[Dovecot] PAM_RHOST item

Timo Sirainen tss at iki.fi
Tue Jun 15 06:06:09 EEST 2004


On Mon, 2004-06-14 at 09:53, Tom Alsberg wrote:
> Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged
> as to how to get the client name from there.  It seems not to be
> available in the auth_request strut or anything from there.  I tried
> even adding an upwards reference from there to the struct client *,
> but then I see that there are three structs named client and two
> structs named auth_request, and somehow I got into trouble of passing
> it cleanly.

See Chernomorets Sergey's recent post about vpopmail. It has client_ip
passed all the way to auth_request. I'll also commit this to CVS:

Index: passdb-pam.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-pam.c,v
retrieving revision 1.15
diff -u -r1.15 passdb-pam.c
--- passdb-pam.c	31 May 2004 18:57:25 -0000	1.15
+++ passdb-pam.c	15 Jun 2004 03:12:37 -0000
@@ -15,6 +15,7 @@
 #include "common.h"
 #include "buffer.h"
 #include "ioloop.h"
+#include "network.h"
 #include "passdb.h"
 #include "mycrypt.h"
 #include "safe-memset.h"
@@ -204,7 +205,7 @@
 }
 
 static void
-pam_verify_plain_child(const char *service, const char *user,
+pam_verify_plain_child(const struct auth_request *request, const char *service,
 		       const char *password, int fd)
 {
 	pam_handle_t *pamh;
@@ -219,15 +220,21 @@
 	conv.conv = pam_userpass_conv;
 	conv.appdata_ptr = &userpass;
 
-	userpass.user = user;
+	userpass.user = request->user;
 	userpass.pass = password;
 
-	status = pam_start(service, user, &conv, &pamh);
+	status = pam_start(service, request->user, &conv, &pamh);
 	if (status != PAM_SUCCESS) {
 		result = PASSDB_RESULT_INTERNAL_FAILURE;
 		str = t_strdup_printf("pam_start() failed: %s",
 				      pam_strerror(pamh, status));
 	} else {
+#ifdef PAM_RHOST
+		const char *host = net_ip2addr(&request->remote_ip);
+		if (host != NULL)
+			pam_set_item(pamh, PAM_RHOST, host);
+#endif
+
 		status = pam_auth(pamh, &str);
 		if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) {
 			/* FIXME: check for PASSDB_RESULT_UNKNOWN_USER
@@ -360,7 +367,7 @@
 
 	if (pid == 0) {
 		(void)close(fd[0]);
-		pam_verify_plain_child(service, request->user, password, fd[1]);
+		pam_verify_plain_child(request, service, password, fd[1]);
 		_exit(0);
 	}
 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040615/f679fa21/attachment.pgp


More information about the dovecot mailing list