Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Denying certain users a radius login
>
> I'm interesting in being able to tell radius that either:
>
> 1. Anyone in a particular unix group isn't allowed access
>
Just add the following lines to unix_pass(name, passwd) in radiusd.c
/* Check gid : access may be denied to some groups */
if(check_gid(pwd->pw_gid)) {
return UNIX_BAD_PASSWORD;
}
and write the check_gid function,
static __gid_t * gids_end;
static __gid_t gids_denied[64];
/* Read denied gids from file gids.deny and store them in memory */
static void read_denied_gids()
{
int n = 0;
FILE * fp;
char gid_file_name [512];
char buf[128];
strcpy(gid_file_name,RADIUS_DIR);
strcat(gid_file_name,"/gids.deny");
if ((fp = fopen(gid_file_name,"r")) != NULL) {
while ((fgets(buf, sizeof(buf), fp)) && (n < 64)) {
buf[sizeof(buf)-1] = '\0';
buf[strlen(buf)-1] = '\0';
if ((buf[0] == '#') || (buf[0] == '\0')) continue;
gids_denied[n++] = atoi(buf);
}
fclose(fp);
}
gids_end = gids_denied + n;
}
/* Check gid : access may be denied for some groups */
static int check_gid( __gid_t gid)
{
__gid_t * gid_p;
/* Check gid and return 1 if access is denied */
for(gid_p=gids_denied; gid_p < gids_end; ) {
if (gid == *gid_p++) return(1);
}
return(0);
}
Warning, this piece of code has not been fully tested .........
Gérard Cany
Symphonie - MNet
Parc Technologique de la Pompignane
34 055 Montpellier Cedex 1
tel : 04 67 34 65 76
e-mail : gerard@mnet.fr
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>