matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-03-20. You can view files and clone it, but cannot push or open issues or pull requests.
87ecaebafc
sonic-buildimage/src/tacacs/nss/patch/0007-Add-support-for-TACACS-source-address.patch
Guohan Lu 87ecaebafc [tacacs]: use stg to apply patch 
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-02-06 12:28:30 -08:00

78 lines
3.0 KiB
Diff
Raw Blame History

From 61e951efe54085fe427a32d0e7db8ef08c02fa95 Mon Sep 17 00:00:00 2001
From: Venkatesan Mahalingam <venkatesan_mahalinga@dell.com>
Date: Mon, 6 Jul 2020 12:14:26 -0700
Subject: [PATCH] Add support for TACACS+ source address.
Signed-off-by: Venkatesan Mahalingam <venkatesan_mahalinga@dell.com>
---
nss_tacplus.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/nss_tacplus.c b/nss_tacplus.c
index 64a9328..bf6b934 100644
--- a/nss_tacplus.c
+++ b/nss_tacplus.c
@@ -73,6 +73,7 @@ typedef struct {
static tacplus_server_t tac_srv[TAC_PLUS_MAXSERVERS];
static int tac_srv_no;
static useradd_info_t useradd_grp_list[MAX_TACACS_USER_PRIV + 1];
+static struct addrinfo *source_addr;
static char *tac_service = "shell";
static char *tac_protocol = "ssh";
@@ -247,6 +248,10 @@ static int parse_config(const char *file)
return NSS_STATUS_UNAVAIL;
}
+ if(source_addr) {
+ freeaddrinfo(source_addr);
+ source_addr = NULL;
+ }
debug = false;
tac_srv_no = 0;
while(fgets(buf, sizeof buf, fp)) {
@@ -262,6 +267,22 @@ static int parse_config(const char *file)
else if(!strncmp(buf, "user_priv=", 10)) {
parse_user_priv(buf);
}
+ else if(!strncmp(buf, "src_ip=", 7)) {
+ struct addrinfo hints;
+ char *ip = buf + 7, *new_line;
+
+ // Remove the new line character as getaddrinfo is not working for IPv6 address with '\n'.
+ if ((new_line = strchr(buf, '\n')) != NULL) {
+ *new_line = '\0';
+ }
+ memset(&hints, 0, sizeof hints);
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+
+ if(0 != getaddrinfo(ip, NULL, &hints, &source_addr))
+ syslog(LOG_ERR, "%s: error setting the source ip information",
+ nssname);
+ }
else if(!strncmp(buf, "server=", 7)) {
if(TAC_PLUS_MAXSERVERS <= tac_srv_no) {
syslog(LOG_ERR, "%s: tac server num is more than %d",
@@ -282,6 +303,8 @@ static int parse_config(const char *file)
nssname, n, tac_ntop(tac_srv[n].addr->ai_addr),
tac_srv[n].key[0], tac_srv[n].timeout);
}
+ syslog(LOG_DEBUG, "%s: src_ip=%s", nssname, NULL == source_addr
+ ? "NULL" : tac_ntop(source_addr->ai_addr));
syslog(LOG_DEBUG, "%s: many_to_one %s", nssname, 1 == many_to_one
? "enable" : "disable");
for(n = MIN_TACACS_USER_PRIV; n <= MAX_TACACS_USER_PRIV; n++) {
@@ -690,7 +713,7 @@ connect_tacacs(struct tac_attrib **attr, int srvr)
if(!*tac_service) /* reported at config file processing */
return -1;
- fd = tac_connect_single(tac_srv[srvr].addr, tac_srv[srvr].key, NULL,
+ fd = tac_connect_single(tac_srv[srvr].addr, tac_srv[srvr].key, source_addr,
tac_srv[srvr].timeout, vrfname[0] ? vrfname : NULL);
if(fd >= 0) {
*attr = NULL; /* so tac_add_attr() allocates memory */
--
2.7.4
Reference in New Issue View Git Blame Copy Permalink