From 9ba6d06dcff6621ba3cfa89c3a9f038aa9da29f7 Mon Sep 17 00:00:00 2001
From: brian <brian@FreeBSD.org>
Date: Wed, 3 Jul 2002 20:51:13 +0000
Subject: If we've given a domain name prefix as the authentication name, strip
 it off before passing it on to the RADIUS server for authentication.

---
 usr.sbin/ppp/radius.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'usr.sbin')

diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c
index f9118df..74424ca 100644
--- a/usr.sbin/ppp/radius.c
+++ b/usr.sbin/ppp/radius.c
@@ -725,6 +725,7 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
   struct timeval tv;
   int got;
   char hostname[MAXHOSTNAMELEN];
+  const char *basename;
 #if 0
   struct hostent *hp;
   struct in_addr hostaddr;
@@ -764,7 +765,10 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
     return 0;
   }
 
-  if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 ||
+  /* Don't give any domain\ prefix from the name to the RADIUS server */
+  basename = strchr(name, '\\');
+  basename = basename ? basename + 1 : name;
+  if (rad_put_string(r->cx.rad, RAD_USER_NAME, basename) != 0 ||
       rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
       rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {
     log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
@@ -894,6 +898,7 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
   struct timeval tv;
   int got;
   char hostname[MAXHOSTNAMELEN];
+  const char *name;
 #if 0
   struct hostent *hp;
   struct in_addr hostaddr;
@@ -930,9 +935,13 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
 
   /* Grab some accounting data and initialize structure */
   if (acct_type == RAD_START) {
+    /* Don't give any domain\ prefix from the authname to the RADIUS server */
+    name = strchr(dl->peer.authname, '\\');
+    name = name ? name + 1 : dl->peer.authname;
+
     ac->rad_parent = r;
     /* Fetch username from datalink */
-    strncpy(ac->user_name, dl->peer.authname, sizeof ac->user_name);
+    strncpy(ac->user_name, name, sizeof ac->user_name);
     ac->user_name[AUTHLEN-1] = '\0';
 
     ac->authentic = 2;		/* Assume RADIUS verified auth data */
@@ -940,7 +949,7 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
     /* Generate a session ID */
     snprintf(ac->session_id, sizeof ac->session_id, "%s%ld-%s%lu",
              dl->bundle->cfg.auth.name, (long)getpid(),
-             dl->peer.authname, (unsigned long)stats->uptime);
+             name, (unsigned long)stats->uptime);
 
     /* And grab our MP socket name */
     snprintf(ac->multi_session_id, sizeof ac->multi_session_id, "%s",
-- 
cgit v1.1