From owner-svn-src-stable-9@FreeBSD.ORG Thu Jan 29 09:06:22 2015 Return-Path: Delivered-To: svn-src-stable-9@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 264AA1E6; Thu, 29 Jan 2015 09:06:22 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 113ED964; Thu, 29 Jan 2015 09:06:22 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t0T96LVn098840; Thu, 29 Jan 2015 09:06:21 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t0T96Las098839; Thu, 29 Jan 2015 09:06:21 GMT (envelope-from des@FreeBSD.org) Message-Id: <201501290906.t0T96Las098839@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: des set sender to des@FreeBSD.org using -f From: Dag-Erling Smørgrav Date: Thu, 29 Jan 2015 09:06:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r277874 - stable/9/lib/libpam/modules/pam_radius X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2015 09:06:22 -0000 Author: des Date: Thu Jan 29 09:06:21 2015 New Revision: 277874 URL: https://svnweb.freebsd.org/changeset/base/277874 Log: MFH (r277237): pass PAM_RHOST to RADIUS server as Calling-Station-ID Modified: stable/9/lib/libpam/modules/pam_radius/pam_radius.c Directory Properties: stable/9/lib/libpam/ (props changed) Modified: stable/9/lib/libpam/modules/pam_radius/pam_radius.c ============================================================================== --- stable/9/lib/libpam/modules/pam_radius/pam_radius.c Thu Jan 29 09:03:57 2015 (r277873) +++ stable/9/lib/libpam/modules/pam_radius/pam_radius.c Thu Jan 29 09:06:21 2015 (r277874) @@ -62,11 +62,11 @@ __FBSDID("$FreeBSD$"); #define PASSWORD_PROMPT "RADIUS Password:" static int build_access_request(struct rad_handle *, const char *, - const char *, const char *, const char *, const void *, - size_t); + const char *, const char *, const char *, const char *, + const void *, size_t); static int do_accept(pam_handle_t *, struct rad_handle *); static int do_challenge(pam_handle_t *, struct rad_handle *, - const char *, const char *, const char *); + const char *, const char *, const char *, const char *); /* * Construct an access request, but don't send it. Returns 0 on success, @@ -75,7 +75,7 @@ static int do_challenge(pam_handle_t *, static int build_access_request(struct rad_handle *radh, const char *user, const char *pass, const char *nas_id, const char *nas_ipaddr, - const void *state, size_t state_len) + const char *rhost, const void *state, size_t state_len) { int error; char host[MAXHOSTNAMELEN]; @@ -121,8 +121,13 @@ build_access_request(struct rad_handle * } } } - if (state != NULL && rad_put_attr(radh, RAD_STATE, state, - state_len) == -1) { + if (rhost != NULL && + rad_put_string(radh, RAD_CALLING_STATION_ID, rhost) == -1) { + syslog(LOG_CRIT, "rad_put_string: %s", rad_strerror(radh)); + return (-1); + } + if (state != NULL && + rad_put_attr(radh, RAD_STATE, state, state_len) == -1) { syslog(LOG_CRIT, "rad_put_attr: %s", rad_strerror(radh)); return (-1); } @@ -162,7 +167,7 @@ do_accept(pam_handle_t *pamh, struct rad static int do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user, - const char *nas_id, const char *nas_ipaddr) + const char *nas_id, const char *nas_ipaddr, const char *rhost) { int retval; int attrtype; @@ -230,7 +235,7 @@ do_challenge(pam_handle_t *pamh, struct conv->appdata_ptr)) != PAM_SUCCESS) return (retval); if (build_access_request(radh, user, resp[num_msgs-1].resp, nas_id, - nas_ipaddr, state, statelen) == -1) + nas_ipaddr, rhost, state, statelen) == -1) return (PAM_SERVICE_ERR); memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp)); free(resp[num_msgs-1].resp); @@ -246,7 +251,7 @@ pam_sm_authenticate(pam_handle_t *pamh, { struct rad_handle *radh; const char *user, *pass; - const void *tmpuser; + const void *rhost, *tmpuser; const char *conf_file, *template_user, *nas_id, *nas_ipaddr; int retval; int e; @@ -255,6 +260,7 @@ pam_sm_authenticate(pam_handle_t *pamh, template_user = openpam_get_option(pamh, PAM_OPT_TEMPLATE_USER); nas_id = openpam_get_option(pamh, PAM_OPT_NAS_ID); nas_ipaddr = openpam_get_option(pamh, PAM_OPT_NAS_IPADDR); + pam_get_item(pamh, PAM_RHOST, &rhost); retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) @@ -284,8 +290,8 @@ pam_sm_authenticate(pam_handle_t *pamh, PAM_LOG("Radius config file read"); - if (build_access_request(radh, user, pass, nas_id, nas_ipaddr, NULL, - 0) == -1) { + if (build_access_request(radh, user, pass, nas_id, nas_ipaddr, rhost, + NULL, 0) == -1) { rad_close(radh); return (PAM_SERVICE_ERR); } @@ -330,7 +336,7 @@ pam_sm_authenticate(pam_handle_t *pamh, case RAD_ACCESS_CHALLENGE: retval = do_challenge(pamh, radh, user, nas_id, - nas_ipaddr); + nas_ipaddr, rhost); if (retval != PAM_SUCCESS) { rad_close(radh); return (retval);