[Dovecot] passing remote ip to pam

[Timo Sirainen]

On Fri, 2004-07-09 at 04:55, dean gaudet wrote:
> to improve forensic log info i want to set the PAM_RHOST value to the
> remote ip (which pam logs as rhost=foo in failure messages).  i didn't
> look to see if anything has been done in this way on CVS because i'm still
> on 0.99.10.6.
> 
> below is a bit of a hack.  in some sense the remote_ip might make more
> sense in the AUTH_LOGIN_REQUEST_NEW packet rather than the continue
> packet... but that looked like i'd have to change more code :)

It's done that way in CVS. CVS also sends local ip and protocol
information.

> btw -- is there anything which stops mech_plain_auth_continue from doing a
> somewhat unbounded pstrdup if you send "a\0b" for the auth string?

Oh, right, thanks. But I don't think it could be used to do anything
bad. Maybe crash dovecot-auth in some circumstances, but it gets
restarted automatically then. Fix is anyway:

ot-0.99.10.6/src/auth/mech-plain.c 
--- dovecot-0.99.10.6-orig/src/auth/mech-plain.c	2003-05-18 15:26:28.000000000 +0300
+++ dovecot-0.99.10.6/src/auth/mech-plain.c	2004-07-09 13:47:01.000000000 +0300
@@ -41,7 +41,7 @@
 		}
 	}
 
-	if (authenid == NULL) {
+	if (count != 2) {
 		/* invalid input */
 		if (verbose)
 			i_info("mech-plain: no username given");

> +dovecot (0.99.10.6-3.dg1) unstable; urgency=low
> +
> +  * hack a solution to pass PAM_RHOST the remote ip

Looks good.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040709/a770deb9/attachment-0001.bin>