Send not only Access Request, but also Access Challenge with defined
NAS-Identifier and NAS-IP-Address. Reviewed by: bz MFC after: 1 month
This commit is contained in:
parent
8d192bb376
commit
14e97fe311
@ -67,7 +67,7 @@ static int build_access_request(struct rad_handle *, const char *,
|
||||
size_t);
|
||||
static int do_accept(pam_handle_t *, struct rad_handle *);
|
||||
static int do_challenge(pam_handle_t *, struct rad_handle *,
|
||||
const char *);
|
||||
const char *, const char *, const char *);
|
||||
|
||||
/*
|
||||
* Construct an access request, but don't send it. Returns 0 on success,
|
||||
@ -162,7 +162,8 @@ do_accept(pam_handle_t *pamh, struct rad_handle *radh)
|
||||
}
|
||||
|
||||
static int
|
||||
do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user)
|
||||
do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user,
|
||||
const char *nas_id, const char *nas_ipaddr)
|
||||
{
|
||||
int retval;
|
||||
int attrtype;
|
||||
@ -229,8 +230,8 @@ do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user)
|
||||
if ((retval = conv->conv(num_msgs, msg_ptrs, &resp,
|
||||
conv->appdata_ptr)) != PAM_SUCCESS)
|
||||
return (retval);
|
||||
if (build_access_request(radh, user, resp[num_msgs-1].resp, NULL,
|
||||
NULL, state, statelen) == -1)
|
||||
if (build_access_request(radh, user, resp[num_msgs-1].resp, nas_id,
|
||||
nas_ipaddr, state, statelen) == -1)
|
||||
return (PAM_SERVICE_ERR);
|
||||
memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp));
|
||||
free(resp[num_msgs-1].resp);
|
||||
@ -329,7 +330,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
|
||||
return (PAM_AUTH_ERR);
|
||||
|
||||
case RAD_ACCESS_CHALLENGE:
|
||||
retval = do_challenge(pamh, radh, user);
|
||||
retval = do_challenge(pamh, radh, user, nas_id,
|
||||
nas_ipaddr);
|
||||
if (retval != PAM_SUCCESS) {
|
||||
rad_close(radh);
|
||||
return (retval);
|
||||
|
Loading…
x
Reference in New Issue
Block a user