tag 482947 patch
thanks
On Mon, May 26, 2008 at 11:32:19AM +0200, Josip Rodin wrote:
>
> I see that the NAS-Identifier parsing was added by a user:
>
> http://nagiosplug.svn.sourceforge.net/viewvc/nagiosplug/nagiosplug/trunk/plugins/check_radius.c?r1=690&r2=851&sortby=date
>
> I guess I'll just write a similar patch for NAS-IP-Address.
Here's a working patch for this.
I've also noticed that the original code for NAS-IP-Address hardcoding
is broken in its error handling - it does "return (ERROR_PC)", which is
meaningless in the context of check_radius.c. That actually seems to be
copy&waste from radiusclient-0.3.2/src/radexample.c. :) I fixed that.
While debugging, I also took the opportunity to decouple the nas-identifier
rc_avpair_add() instance from the initial three, because this is just
bad practice to lump a fourth optional attribute into the same block with
the required attributes, the error handling for which is throwing the same
daft message "Out of Memory?"...
--
2. That which causes joy or happiness.
--- check_radius.c.orig 2008-05-28 00:31:54.000000000 +0200
+++ check_radius.c 2008-05-28 00:29:27.000000000 +0200
@@ -53,6 +53,7 @@
char *username = NULL;
char *password = NULL;
char *nasid = NULL;
+char *nasipaddress = NULL;
char *expect = NULL;
char *config_file = NULL;
unsigned short port = PW_AUTH_UDP_PORT;
@@ -149,19 +150,26 @@
if (!(rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) &&
rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) &&
- rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0) &&
- (nasid==NULL || rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0))))
+ rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0)
+ ))
die (STATE_UNKNOWN, _("Out of Memory?"));
- /*
- * Fill in NAS-IP-Address
- */
-
- if ((client_id = rc_own_ipaddress ()) == 0)
- return (ERROR_RC);
-
- if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) ==
- NULL) return (ERROR_RC);
+ if (nasid != NULL) {
+ if (!(rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0)))
+ die (STATE_UNKNOWN, _("Invalid NAS-Identifier"));
+ }
+
+ if (nasipaddress != NULL) {
+ if (rc_good_ipaddr (nasipaddress))
+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address"));
+ if ((client_id = rc_get_ipaddr(nasipaddress)) == 0)
+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address"));
+ } else {
+ if ((client_id = rc_own_ipaddress ()) == 0)
+ die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address"));
+ }
+ if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL)
+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address"));
rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
retries);
@@ -199,6 +207,7 @@
{"username", required_argument, 0, 'u'},
{"password", required_argument, 0, 'p'},
{"nas-id", required_argument, 0, 'n'},
+ {"nas-ip-address", required_argument, 0, 'N'},
{"filename", required_argument, 0, 'F'},
{"expect", required_argument, 0, 'e'},
{"retries", required_argument, 0, 'r'},
@@ -234,7 +243,7 @@
}
while (1) {
- c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:t:r:e:", longopts,
+ c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:N:t:r:e:", longopts,
&option);
if (c == -1 || c == EOF || c == 1)
@@ -273,6 +282,9 @@
case 'n': /* nas id */
nasid = optarg;
break;
+ case 'N': /* nas ip address */
+ nasipaddress = optarg;
+ break;
case 'F': /* configuration file */
config_file = optarg;
break;
@@ -325,6 +337,8 @@
printf (" %s\n", _("Password for autentication (SECURITY RISK)"));
printf (" %s\n", "-n, --nas-id=STRING");
printf (" %s\n", _("NAS identifier"));
+ printf (" %s\n", "-N, --nas-ip-address=STRING");
+ printf (" %s\n", _("NAS IP Address"));
printf (" %s\n", "-F, --filename=STRING");
printf (" %s\n", _("Configuration file"));
printf (" %s\n", "-e, --expect=STRING");
@@ -354,6 +368,7 @@
print_usage (void)
{
printf (_("Usage:"));
- printf ("%s -H host -F config_file -u username -p password [-n nas-id] [-P port]\n\
- [-t timeout] [-r retries] [-e expect]\n", progname);
+ printf ("%s -H host -F config_file -u username -p password\n\
+ [-P port] [-t timeout] [-r retries] [-e expect]\n\
+ [-n nas-id] [-N nas-ip-addr]\n", progname);
}
