[tac_plus] Re: DEFAULT user option not working?

john heasley heas at shrubbery.net
Tue Dec 12 23:53:31 UTC 2006


It is a bug.  The authentication path does check ACLs for an user not in
the config.  Here is the patch.  Thanks for the bug report!

Index: default_fn.c
===================================================================
RCS file: /home/heas/.CVS/src/routers/tac_plus/default_fn.c,v
retrieving revision 1.10
diff -u -r1.10 default_fn.c
--- default_fn.c	25 Nov 2006 03:39:16 -0000	1.10
+++ default_fn.c	12 Dec 2006 23:52:05 -0000
@@ -793,7 +793,14 @@
     char *val;
 
     /* lookup host acl for user */
-    val = cfg_get_pvalue(name, 1, type, recurse);
+    if (!cfg_user_exists(name) && cfg_user_exists(DEFAULT_USERNAME)) {
+	if (debug & DEBUG_AUTHEN_FLAG) {
+	    report(LOG_DEBUG, "Authenticating ACLs for user '%s' instead of "
+		   "'%s'", DEFAULT_USERNAME, name);
+	}
+	val = cfg_get_pvalue(DEFAULT_USERNAME, 1, type, recurse);
+    } else
+	val = cfg_get_pvalue(name, 1, type, recurse);
 
     /* no host acl for user */
     if (val == NULL)



More information about the tac_plus mailing list