[tac_plus] Re: DEFAULT user option not working?
john heasley
heas at shrubbery.net
Tue Dec 12 23:53:31 UTC 2006
It is a bug. The authentication path does check ACLs for an user not in
the config. Here is the patch. Thanks for the bug report!
Index: default_fn.c
===================================================================
RCS file: /home/heas/.CVS/src/routers/tac_plus/default_fn.c,v
retrieving revision 1.10
diff -u -r1.10 default_fn.c
--- default_fn.c 25 Nov 2006 03:39:16 -0000 1.10
+++ default_fn.c 12 Dec 2006 23:52:05 -0000
@@ -793,7 +793,14 @@
char *val;
/* lookup host acl for user */
- val = cfg_get_pvalue(name, 1, type, recurse);
+ if (!cfg_user_exists(name) && cfg_user_exists(DEFAULT_USERNAME)) {
+ if (debug & DEBUG_AUTHEN_FLAG) {
+ report(LOG_DEBUG, "Authenticating ACLs for user '%s' instead of "
+ "'%s'", DEFAULT_USERNAME, name);
+ }
+ val = cfg_get_pvalue(DEFAULT_USERNAME, 1, type, recurse);
+ } else
+ val = cfg_get_pvalue(name, 1, type, recurse);
/* no host acl for user */
if (val == NULL)
More information about the tac_plus
mailing list