From e22343f567554008840f4d87d326865b4912720f Mon Sep 17 00:00:00 2001 From: Nick Porter Date: Tue, 22 Jul 2025 16:01:30 +0100 Subject: [PATCH] Map TACACS reply packet code to module rcode --- src/modules/rlm_tacacs/rlm_tacacs_tcp.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/modules/rlm_tacacs/rlm_tacacs_tcp.c b/src/modules/rlm_tacacs/rlm_tacacs_tcp.c index 3a90b66b60..7cd5acd77e 100644 --- a/src/modules/rlm_tacacs/rlm_tacacs_tcp.c +++ b/src/modules/rlm_tacacs/rlm_tacacs_tcp.c @@ -150,6 +150,24 @@ struct tcp_request_s { fr_retry_t retry; //!< retransmission timers }; +static rlm_rcode_t tacacs_code_to_rcode[FR_TACACS_CODE_MAX] = { + [FR_TACACS_CODE_AUTH_PASS] = RLM_MODULE_OK, + [FR_TACACS_CODE_AUTH_FAIL] = RLM_MODULE_REJECT, + [FR_TACACS_CODE_AUTH_GETUSER] = RLM_MODULE_UPDATED, + [FR_TACACS_CODE_AUTH_GETPASS] = RLM_MODULE_UPDATED, + [FR_TACACS_CODE_AUTH_GETDATA] = RLM_MODULE_UPDATED, + [FR_TACACS_CODE_AUTH_RESTART] = RLM_MODULE_HANDLED, + [FR_TACACS_CODE_AUTH_ERROR] = RLM_MODULE_FAIL, + + [FR_TACACS_CODE_AUTZ_PASS_ADD] = RLM_MODULE_OK, + [FR_TACACS_CODE_AUTZ_PASS_REPLACE] = RLM_MODULE_UPDATED, + [FR_TACACS_CODE_AUTZ_FAIL] = RLM_MODULE_REJECT, + [FR_TACACS_CODE_AUTZ_ERROR] = RLM_MODULE_FAIL, + + [FR_TACACS_CODE_ACCT_SUCCESS] = RLM_MODULE_OK, + [FR_TACACS_CODE_ACCT_ERROR] = RLM_MODULE_FAIL, +}; + static const conf_parser_t module_config[] = { { FR_CONF_OFFSET_TYPE_FLAGS("ipaddr", FR_TYPE_COMBO_IP_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr), }, { FR_CONF_OFFSET_TYPE_FLAGS("ipv4addr", FR_TYPE_IPV4_ADDR, 0, rlm_tacacs_tcp_t, dst_ipaddr) }, @@ -1179,9 +1197,7 @@ static void request_demux(UNUSED fr_event_list_t *el, trunk_connection_t *tconn, treq->request->reply->code = code; - // @todo - check various random locations for status of the reply: error, etc. - r->rcode = RLM_MODULE_OK; -// r->rcode = radius_code_to_rcode[code]; + r->rcode = tacacs_code_to_rcode[code]; fr_pair_list_append(&request->reply_pairs, &reply); trunk_request_signal_complete(treq); } -- 2.47.2