TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GNU Lesser General Public License v3.0
132
stars
102
forks
source link
[BUG] Value of attributes list starts not from zero list element #169
After these actions, the attributes are filled by calling tac_add_attrib. But inside this function there is such a block of code (inside _tac_add_attrib_pair):
/* initialize the list if application passed us a null pointer */
if(*attr == NULL) {
*attr = (struct tac_attrib *) xcalloc(1, sizeof(struct tac_attrib));
a = *attr;
} else {
/* find the last allocated block */
a = *attr;
while(a->next != NULL) {
a = a->next; /* a holds last allocated block */
attr_cnt++;
}
if (attr_cnt+1 >= TAC_PLUS_ATTRIB_MAX_CNT) { /* take new attrib into account */
TACSYSLOG(LOG_WARNING,\
"%s: Maximum number of attributes exceeded, skipping",\
__FUNCTION__);
return LIBTAC_STATUS_ATTRIB_TOO_MANY;
}
a->next = (struct tac_attrib *) xcalloc(1, sizeof(struct tac_attrib));
a = a->next; /* set current block pointer to the new one */
}
If memory for attr is already allocated, we go to allocate memory for the next list element. So, after first function call we will skip zero list element and write useful data to first zero element, because we allocate memory for attribute before calling tac_add_attrib.
For correct work there is no need to allocate memory, you can pass attribute, which points to NULL, in the tac_add_attrib and all will be work well.
P.S. The correct form of working with tac_add_attrib is in the file tacc.c, which begins from 309 line.
There is a bug in file pam_tacplus.c. In the function _pam_send_account there is attributes initialization:
After these actions, the attributes are filled by calling tac_add_attrib. But inside this function there is such a block of code (inside _tac_add_attrib_pair):
If memory for attr is already allocated, we go to allocate memory for the next list element. So, after first function call we will skip zero list element and write useful data to first zero element, because we allocate memory for attribute before calling tac_add_attrib.
For correct work there is no need to allocate memory, you can pass attribute, which points to NULL, in the tac_add_attrib and all will be work well.
P.S. The correct form of working with tac_add_attrib is in the file tacc.c, which begins from 309 line.