On Mon, 2004-06-14 at 09:53, Tom Alsberg wrote:
Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged as to how to get the client name from there. It seems not to be available in the auth_request strut or anything from there. I tried even adding an upwards reference from there to the struct client *, but then I see that there are three structs named client and two structs named auth_request, and somehow I got into trouble of passing it cleanly.
See Chernomorets Sergey's recent post about vpopmail. It has client_ip passed all the way to auth_request. I'll also commit this to CVS: Index: passdb-pam.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/passdb-pam.c,v retrieving revision 1.15 diff -u -r1.15 passdb-pam.c --- passdb-pam.c 31 May 2004 18:57:25 -0000 1.15 +++ passdb-pam.c 15 Jun 2004 03:12:37 -0000 @@ -15,6 +15,7 @@ #include "common.h" #include "buffer.h" #include "ioloop.h" +#include "network.h" #include "passdb.h" #include "mycrypt.h" #include "safe-memset.h" @@ -204,7 +205,7 @@ } static void -pam_verify_plain_child(const char *service, const char *user, +pam_verify_plain_child(const struct auth_request *request, const char *service, const char *password, int fd) { pam_handle_t *pamh; @@ -219,15 +220,21 @@ conv.conv = pam_userpass_conv; conv.appdata_ptr = &userpass; - userpass.user = user; + userpass.user = request->user; userpass.pass = password; - status = pam_start(service, user, &conv, &pamh); + status = pam_start(service, request->user, &conv, &pamh); if (status != PAM_SUCCESS) { result = PASSDB_RESULT_INTERNAL_FAILURE; str = t_strdup_printf("pam_start() failed: %s", pam_strerror(pamh, status)); } else { +#ifdef PAM_RHOST + const char *host = net_ip2addr(&request->remote_ip); + if (host != NULL) + pam_set_item(pamh, PAM_RHOST, host); +#endif + status = pam_auth(pamh, &str); if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) { /* FIXME: check for PASSDB_RESULT_UNKNOWN_USER @@ -360,7 +367,7 @@ if (pid == 0) { (void)close(fd[0]); - pam_verify_plain_child(service, request->user, password, fd[1]); + pam_verify_plain_child(request, service, password, fd[1]); _exit(0); }