Authen-TacacsPlus
3 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

     under Docker on armv7l, and possibly others

0.28 2020-03-14 Mike McCauley
     - Patch from Heikki Vatiainen:
     - File descriptor leak introduced in release 0.25 where check for open 
     connection was added to TacacsPlus::close() before calling tacpluslib's 
     deinit_tac_session()
     - File descriptor leak in tacpluslib's init_tac_session where close() 
     was not called for the newly created socket if, for example, destination 
     host was unreachable
     - Port and Timeout TacacsPlus::new() parameters were documented 
     incorrectly. The are not passed within array references.

TacacsPlus.pm  view on Meta::CPAN 

bless $self, $class;
$self->{'servers'} = [];
if (ref $_[0] eq 'ARRAY') {
    %h = @{ $_[0] };
    shift @_;
    push @{ $self->{'servers'} }, @_;
} else {
    %h = @_;
}
my $res=-1;
$self->{'timeout'} = $h{'Timeout'} ? $h{'Timeout'} : 15;
$self->{'port'} = $h{'Port'} ? $h{'Port'} : 'tacacs';
$self->{'host'} = $h{'Host'};
$self->{'key'} = $h{'Key'};
$res=init_tac_session($self->{'host'},$self->{'port'},
	$self->{'key'},$self->{'timeout'});
if ($res<0) {
    my $s = $self->{'servers'};
    while ($s->[0]) {
        my %h = @{ $s->[0] };
        shift @{ $s };
        $res=init_tac_session( $h{'Host'},
                               $h{'Port'} ? $h{'Port'} : 'tacacs',
                               $h{'Key'},
                               $h{'Timeout'} ? $h{'Timeout'} : 15
                              );
        last if ($res >= 0);
    }
}
$self->{'open'} = 1 if ($res >= 0);
undef $self if ($res < 0);
$self;
}

# Third arg authen_type is optional, defaults to

TacacsPlus.pm  view on Meta::CPAN 

    my $authen_type = shift || &Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_ASCII;
    my $res=make_auth($username,$password,$authen_type);
    unless ($res || errmsg() =~ /Authentication failed/) {
        my $s = $self->{'servers'};
        while ($s->[0]) {
            my %h = @{ $s->[0] };
            shift @{ $s };
            my $ret=init_tac_session( $h{'Host'},
                                      $h{'Port'} ? $h{'Port'} : 'tacacs',
                                      $h{'Key'},
                                      $h{'Timeout'} ? $h{'Timeout'} : 15
                                    );
            next if ($ret < 0);
            $res=make_auth($username,$password,$authen_type);
            last if $res;
        }

    }
    $res;
}

TacacsPlus.pm  view on Meta::CPAN 


Authen::TacacsPlus - Perl extension for authentication using tacacs+ server

=head1 SYNOPSIS

  use Authen::TacacsPlus;

  $tac = new Authen::TacacsPlus(Host=>$server,
			Key=>$key,
			Port=>'tacacs',
			Timeout=>15);

  or

  $tac = new Authen::TacacsPlus(
     [ Host=>$server1, Key=>$key1, Port=>'tacacs', Timeout=>15 ],
     [ Host=>$server2, Key=>$key2, Port=>'tacacs', Timeout=>15 ],
     [ Host=>$server3, Key=>$key3, Port=>'tacacs', Timeout=>15 ],
     ...  );

  $tac->authen($username,$passwords);

  Authen::TacacsPlus::errmsg(); 

  $tac->close();


=head1 DESCRIPTION

Authen::TacacsPlus allows you to authenticate using tacacs+ server.

  $tac = new Authen::TacacsPlus(Host=>$server,      
 	                Key=>$key,          
                        Port=>'tacacs',   
                        Timeout=>15);     

Opens new session with tacacs+ server on host $server, encrypted
with key $key. Undefined object is returned if something wrong
(check errmsg()).

With a list of servers the order is relevant. It checks the availability
of the Tacacs+ service using the order you defined.


  Authen::TacacsPlus::errmsg();

test.pl  view on Meta::CPAN 

my $port = 49;
my $username = $ENV{AUTHEN_TACACSPLUS_TEST_USERNAME} || 'mikem';
my $password = $ENV{AUTHEN_TACACSPLUS_TEST_PASSWORD} || 'fred';
# This is the CHAP encrypted password, including the challenge
# and identifier
my $chap_password = $ENV{AUTHEN_TACACSPLUS_TEST_CHAP_PASSWORD} 
    || 'djfhafghlkdlkfjasgljksgljkdsjsdfshdfgsdfkjglgh';

my $tac = new Authen::TacacsPlus(Host=>$host,
				 Key=>$key,
				 Timeout=>$timeout,
				 Port=>$port);
if ($tac)
{
    ok(1);
}
else
{
    foreach (2..10)
    {
	skip('Unable to complete tests because the test Tacacs server could not be contacted');

test.pl  view on Meta::CPAN 

    exit;
}


# test default type (ASCII), backwards compatible
ok($tac->authen($username, $password));
ok($tac->close() == 0);

my $tac = new Authen::TacacsPlus(Host=>$host,
				 Key=>$key,
				 Timeout=>$timeout,
				 Port=>$port);
ok($tac);

# test default PAP type
ok($tac->authen($username, $password, &Authen::TacacsPlus::TAC_PLUS_AUTHEN_TYPE_PAP));
ok($tac->close() == 0);

$tac = new Authen::TacacsPlus(Host=>$host,
				 Key=>$key,
				 Timeout=>$timeout,
				 Port=>$port);
ok($tac);

# test CHAP auth type
require Digest::MD5;
$chap_id = '5';
$chap_challenge = '1234567890123456';
# This is the CHAP response from the NAS. We will fake it here
# by calculating it in the same way th eNAS does:
$chap_response = Digest::MD5::md5($chap_id . $password . $chap_challenge);



( run in 0.472 second using v1.01-cache-2.11-cpan-0d8aa00de5b )