Sorry I missed the point... Yes, you are correct about 'passwd != ""' my mistake.. I should have be using strncmp.
This is what the diff should be: --- raddauth.c 2007-12-13 00:38:24.000000000 -0800 +++ login_radius/raddauth.c 2007-12-13 00:31:35.000000000 -0800 @@ -117,6 +117,7 @@ int retries; int sockfd; int timeout; +char *radius_port; in_addr_t alt_server; in_addr_t auth_server; @@ -168,6 +169,10 @@ timeout = login_getcapnum(lc, "radius-timeout", 2, 2); retries = login_getcapnum(lc, "radius-retries", 6, 6); + radius_port = login_getcapstr(lc, "radius-port", NULL, NULL); + + if (radius_port == NULL) radius_port = "radius"; + if (timeout < 1) timeout = 1; if (retries < 2) @@ -190,7 +195,7 @@ passwd = getpass("Password:"); } else passwd = password; - if (passwd == NULL) + if (passwd == NULL) passwd = ""; if ((v = login_getcapstr(lc, "radius-server", NULL, NULL)) == NULL){ @@ -207,9 +212,9 @@ alt_retries = retries/2; retries >>= 1; } - + /* get port number */ - svp = getservbyname ("radius", "udp"); + svp = getservbyname (radius_port, "udp"); if (svp == NULL) { *emsg = "No such service: radius/udp"; return (1); @@ -271,7 +276,7 @@ } } - if (retries > 0) { + if (retries > 0 && strncmp(passwd, "", 1) != 0) { rad_request(req_id, userstyle, passwd, auth_port, vector, pwstate); @@ -417,9 +422,9 @@ auth.length = htons(total_length); /* get radius port number */ - rad_port = getservbyname("radius", "udp"); + rad_port = getservbyname(radius_port, "udp"); if (rad_port == NULL) - errx(1, "no such service: radius/udp"); + errx(1, "no such service: %s/udp", radius_port); memset(&sin, 0, sizeof (sin)); sin.sin_family = AF_INET; > -----Original Message----- > From: [EMAIL PROTECTED] > Sent: Wed, 12 Dec 2007 19:35:36 +0100 > To: [EMAIL PROTECTED] > Subject: Re: login_radius possible changes. > > On Wed, Dec 12, 2007 at 08:47:54AM -0800, Brad Arrington wrote: > >> Hi Otto, >> >> Thank you for looking at this. >> >> My question is now what would be the right way to do this...? >> >> This radius server(AAA) has a 3 try lock out. >> Without this patch login_radius checks 2 times with a blank password >> which will allow the user only 1 chance to enter a correct password >> before it locks the account. > > You are comparing pointers, not strings. > > -Otto >> >> >> -Brad >> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> Sent: Wed, 12 Dec 2007 10:28:13 +0100 >>> To: [EMAIL PROTECTED] >>> Subject: Re: login_radius possible changes. >>> >>> On Wed, Dec 12, 2007 at 12:40:15AM -0800, Brad Arrington wrote: >>> >>>> Would it be possible to change login_radius.c actually raddauth.c so >>>> that: >>>> >>>> 1. The admin can change what port login_radius uses, such as the >>>> old datametrics port. It is currently hard coded to radius(1812). >>>> >>>> 2. Make it so it does not try an empty password 2 times before it >>>> kicks >>>> back a >>>> prompt asking for a password. >>>> >>>> This is the diff/changes I had in mind. >>>> >>>> --- radius_current/raddauth.c Tue Dec 11 12:28:41 2007 >>>> +++ raddauth.c Wed Dec 12 00:29:43 2007 >>>> @@ -117,6 +117,7 @@ >>>> int retries; >>>> int sockfd; >>>> int timeout; >>>> +char *radius_port; >>>> in_addr_t alt_server; >>>> in_addr_t auth_server; >>>> >>>> @@ -168,6 +169,10 @@ >>>> >>>> timeout = login_getcapnum(lc, "radius-timeout", 2, 2); >>>> retries = login_getcapnum(lc, "radius-retries", 6, 6); >>>> + radius_port = login_getcapstr(lc, "radius-port", NULL, NULL); >>>> + >>>> + if (radius_port == NULL) radius_port = "radius"; >>>> + >>>> if (timeout < 1) >>>> timeout = 1; >>>> if (retries < 2) >>>> @@ -209,7 +214,7 @@ >>>> } >>>> >>>> /* get port number */ >>>> - svp = getservbyname ("radius", "udp"); >>>> + svp = getservbyname (radius_port, "udp"); >>>> if (svp == NULL) { >>>> *emsg = "No such service: radius/udp"; >>>> return (1); >>>> @@ -271,7 +276,7 @@ >>>> } >>>> } >>>> >>>> - if (retries > 0) { >>>> + if (retries > 0 && passwd != "") { >>> >>> That cannot be right >>> >>>> rad_request(req_id, userstyle, passwd, auth_port, vector, >>>> pwstate); >>>> >>>> @@ -417,9 +422,9 @@ >>>> auth.length = htons(total_length); >>>> >>>> /* get radius port number */ >>>> - rad_port = getservbyname("radius", "udp"); >>>> + rad_port = getservbyname(radius_port, "udp"); >>>> if (rad_port == NULL) >>>> - errx(1, "no such service: radius/udp"); >>>> + errx(1, "no such service: %s/udp", radius_port); >>>> >>>> memset(&sin, 0, sizeof (sin)); >>>> sin.sin_family = AF_INET; >>>> >>>> >>>> Thanks, >>>> -Brad