Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add environment variable attribute Framed-IPv6-Prefix when present #87

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add environment variable attribute Framed-IPv6-Prefix when present #87

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
23aa2fe
add environment variable attribute Framed-IPv6-Prefix when present
DimitriPapadopoulos Apr 6, 2024
e46db2e
consistency between IPv4 and IPv6
DimitriPapadopoulos Apr 6, 2024
e093685
do not consider opaque type of `s_addr` as `int`
DimitriPapadopoulos Apr 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 31 additions & 5 deletions src/pam_radius_auth.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1577,15 +1577,41 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, UNUSED int flags, int arg

attribute_t *attr_fip;
if ((attr_fip = find_attribute(response, PW_FRAMED_ADDRESS))) {
char frameip[100];
static const char name[] = "Framed-IP-Address";
char frameip[sizeof(name) + INET_ADDRSTRLEN];
struct in_addr ip_addr;

ip_addr.s_addr = *(int*) attr_fip->data;
memcpy(&ip_addr.s_addr, attr_fip->data, 4);

snprintf(frameip, sizeof(frameip), "Framed-IP-Address=%s", inet_ntoa(ip_addr));
snprintf(frameip, sizeof(frameip), "%s=%s", name, inet_ntoa(ip_addr));
retval = pam_putenv(pamh, frameip);
if(retval != PAM_SUCCESS) {
_pam_log(LOG_ERR, "unable to set PAM environment variable : Framed-IP-Address");
if (retval != PAM_SUCCESS) {
_pam_log(LOG_ERR, "unable to set PAM environment variable : %s", name);
}
else {
_pam_log(LOG_DEBUG, "Set PAM environment variable : %s", frameip);
}
}
if ((attr_fip = find_attribute(response, PW_FRAMED_IPV6_PREFIX))) {
static const char name[] = "Framed-IPv6-Prefix";
char buffer[INET6_ADDRSTRLEN];
char frameip[sizeof(name) + INET6_ADDRSTRLEN];
struct in6_addr ip6_addr;
const char *s;

memcpy(&ip6_addr.s6_addr, attr_fip->data, 16);

s = inet_ntop(AF_INET6, (const void *)&ip6_addr, buffer, INET6_ADDRSTRLEN);
if (s)
{
snprintf(frameip, sizeof(frameip), "%s=%s", name, s);
retval = pam_putenv(pamh, frameip);
}
else {
retval = PAM_SERVICE_ERR;
}
if (retval != PAM_SUCCESS) {
_pam_log(LOG_ERR, "unable to set PAM environment variable : %s", name);
}
else {
_pam_log(LOG_DEBUG, "Set PAM environment variable : %s", frameip);
Expand Down
1 change: 1 addition & 0 deletions src/radius.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ typedef struct pw_auth_hdr {
#define PW_MANAGEMENT_PRIVILEGE_LEVEL 136 /* integer */

#define PW_NAS_IPV6_ADDRESS 95 /* octets */
#define PW_FRAMED_IPV6_PREFIX 97 /* octets */

/*
* INTEGER TRANSLATIONS
Expand Down
Loading