Add dynamic client processing to TACACS state machine

FreeRADIUS · Jan 10, 2025 · 1ddba0e · 1ddba0e
1 parent 366039c
commit 1ddba0e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/src/process/tacacs/base.c b/src/process/tacacs/base.c
@@ -155,6 +155,10 @@ typedef struct {
 	CONF_SECTION	*acct_error;
 
 	CONF_SECTION	*do_not_respond;
+
+	CONF_SECTION	*new_client;
+	CONF_SECTION	*add_client;
+	CONF_SECTION	*deny_client;
 } process_tacacs_sections_t;
 
 typedef struct {
@@ -191,8 +195,10 @@ typedef struct {
 
 #define PROCESS_PACKET_TYPE		fr_tacacs_packet_code_t
 #define PROCESS_CODE_MAX		FR_TACACS_CODE_MAX
+#define PROCESS_CODE_DO_NOT_RESPOND	FR_TACACS_CODE_DO_NOT_RESPOND
 #define PROCESS_PACKET_CODE_VALID	FR_TACACS_PACKET_CODE_VALID
 #define PROCESS_INST			process_tacacs_t
+#define PROCESS_CODE_DYNAMIC_CLIENT	FR_TACACS_CODE_AUTH_PASS
 
 #include <freeradius-devel/server/process.h>
 
@@ -1047,6 +1053,10 @@ static unlang_action_t mod_process(rlm_rcode_t *p_result, module_ctx_t const *mc
 	// @todo - debug stuff!
 //	tacacs_packet_debug(request, request->packet, &request->request_pairs, true);
 
+	if (unlikely(request_is_dynamic_client(request))) {
+		return new_client(p_result, mctx, request);
+	}
+
 	return state->recv(p_result, mctx, request);
 }
 
@@ -1434,6 +1444,8 @@ static virtual_server_compile_t compile_list[] = {
 		.offset = PROCESS_CONF_OFFSET(do_not_respond),
 	},
 
+	DYNAMIC_CLIENT_SECTIONS,
+
 	COMPILE_TERMINATOR
 };
 

diff --git a/src/protocols/tacacs/tacacs.h b/src/protocols/tacacs/tacacs.h
@@ -315,6 +315,7 @@ typedef enum {
 	FR_TACACS_CODE_ACCT_ERROR		= FR_PACKET_TYPE_VALUE_ACCOUNTING_ERROR,
 
 	FR_TACACS_CODE_MAX = 19,
+	FR_TACACS_CODE_DO_NOT_RESPOND = 256,
 } fr_tacacs_packet_code_t;