[Dovecot] PAM_RHOST item
Timo Sirainen
tss at iki.fi
Tue Jun 15 06:06:09 EEST 2004
On Mon, 2004-06-14 at 09:53, Tom Alsberg wrote:
> Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged
> as to how to get the client name from there. It seems not to be
> available in the auth_request strut or anything from there. I tried
> even adding an upwards reference from there to the struct client *,
> but then I see that there are three structs named client and two
> structs named auth_request, and somehow I got into trouble of passing
> it cleanly.
See Chernomorets Sergey's recent post about vpopmail. It has client_ip
passed all the way to auth_request. I'll also commit this to CVS:
Index: passdb-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-pam.c,v
retrieving revision 1.15
diff -u -r1.15 passdb-pam.c
--- passdb-pam.c 31 May 2004 18:57:25 -0000 1.15
+++ passdb-pam.c 15 Jun 2004 03:12:37 -0000
@@ -15,6 +15,7 @@
#include "common.h"
#include "buffer.h"
#include "ioloop.h"
+#include "network.h"
#include "passdb.h"
#include "mycrypt.h"
#include "safe-memset.h"
@@ -204,7 +205,7 @@
}
static void
-pam_verify_plain_child(const char *service, const char *user,
+pam_verify_plain_child(const struct auth_request *request, const char *service,
const char *password, int fd)
{
pam_handle_t *pamh;
@@ -219,15 +220,21 @@
conv.conv = pam_userpass_conv;
conv.appdata_ptr = &userpass;
- userpass.user = user;
+ userpass.user = request->user;
userpass.pass = password;
- status = pam_start(service, user, &conv, &pamh);
+ status = pam_start(service, request->user, &conv, &pamh);
if (status != PAM_SUCCESS) {
result = PASSDB_RESULT_INTERNAL_FAILURE;
str = t_strdup_printf("pam_start() failed: %s",
pam_strerror(pamh, status));
} else {
+#ifdef PAM_RHOST
+ const char *host = net_ip2addr(&request->remote_ip);
+ if (host != NULL)
+ pam_set_item(pamh, PAM_RHOST, host);
+#endif
+
status = pam_auth(pamh, &str);
if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) {
/* FIXME: check for PASSDB_RESULT_UNKNOWN_USER
@@ -360,7 +367,7 @@
if (pid == 0) {
(void)close(fd[0]);
- pam_verify_plain_child(service, request->user, password, fd[1]);
+ pam_verify_plain_child(request, service, password, fd[1]);
_exit(0);
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040615/f679fa21/attachment.pgp
More information about the dovecot
mailing list