Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job.

Sponsored by: DARPA, NAI Labs
author: des <des@FreeBSD.org> 2002-03-21 12:55:21 +0000
committer: des <des@FreeBSD.org> 2002-03-21 12:55:21 +0000
commit: 0f9782fc45f1e9e17dde927970c596ed7ba54eb1 (patch)
tree: 3cc6c161635ac5cf4ec8786678f7dceb17ff118a /crypto
parent: af3f1ef24c590a85611f19127b7924d25a068c3f (diff)
download: FreeBSD-src-0f9782fc45f1e9e17dde927970c596ed7ba54eb1.zip
FreeBSD-src-0f9782fc45f1e9e17dde927970c596ed7ba54eb1.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c
index 03a464d..1b6ee19 100644
--- a/crypto/openssh/auth-pam.c
+++ b/crypto/openssh/auth-pam.c
@@ -577,6 +577,7 @@ ipam_start_auth(const char *service, const char *username) {
 		ssh_conv,
 		NULL
 	};
+	const char *rhost;
 
 	cookie = malloc(sizeof(*cookie));
 	if (cookie == NULL)
@@ -613,6 +614,7 @@ ipam_start_auth(const char *service, const char *username) {
 		ipam_free_cookie(cookie);
 		return NULL;
 	}
+	rhost = get_canonical_hostname(options.verify_reverse_mapping);
 	cookie->pid = fork();
 	if (cookie->pid == -1) {
 		ipam_free_cookie(cookie);
@@ -751,6 +753,9 @@ ipam_start_auth(const char *service, const char *username) {
 
 		conv.appdata_ptr = ud;
 		retval = pam_start(service, username, &conv, &pamh);
+		fprintf(stderr, "pam_start returned %d\n", retval);
+		if (retval == PAM_SUCCESS)
+			retval = pam_set_item(pamh, PAM_RHOST, rhost);
 		/* Is user really user? */
 		if (retval == PAM_SUCCESS)
 			retval = pam_authenticate(pamh, 0);
author	des <des@FreeBSD.org>	2002-03-21 12:55:21 +0000
committer	des <des@FreeBSD.org>	2002-03-21 12:55:21 +0000
commit	0f9782fc45f1e9e17dde927970c596ed7ba54eb1 (patch)
tree	3cc6c161635ac5cf4ec8786678f7dceb17ff118a /crypto
parent	af3f1ef24c590a85611f19127b7924d25a068c3f (diff)
download	FreeBSD-src-0f9782fc45f1e9e17dde927970c596ed7ba54eb1.zip FreeBSD-src-0f9782fc45f1e9e17dde927970c596ed7ba54eb1.tar.gz