Re: [Openvpn-devel] Patch for pam recent module

[Gert Doering]

Hi,

On Wed, Jun 26, 2019 at 03:37:56PM +0200, Paolo wrote:
> i make a pull reuqest ofr this patch some times ago over github, this
> patch implements the right peace of software for passing ip and hostname
> to pam modules, to use for example in firewall or modules like
> pam_recent, this patch is succefull running by more tha 7 years into our
> systems.

Please send patches with "git send-email".  Your mail program totally
massacred the patch (most spaces were replaced by alt-space, 0xa0, which
looks like a space but isn't)

Please do also use a meaningful commit message that describes what
the patch does, and use "git commit -s" to add a signed-off-by line.

> \xa0\xa0\xa0\xa0 char response[128];
> +\xa0\xa0\xa0 char remote[128];

This is how the patch arrived here...

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] Patch for pam recent module

[Paolo]

hi,

i make a pull reuqest ofr this patch some times ago over github, this
patch implements the right peace of software for passing ip and hostname
to pam modules, to use for example in firewall or modules like
pam_recent, this patch is succefull running by more tha 7 years into our
systems.


diff --git a/src/plugins/auth-pam/auth-pam.c
b/src/plugins/auth-pam/auth-pam.c
index 88b53204..9d8dfb95 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -115,6 +115,7 @@ struct user_pass {
 char password[128];
 char common_name[128];
 char response[128];
+    char remote[128];
 
 const struct name_value_list *name_value_list;
 };
@@ -517,13 +518,15 @@ openvpn_plugin_func_v1(openvpn_plugin_handle_t
handle, const int type, const cha
 const char *username = get_env("username", envp);
 const char *password = get_env("password", envp);
 const char *common_name = get_env("common_name", envp) ?
get_env("common_name", envp) : "";
+    const char *remote = get_env("untrusted_ip", envp) ?
get_env("untrusted_ip", envp) : get_env("untrusted_ip6", envp);
 
 if (username && strlen(username) > 0 && password)
 {
 if (send_control(context->foreground_fd, COMMAND_VERIFY) == -1
 || send_string(context->foreground_fd, username) == -1
 || send_string(context->foreground_fd, password) == -1
-    || send_string(context->foreground_fd, common_name) == -1)
+    || send_string(context->foreground_fd, common_name) == -1
+    || send_string(context->foreground_fd, remote) == -1)
 {
 fprintf(stderr, "AUTH-PAM: Error sending auth info to
background process\n");
 }
@@ -750,8 +753,16 @@ pam_auth(const char *service, const struct
user_pass *up)
 status = pam_start(service, name_value_list_provided ? NULL :
up->username, &conv, &pamh);
 if (status == PAM_SUCCESS)
 {
+    /* Set PAM_RHOST environment variable */
+    if (*(up->remote))
+    {
+    status = pam_set_item(pamh, PAM_RHOST, up->remote);
+    }
 /* Call PAM to verify username/password */
-    status = pam_authenticate(pamh, 0);
+    if (status == PAM_SUCCESS)
+    {
+    status = pam_authenticate(pamh, 0);
+    }
 if (status == PAM_SUCCESS)
 {
 status = pam_acct_mgmt(pamh, 0);
@@ -839,7 +850,8 @@ pam_server(int fd, const char *service, int verb,
const struct name_value_list *
 case COMMAND_VERIFY:
 if (recv_string(fd, up.username, sizeof(up.username)) == -1
 || recv_string(fd, up.password,
sizeof(up.password)) == -1
-    || recv_string(fd, up.common_name,
sizeof(up.common_name)) == -1)
+    || recv_string(fd, up.common_name,
sizeof(up.common_name)) == -1
+    || recv_string(fd, up.remote, sizeof(up.remote)) == -1)
 {
 fprintf(stderr, "AUTH-PAM: BACKGROUND: read error
on command channel: code=%d, exiting\n",
 command);
@@ -853,6 +865,7 @@ pam_server(int fd, const char *service, int verb,
const struct name_value_list *
 up.username, up.password);
 #else
 fprintf(stderr, "AUTH-PAM: BACKGROUND: USER: %s\n",
up.username);
+    fprintf(stderr, "AUTH-PAM: BACKGROUND: REMOTE:
%s\n", up.remote);
 #endif
 }

-- 
-***-
Paolo Cerrito
-***-



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel