summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-dialup/l2tpns/files/l2tpns-trust-localhost.patch')
-rw-r--r--net-dialup/l2tpns/files/l2tpns-trust-localhost.patch54
1 files changed, 54 insertions, 0 deletions
diff --git a/net-dialup/l2tpns/files/l2tpns-trust-localhost.patch b/net-dialup/l2tpns/files/l2tpns-trust-localhost.patch
new file mode 100644
index 0000000..fa45cdc
--- /dev/null
+++ b/net-dialup/l2tpns/files/l2tpns-trust-localhost.patch
@@ -0,0 +1,54 @@
+--- l2tpns.h 2006-07-23 19:13:36.000000000 +1000
++++ l2tpns.h 2006-07-23 19:13:40.000000000 +1000
+@@ -562,6 +562,8 @@
+
+ int allow_duplicate_users; // allow multiple logins with the same username
+
++ int cli_trust_localhost; // allow localhost to connect to telnet CLI without authenticating
++
+ in_addr_t default_dns1, default_dns2;
+
+ unsigned long rl_rate; // default throttle rate
+--- l2tpns.c 2006-07-23 19:14:13.000000000 +1000
++++ l2tpns.c 2006-07-23 19:15:15.000000000 +1000
+@@ -127,6 +127,7 @@
+ CONFIG("radius_authtypes", radius_authtypes_s, STRING),
+ CONFIG("radius_dae_port", radius_dae_port, SHORT),
+ CONFIG("allow_duplicate_users", allow_duplicate_users, BOOL),
++ CONFIG("cli_trust_localhost", cli_trust_localhost, BOOL),
+ CONFIG("bind_address", bind_address, IPv4),
+ CONFIG("peer_address", peer_address, IPv4),
+ CONFIG("send_garp", send_garp, BOOL),
+--- etc/startup-config.default 2006-07-23 19:29:12.000000000 +1000
++++ etc/startup-config.default 2006-07-23 19:29:44.000000000 +1000
+@@ -41,6 +41,9 @@
+ # Allow multiple logins for the same username
+ #set allow_duplicate_users no
+
++# Allow localhost to access the telnet CLI without authenticating
++#set cli_trust_localhost yes
++
+ # Write usage accounting files into specified directory
+ set accounting_dir "/var/run/l2tpns/acct"
+
+--- cli.c 2006-07-23 23:00:27.000000000 +1000
++++ cli.c 2006-07-24 10:41:35.000000000 +1000
+@@ -295,7 +295,17 @@
+ if (fork_and_close()) return;
+ if (getpeername(sockfd, (struct sockaddr *) &addr, &l) == 0)
+ {
+- require_auth = addr.sin_addr.s_addr != inet_addr("127.0.0.1");
++ if (addr.sin_addr.s_addr == inet_addr("127.0.0.1"))
++ {
++ if (config->cli_trust_localhost)
++ {
++ require_auth = 0;
++ }
++ else
++ {
++ LOG(3, 0, 0, "Treating localhost as remote\n");
++ }
++ }
+ LOG(require_auth ? 3 : 4, 0, 0, "Accepted connection to CLI from %s\n",
+ fmtaddr(addr.sin_addr.s_addr, 0));
+ }