PAM and -u0
Kevin Steves
stevesk at sweden.hp.com
Sun Apr 22 05:11:42 EST 2001
On Sat, 21 Apr 2001, Damien Miller wrote:
: Perhaps pass the hostname in to start_pam so we can get rid of the
: extern ServerOptions too?
like this? cleaner from a auth-pam api standpoint, but adds more to the
openbsd diff. not sure what is best.
Index: auth-pam.h
===================================================================
RCS file: /var/cvs/openssh/auth-pam.h,v
retrieving revision 1.11
diff -u -r1.11 auth-pam.h
--- auth-pam.h 2001/03/27 06:12:24 1.11
+++ auth-pam.h 2001/04/21 19:04:24
@@ -5,7 +5,7 @@
#include <pwd.h> /* For struct passwd */
-void start_pam(const char *user);
+void start_pam(const char *user, const char *rhost);
void finish_pam(void);
int auth_pam_password(struct passwd *pw, const char *password);
char **fetch_pam_environment(void);
Index: auth-pam.c
===================================================================
RCS file: /var/cvs/openssh/auth-pam.c,v
retrieving revision 1.35
diff -u -r1.35 auth-pam.c
--- auth-pam.c 2001/04/20 17:43:47 1.35
+++ auth-pam.c 2001/04/21 19:04:26
@@ -344,7 +344,7 @@
}
/* Start PAM authentication for specified account */
-void start_pam(const char *user)
+void start_pam(const char *user, const char *rhost)
{
int pam_retval;
extern ServerOptions options;
@@ -357,10 +357,8 @@
fatal("PAM initialisation failed[%d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval));
- debug("PAM setting rhost to \"%.200s\"",
- get_canonical_hostname(options.reverse_mapping_check));
- pam_retval = pam_set_item(__pamh, PAM_RHOST,
- get_canonical_hostname(options.reverse_mapping_check));
+ debug("PAM setting rhost to \"%.200s\"", rhost);
+ pam_retval = pam_set_item(__pamh, PAM_RHOST, rhost);
if (pam_retval != PAM_SUCCESS)
fatal("PAM set rhost failed[%d]: %.200s", pam_retval,
PAM_STRERROR(__pamh, pam_retval));
Index: auth1.c
===================================================================
RCS file: /var/cvs/openssh/auth1.c,v
retrieving revision 1.40
diff -u -r1.40 auth1.c
--- auth1.c 2001/03/24 00:37:59 1.40
+++ auth1.c 2001/04/21 19:04:27
@@ -24,9 +24,11 @@
#include "auth.h"
#include "session.h"
#include "misc.h"
+#include "canohost.h"
/* import */
extern ServerOptions options;
+extern u_int utmp_len;
#ifdef WITH_AIXAUTHENTICATE
extern char *aixloginmsg;
@@ -399,7 +401,8 @@
#ifdef USE_PAM
if (pw)
- start_pam(user);
+ start_pam(user, get_remote_name_or_ip(utmp_len,
+ options.reverse_mapping_check));
#endif
/*
Index: auth2.c
===================================================================
RCS file: /var/cvs/openssh/auth2.c,v
retrieving revision 1.58
diff -u -r1.58 auth2.c
--- auth2.c 2001/04/19 20:50:07 1.58
+++ auth2.c 2001/04/21 19:04:31
@@ -56,6 +56,7 @@
extern ServerOptions options;
extern u_char *session_id2;
extern int session_id2_len;
+extern u_int utmp_len;
#ifdef WITH_AIXAUTHENTICATE
extern char *aixloginmsg;
@@ -206,12 +207,14 @@
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
#ifdef USE_PAM
- start_pam(pw->pw_name);
+ start_pam(pw->pw_name, get_remote_name_or_ip(utmp_len,
+ options.reverse_mapping_check));
#endif
} else {
log("input_userauth_request: illegal user %s", user);
#ifdef USE_PAM
- start_pam("NOUSER");
+ start_pam("NOUSER", get_remote_name_or_ip(utmp_len,
+ options.reverse_mapping_check));
#endif
}
setproctitle("%s", pw ? user : "unknown");
More information about the openssh-unix-dev
mailing list