diff options
author | Jan Pazdziora <jpazdziora@redhat.com> | 2014-06-23 13:32:17 +0200 |
---|---|---|
committer | Jan Pazdziora <jpazdziora@redhat.com> | 2014-06-23 14:25:20 +0200 |
commit | b74c74f5425d8db489f5273f5594f2c0e5b77815 (patch) | |
tree | 05879e37a3f6f9b48419d7e9eb597ae93a029e00 | |
parent | b36a2b60989baafd3945e443a57d92b86f480b9a (diff) | |
download | mod_authnz_pam-b74c74f5425d8db489f5273f5594f2c0e5b77815.tar.gz mod_authnz_pam-b74c74f5425d8db489f5273f5594f2c0e5b77815.tar.xz mod_authnz_pam-b74c74f5425d8db489f5273f5594f2c0e5b77815.zip |
Populate PAM_RHOST to support host-based checks via pam_access(8).
-rw-r--r-- | mod_authnz_pam.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/mod_authnz_pam.c b/mod_authnz_pam.c index 9f243a7..739ae93 100644 --- a/mod_authnz_pam.c +++ b/mod_authnz_pam.c @@ -79,7 +79,15 @@ static authn_status pam_authenticate_with_login_password(request_rec * r, const const char * stage = "PAM transaction failed for service"; const char * param = pam_service; int ret; - if ((ret = pam_start(pam_service, login, &pam_conversation, &pamh)) == PAM_SUCCESS) { + ret = pam_start(pam_service, login, &pam_conversation, &pamh); + if (ret == PAM_SUCCESS) { + const char * remote_host_or_ip = ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME, NULL); + if (remote_host_or_ip) { + stage = "PAM pam_set_item PAM_RHOST failed for service"; + ret = pam_set_item(pamh, PAM_RHOST, remote_host_or_ip); + } + } + if (ret == PAM_SUCCESS) { if (steps & _PAM_STEP_AUTH) { param = login; stage = "PAM authentication failed for user"; |