From patchwork Wed Jun 26 03:37:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Cerrito X-Patchwork-Id: 766 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id eBIiHJR1E12DbwAAIUCqbw for ; Wed, 26 Jun 2019 09:39:32 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id GAUSHJR1E116VwAAIasKDg ; Wed, 26 Jun 2019 09:39:32 -0400 Received: from smtp10.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTP id gEaqG5R1E10gVQAAetu3IA ; Wed, 26 Jun 2019 09:39:32 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp10.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: d3bef190-9817-11e9-ad61-52540013bccb-1-1 Received: from [216.105.38.7] ([216.105.38.7:35656] helo=lists.sourceforge.net) by smtp10.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6C/46-03657-395731D5; Wed, 26 Jun 2019 09:39:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hg87d-0001Gr-B7; Wed, 26 Jun 2019 13:38:01 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1hg87c-0001Gj-BA for openvpn-devel@lists.sourceforge.net; Wed, 26 Jun 2019 13:38:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :Date:Message-ID:Subject:From:To:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LRVp9ZT4GCC85hAoqiLwDZ4bhkq+pB6uKIksJgJHQGA=; b=TlBTl5YH+R2UyGfHD1+uzkw3V3 0UOlo1OHSzG71rykP0M+BKFR3UpM1FWhSRT2KQ/4cszVVk2ocV/LsLJY/1NQVOycTmj3/Ng/2XAo9 sjVlgEt1TreJZwTMIfnE8rHcSjo0SoZGSErpEKSYIxjCGptPFUp43Edie0tmrRyWUlho=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID: Subject:From:To:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=LRVp9ZT4GCC85hAoqiLwDZ4bhkq+pB6uKIksJgJHQGA=; b=C 8T32s9atDOvioi97hu9NAMn+xRggPA2R+sCUEm4TXjuYx0kcdtxgnNYMA64HE6o1f+iXM8nSVQwbF JH9K3yX0OBfVS1XVfTTAFt5gERfvoYu0YVJTSIPBFI4drNCDLahRydF2dBmL7IQ9mjDYCgTeoc9s3 8eK6EeoB2+H+e0+w=; Received: from mail-wr1-f42.google.com ([209.85.221.42]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) id 1hg87g-00Atj9-HW for openvpn-devel@lists.sourceforge.net; Wed, 26 Jun 2019 13:38:08 +0000 Received: by mail-wr1-f42.google.com with SMTP id c2so2781001wrm.8 for ; Wed, 26 Jun 2019 06:38:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:openpgp:autocrypt:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=LRVp9ZT4GCC85hAoqiLwDZ4bhkq+pB6uKIksJgJHQGA=; b=kUfaNVEYl8ZhKWrJQfC7yznz+E3NQZ4lLngHQJT5xqrUFRaoz+WBJajYIGJuM9AsFh OkkZvEyzd2EAosQ+QQHdicagC3gJPs154014yBCTOnBu2vgzMqvxMkvu2/GJ2QU9bYKi auPTtnMxGrX+ApeILMhofWcsGu2iqFmyVPz5QLAtxtjVakyZmBN09O0lBoVMKcZhaFQe sStnQf8GAoN4cbR0RP0Ehee+Bkav2wlM3u4rLBnvLmUQcHCLQxn91eD8A34U5drEKc50 0DcSOBq/TSN3stEgImEu+yo67OIN60WduFbwhlBx8YmNZDlfN1kvf+YQFgAYD1K3Phw7 Vo8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:openpgp:autocrypt:message-id :date:user-agent:mime-version:content-transfer-encoding :content-language; bh=LRVp9ZT4GCC85hAoqiLwDZ4bhkq+pB6uKIksJgJHQGA=; b=kV45safFKXSCmUshozK93qpTZL2GBNS7CM4GGlg5xMdtoI4bjT85xHlvg2bv2SUF7h dFGdfstCZKKD+Mvvu3oyH3PLPhb6gT0uvXVun8Ttx9MHMrMy8j0ZJF054u/fjVV9nyiD Gp/ABOw3NDW6FcMAbvMnVNNq4ZOl3NeZ9Eib017AQlJvBSYM9+FQVy6GSyN7QeKBiGLM CaV0XFQzugFz5p2DTuagAdaoBp7pZevGU/F0gT9Q21Vlq3bM6fEz6cUUqJrK5qM5meuy sdjY90ycfsY/WP6bGAHoaVsIvVYsIpKZ8gM6CEzrBxandT20UrbLxrpfhMhSwL2j33RE qG6Q== X-Gm-Message-State: APjAAAW223kKz80PkomjqIBemqB8Uinpif6UKJiXbk5YfY6I1idMmXHU hp6G8Rrh90ETip/ERsrqkGTezT3uBv0= X-Google-Smtp-Source: APXvYqyce1Bej38BWn2fIvXdTM1015fbTFa7eDnHi+OkVgQrK+/BqJmW4Cr+qlcgmqnLaYnxThJcTA== X-Received: by 2002:adf:ef8d:: with SMTP id d13mr3623059wro.60.1561556277740; Wed, 26 Jun 2019 06:37:57 -0700 (PDT) Received: from wardragon.ccd.uniroma2.it (wardragon-m.ccd.uniroma2.it. [160.80.8.176]) by smtp.gmail.com with ESMTPSA id b203sm2666156wmd.41.2019.06.26.06.37.57 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 26 Jun 2019 06:37:57 -0700 (PDT) To: openvpn-devel@lists.sourceforge.net From: Paolo Openpgp: preference=signencrypt Autocrypt: addr=wardragon78@gmail.com; prefer-encrypt=mutual; keydata= mQINBFfRD78BEAC71qVZuPq7gYC6waNq2U4W+YqWzwA+mZuhZQnC+YflC3/tq9H/UmgNxOA4 ZFIkvi5dFYtDBsj4iine6TQbDaThBHm+Yx4AL/0C/phFOy5E54Cgn8p5ArXZnv+3ilCa8egC ktJOUSRwoB6LN+UF/2juN7587llcyW6LwsM0BiS60vpbP3gQ4ZJcqxM6TOZSBfp3dai60/OV uvovzc/fbNscB4iOBIZd4g++QCMu0bQFRFRCLH1GOcSJN+liKfCCUOxa17BDAELUEFKU8JNi qDtcBtFSFgTVYcXO0eI2AEo/CwEesCm/9VqkBz8YNWDF/yitzGKfTjTnGutYRXEmKyST0tY4 ocW6BvlUfM7EjLf0z8IAXd62Ze7pE2LJ5q1ap1uF3eAmE1ckU3soAdW4p/ifsFm23Z9GMYT+ ouRTFrK3Q5gb8Xk/EhzSRaxxtaR+gMYhE5GXr1LjJhSIK/yz3eXgw/Ho0os7FYqzs2V5mxI3 g14PS3xk2xj2GOT6CJwpmPV/kJZgQIT9pI2FGzPR5n3Jo57hhiRgAyRZEqkOKo+aROoHE0f1 hesB2m71jLQUenx6710tSbllTy8hfhJjOPb+Fboi/z0k6632jCTERmo/+STMqIpLpk1p/yV3 +LgDsRz9WSozOgCAAsz8EvvqPwNd3QMe4u4JFj489ALnUZCz/QARAQABtClQYW9sbyBDZXJy aXRvIDxwYW9sby5jZXJyaXRvQHVuaXJvbWEyLml0PokCPQQTAQgAJwUCV9EPvwIbIwUJCWYB gAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAu5+uBGI+M3UZfEACCvU1yZcPL8WaXKbQ4 uJuSSQe4ZnLIODGyvuleKDcJ18cyJ5ZKA1N3RjLQk8pWb4XABN3vXAuz549PTXe+X0xmmwtP imZNucG2Ws0nKbPMF0EWpe/bwSCswXqR5ffZuAjra0vWSbnWOBE6Z8hpw5Yph7XpPLk8KknS XCai4fWBNhsWv9P+8yroAsQxKfnjwJGOcW8m95G4Sxjpn7P825zs6Jtp/0bus/L9TumUK02B LURFp99PT/17nPp1hKoAKP5PbHwvT7bDvT7fSr45LUzMlYFadRyMqbOdhCUMR2Ey3zDJJI3x paB00Ak9CmpfNLhOudV6k6wIxZWuGCDausHB2exROrXlJNq6Z6Qd8N2NTjIPRMmILfsdvDhL jo+28DVXsY0Cee6/61Kz9e26B98Kn7dEYfjLqMQESkebxGRK/TGmjni7sUi54YGcViMb+Fly YBqYLYv72+te3IxSGUoZ/F5dQ2IOHQvL6wbNkkc2v9QcwcIuLeGAfwx9hyRqDoKiqkUf1SWk 8A9bn1VNTwVe+Yjs68aMR7Te0sZutFuF3gkKnBV2Wm51zzT3c4M0Tk5c23wcnvNZyydXkFMU t/tszklZNaFkkXPPE2J3AszVmi4Ss3FZEbpMYOcp6IIxev0GhmQ1g0SSe194HPJqEuDpcyFv /rrQj7O+nF8927AFRrkCDQRX0Q+/ARAA2zRRKrmtXaJupnEbHBWJcLK8OzJ/yo2cCbql8yeU b7Yh2RjfNbYCqOz8V75Kg45ywgXglHWfjf5RTckyMFc1jeM+atMyC8J71T3DZVhHj5UNgzzo WVmWLsVZtpBHHCnhuGWwbcBtKVl27iI3i3aPjxX57czbzIdGzQqLdpmnh890ED8sg0JLLYTP /G2Wv+ByEw1Kk5X+2jN+M/ISeRc85IrI87VqmrY29EFBuOUQeIEYnadO3cB3gqupqJi2ROzg 4bIbNrxGKWOd3JM/Wr9OzT3cx6kC+qgU5GPwnv1F+K4JROnEguDPBQEVntoUa587b+rLGtya tIkNbVNpxyaFgs9FlOb7REk73nORKo2ggHPDWKOXsdJ7yStiYdkjNGTcbMixIs/qAWgT5tdL cr7PKUber3oIUWkUk8bjWhYIZJXYUXW3ZineL8Zw0ggZtIkUQFJWg9nmvOJl8Qx5HFg9CsqK X9JJy6t2xCXQ4jQbvCnfkpqr06bpH91ilmNp1VIhUBuJSB8IKOz0FUfHj4Iwyx1a0TspjrZl dUvfWd/7aHZ8EPAWHpEWh7CP3OHmg3J4f1XTw6OYb8/ayc1cvoGhACNtAPxoOPIvZ7lqhKaB 8ruieouzKmtspDTlV03FERlKIKt7vbK+hj2RQEB61RgIHCHsFR/SWg4ekPi7rjHKc+cAEQEA AYkCJQQYAQgADwUCV9EPvwIbDAUJCWYBgAAKCRAu5+uBGI+M3RrcD/0a6w8v7VulfDwGmBwk /28N76AH+spJEMDcKy4NjWFCS/7J+Oo0Lgl4c1e0RtEqgdpd3P1hFa6NntgYE6tc884XMcpd ztGM1L+yD+Yyunj+bKnaFbjruGbPbKatbGY59o+VELfy8Zx4RhEBNzlIbcLDf9dNTxqdn3Nj g56Ardhg5qaiyJiSF9k0uyTiNW2mvXxvxwRWNStoXFrJq1wwJ8XubkjscVKjt/YEDt8bf3yM rCRB5fYzzdvItAfT2qZvNvbaAieG/gzKZeL7Z6EQCx+7vK+ZElH23MQewBtc3+bX6Ot5fMEj M5tLWyycwMznNVif6JhA2W7Hdei9gweLk/sH+QZIeNhiRtJa4NnB87iEfSJ/nRm2OznPGdOd C43+lI13lH7M0fWWk8Adk8R7+w+RRW/3lijVZVV4R6MXJU1tFDoT5ozQDdwyPHnre7966C0/ Wec1rqA2KSDCeohxPrK/AZEuPzjDGzkvrZ+FSnTDEqe+wyw88R8+Emmcnf83YyCXDeNnPefd lNQIV3t/TujfWyceEmEGwJHWRtjHsKmmi1aE/dhS+i+PWFfLDgHnOLKDqhs15vbLmKV8QTua drFhyV3O3kNhvpZaR9OI1DjU3W6i/8cbgqCYjveE8g6ZWI08tv7+b03S9VJYtLiLkvUqljLi jb5c+0ds+YWRxHBTNw== Message-ID: Date: Wed, 26 Jun 2019 15:37:56 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 Content-Language: it-IT X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (wardragon78[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.42 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (wardragon78[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1hg87g-00Atj9-HW Subject: [Openvpn-devel] Patch for pam recent module X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox hi, i make a pull reuqest ofr this patch some times ago over github, this patch implements the right peace of software for passing ip and hostname to pam modules, to use for example in firewall or modules like pam_recent, this patch is succefull running by more tha 7 years into our systems.              {                  fprintf(stderr, "AUTH-PAM: Error sending auth info to background process\n");              } @@ -750,8 +753,16 @@ pam_auth(const char *service, const struct user_pass *up)      status = pam_start(service, name_value_list_provided ? NULL : up->username, &conv, &pamh);      if (status == PAM_SUCCESS)      { +        /* Set PAM_RHOST environment variable */ +        if (*(up->remote)) +        { +            status = pam_set_item(pamh, PAM_RHOST, up->remote); +        }          /* Call PAM to verify username/password */ -        status = pam_authenticate(pamh, 0); +        if (status == PAM_SUCCESS) +        { +            status = pam_authenticate(pamh, 0); +        }          if (status == PAM_SUCCESS)          {              status = pam_acct_mgmt(pamh, 0); @@ -839,7 +850,8 @@ pam_server(int fd, const char *service, int verb, const struct name_value_list *              case COMMAND_VERIFY:                  if (recv_string(fd, up.username, sizeof(up.username)) == -1                      || recv_string(fd, up.password, sizeof(up.password)) == -1 -                    || recv_string(fd, up.common_name, sizeof(up.common_name)) == -1) +                    || recv_string(fd, up.common_name, sizeof(up.common_name)) == -1 +                    || recv_string(fd, up.remote, sizeof(up.remote)) == -1)                  {                      fprintf(stderr, "AUTH-PAM: BACKGROUND: read error on command channel: code=%d, exiting\n",                              command); @@ -853,6 +865,7 @@ pam_server(int fd, const char *service, int verb, const struct name_value_list *                              up.username, up.password);  #else                      fprintf(stderr, "AUTH-PAM: BACKGROUND: USER: %s\n", up.username); +                    fprintf(stderr, "AUTH-PAM: BACKGROUND: REMOTE: %s\n", up.remote);  #endif                  } diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index 88b53204..9d8dfb95 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -115,6 +115,7 @@ struct user_pass {      char password[128];      char common_name[128];      char response[128]; +    char remote[128];        const struct name_value_list *name_value_list;  }; @@ -517,13 +518,15 @@ openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, const int type, const cha          const char *username = get_env("username", envp);          const char *password = get_env("password", envp);          const char *common_name = get_env("common_name", envp) ? get_env("common_name", envp) : ""; +        const char *remote = get_env("untrusted_ip", envp) ? get_env("untrusted_ip", envp) : get_env("untrusted_ip6", envp);            if (username && strlen(username) > 0 && password)          {              if (send_control(context->foreground_fd, COMMAND_VERIFY) == -1                  || send_string(context->foreground_fd, username) == -1                  || send_string(context->foreground_fd, password) == -1 -                || send_string(context->foreground_fd, common_name) == -1) +                || send_string(context->foreground_fd, common_name) == -1 +                || send_string(context->foreground_fd, remote) == -1)