Sorry I missed the point...
Yes, you are correct about 'passwd != ""' my mistake.. I should have be using
strncmp.
This is what the diff should be:
--- raddauth.c 2007-12-13 00:38:24.000000000 -0800
+++ login_radius/raddauth.c 2007-12-13 00:31:35.000000000 -0800
@@ -117,6 +117,7 @@
int retries;
int sockfd;
int timeout;
+char *radius_port;
in_addr_t alt_server;
in_addr_t auth_server;
@@ -168,6 +169,10 @@
timeout = login_getcapnum(lc, "radius-timeout", 2, 2);
retries = login_getcapnum(lc, "radius-retries", 6, 6);
+ radius_port = login_getcapstr(lc, "radius-port", NULL, NULL);
+
+ if (radius_port == NULL) radius_port = "radius";
+
if (timeout < 1)
timeout = 1;
if (retries < 2)
@@ -190,7 +195,7 @@
passwd = getpass("Password:");
} else
passwd = password;
- if (passwd == NULL)
+ if (passwd == NULL)
passwd = "";
if ((v = login_getcapstr(lc, "radius-server", NULL, NULL)) == NULL){
@@ -207,9 +212,9 @@
alt_retries = retries/2;
retries >>= 1;
}
-
+
/* get port number */
- svp = getservbyname ("radius", "udp");
+ svp = getservbyname (radius_port, "udp");
if (svp == NULL) {
*emsg = "No such service: radius/udp";
return (1);
@@ -271,7 +276,7 @@
}
}
- if (retries > 0) {
+ if (retries > 0 && strncmp(passwd, "", 1) != 0) {
rad_request(req_id, userstyle, passwd, auth_port, vector,
pwstate);
@@ -417,9 +422,9 @@
auth.length = htons(total_length);
/* get radius port number */
- rad_port = getservbyname("radius", "udp");
+ rad_port = getservbyname(radius_port, "udp");
if (rad_port == NULL)
- errx(1, "no such service: radius/udp");
+ errx(1, "no such service: %s/udp", radius_port);
memset(&sin, 0, sizeof (sin));
sin.sin_family = AF_INET;
> -----Original Message-----
> From: [EMAIL PROTECTED]
> Sent: Wed, 12 Dec 2007 19:35:36 +0100
> To: [EMAIL PROTECTED]
> Subject: Re: login_radius possible changes.
>
> On Wed, Dec 12, 2007 at 08:47:54AM -0800, Brad Arrington wrote:
>
>> Hi Otto,
>>
>> Thank you for looking at this.
>>
>> My question is now what would be the right way to do this...?
>>
>> This radius server(AAA) has a 3 try lock out.
>> Without this patch login_radius checks 2 times with a blank password
>> which will allow the user only 1 chance to enter a correct password
>> before it locks the account.
>
> You are comparing pointers, not strings.
>
> -Otto
>>
>>
>> -Brad
>>
>>> -----Original Message-----
>>> From: [EMAIL PROTECTED]
>>> Sent: Wed, 12 Dec 2007 10:28:13 +0100
>>> To: [EMAIL PROTECTED]
>>> Subject: Re: login_radius possible changes.
>>>
>>> On Wed, Dec 12, 2007 at 12:40:15AM -0800, Brad Arrington wrote:
>>>
>>>> Would it be possible to change login_radius.c actually raddauth.c so
>>>> that:
>>>>
>>>> 1. The admin can change what port login_radius uses, such as the
>>>> old datametrics port. It is currently hard coded to radius(1812).
>>>>
>>>> 2. Make it so it does not try an empty password 2 times before it
>>>> kicks
>>>> back a
>>>> prompt asking for a password.
>>>>
>>>> This is the diff/changes I had in mind.
>>>>
>>>> --- radius_current/raddauth.c Tue Dec 11 12:28:41 2007
>>>> +++ raddauth.c Wed Dec 12 00:29:43 2007
>>>> @@ -117,6 +117,7 @@
>>>> int retries;
>>>> int sockfd;
>>>> int timeout;
>>>> +char *radius_port;
>>>> in_addr_t alt_server;
>>>> in_addr_t auth_server;
>>>>
>>>> @@ -168,6 +169,10 @@
>>>>
>>>> timeout = login_getcapnum(lc, "radius-timeout", 2, 2);
>>>> retries = login_getcapnum(lc, "radius-retries", 6, 6);
>>>> + radius_port = login_getcapstr(lc, "radius-port", NULL, NULL);
>>>> +
>>>> + if (radius_port == NULL) radius_port = "radius";
>>>> +
>>>> if (timeout < 1)
>>>> timeout = 1;
>>>> if (retries < 2)
>>>> @@ -209,7 +214,7 @@
>>>> }
>>>>
>>>> /* get port number */
>>>> - svp = getservbyname ("radius", "udp");
>>>> + svp = getservbyname (radius_port, "udp");
>>>> if (svp == NULL) {
>>>> *emsg = "No such service: radius/udp";
>>>> return (1);
>>>> @@ -271,7 +276,7 @@
>>>> }
>>>> }
>>>>
>>>> - if (retries > 0) {
>>>> + if (retries > 0 && passwd != "") {
>>>
>>> That cannot be right
>>>
>>>> rad_request(req_id, userstyle, passwd, auth_port, vector,
>>>> pwstate);
>>>>
>>>> @@ -417,9 +422,9 @@
>>>> auth.length = htons(total_length);
>>>>
>>>> /* get radius port number */
>>>> - rad_port = getservbyname("radius", "udp");
>>>> + rad_port = getservbyname(radius_port, "udp");
>>>> if (rad_port == NULL)
>>>> - errx(1, "no such service: radius/udp");
>>>> + errx(1, "no such service: %s/udp", radius_port);
>>>>
>>>> memset(&sin, 0, sizeof (sin));
>>>> sin.sin_family = AF_INET;
>>>>
>>>>
>>>> Thanks,
>>>> -Brad
