diff options
author | gregor herrmann <gregoa@debian.org> | 2020-03-18 18:18:08 +0100 |
---|---|---|
committer | gregor herrmann <gregoa@debian.org> | 2020-03-18 18:18:08 +0100 |
commit | eafd01a59bd37774bc1e5a47891228d7a71ab0ea (patch) | |
tree | 7c07119cac7a8f9a86d372110ca7c1745ae14ed8 | |
parent | b95fa5f91cfc96f9678d6638f39b0168935a319b (diff) |
New upstream version 0.28
-rw-r--r-- | Changes | 13 | ||||
-rw-r--r-- | META.json | 2 | ||||
-rw-r--r-- | META.yml | 2 | ||||
-rw-r--r-- | TacacsPlus.pm | 18 | ||||
-rw-r--r-- | tacpluslib/tac_client.c | 7 |
5 files changed, 30 insertions, 12 deletions
@@ -68,4 +68,15 @@ Revision history for Perl extension Authen::TacacsPlus. 0.27 2020-02-09 Mike McCauley - Patch from Jacob Farkas via RT to allow building under on Alpine Linux - under Docker on armv7l, and possibly others
\ No newline at end of file + under Docker on armv7l, and possibly others + +0.28 2020-03-14 Mike McCauley + - Patch from Heikki Vatiainen: + - File descriptor leak introduced in release 0.25 where check for open + connection was added to TacacsPlus::close() before calling tacpluslib's + deinit_tac_session() + - File descriptor leak in tacpluslib's init_tac_session where close() + was not called for the newly created socket if, for example, destination + host was unreachable + - Port and Timeout TacacsPlus::new() parameters were documented + incorrectly. The are not passed within array references. @@ -32,6 +32,6 @@ } }, "release_status" : "stable", - "version" : "0.27", + "version" : "0.28", "x_serialization_backend" : "JSON::PP version 2.97001" } @@ -17,5 +17,5 @@ no_index: directory: - t - inc -version: '0.27' +version: '0.28' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff --git a/TacacsPlus.pm b/TacacsPlus.pm index 1ce775d..64bba41 100644 --- a/TacacsPlus.pm +++ b/TacacsPlus.pm @@ -17,7 +17,7 @@ require DynaLoader; @EXPORT_OK = qw( TACPLUS_CLIENT ); -$VERSION = '0.27'; +$VERSION = '0.28'; sub new { @@ -50,10 +50,10 @@ if ($res<0) { $h{'Key'}, $h{'Timeout'} ? $h{'Timeout'} : 15 ); - $self->{'open'} = 1 if ($res >= 0); last if ($res >= 0); } } +$self->{'open'} = 1 if ($res >= 0); undef $self if ($res < 0); $self; } @@ -146,15 +146,15 @@ Authen::TacacsPlus - Perl extension for authentication using tacacs+ server $tac = new Authen::TacacsPlus(Host=>$server, Key=>$key, - [Port=>'tacacs'], - [Timeout=>15]); + Port=>'tacacs', + Timeout=>15); or $tac = new Authen::TacacsPlus( - [ Host=>$server1, Key=>$key1, [Port=>'tacacs'], [Timeout=>15] ], - [ Host=>$server2, Key=>$key2, [Port=>'tacacs'], [Timeout=>15] ], - [ Host=>$server3, Key=>$key3, [Port=>'tacacs'], [Timeout=>15] ], + [ Host=>$server1, Key=>$key1, Port=>'tacacs', Timeout=>15 ], + [ Host=>$server2, Key=>$key2, Port=>'tacacs', Timeout=>15 ], + [ Host=>$server3, Key=>$key3, Port=>'tacacs', Timeout=>15 ], ... ); $tac->authen($username,$passwords); @@ -170,8 +170,8 @@ Authen::TacacsPlus allows you to authenticate using tacacs+ server. $tac = new Authen::TacacsPlus(Host=>$server, Key=>$key, - [Port=>'tacacs'], - [Timeout=>15]); + Port=>'tacacs', + Timeout=>15); Opens new session with tacacs+ server on host $server, encrypted with key $key. Undefined object is returned if something wrong diff --git a/tacpluslib/tac_client.c b/tacpluslib/tac_client.c index d26c151..a52904c 100644 --- a/tacpluslib/tac_client.c +++ b/tacpluslib/tac_client.c @@ -209,6 +209,7 @@ flags = fcntl(tac_fd, F_GETFL, 0); if( flags < 0 ) { //fprintf( stderr, "fcntl: %s\n", strerror(errno) ); tac_err = "socket error"; + close(tac_fd); return -1; } @@ -217,6 +218,7 @@ res = fcntl( tac_fd, F_SETFL, flags | O_NONBLOCK ); if( res < 0 ) { //fprintf( stderr, "fcntl: %s\n", strerror(errno) ); tac_err = "socket error"; + close(tac_fd); return -1; } @@ -226,6 +228,7 @@ res = connect (tac_fd, (struct sockaddr *) &tac_port, sizeof tac_port); // connection not established, but in progress if( res < 0 && (errno != EINPROGRESS) ) { tac_err = "connection failed"; + close(tac_fd); return -1; } @@ -239,10 +242,12 @@ if( res != 0 ) { res = select( tac_fd+1, NULL, &wset, NULL, &tv ); if( res < 0 ) { tac_err = "select failed"; + close(tac_fd); return -1; } else if( res == 0 ) { tac_err = "timeout"; + close(tac_fd); return -1; } if( res > 0 ) { @@ -251,10 +256,12 @@ if( res != 0 ) { len = sizeof(optval); if( getsockopt( tac_fd, SOL_SOCKET, SO_ERROR, (void *)&optval, &len ) > 0 ) { tac_err = "getsockopt failed"; + close(tac_fd); return -1; } if( optval != 0 ) { tac_err = "connection failed"; + close(tac_fd); return -1; } // optval == 0 --> no error, connection established |