From ab1e505325401453a21c0344c92aa0f778007287 Mon Sep 17 00:00:00 2001 From: SuvarnaMeenakshi <50386592+SuvarnaMeenakshi@users.noreply.github.com> Date: Tue, 3 Sep 2019 13:24:03 -0700 Subject: [PATCH] Add IPv6 Support in TACACS (#3395) * Add patch to support IPv6 * Add support for IPv6 * Remove in-correct changes by IPv6 support patch --- ...rsing-of-IP-addr-and-port-number-str.patch | 26 ++++++++++++++++ src/tacacs/nss/Makefile | 1 + ...ng-of-IP-address-and-port-number-to-.patch | 31 +++++++++++++++++++ src/tacacs/pam/Makefile | 1 + 4 files changed, 59 insertions(+) create mode 100644 src/tacacs/nss/0005-libnss-Modify-parsing-of-IP-addr-and-port-number-str.patch create mode 100644 src/tacacs/pam/0005-pam-Modify-parsing-of-IP-address-and-port-number-to-.patch diff --git a/src/tacacs/nss/0005-libnss-Modify-parsing-of-IP-addr-and-port-number-str.patch b/src/tacacs/nss/0005-libnss-Modify-parsing-of-IP-addr-and-port-number-str.patch new file mode 100644 index 0000000000..247972b63b --- /dev/null +++ b/src/tacacs/nss/0005-libnss-Modify-parsing-of-IP-addr-and-port-number-str.patch @@ -0,0 +1,26 @@ +From aa8af2b2400b7bbcbe7af0cb50047a98e93660ca Mon Sep 17 00:00:00 2001 +From: SuvarnaMeenakshi +Date: Thu, 29 Aug 2019 09:44:24 -0700 +Subject: [PATCH] libnss: Modify parsing of IP addr and port number string to + support IPv6 + +--- + nss_tacplus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nss_tacplus.c b/nss_tacplus.c +index f2a86e1..3ff3c35 100644 +--- a/nss_tacplus.c ++++ b/nss_tacplus.c +@@ -98,7 +98,7 @@ static int parse_tac_server(char *srv_buf) + hints.ai_socktype = SOCK_STREAM; + + srv = token + 7; +- port = strchr(srv, ':'); ++ port = strrchr(srv, ':'); + if(port) { + *port = '\0'; + port++; +-- +2.17.1 + diff --git a/src/tacacs/nss/Makefile b/src/tacacs/nss/Makefile index 308b05f2c1..63abfcf2a3 100644 --- a/src/tacacs/nss/Makefile +++ b/src/tacacs/nss/Makefile @@ -16,6 +16,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : git am ../0002-Enable-modifying-local-user-permission.patch git am ../0003-management-vrf-support.patch git am ../0004-Skip-accessing-tacacs-servers-for-local-non-tacacs-u.patch + git am ../0005-libnss-Modify-parsing-of-IP-addr-and-port-number-str.patch dpkg-buildpackage -rfakeroot -b -us -uc popd diff --git a/src/tacacs/pam/0005-pam-Modify-parsing-of-IP-address-and-port-number-to-.patch b/src/tacacs/pam/0005-pam-Modify-parsing-of-IP-address-and-port-number-to-.patch new file mode 100644 index 0000000000..541333232b --- /dev/null +++ b/src/tacacs/pam/0005-pam-Modify-parsing-of-IP-address-and-port-number-to-.patch @@ -0,0 +1,31 @@ +From 264de96e8a1c411371f9fc20b0b5b00c10e7052d Mon Sep 17 00:00:00 2001 +From: SuvarnaMeenakshi +Date: Thu, 29 Aug 2019 09:51:43 -0700 +Subject: [PATCH] pam: Modify parsing of IP address and port number to support + IPv6 + +--- + support.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/support.c b/support.c +index 44efee3..7c00618 100644 +--- a/support.c ++++ b/support.c +@@ -225,11 +226,11 @@ int _pam_parse (int argc, const char **argv) { + + if (*server_buf == '[' && (close_bracket = strchr(server_buf, ']')) != NULL) { /* Check for URI syntax */ + server_name = server_buf + 1; +- port = strchr(close_bracket, ':'); ++ port = strrchr(close_bracket, ':'); + *close_bracket = '\0'; + } else { /* Fall back to traditional syntax */ + server_name = server_buf; +- port = strchr(server_buf, ':'); ++ port = strrchr(server_buf, ':'); + } + if (port != NULL) { + *port = '\0'; +-- +2.17.1 + diff --git a/src/tacacs/pam/Makefile b/src/tacacs/pam/Makefile index a54f577bc8..627242af5a 100644 --- a/src/tacacs/pam/Makefile +++ b/src/tacacs/pam/Makefile @@ -18,6 +18,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : git apply ../0002-Fix-libtac2-bin-install-directory-error.patch git apply ../0003-Obfuscate-key-before-printing-to-syslog.patch git apply ../0004-management-vrf-support.patch + git apply ../0005-pam-Modify-parsing-of-IP-address-and-port-number-to-.patch dpkg-buildpackage -rfakeroot -b -us -uc popd