| Message ID | da61f7b0-f9e1-e4e7-3aa0-a0dd603a3f32@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [Openvpn-devel] Patch for pam recent module | expand |
Hi, On Wed, Jun 26, 2019 at 03:37:56PM +0200, Paolo wrote: > i make a pull reuqest ofr this patch some times ago over github, this > patch implements the right peace of software for passing ip and hostname > to pam modules, to use for example in firewall or modules like > pam_recent, this patch is succefull running by more tha 7 years into our > systems. Please send patches with "git send-email". Your mail program totally massacred the patch (most spaces were replaced by alt-space, 0xa0, which looks like a space but isn't) Please do also use a meaningful commit message that describes what the patch does, and use "git commit -s" to add a signed-off-by line. > \xa0\xa0\xa0\xa0 char response[128]; > +\xa0\xa0\xa0 char remote[128]; This is how the patch arrived here... gert
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index 88b53204..9d8dfb95 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -115,6 +115,7 @@ struct user_pass { char password[128]; char common_name[128]; char response[128]; + char remote[128]; const struct name_value_list *name_value_list; }; @@ -517,13 +518,15 @@ openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const cha const char *username = get_env("username", envp); const char *password = get_env("password", envp); const char *common_name = get_env("common_name", envp) ? get_env("common_name", envp) : ""; + const char *remote = get_env("untrusted_ip", envp) ? get_env("untrusted_ip", envp) : get_env("untrusted_ip6", envp); if (username && strlen(username) > 0 && password) { if (send_control(context->foreground_fd, COMMAND_VERIFY) == -1 || send_string(context->foreground_fd, username) == -1 || send_string(context->foreground_fd, password) == -1 - || send_string(context->foreground_fd, common_name) == -1) + || send_string(context->foreground_fd, common_name) == -1 + || send_string(context->foreground_fd, remote) == -1)
hi, i make a pull reuqest ofr this patch some times ago over github, this patch implements the right peace of software for passing ip and hostname to pam modules, to use for example in firewall or modules like pam_recent, this patch is succefull running by more tha 7 years into our systems. { fprintf(stderr, "AUTH-PAM: Error sending auth info to background process\n"); } @@ -750,8 +753,16 @@ pam_auth(const char *service, const struct user_pass *up) status = pam_start(service, name_value_list_provided ? NULL : up->username, &conv, &pamh); if (status == PAM_SUCCESS) { + /* Set PAM_RHOST environment variable */ + if (*(up->remote)) + { + status = pam_set_item(pamh, PAM_RHOST, up->remote); + } /* Call PAM to verify username/password */ - status = pam_authenticate(pamh, 0); + if (status == PAM_SUCCESS) + { + status = pam_authenticate(pamh, 0); + } if (status == PAM_SUCCESS) { status = pam_acct_mgmt(pamh, 0); @@ -839,7 +850,8 @@ pam_server(int fd, const char *service, int verb, const struct name_value_list * case COMMAND_VERIFY: if (recv_string(fd, up.username, sizeof(up.username)) == -1 || recv_string(fd, up.password, sizeof(up.password)) == -1 - || recv_string(fd, up.common_name, sizeof(up.common_name)) == -1) + || recv_string(fd, up.common_name, sizeof(up.common_name)) == -1 + || recv_string(fd, up.remote, sizeof(up.remote)) == -1) { fprintf(stderr, "AUTH-PAM: BACKGROUND: read error on command channel: code=%d, exiting\n", command); @@ -853,6 +865,7 @@ pam_server(int fd, const char *service, int verb, const struct name_value_list * up.username, up.password); #else fprintf(stderr, "AUTH-PAM: BACKGROUND: USER: %s\n", up.username); + fprintf(stderr, "AUTH-PAM: BACKGROUND: REMOTE: %s\n", up.remote); #endif }