[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Trying to use pam.d with CVS 1.12.13
|
From: |
Mark D. Baushke |
|
Subject: |
Re: Trying to use pam.d with CVS 1.12.13 |
|
Date: |
Mon, 24 Sep 2007 09:02:34 -0700 |
Hi Guido,
Your problem could b related to bug#14721 (setting PAM_RHOST to the
remote ip of the connected client). If so, the patch you want follows my
.signature.
-- Mark
cvs diff -up -r1.450 -r1.451 server.c
Index: server.c
===================================================================
RCS file: /cvsroot/cvs/ccvs/src/server.c,v
retrieving revision 1.450
retrieving revision 1.451
diff -u -p -r1.450 -r1.451
--- server.c 3 Oct 2005 19:33:45 -0000 1.450
+++ server.c 16 Oct 2005 18:17:07 -0000 1.451
@@ -109,6 +109,7 @@ static char *Pserver_Repos = NULL;
# endif /* AUTH_SERVER_SUPPORT */
# ifdef HAVE_PAM
+# include <netdb.h> /* getnameinfo */
# if defined(HAVE_SECURITY_PAM_APPL_H)
# include <security/pam_appl.h>
# elif defined(HAVE_PAM_PAM_APPL_H)
@@ -6891,6 +6892,27 @@ check_pam_password (char **username, cha
int retval, err;
struct pam_conv conv = { cvs_pam_conv, 0 };
char *pam_stage = "start";
+ struct sockaddr peer;
+ int len;
+ char host[NI_MAXHOST];
+
+ /* get the client's ip address */
+ len = sizeof (peer);
+ if (getpeername (STDIN_FILENO, &peer, &len) < 0)
+ {
+ printf ("E Fatal error, aborting.\n\
+error %s getpeername failed\n", strerror (errno));
+ exit (EXIT_FAILURE);
+ }
+
+ /* convert the ip address to text */
+ if (getnameinfo(&peer, len, host, NI_MAXHOST,
+ NULL, 0, NI_NUMERICHOST) < 0)
+ {
+ printf ("E Fatal error, aborting.\n\
+error %s getnameinfo failed\n", strerror (errno));
+ exit (EXIT_FAILURE);
+ }
pam_username = *username;
pam_password = password;
@@ -6906,6 +6928,12 @@ check_pam_password (char **username, cha
if (retval == PAM_SUCCESS)
{
+ pam_stage = "set remote host ip";
+ retval = pam_set_item (pamh, PAM_RHOST, host);
+ }
+
+ if (retval == PAM_SUCCESS)
+ {
pam_stage = "authenticate";
retval = pam_authenticate (pamh, 0);
}