liuh-80 · liuh-80 · Nov 5, 2021 · Nov 10, 2021 · Nov 12, 2021
diff --git a/support.c b/support.c
@@ -31,6 +31,9 @@
 #include <string.h>
 #include <ctype.h> /* isspace() */
 
+/* tacacs config file splitter */
+#define CONFIG_FILE_SPLITTER " ,\t\n\r\f"
+
 /* tacacs server information */
 tacplus_server_t tac_srv[TAC_PLUS_MAXSERVERS];
 struct addrinfo tac_srv_addr[TAC_PLUS_MAXSERVERS];
@@ -235,6 +238,26 @@ void set_source_ip(const char *tac_source_ip) {
         freeaddrinfo(source_address);
         _pam_log(LOG_DEBUG, "source ip is set");
     }
+}
+
+/*
+ * Reset configuration variables.
+ * This method need to be called before parse config, otherwise the server list will grow with each call.
+ */
+int reset_config_variables () {
+    memset(tac_srv, 0, sizeof(tacplus_server_t) * TAC_PLUS_MAXSERVERS);
+    tac_srv_no = 0;
+
+    tac_service[0] = 0;
+    tac_protocol[0] = 0;
+    tac_prompt[0] = 0;
+    tac_login[0] = 0;
+    tac_source_ip[0] = 0;
+
+    if (tac_source_addr != NULL) {
+        /* reset source address */
+        tac_source_addr = NULL;
+    }
 }
 
 /*
@@ -363,24 +386,25 @@ int parse_config_file(const char *file) {
     char line_buffer[256];
     int ctrl = 0;
 
+    /* otherwise the list will grow with each call */
+    reset_config_variables();
+
     config_file = fopen(file, "r");
     if(config_file == NULL) {
         _pam_log(LOG_ERR, "Failed to open config file %s: %m", file);
         return 0;
     }
-
-    if (tac_source_addr != NULL) {
-        /* reset source address */
-        tac_source_addr = NULL;
-    }
-
-    char current_secret[256];
+
+    char current_secret[256];
     memset(current_secret, 0, sizeof(current_secret));
     while (fgets(line_buffer, sizeof line_buffer, config_file)) {
         if(*line_buffer == '#' || isspace(*line_buffer))
             continue; /* skip comments and blank line. */
-        strtok(line_buffer, " \t\n\r\f");
-        ctrl |= _pam_parse_arg(line_buffer, current_secret, sizeof(current_secret));
+        char* config_item = strtok(line_buffer, CONFIG_FILE_SPLITTER);
+        while (config_item != NULL) {
+            ctrl |= _pam_parse_arg(config_item, current_secret, sizeof(current_secret));
+            config_item = strtok(NULL, CONFIG_FILE_SPLITTER);
+        }
     }
 
     fclose(config_file);
@@ -400,11 +424,11 @@ int _pam_parse (int argc, const char **argv) {
     tac_protocol[0] = 0;
     tac_prompt[0] = 0;
     tac_login[0] = 0;
-    tac_source_ip[0] = 0;
-
-    if (tac_source_addr != NULL) {
-        /* reset source address */
-        tac_source_addr = NULL;
+    tac_source_ip[0] = 0;
+
+    if (tac_source_addr != NULL) {
+        /* reset source address */
+        tac_source_addr = NULL;
     }
 
     for (ctrl = 0; argc-- > 0; ++argv) {