(tac_fd, type, user, tty, rem_addr, attr); /* this is no longer needed */ tac_free_attrib(&attr); @@ -115,17 +122,17 @@ int _pam_send_account(int tac_fd, int type, const char *user, char *tty, char *r if(retval < 0) { _pam_log (LOG_WARNING, "%s: send %s accounting failed (task %hu)", __FUNCTION__, - (type == TAC_PLUS_ACCT_FLAG_START) ? "start" : "stop", + tac_acct_flag2str(type), task_id); close(tac_fd); return -1; } struct areply re; - if( tac_account_read(tac_fd, &re) != TAC_PLUS_ACCT_STATUS_SUCCESS ) { + if( tac_acct_read(tac_fd, &re) != TAC_PLUS_ACCT_STATUS_SUCCESS ) { _pam_log (LOG_WARNING, "%s: accounting %s failed (task %hu)", __FUNCTION__, - (type == TAC_PLUS_ACCT_FLAG_START) ? "start" : "stop", + tac_acct_flag2str(type), task_id); if(re.msg != NULL) free(re.msg); close(tac_fd); @@ -137,7 +144,9 @@ int _pam_send_account(int tac_fd, int type, const char *user, char *tty, char *r return 0; } -int _pam_account(pam_handle_t *pamh, int argc, const char **argv, int type) { +int _pam_account(pam_handle_t *pamh, int argc, const char **argv, + int type, char *cmd) { + int retval; static int ctrl; char *user = NULL; @@ -146,7 +155,7 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, int type) { char *typemsg; int status = PAM_SESSION_ERR; - typemsg = (type == TAC_PLUS_ACCT_FLAG_START) ? "START" : "STOP"; + typemsg = tac_acct_flag2str(type); ctrl = _pam_parse (argc, argv); if (ctrl & PAM_TAC_DEBUG) @@ -208,7 +217,7 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, int type) { if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: connected with fd=%d", __FUNCTION__, tac_fd); - retval = _pam_send_account(tac_fd, type, user, tty, rem_addr); + retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd); if(retval < 0) { _pam_log(LOG_ERR, "%s: error sending %s", __FUNCTION__, typemsg); @@ -238,7 +247,7 @@ int _pam_account(pam_handle_t *pamh, int argc, const char **argv, int type) { if (ctrl & PAM_TAC_DEBUG) syslog(LOG_DEBUG, "%s: connected with fd=%d (srv %d)", __FUNCTION__, tac_fd, srv_i); - retval = _pam_send_account(tac_fd, type, user, tty, rem_addr); + retval = _pam_send_account(tac_fd, type, user, tty, rem_addr, cmd); /* return code from function in this mode is status of the last server we tried to send packet to */ @@ -572,7 +581,7 @@ int pam_sm_open_session (pam_handle_t * pamh, int flags, int argc, const char **argv) { task_id=(short int) magic(); - return _pam_account(pamh, argc, argv,TAC_PLUS_ACCT_FLAG_START); + return _pam_account(pamh, argc, argv, TAC_PLUS_ACCT_FLAG_START, NULL); } /* pam_sm_open_session */ /* sends STOP accounting request to the remote TACACS+ server @@ -583,7 +592,7 @@ PAM_EXTERN int pam_sm_close_session (pam_handle_t * pamh, int flags, int argc, const char **argv) { - return _pam_account(pamh, argc, argv,TAC_PLUS_ACCT_FLAG_STOP); + return _pam_account(pamh, argc, argv, TAC_PLUS_ACCT_FLAG_STOP, NULL); } /* pam_sm_close_session */ diff --git a/pam_tacplus.h b/pam_tacplus.h index fd569ed..e41b56c 100644 --- a/pam_tacplus.h +++ b/pam_tacplus.h @@ -1,7 +1,7 @@ /* pam_tacplus.h * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,7 +26,7 @@ /* pam_tacplus major, minor and patchlevel version numbers */ #define PAM_TAC_VMAJ 1 #define PAM_TAC_VMIN 3 -#define PAM_TAC_VPAT 5 +#define PAM_TAC_VPAT 6 #ifndef PAM_EXTERN #define PAM_EXTERN extern diff --git a/pam_tacplus.spec.in b/pam_tacplus.spec.in index ca456ed..262279f 100644 --- a/pam_tacplus.spec.in +++ b/pam_tacplus.spec.in @@ -28,7 +28,7 @@ BuildRequires: gcc binutils pam-devel Requires: pam %description -PAM Tacacs+ module based on code produced by Pawel Krawczyk <pawel.krawczyk@hush.com> and Jeroen Nijhof <jeroen@nijhofnet.nl> +PAM Tacacs+ module based on code produced by Pawel Krawczyk <pawel.krawczyk@hush.com> and Jeroen Nijhof <jeroen@jeroennijhof.nl> %prep %setup -q -a 0 @@ -1,7 +1,7 @@ /* support.c - support functions for pam_tacplus.c * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1,7 +1,7 @@ /* support.h - support functions for pam_tacplus.c * * Copyright (C) 2010, Pawel Krawczyk <pawel.krawczyk@hush.com> and - * Jeroen Nijhof <jeroen@nijhofnet.nl> + * Jeroen Nijhof <jeroen@jeroennijhof.nl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by |