From a1d214e88b15bb993a84811d393bd2fc7848de36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Mon, 28 Oct 2002 10:28:46 +0000 Subject: [PATCH] Allow the admin to specify a different NAS identifier than the hostname. Submitted by: Boris Kovalenko --- lib/libpam/modules/pam_radius/pam_radius.8 | 7 +++++-- lib/libpam/modules/pam_radius/pam_radius.c | 24 ++++++++++++++-------- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/lib/libpam/modules/pam_radius/pam_radius.8 b/lib/libpam/modules/pam_radius/pam_radius.8 index 240e1229e9b2..94a7d05dac52 100644 --- a/lib/libpam/modules/pam_radius/pam_radius.8 +++ b/lib/libpam/modules/pam_radius/pam_radius.8 @@ -38,7 +38,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 2, 1999 +.Dd October 28, 2002 .Dt PAM_RADIUS 8 .Os .Sh NAME @@ -79,7 +79,10 @@ causes echoing to be left on if prompts for a password. .It Cm conf Ns No = Ns Ar pathname specifies a non-standard location for the RADIUS client configuration file -(normally located in /etc/radius.conf). +(normally located in +.Pa /etc/radius.conf ) . +.It Cm nas_id Ns No = Ns Ar identifier +specifies a NAS identifier to send instead of the hostname. .It Cm template_user Ns No = Ns Ar username specifies a user whose .Xr passwd 5 diff --git a/lib/libpam/modules/pam_radius/pam_radius.c b/lib/libpam/modules/pam_radius/pam_radius.c index a6a30747a10e..bc09d26d8aaf 100644 --- a/lib/libpam/modules/pam_radius/pam_radius.c +++ b/lib/libpam/modules/pam_radius/pam_radius.c @@ -53,12 +53,14 @@ __FBSDID("$FreeBSD$"); enum { PAM_OPT_CONF = PAM_OPT_STD_MAX, - PAM_OPT_TEMPLATE_USER + PAM_OPT_TEMPLATE_USER, + PAM_OPT_NAS_ID }; static struct opttab other_options[] = { { "conf", PAM_OPT_CONF }, { "template_user", PAM_OPT_TEMPLATE_USER }, + { "nas_id", PAM_OPT_NAS_ID }, { NULL, 0 } }; @@ -66,7 +68,7 @@ static struct opttab other_options[] = { #define PASSWORD_PROMPT "RADIUS Password:" static int build_access_request(struct rad_handle *, const char *, - const char *, const void *, size_t); + const char *, const char *, const void *, size_t); static int do_accept(pam_handle_t *, struct rad_handle *); static int do_challenge(pam_handle_t *, struct rad_handle *, const char *); @@ -77,7 +79,7 @@ static int do_challenge(pam_handle_t *, struct rad_handle *, */ static int build_access_request(struct rad_handle *radh, const char *user, - const char *pass, const void *state, size_t state_len) + const char *pass, const char *nas_id, const void *state, size_t state_len) { char host[MAXHOSTNAMELEN]; @@ -85,12 +87,14 @@ build_access_request(struct rad_handle *radh, const char *user, syslog(LOG_CRIT, "rad_create_request: %s", rad_strerror(radh)); return (-1); } + if (nas_id == NULL && gethostname(host, sizeof host) != -1) + nas_id = host; if ((user != NULL && rad_put_string(radh, RAD_USER_NAME, user) == -1) || (pass != NULL && rad_put_string(radh, RAD_USER_PASSWORD, pass) == -1) || - (gethostname(host, sizeof host) != -1 && - rad_put_string(radh, RAD_NAS_IDENTIFIER, host) == -1)) { + (nas_id != NULL && + rad_put_string(radh, RAD_NAS_IDENTIFIER, nas_id) == -1)) { syslog(LOG_CRIT, "rad_put_string: %s", rad_strerror(radh)); return (-1); } @@ -201,8 +205,8 @@ do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user) if ((retval = conv->conv(num_msgs, msg_ptrs, &resp, conv->appdata_ptr)) != PAM_SUCCESS) return (retval); - if (build_access_request(radh, user, resp[num_msgs-1].resp, state, - statelen) == -1) + if (build_access_request(radh, user, resp[num_msgs-1].resp, NULL, + state, statelen) == -1) return (PAM_SERVICE_ERR); memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp)); free(resp[num_msgs-1].resp); @@ -219,7 +223,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, struct options options; struct rad_handle *radh; const char *user, *tmpuser, *pass; - char *conf_file, *template_user; + char *conf_file, *template_user, *nas_id; int retval; int e; @@ -231,6 +235,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, pam_test_option(&options, PAM_OPT_CONF, &conf_file); template_user = NULL; pam_test_option(&options, PAM_OPT_TEMPLATE_USER, &template_user); + nas_id = NULL; + pam_test_option(&options, PAM_OPT_NAS_ID, &nas_id); retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) @@ -260,7 +266,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, PAM_LOG("Radius config file read"); - if (build_access_request(radh, user, pass, NULL, 0) == -1) { + if (build_access_request(radh, user, pass, nas_id, NULL, 0) == -1) { rad_close(radh); return (PAM_SERVICE_ERR); }