]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 366039c)
Add dynamic client processing to TACACS state machine
authorNick Porter <nick@portercomputing.co.uk>
Fri, 10 Jan 2025 11:35:34 +0000 (11:35 +0000)
committerNick Porter <nick@portercomputing.co.uk>
Fri, 10 Jan 2025 11:35:34 +0000 (11:35 +0000)
src/process/tacacs/base.c patch | blob | blame | history
src/protocols/tacacs/tacacs.h patch | blob | blame | history

diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c
index 6f36a73888e56e8cc0d7104edff8391b818c10e6..b5051c0afc9e8f391ddcce8e9f77bebd0547c656 100644 (file)
--- a/src/process/tacacs/base.c
+++ b/src/process/tacacs/base.c
@@ -155,6 +155,10 @@ typedef struct {
        CONF_SECTION    *acct_error;
 
        CONF_SECTION    *do_not_respond;
+
+       CONF_SECTION    *new_client;
+       CONF_SECTION    *add_client;
+       CONF_SECTION    *deny_client;
 } process_tacacs_sections_t;
 
 typedef struct {
@@ -191,8 +195,10 @@ typedef struct {
 
 #define PROCESS_PACKET_TYPE            fr_tacacs_packet_code_t
 #define PROCESS_CODE_MAX               FR_TACACS_CODE_MAX
+#define PROCESS_CODE_DO_NOT_RESPOND    FR_TACACS_CODE_DO_NOT_RESPOND
 #define PROCESS_PACKET_CODE_VALID      FR_TACACS_PACKET_CODE_VALID
 #define PROCESS_INST                   process_tacacs_t
+#define PROCESS_CODE_DYNAMIC_CLIENT    FR_TACACS_CODE_AUTH_PASS
 
 #include <freeradius-devel/server/process.h>
 
@@ -1047,6 +1053,10 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc
        // @todo - debug stuff!
 //     tacacs_packet_debug(request, request->packet, &request->request_pairs, true);
 
+       if (unlikely(request_is_dynamic_client(request))) {
+               return new_client(p_result, mctx, request);
+       }
+
        return state->recv(p_result, mctx, request);
 }
 
@@ -1434,6 +1444,8 @@ static virtual_server_compile_t compile_list[] = {
                .offset = PROCESS_CONF_OFFSET(do_not_respond),
        },
 
+       DYNAMIC_CLIENT_SECTIONS,
+
        COMPILE_TERMINATOR
 };
 
diff --git a/src/protocols/tacacs/tacacs.h b/src/protocols/tacacs/tacacs.h
index cb6651d98bbfe370426b30434cc9695d77e03b48..462253ad274b27ba3a0f1cc027fdc1a270576dbb 100644 (file)
--- a/src/protocols/tacacs/tacacs.h
+++ b/src/protocols/tacacs/tacacs.h
@@ -315,6 +315,7 @@ typedef enum {
        FR_TACACS_CODE_ACCT_ERROR               = FR_PACKET_TYPE_VALUE_ACCOUNTING_ERROR,
 
        FR_TACACS_CODE_MAX = 19,
+       FR_TACACS_CODE_DO_NOT_RESPOND = 256,
 } fr_tacacs_packet_code_t;
 
 
Mirror of https://github.com/FreeRADIUS/freeradius-server.git