[Dovecot] passdb-pam: PAM_RHOST on FreeBSD >= 5.0 (where PAM != Linux-PAM)

Tom Alsberg alsbergt at cs.huji.ac.il
Mon Jan 16 14:01:16 EET 2006


This is actually something I had on my mind to write about in the past
few -stable and alpha releases, but did not get to and instead always
patched myself.  Now having updated to the latest snapshot (which may
be released as beta1), I stumbled on it again:

In src/auth/passdb-pam.c, where the client host is passed to PAM, the
code looks like this:

#ifdef PAM_RHOST
		const char *host = net_ip2addr(&request->remote_ip);
		if (host != NULL)
			pam_set_item(pamh, PAM_RHOST, host);
#endif

For some reason there is a preprocessor/compile-time check whethere
there exists such a preprocessor symbol as the PAM item PAM_RHOST (why
check that?  IIRC PAM_RHOST is standard and in all PAM
implementations).

However, PAM_RHOST (or other PAM items, for that matter), are not
preprocessor symbols in all PAM implementations.  For example, in
OpenPAM (the PAM implementation used on FreeBSD >= 5.0, among others;
FreeBSD 4 used Linux-PAM), PAM items are elements of an enum, and thus
this check fails, and the client host is not passed to PAM.

Since it can be defined in several ways, I do not see how to check for
it other than using a compilation test (in autoconf) and then defining
something like HAVE_PAM_RHOST in config.h.  However I do not see why
check for it at all, so I propose to remove that #ifdef.  Tiny patch
attached for that.

  Cheers,
  -- Tom

-- 
  Tom Alsberg - hacker (being the best description fitting this space)
  Web page:	http://www.cs.huji.ac.il/~alsbergt/
DISCLAIMER:  The above message does not even necessarily represent what
my fingers have typed on the keyboard, save anything further.
-------------- next part --------------
diff -ur dovecot-1.0.alpha5.orig/src/auth/passdb-pam.c dovecot-1.0.alpha5/src/auth/passdb-pam.c
--- dovecot-1.0.alpha5.orig/src/auth/passdb-pam.c	Sun Jan 15 05:00:09 2006
+++ dovecot-1.0.alpha5/src/auth/passdb-pam.c	Mon Jan 16 13:42:51 2006
@@ -252,11 +252,9 @@
 		str = t_strdup_printf("pam_start() failed: %s",
 				      pam_strerror(pamh, status));
 	} else {
-#ifdef PAM_RHOST
 		const char *host = net_ip2addr(&request->remote_ip);
 		if (host != NULL)
 			pam_set_item(pamh, PAM_RHOST, host);
-#endif
 
 		status = pam_auth(request, pamh, &str);
 		if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) {


More information about the dovecot mailing list