On Wed, Dec 12, 2007 at 08:47:54AM -0800, Brad Arrington wrote:
> Hi Otto,
>
> Thank you for looking at this.
>
> My question is now what would be the right way to do this...?
>
> This radius server(AAA) has a 3 try lock out.
> Without this patch login_radius checks 2 times with a blank password
> which will allow the user only 1 chance to enter a correct password
> before it locks the account.
You are comparing pointers, not strings.
-Otto
>
>
> -Brad
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > Sent: Wed, 12 Dec 2007 10:28:13 +0100
> > To: [EMAIL PROTECTED]
> > Subject: Re: login_radius possible changes.
> >
> > On Wed, Dec 12, 2007 at 12:40:15AM -0800, Brad Arrington wrote:
> >
> >> Would it be possible to change login_radius.c actually raddauth.c so
> >> that:
> >>
> >> 1. The admin can change what port login_radius uses, such as the
> >> old datametrics port. It is currently hard coded to radius(1812).
> >>
> >> 2. Make it so it does not try an empty password 2 times before it kicks
> >> back a
> >> prompt asking for a password.
> >>
> >> This is the diff/changes I had in mind.
> >>
> >> --- radius_current/raddauth.c Tue Dec 11 12:28:41 2007
> >> +++ raddauth.c Wed Dec 12 00:29:43 2007
> >> @@ -117,6 +117,7 @@
> >> int retries;
> >> int sockfd;
> >> int timeout;
> >> +char *radius_port;
> >> in_addr_t alt_server;
> >> in_addr_t auth_server;
> >>
> >> @@ -168,6 +169,10 @@
> >>
> >> timeout = login_getcapnum(lc, "radius-timeout", 2, 2);
> >> retries = login_getcapnum(lc, "radius-retries", 6, 6);
> >> + radius_port = login_getcapstr(lc, "radius-port", NULL, NULL);
> >> +
> >> + if (radius_port == NULL) radius_port = "radius";
> >> +
> >> if (timeout < 1)
> >> timeout = 1;
> >> if (retries < 2)
> >> @@ -209,7 +214,7 @@
> >> }
> >>
> >> /* get port number */
> >> - svp = getservbyname ("radius", "udp");
> >> + svp = getservbyname (radius_port, "udp");
> >> if (svp == NULL) {
> >> *emsg = "No such service: radius/udp";
> >> return (1);
> >> @@ -271,7 +276,7 @@
> >> }
> >> }
> >>
> >> - if (retries > 0) {
> >> + if (retries > 0 && passwd != "") {
> >
> > That cannot be right
> >
> >> rad_request(req_id, userstyle, passwd, auth_port, vector,
> >> pwstate);
> >>
> >> @@ -417,9 +422,9 @@
> >> auth.length = htons(total_length);
> >>
> >> /* get radius port number */
> >> - rad_port = getservbyname("radius", "udp");
> >> + rad_port = getservbyname(radius_port, "udp");
> >> if (rad_port == NULL)
> >> - errx(1, "no such service: radius/udp");
> >> + errx(1, "no such service: %s/udp", radius_port);
> >>
> >> memset(&sin, 0, sizeof (sin));
> >> sin.sin_family = AF_INET;
> >>
> >>
> >> Thanks,
> >> -Brad
