From: Nick Porter Date: Fri, 10 Jan 2025 11:35:34 +0000 (+0000) Subject: Add dynamic client processing to TACACS state machine X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ddba0e1485eff7c88a3b4ee02a1880dbb72188f;p=thirdparty%2Ffreeradius-server.git Add dynamic client processing to TACACS state machine --- diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c index 6f36a73888e..b5051c0afc9 100644 --- a/src/process/tacacs/base.c +++ b/src/process/tacacs/base.c @@ -155,6 +155,10 @@ typedef struct { CONF_SECTION *acct_error; CONF_SECTION *do_not_respond; + + CONF_SECTION *new_client; + CONF_SECTION *add_client; + CONF_SECTION *deny_client; } process_tacacs_sections_t; typedef struct { @@ -191,8 +195,10 @@ typedef struct { #define PROCESS_PACKET_TYPE fr_tacacs_packet_code_t #define PROCESS_CODE_MAX FR_TACACS_CODE_MAX +#define PROCESS_CODE_DO_NOT_RESPOND FR_TACACS_CODE_DO_NOT_RESPOND #define PROCESS_PACKET_CODE_VALID FR_TACACS_PACKET_CODE_VALID #define PROCESS_INST process_tacacs_t +#define PROCESS_CODE_DYNAMIC_CLIENT FR_TACACS_CODE_AUTH_PASS #include @@ -1047,6 +1053,10 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc // @todo - debug stuff! // tacacs_packet_debug(request, request->packet, &request->request_pairs, true); + if (unlikely(request_is_dynamic_client(request))) { + return new_client(p_result, mctx, request); + } + return state->recv(p_result, mctx, request); } @@ -1434,6 +1444,8 @@ static virtual_server_compile_t compile_list[] = { .offset = PROCESS_CONF_OFFSET(do_not_respond), }, + DYNAMIC_CLIENT_SECTIONS, + COMPILE_TERMINATOR }; diff --git a/src/protocols/tacacs/tacacs.h b/src/protocols/tacacs/tacacs.h index cb6651d98bb..462253ad274 100644 --- a/src/protocols/tacacs/tacacs.h +++ b/src/protocols/tacacs/tacacs.h @@ -315,6 +315,7 @@ typedef enum { FR_TACACS_CODE_ACCT_ERROR = FR_PACKET_TYPE_VALUE_ACCOUNTING_ERROR, FR_TACACS_CODE_MAX = 19, + FR_TACACS_CODE_DO_NOT_RESPOND = 256, } fr_tacacs_packet_code_t;