Migrate file descriptor into tac_session object

As this is obviously related to the session.

Author: pprindeville

libtac/include/libtac.h

@@ -147,6 +147,7 @@ struct tac_session {
     uint8_t tac_authen_service;
     uint8_t tac_authen_type;
     uint8_t seq_no;
+    int fd;
 
     /* user defined stuff */
     uint8_t user_data[0];
@@ -171,8 +172,9 @@ HDR *_tac_req_header(struct tac_session *, u_char, bool);
 /* connect.c */
 extern int tac_timeout;
 
-int tac_connect(struct addrinfo **, unsigned);
-int tac_connect_single(const struct addrinfo *, struct addrinfo *, int);
+int tac_connect(struct tac_session *, struct addrinfo **, unsigned);
+int tac_connect_single(struct tac_session *, const struct addrinfo *, struct addrinfo *, int);
+void tac_close(struct tac_session *);
 char *tac_ntop(const struct sockaddr *);
 
 /* authen_s.c */
@@ -182,29 +184,29 @@ const char *tag_get_authen_string(uint8_t);
 void tac_authen_send_pkt(struct tac_session *,
     const char *, const char *, const char *, const char *, u_char,
     u_char **, unsigned *);
-int tac_authen_send(struct tac_session *, int,
+int tac_authen_send(struct tac_session *,
     const char *, const char *, const char *, const char *, u_char);
 
 /* authen_r.c */
 int tac_authen_parse(struct tac_session *, struct areply *, u_char *, unsigned);
-int tac_authen_read(struct tac_session *, int, struct areply *);
+int tac_authen_read(struct tac_session *, struct areply *);
 
 /* cont_s.c */
 void tac_cont_send_pkt(struct tac_session *, const char *,
    u_char **, unsigned *);
-int tac_cont_send(struct tac_session *, int, const char *);
+int tac_cont_send(struct tac_session *, const char *);
 
 /* crypt.c */
 void _tac_crypt(const struct tac_session *, u_char *, const HDR *);
 
 /* author_r.c */
 int tac_author_parse(struct tac_session *, u_char *, unsigned, struct areply *);
-int tac_author_read(struct tac_session *, int, struct areply *);
+int tac_author_read(struct tac_session *, struct areply *);
 
 /* author_s.c */
 void tac_author_send_pkt(struct tac_session *, const char *, const char *,
     const char *, struct tac_attrib *, u_char **, unsigned *);
-int tac_author_send(struct tac_session *, int, const char *, const char *,
+int tac_author_send(struct tac_session *, const char *, const char *,
     const char *, struct tac_attrib *);
 
 /* attrib.c */
@@ -216,13 +218,13 @@ void tac_free_attrib(struct tac_attrib **);
 char *tac_acct_flag2str(u_char);
 void tac_acct_send_pkt(struct tac_session *, u_char, const char *,
     const char *, const char *, struct tac_attrib *, u_char **, unsigned *);
-int tac_acct_send(struct tac_session *, int, u_char, const char *,
+int tac_acct_send(struct tac_session *, u_char, const char *,
     const char *, const char *, struct tac_attrib *);
 
 /* acct_r.c */
 int tac_acct_parse(struct tac_session *, u_char *, unsigned,
     struct areply *);
-int tac_acct_read(struct tac_session *, int, struct areply *);
+int tac_acct_read(struct tac_session *, struct areply *);
 
 /* xalloc.c */
 void *xcalloc(size_t, size_t);

libtac/lib/acct_r.c

@@ -137,7 +137,7 @@ int tac_acct_parse(struct tac_session *sess, u_char *pkt, unsigned pkt_total,
  *             LIBTAC_STATUS_PROTOCOL_ERR
  *   >= 0 : server response, see TAC_PLUS_AUTHEN_STATUS_...
  */
-int tac_acct_read(struct tac_session *sess, int fd, struct areply *re) {
+int tac_acct_read(struct tac_session *sess, struct areply *re) {
     HDR *th;
     struct acct_reply *tb = NULL;
     size_t ulen_from_header;
@@ -148,7 +148,7 @@ int tac_acct_read(struct tac_session *sess, int fd, struct areply *re) {
     re->msg = re->data = NULL;
 
     if (tac_readtimeout_enable &&
-        tac_read_wait(fd, tac_timeout * 1000, TAC_PLUS_HDR_SIZE, &timeleft) < 0 ) {
+        tac_read_wait(sess->fd, tac_timeout * 1000, TAC_PLUS_HDR_SIZE, &timeleft) < 0 ) {
         TACSYSLOG(LOG_ERR,\
             "%s: reply timeout after %u secs", __FUNCTION__, tac_timeout);
         re->msg = xstrdup(acct_syserr_msg);
@@ -158,7 +158,7 @@ int tac_acct_read(struct tac_session *sess, int fd, struct areply *re) {
 
     th = (HDR *)xcalloc(1, TAC_PLUS_HDR_SIZE);
 
-    spacket_read = read(fd, (char *)th, TAC_PLUS_HDR_SIZE);
+    spacket_read = read(sess->fd, (char *)th, TAC_PLUS_HDR_SIZE);
     if(spacket_read < TAC_PLUS_HDR_SIZE) {
         TACSYSLOG(LOG_ERR,\
             "%s: short reply header, read %zd of %u expected: %m", __FUNCTION__,\
@@ -186,7 +186,7 @@ int tac_acct_read(struct tac_session *sess, int fd, struct areply *re) {
 
     /* read reply packet body */
     if (tac_readtimeout_enable &&
-        tac_read_wait(fd, timeleft, ulen_from_header, NULL) < 0 ) {
+        tac_read_wait(sess->fd, timeleft, ulen_from_header, NULL) < 0 ) {
         TACSYSLOG(LOG_ERR,\
             "%s: reply timeout after %u secs", __FUNCTION__, tac_timeout);
         re->msg = xstrdup(acct_syserr_msg);
@@ -195,7 +195,7 @@ int tac_acct_read(struct tac_session *sess, int fd, struct areply *re) {
         return re->status;
     }
 
-    spacket_read = read(fd, (char *)tb, ulen_from_header);
+    spacket_read = read(sess->fd, (char *)tb, ulen_from_header);
     if(spacket_read < 0 || (size_t) spacket_read < ulen_from_header) {
         TACSYSLOG(LOG_ERR,\
             "%s: short reply body, read %zd of %zu: %m",\

libtac/lib/acct_s.c

@@ -135,7 +135,7 @@ void tac_acct_send_pkt(struct tac_session *sess, u_char type,
  *             LIBTAC_STATUS_WRITE_TIMEOUT  (pending impl)
  *             LIBTAC_STATUS_ASSEMBLY_ERR   (pending impl)
  */
-int tac_acct_send(struct tac_session *sess, int fd,
+int tac_acct_send(struct tac_session *sess,
     u_char type, const char *user,
     const char *tty, const char *r_addr, struct tac_attrib *attr) {
 
@@ -147,7 +147,7 @@ int tac_acct_send(struct tac_session *sess, int fd,
     tac_acct_send_pkt(sess, type, user, tty, r_addr, attr, &pkt, &pkt_total);
 
     /* write packet */
-    w = write(fd, pkt, pkt_total);
+    w = write(sess->fd, pkt, pkt_total);
 
     if(w < 0 || (unsigned) w < pkt_total) {
         TACSYSLOG(LOG_ERR, "%s: short write of packet, wrote %d of %d: %m",\

libtac/lib/authen_r.c

@@ -140,7 +140,7 @@ int tac_authen_parse(struct tac_session *sess, struct areply *re,
  *         LIBTAC_STATUS_PROTOCOL_ERR
  *   >= 0 : server response, see TAC_PLUS_AUTHEN_STATUS_...
  */
-int tac_authen_read(struct tac_session *sess, int fd, struct areply *re) {
+int tac_authen_read(struct tac_session *sess, struct areply *re) {
 	HDR *th;
 	struct authen_reply *tb = NULL;
 	size_t len_from_header;
@@ -150,7 +150,7 @@ int tac_authen_read(struct tac_session *sess, int fd, struct areply *re) {
 
 	/* read the reply header */
 	if (tac_readtimeout_enable &&
-		tac_read_wait(fd, tac_timeout * 1000, TAC_PLUS_HDR_SIZE, &timeleft) < 0 ) {
+		tac_read_wait(sess->fd, tac_timeout * 1000, TAC_PLUS_HDR_SIZE, &timeleft) < 0 ) {
 		TACSYSLOG(LOG_ERR,
 			"%s: reply timeout after %d secs", __FUNCTION__, tac_timeout);
 		re->status = LIBTAC_STATUS_READ_TIMEOUT;
@@ -159,7 +159,7 @@ int tac_authen_read(struct tac_session *sess, int fd, struct areply *re) {
 
 	th = (HDR *)xcalloc(1, TAC_PLUS_HDR_SIZE);
 
-	r = read(fd, th, TAC_PLUS_HDR_SIZE);
+	r = read(sess->fd, th, TAC_PLUS_HDR_SIZE);
 	if (r < TAC_PLUS_HDR_SIZE) {
 		TACSYSLOG(LOG_ERR,
 			"%s: short reply header, read %d of %u: %m", __FUNCTION__,
@@ -186,13 +186,13 @@ int tac_authen_read(struct tac_session *sess, int fd, struct areply *re) {
 
 	/* read reply packet body */
 	if (tac_readtimeout_enable &&
-		tac_read_wait(fd, timeleft, len_from_header, NULL) < 0 ) {
+		tac_read_wait(sess->fd, timeleft, len_from_header, NULL) < 0 ) {
 		TACSYSLOG(LOG_ERR,
 			"%s: reply timeout after %d secs", __FUNCTION__, tac_timeout);
 		status = LIBTAC_STATUS_READ_TIMEOUT;
 	}
 
-	r = read(fd, (char *)tb, len_from_header);
+	r = read(sess->fd, (char *)tb, len_from_header);
 	if (r < 0 || (unsigned) r < len_from_header) {
 		TACSYSLOG(LOG_ERR,
 			"%s: short reply body, read %d of %zu: %m",

libtac/lib/authen_s.c

@@ -207,7 +207,7 @@ void tac_authen_send_pkt(struct tac_session *sess,
  *             LIBTAC_STATUS_WRITE_TIMEOUT
  *             LIBTAC_STATUS_ASSEMBLY_ERR
  */
-int tac_authen_send(struct tac_session *sess, int fd,
+int tac_authen_send(struct tac_session *sess,
 		const char *user, const char *pass, const char *tty,
 		const char *r_addr, u_char action) {
 
@@ -219,7 +219,7 @@ int tac_authen_send(struct tac_session *sess, int fd,
 	tac_authen_send_pkt(sess, user, pass, tty, r_addr, action, &pkt, &pkt_total);
 
 	/* we can now write the packet */
-	w = write(fd, pkt, pkt_total);
+	w = write(sess->fd, pkt, pkt_total);
 	if (w < 0 || (unsigned) w < pkt_total) {
 		TACSYSLOG(
 				LOG_ERR, "%s: short write on packet, wrote %d of %u: %m", __FUNCTION__, w, pkt_total);

libtac/lib/author_r.c

@@ -228,7 +228,7 @@ int tac_author_parse(struct tac_session *sess,
  *         LIBTAC_STATUS_PROTOCOL_ERR
  *   >= 0 : server response, see TAC_PLUS_AUTHOR_STATUS_...
  */
-int tac_author_read(struct tac_session *sess, int fd, struct areply *re) {
+int tac_author_read(struct tac_session *sess, struct areply *re) {
 	HDR *th;
 	struct author_reply *tb = NULL;
 	size_t len_from_header;
@@ -238,7 +238,7 @@ int tac_author_read(struct tac_session *sess, int fd, struct areply *re) {
 	bzero(re, sizeof(*re));
 
 	if (tac_readtimeout_enable
-			&& tac_read_wait(fd, tac_timeout * 1000, TAC_PLUS_HDR_SIZE,
+			&& tac_read_wait(sess->fd, tac_timeout * 1000, TAC_PLUS_HDR_SIZE,
 					&timeleft) < 0) {
 
 		TACSYSLOG(
@@ -250,7 +250,7 @@ int tac_author_read(struct tac_session *sess, int fd, struct areply *re) {
 
 	th = (HDR *)xcalloc(1, TAC_PLUS_HDR_SIZE);
 
-	packet_read = read(fd, th, TAC_PLUS_HDR_SIZE);
+	packet_read = read(sess->fd, th, TAC_PLUS_HDR_SIZE);
 	if (packet_read < TAC_PLUS_HDR_SIZE) {
 		TACSYSLOG(
 				LOG_ERR, "%s: short reply header, read %zd of %u: %m", __FUNCTION__,
@@ -277,15 +277,15 @@ int tac_author_read(struct tac_session *sess, int fd, struct areply *re) {
 
 	/* read reply packet body */
 	if (tac_readtimeout_enable
-			&& tac_read_wait(fd, timeleft, len_from_header, NULL) < 0) {
+			&& tac_read_wait(sess->fd, timeleft, len_from_header, NULL) < 0) {
 		TACSYSLOG(
 				LOG_ERR, "%s: reply timeout after %u secs", __FUNCTION__, tac_timeout);
 		re->msg = xstrdup(author_syserr_msg);
 		re->status = LIBTAC_STATUS_READ_TIMEOUT;
 		free(th);
 		return re->status;
 	}
-	packet_read = read(fd, tb, len_from_header);
+	packet_read = read(sess->fd, tb, len_from_header);
 	if (packet_read < 0 || (size_t) packet_read < len_from_header) {
 		TACSYSLOG(
 				LOG_ERR, "%s: short reply body, read %zd of %zu: %m", __FUNCTION__, ((packet_read >= 0) ? packet_read : 0), len_from_header);

libtac/lib/author_s.c

@@ -121,7 +121,7 @@ void tac_author_send_pkt(struct tac_session *sess,
  *		 LIBTAC_STATUS_ASSEMBLY_ERR  (pending impl)
  */
 int tac_author_send(struct tac_session *sess,
-	int fd, const char *user, const char *tty, const char *r_addr,
+	const char *user, const char *tty, const char *r_addr,
 	struct tac_attrib *attr) {
 
 	u_char *pkt = NULL;
@@ -132,7 +132,7 @@ int tac_author_send(struct tac_session *sess,
 	tac_author_send_pkt(sess, user, tty, r_addr, attr, &pkt, &pkt_total);
 
 	/* write packet */
-	w = write(fd, pkt, pkt_total);
+	w = write(sess->fd, pkt, pkt_total);
 	if (w < 0 || (unsigned) w < pkt_total) {
 		TACSYSLOG(LOG_ERR, "%s: short write on packet, wrote %d of %d: %m",\
 			__FUNCTION__, w, pkt_total);

libtac/lib/connect.c

@@ -39,35 +39,36 @@ int tac_timeout = 5;
    in server table.
 
  * return value:
- *   >= 0 : valid fd
+ *   == 0 : success
  *   <  0 : error status code, see LIBTAC_STATUS_...
  */
-int tac_connect(struct addrinfo **server, unsigned servers) {
+int tac_connect(struct tac_session *sess,
+    struct addrinfo **server, unsigned servers) {
     unsigned tries;
-    int fd=-1;
+    int retval = -1;
 
     if(servers == 0 || server == NULL) {
         TACSYSLOG(LOG_ERR, "%s: no TACACS+ servers defined", __FUNCTION__);
     } else {
         for ( tries = 0; tries < servers; tries++ ) {   
-            if((fd=tac_connect_single(server[tries], NULL, tac_timeout)) >= 0 ) {
-                /* tac_secret was set in tac_connect_single on success */
+            if ((retval = tac_connect_single(sess, server[tries], NULL, tac_timeout)) >= 0 ) {
                 break;
             }
         }
     }
 
     /* all attempts failed if fd is still < 0 */
-    TACDEBUG(LOG_DEBUG, "%s: exit status=%d",__FUNCTION__, fd);
-    return fd;
+    TACDEBUG(LOG_DEBUG, "%s: exit status=%d",__FUNCTION__, retval);
+    return retval;
 } /* tac_connect */
 
 
 /* return value:
- *   >= 0 : valid fd
+ *   == 0 : success
  *   <  0 : error status code, see LIBTAC_STATUS_...
  */
-int tac_connect_single(const struct addrinfo *server, struct addrinfo *srcaddr, int timeout) {
+int tac_connect_single(struct tac_session *sess,
+    const struct addrinfo *server, struct addrinfo *srcaddr, int timeout) {
     int retval = LIBTAC_STATUS_CONN_ERR; /* default retval */
     int fd = -1;
     int flags, rc;
@@ -161,17 +162,30 @@ int tac_connect_single(const struct addrinfo *server, struct addrinfo *srcaddr,
 
     /* connected ok */
     TACDEBUG(LOG_DEBUG, "%s: connected to %s", __FUNCTION__, ip);
-    retval = fd;
+    retval = 0;
+
+    /* now stuff the fd into the tac_session */
+    if (sess->fd >= 0)
+        close(sess->fd);
+    sess->fd = fd;
 
 bomb:
     if (retval < 0 && fd != -1)
        close(fd);
 
-    TACDEBUG(LOG_DEBUG, "%s: exit status=%d (fd=%d)",\
-        __FUNCTION__, retval < 0 ? retval:0, fd);
+    TACDEBUG(LOG_DEBUG, "%s: exit status=%d",\
+        __FUNCTION__, retval);
     return retval;
 } /* tac_connect_single */
 
+void
+tac_close(struct tac_session *sess)
+{
+    if (sess->fd >= 0) {
+        close(sess->fd);
+        sess->fd = -1;
+    }
+}
 
 /* return value:
  *   ptr to char* with format IP address

libtac/lib/cont_s.c

@@ -95,7 +95,7 @@ void tac_cont_send_pkt(struct tac_session *sess, const char *pass,
  *         LIBTAC_STATUS_WRITE_TIMEOUT  (pending impl)
  *         LIBTAC_STATUS_ASSEMBLY_ERR
  */
-int tac_cont_send(struct tac_session *sess, int fd, const char *pass) {
+int tac_cont_send(struct tac_session *sess, const char *pass) {
 
 	u_char *pkt = NULL;
 	unsigned pkt_total = 0;
@@ -104,7 +104,7 @@ int tac_cont_send(struct tac_session *sess, int fd, const char *pass) {
 	/* generate the packet */
 	tac_cont_send_pkt(sess, pass, &pkt, &pkt_total);
 
-	w = write(fd, pkt, pkt_total);
+	w = write(sess->fd, pkt, pkt_total);
 	if (w < 0 || (unsigned) w < pkt_total) {
 		TACSYSLOG(
 				LOG_ERR, "%s: short write on packet, wrote %d of %u: %m", __FUNCTION__, w, pkt_total);

libtac/lib/header.c

@@ -46,7 +46,7 @@ HDR *_tac_req_header(struct tac_session *sess, u_char type, bool cont_session) {
 
     /* preset some packet options in header */
     th->type=type;
-    th->seq_no=sess->seq_no;
+    th->seq_no=++sess->seq_no;
     th->encryption=TAC_PLUS_ENCRYPTED_FLAG;
 
     /* make session_id from pseudo-random number */

libtac/lib/session.c

@@ -40,6 +40,7 @@ tac_session_alloc_extra(unsigned n)
     sess->tac_authen_method = TAC_PLUS_AUTHEN_METH_TACACSPLUS;
     sess->tac_authen_type = TAC_PLUS_AUTHEN_TYPE_PAP;
     sess->seq_no = 0;
+    sess->fd = -1;
 
     return sess;
 }
@@ -95,6 +96,7 @@ tac_session_get_user_data(struct tac_session *sess)
 void
 tac_session_free(struct tac_session *sess)
 {
+    tac_close(sess);
     free(sess);
 }