diff options
| author | brian <brian@FreeBSD.org> | 2002-07-03 20:51:13 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 2002-07-03 20:51:13 +0000 |
| commit | 9ba6d06dcff6621ba3cfa89c3a9f038aa9da29f7 (patch) | |
| tree | 34262ae86d45b47fdd611076a2cc3a48fa04369e /usr.sbin | |
| parent | b4544af31aec58c08a028c8c88bc4bfe8a9e859f (diff) | |
| download | FreeBSD-src-9ba6d06dcff6621ba3cfa89c3a9f038aa9da29f7.zip FreeBSD-src-9ba6d06dcff6621ba3cfa89c3a9f038aa9da29f7.tar.gz | |
If we've given a domain name prefix as the authentication name, strip
it off before passing it on to the RADIUS server for authentication.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ppp/radius.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c index f9118df..74424ca 100644 --- a/usr.sbin/ppp/radius.c +++ b/usr.sbin/ppp/radius.c @@ -725,6 +725,7 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, struct timeval tv; int got; char hostname[MAXHOSTNAMELEN]; + const char *basename; #if 0 struct hostent *hp; struct in_addr hostaddr; @@ -764,7 +765,10 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, return 0; } - if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 || + /* Don't give any domain\ prefix from the name to the RADIUS server */ + basename = strchr(name, '\\'); + basename = basename ? basename + 1 : name; + if (rad_put_string(r->cx.rad, RAD_USER_NAME, basename) != 0 || rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 || rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) { log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); @@ -894,6 +898,7 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl, struct timeval tv; int got; char hostname[MAXHOSTNAMELEN]; + const char *name; #if 0 struct hostent *hp; struct in_addr hostaddr; @@ -930,9 +935,13 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl, /* Grab some accounting data and initialize structure */ if (acct_type == RAD_START) { + /* Don't give any domain\ prefix from the authname to the RADIUS server */ + name = strchr(dl->peer.authname, '\\'); + name = name ? name + 1 : dl->peer.authname; + ac->rad_parent = r; /* Fetch username from datalink */ - strncpy(ac->user_name, dl->peer.authname, sizeof ac->user_name); + strncpy(ac->user_name, name, sizeof ac->user_name); ac->user_name[AUTHLEN-1] = '\0'; ac->authentic = 2; /* Assume RADIUS verified auth data */ @@ -940,7 +949,7 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl, /* Generate a session ID */ snprintf(ac->session_id, sizeof ac->session_id, "%s%ld-%s%lu", dl->bundle->cfg.auth.name, (long)getpid(), - dl->peer.authname, (unsigned long)stats->uptime); + name, (unsigned long)stats->uptime); /* And grab our MP socket name */ snprintf(ac->multi_session_id, sizeof ac->multi_session_id, "%s", |
