Yes, I did test it many times.
login_radius as it is in current does not work
for me at all.
Did I test it for all cases/scenarios..?
No, I doubt it.
-Brad
> -----Original Message-----
> From: [EMAIL PROTECTED]
> Sent: Wed, 12 Dec 2007 22:00:46 +0100
> To: [EMAIL PROTECTED]
> Subject: Re: login_radius possible changes.
>
> On Wed, Dec 12, 2007 at 07:35:36PM +0100, Otto Moerbeek wrote:
>
>> On Wed, Dec 12, 2007 at 08:47:54AM -0800, Brad Arrington wrote:
>>
>>> Hi Otto,
>>>
>>> Thank you for looking at this.
>>>
>>> My question is now what would be the right way to do this...?
>>>
>>> This radius server(AAA) has a 3 try lock out.
>>> Without this patch login_radius checks 2 times with a blank password
>>> which will allow the user only 1 chance to enter a correct password
>>> before it locks the account.
>>
>> You are comparing pointers, not strings.
>
> I'll elaborate a bit more. Comparing to an empty string should be done
> like
>
> strcmp(password, "") != 0
>
> or
>
> password[0] != '\0'
>
> Since your string compare is obviously wrong, I can only assume you
> did not test your diff. At least not for all cases it should handle.
>
> Also, I'm missing a man page addition.
>
> -Otto
>
>>>
>>>
>>> -Brad
>>>
>>>> -----Original Message-----
>>>> From: [EMAIL PROTECTED]
>>>> Sent: Wed, 12 Dec 2007 10:28:13 +0100
>>>> To: [EMAIL PROTECTED]
>>>> Subject: Re: login_radius possible changes.
>>>>
>>>> On Wed, Dec 12, 2007 at 12:40:15AM -0800, Brad Arrington wrote:
>>>>
>>>>> Would it be possible to change login_radius.c actually raddauth.c so
>>>>> that:
>>>>>
>>>>> 1. The admin can change what port login_radius uses, such as the
>>>>> old datametrics port. It is currently hard coded to radius(1812).
>>>>>
>>>>> 2. Make it so it does not try an empty password 2 times before it
>>>>> kicks
>>>>> back a
>>>>> prompt asking for a password.
>>>>>
>>>>> This is the diff/changes I had in mind.
>>>>>
>>>>> --- radius_current/raddauth.c Tue Dec 11 12:28:41 2007
>>>>> +++ raddauth.c Wed Dec 12 00:29:43 2007
>>>>> @@ -117,6 +117,7 @@
>>>>> int retries;
>>>>> int sockfd;
>>>>> int timeout;
>>>>> +char *radius_port;
>>>>> in_addr_t alt_server;
>>>>> in_addr_t auth_server;
>>>>>
>>>>> @@ -168,6 +169,10 @@
>>>>>
>>>>> timeout = login_getcapnum(lc, "radius-timeout", 2, 2);
>>>>> retries = login_getcapnum(lc, "radius-retries", 6, 6);
>>>>> + radius_port = login_getcapstr(lc, "radius-port", NULL, NULL);
>>>>> +
>>>>> + if (radius_port == NULL) radius_port = "radius";
>>>>> +
>>>>> if (timeout < 1)
>>>>> timeout = 1;
>>>>> if (retries < 2)
>>>>> @@ -209,7 +214,7 @@
>>>>> }
>>>>>
>>>>> /* get port number */
>>>>> - svp = getservbyname ("radius", "udp");
>>>>> + svp = getservbyname (radius_port, "udp");
>>>>> if (svp == NULL) {
>>>>> *emsg = "No such service: radius/udp";
>>>>> return (1);
>>>>> @@ -271,7 +276,7 @@
>>>>> }
>>>>> }
>>>>>
>>>>> - if (retries > 0) {
>>>>> + if (retries > 0 && passwd != "") {
>>>>
>>>> That cannot be right
>>>>
>>>>> rad_request(req_id, userstyle, passwd, auth_port, vector,
>>>>> pwstate);
>>>>>
>>>>> @@ -417,9 +422,9 @@
>>>>> auth.length = htons(total_length);
>>>>>
>>>>> /* get radius port number */
>>>>> - rad_port = getservbyname("radius", "udp");
>>>>> + rad_port = getservbyname(radius_port, "udp");
>>>>> if (rad_port == NULL)
>>>>> - errx(1, "no such service: radius/udp");
>>>>> + errx(1, "no such service: %s/udp", radius_port);
>>>>>
>>>>> memset(&sin, 0, sizeof (sin));
>>>>> sin.sin_family = AF_INET;
>>>>>
>>>>>
>>>>> Thanks,
>>>>> -Brad
