[Dovecot] passdb-pam: PAM_RHOST on FreeBSD >= 5.0 (where PAM !=
Linux-PAM)
Tom Alsberg
alsbergt at cs.huji.ac.il
Mon Jan 16 14:01:16 EET 2006
This is actually something I had on my mind to write about in the past
few -stable and alpha releases, but did not get to and instead always
patched myself. Now having updated to the latest snapshot (which may
be released as beta1), I stumbled on it again:
In src/auth/passdb-pam.c, where the client host is passed to PAM, the
code looks like this:
#ifdef PAM_RHOST
const char *host = net_ip2addr(&request->remote_ip);
if (host != NULL)
pam_set_item(pamh, PAM_RHOST, host);
#endif
For some reason there is a preprocessor/compile-time check whethere
there exists such a preprocessor symbol as the PAM item PAM_RHOST (why
check that? IIRC PAM_RHOST is standard and in all PAM
implementations).
However, PAM_RHOST (or other PAM items, for that matter), are not
preprocessor symbols in all PAM implementations. For example, in
OpenPAM (the PAM implementation used on FreeBSD >= 5.0, among others;
FreeBSD 4 used Linux-PAM), PAM items are elements of an enum, and thus
this check fails, and the client host is not passed to PAM.
Since it can be defined in several ways, I do not see how to check for
it other than using a compilation test (in autoconf) and then defining
something like HAVE_PAM_RHOST in config.h. However I do not see why
check for it at all, so I propose to remove that #ifdef. Tiny patch
attached for that.
Cheers,
-- Tom
--
Tom Alsberg - hacker (being the best description fitting this space)
Web page: http://www.cs.huji.ac.il/~alsbergt/
DISCLAIMER: The above message does not even necessarily represent what
my fingers have typed on the keyboard, save anything further.
-------------- next part --------------
diff -ur dovecot-1.0.alpha5.orig/src/auth/passdb-pam.c dovecot-1.0.alpha5/src/auth/passdb-pam.c
--- dovecot-1.0.alpha5.orig/src/auth/passdb-pam.c Sun Jan 15 05:00:09 2006
+++ dovecot-1.0.alpha5/src/auth/passdb-pam.c Mon Jan 16 13:42:51 2006
@@ -252,11 +252,9 @@
str = t_strdup_printf("pam_start() failed: %s",
pam_strerror(pamh, status));
} else {
-#ifdef PAM_RHOST
const char *host = net_ip2addr(&request->remote_ip);
if (host != NULL)
pam_set_item(pamh, PAM_RHOST, host);
-#endif
status = pam_auth(request, pamh, &str);
if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) {
More information about the dovecot
mailing list