PAM and -u0
Damien Miller
djm at mindrot.org
Sat Apr 21 10:38:17 EST 2001
On Fri, 20 Apr 2001, Kevin Steves wrote:
> On Sat, 31 Mar 2001, Damien Miller wrote:
> : > is this change ok? goal is that PAM with -u0 does not use DNS (like
> : > without PAM).
> :
> : You should also remove the 'extern ServerOptions options;' from the
> : beginning of the function.
> :
> : > +/* XXX: move to header file */
> : > +const char *
> : > +get_remote_name_or_ip(void);
> :
> : Either that or add the remote host/address as an argument to start_pam()
>
> get_remote_name_or_ip() is now public, so we can do this:
Perhaps pass the hostname in to start_pam so we can get rid of the
extern ServerOptions too?
> ok?
>
> Index: auth-pam.c
> ===================================================================
> RCS file: /var/cvs/openssh/auth-pam.c,v
> retrieving revision 1.35
> diff -u -r1.35 auth-pam.c
> --- auth-pam.c 2001/04/20 17:43:47 1.35
> +++ auth-pam.c 2001/04/20 21:19:07
> @@ -348,6 +348,8 @@
> {
> int pam_retval;
> extern ServerOptions options;
> + extern int utmp_len;
> + const char *rhost;
>
> debug("Starting up PAM with username \"%.200s\"", user);
>
> @@ -357,10 +359,10 @@
> fatal("PAM initialisation failed[%d]: %.200s",
> pam_retval, PAM_STRERROR(__pamh, pam_retval));
>
> - debug("PAM setting rhost to \"%.200s\"",
> - get_canonical_hostname(options.reverse_mapping_check));
> - pam_retval = pam_set_item(__pamh, PAM_RHOST,
> - get_canonical_hostname(options.reverse_mapping_check));
> + rhost = get_remote_name_or_ip(utmp_len, options.reverse_mapping_check);
> + debug("PAM setting rhost to \"%.200s\"", rhost);
> +
> + pam_retval = pam_set_item(__pamh, PAM_RHOST, rhost);
> if (pam_retval != PAM_SUCCESS)
> fatal("PAM set rhost failed[%d]: %.200s", pam_retval,
> PAM_STRERROR(__pamh, pam_retval));
>
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list