Re: login_radius possible changes.

Wed, 12 Dec 2007 09:29:33 -0800 

Hi Otto,

Thank you for looking at this.

My question is now what would be the right way to do this...?

This radius server(AAA) has a 3 try lock out.
Without this patch login_radius checks 2 times with a blank password
which will allow the user only 1 chance to enter a correct password
before it locks the account.


-Brad

> -----Original Message-----
> From: [EMAIL PROTECTED]
> Sent: Wed, 12 Dec 2007 10:28:13 +0100
> To: [EMAIL PROTECTED]
> Subject: Re: login_radius possible changes.
>
> On Wed, Dec 12, 2007 at 12:40:15AM -0800, Brad Arrington wrote:
>
>> Would it be possible to change login_radius.c actually raddauth.c so
>> that:
>>
>> 1. The admin can change what port login_radius uses, such as the
>> old datametrics port. It is currently hard coded to radius(1812).
>>
>> 2. Make it so it does not try an empty password 2 times before it kicks
>> back a
>> prompt asking for a password.
>>
>> This is the diff/changes I had in mind.
>>
>> --- radius_current/raddauth.c        Tue Dec 11 12:28:41 2007
>> +++ raddauth.c       Wed Dec 12 00:29:43 2007
>> @@ -117,6 +117,7 @@
>>  int retries;
>>  int sockfd;
>>  int timeout;
>> +char *radius_port;
>>  in_addr_t alt_server;
>>  in_addr_t auth_server;
>>
>> @@ -168,6 +169,10 @@
>>
>>      timeout = login_getcapnum(lc, "radius-timeout", 2, 2);
>>      retries = login_getcapnum(lc, "radius-retries", 6, 6);
>> +    radius_port = login_getcapstr(lc, "radius-port", NULL, NULL);
>> +
>> +    if (radius_port == NULL) radius_port = "radius";
>> +
>>      if (timeout < 1)
>>              timeout = 1;
>>      if (retries < 2)
>> @@ -209,7 +214,7 @@
>>      }
>>
>>      /* get port number */
>> -    svp = getservbyname ("radius", "udp");
>> +    svp = getservbyname (radius_port, "udp");
>>      if (svp == NULL) {
>>              *emsg = "No such service: radius/udp";
>>              return (1);
>> @@ -271,7 +276,7 @@
>>              }
>>      }
>>
>> -    if (retries > 0) {
>> +    if (retries > 0 && passwd != "") {
>
> That cannot be right
>
>>              rad_request(req_id, userstyle, passwd, auth_port, vector,
>>                  pwstate);
>>
>> @@ -417,9 +422,9 @@
>>      auth.length = htons(total_length);
>>
>>      /* get radius port number */
>> -    rad_port = getservbyname("radius", "udp");
>> +    rad_port = getservbyname(radius_port, "udp");
>>      if (rad_port == NULL)
>> -            errx(1, "no such service: radius/udp");
>> +            errx(1, "no such service: %s/udp", radius_port);
>>
>>      memset(&sin, 0, sizeof (sin));
>>      sin.sin_family = AF_INET;
>>
>>
>> Thanks,
>> -Brad

Reply via email to