From: Nick Porter Date: Tue, 11 Jul 2023 13:39:07 +0000 (+0100) Subject: Copy additional attributes into the session cache on multi packet auth X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84dc35b4d7d2d842a3361cdfe93cfadbb6768c45;p=thirdparty%2Ffreeradius-server.git Copy additional attributes into the session cache on multi packet auth --- diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c index 0ec71964eec..661a7285154 100644 --- a/src/process/tacacs/base.c +++ b/src/process/tacacs/base.c @@ -801,6 +801,7 @@ RESUME(auth_get) { process_tacacs_t const *inst = talloc_get_type_abort_const(mctx->inst->data, process_tacacs_t); process_tacacs_session_t *session; + fr_pair_t *vp, *copy; PROCESS_TRACE; @@ -813,7 +814,6 @@ RESUME(auth_get) session = request_data_reference(request, inst, 0); if (!session) { fr_tacacs_packet_t const *packet = (fr_tacacs_packet_t const *) request->packet->data; - fr_pair_t *vp, *copy; if (!packet_is_authen_start_request(packet)) goto send_reply; @@ -854,10 +854,21 @@ RESUME(auth_get) } /* - * There's no need to cache the User-Password, as the "getpass" packet is the last one in - * the chain. The client will send a "continue" packet containing the password, and the - * admin will reply to that with pass/fail. + * It is possible that the user name or password are added on subsequent Authentication-Continue + * packets following replies with Authentication-GetUser or Authentication-GetPass. + * Check if they are already in the session cache, and if not, add them. */ +#define COPY_MISSING(_attr) do { \ + vp = fr_pair_find_by_da(&session->list, NULL, _attr); \ + if (vp) break; \ + COPY(_attr); \ +} while (0) + + RDEBUG2("Caching additional session attributes:"); + RINDENT(); + COPY_MISSING(attr_user_name); + COPY_MISSING(attr_user_password); + REXDENT(); } session->reply = request->reply->code; session->seq_no = request->packet->data[2];