rpms / cyrus-sasl

Clone
Source Code
GIT

Blame cyrus-sasl-2.1.23-pam_rhosts.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main rawhide sync2rhel9b
  1.   bee9ee8a160e82dec6170e28825a0adf0624978c
  2.   cyrus-sasl-2.1.23-pam_rhosts.patch
Blob History Raw
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/lib/checkpw.c.pam_rhosts cyrus-sasl-2.1.23/lib/checkpw.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/lib/checkpw.c.pam_rhosts	2009-04-28 17:09:15.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/lib/checkpw.c	2011-05-23 06:01:55.625105257 +0200
Jan F 28371f7 
@@ -553,6 +553,8 @@ static int saslauthd_verify_password(sas
Jan F 28371f7 
     char pwpath[sizeof(srvaddr.sun_path)];
Jan F 28371f7 
     const char *p = NULL;
Jan F 28371f7 
     char *freeme = NULL;
Jan F 28371f7 
+    char *freemetoo = NULL;
Jan F 28371f7 
+    const char *client_addr = NULL;
Jan F 28371f7 
 #ifdef USE_DOORS
Jan F 28371f7 
     door_arg_t arg;
Jan F 28371f7 
 #endif
Jan F 28371f7 
@@ -584,20 +586,27 @@ static int saslauthd_verify_password(sas
Jan F 28371f7 
 	user_realm = rtmp + 1;
Jan F 28371f7 
     }
Jan F 28371f7
Jan F 28371f7 
+    if (sasl_getprop(conn, SASL_IPREMOTEPORT, (const void **) & client_addr) == SASL_OK) {
Jan F 28371f7 
+        if(_sasl_strdup(client_addr, &freemetoo, NULL) != SASL_OK)
Jan F 28371f7 
+            goto fail;
Jan F 28371f7 
+        client_addr = freemetoo;
Jan F 28371f7 
+    }
Jan F 28371f7 
+
Jan F 28371f7 
     /*
Jan F 28371f7 
      * build request of the form:
Jan F 28371f7 
      *
Jan F 28371f7 
-     * count authid count password count service count realm
Jan F 28371f7 
+     * count authid count password count service count realm count client
Jan F 28371f7 
      */
Jan F 28371f7 
     {
Jan F 28371f7 
- 	unsigned short u_len, p_len, s_len, r_len;
Jan F 28371f7 
+ 	unsigned short u_len, p_len, s_len, r_len, c_len;
Jan F 28371f7
Jan F 28371f7 
  	u_len = (strlen(userid));
Jan F 28371f7 
  	p_len = (strlen(passwd));
Jan F 28371f7 
 	s_len = (strlen(service));
Jan F 28371f7 
 	r_len = ((user_realm ? strlen(user_realm) : 0));
Jan F 28371f7 
+	c_len = ((client_addr ? strlen(client_addr): 0));
Jan F 28371f7
Jan F 28371f7 
-	if (u_len + p_len + s_len + r_len + 30 > (unsigned short) sizeof(query)) {
Jan F 28371f7 
+	if (u_len + p_len + s_len + r_len + c_len + 30 > (unsigned short) sizeof(query)) {
Jan F 28371f7 
 	    /* request just too damn big */
Jan F 28371f7 
             sasl_seterror(conn, 0, "saslauthd request too large");
Jan F 28371f7 
 	    goto fail;
Jan F 28371f7 
@@ -607,6 +616,7 @@ static int saslauthd_verify_password(sas
Jan F 28371f7 
 	p_len = htons(p_len);
Jan F 28371f7 
 	s_len = htons(s_len);
Jan F 28371f7 
 	r_len = htons(r_len);
Jan F 28371f7 
+	c_len = htons(c_len);
Jan F 28371f7
Jan F 28371f7 
 	memcpy(query_end, &u_len, sizeof(unsigned short));
Jan F 28371f7 
 	query_end += sizeof(unsigned short);
Jan F 28371f7 
@@ -623,6 +633,11 @@ static int saslauthd_verify_password(sas
Jan F 28371f7 
 	memcpy(query_end, &r_len, sizeof(unsigned short));
Jan F 28371f7 
 	query_end += sizeof(unsigned short);
Jan F 28371f7 
 	if (user_realm) while (*user_realm) *query_end++ = *user_realm++;
Jan F 28371f7 
+
Jan F 28371f7 
+	memcpy(query_end, &c_len, sizeof(unsigned short));
Jan F 28371f7 
+	query_end += sizeof(unsigned short);
Jan F 28371f7 
+	if(client_addr) while (*client_addr) *query_end++ = *client_addr++;
Jan F 28371f7 
+
Jan F 28371f7 
     }
Jan F 28371f7
Jan F 28371f7 
 #ifdef USE_DOORS
Jan F 28371f7 
@@ -723,7 +738,8 @@ static int saslauthd_verify_password(sas
Jan F 28371f7 
     close(s);
Jan F 28371f7 
 #endif /* USE_DOORS */
Jan F 28371f7
Jan F 28371f7 
-    if(freeme) free(freeme);
Jan F 28371f7 
+    if (freeme) free(freeme);
Jan F 28371f7 
+    if (freemetoo) free(freemetoo);
Jan F 28371f7
Jan F 28371f7 
     if (!strncmp(response, "OK", 2)) {
Jan F 28371f7 
 	return SASL_OK;
Jan F 28371f7 
@@ -734,6 +750,7 @@ static int saslauthd_verify_password(sas
Jan F 28371f7
Jan F 28371f7 
  fail:
Jan F 28371f7 
     if (freeme) free(freeme);
Jan F 28371f7 
+    if (freemetoo) free(freemetoo);
Jan F 28371f7 
     return SASL_FAIL;
Jan F 28371f7 
 }
Jan F 28371f7
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_dce.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_dce.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_dce.c.pam_rhosts	2001-12-04 03:06:54.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_dce.c	2011-05-23 06:01:55.793113875 +0200
Jan F 28371f7 
@@ -56,7 +56,8 @@ auth_dce(
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -104,7 +105,8 @@ auth_dce(
Jan F 28371f7 
   const char *login __attribute__((unused)),
Jan F 28371f7 
   const char *password __attribute__((unused)),
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote __attribute__((unused))
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
      return NULL;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_dce.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_dce.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_dce.h.pam_rhosts	2001-12-04 03:06:54.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_dce.h	2011-05-23 06:01:55.964113869 +0200
Jan F 28371f7 
@@ -26,4 +26,4 @@
Jan F 28371f7 
  * END COPYRIGHT
Jan F 28371f7 
  */
Jan F 28371f7
Jan F 28371f7 
-char *auth_dce(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_dce(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_getpwent.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_getpwent.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_getpwent.c.pam_rhosts	2009-04-28 17:09:18.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_getpwent.c	2011-05-23 06:01:56.099114445 +0200
Jan F 28371f7 
@@ -64,7 +64,8 @@ auth_getpwent (
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_getpwent.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_getpwent.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_getpwent.h.pam_rhosts	2001-12-04 03:06:54.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_getpwent.h	2011-05-23 06:01:56.222113919 +0200
Jan F 28371f7 
@@ -25,4 +25,4 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_getpwent(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_getpwent(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_httpform.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_httpform.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_httpform.c.pam_rhosts	2011-05-23 06:01:54.027105382 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_httpform.c	2011-05-23 06:01:56.354110199 +0200
Jan F 28371f7 
@@ -463,7 +463,8 @@ auth_httpform (
Jan F 28371f7 
   const char *user,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service,
Jan F 28371f7 
-  const char *realm
Jan F 28371f7 
+  const char *realm,
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_httpform.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_httpform.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_httpform.h.pam_rhosts	2006-03-13 21:17:09.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_httpform.h	2011-05-23 06:01:56.557105054 +0200
Jan F 28371f7 
@@ -25,5 +25,5 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_httpform(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_httpform(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
 int auth_httpform_init(void);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_krb4.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_krb4.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_krb4.c.pam_rhosts	2005-02-01 13:26:34.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_krb4.c	2011-05-23 06:01:56.679113840 +0200
Jan F 28371f7 
@@ -171,7 +171,8 @@ auth_krb4 (
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service,
Jan F 28371f7 
-  const char *realm_in
Jan F 28371f7 
+  const char *realm_in,
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -282,7 +283,8 @@ auth_krb4 (
Jan F 28371f7 
   const char *login __attribute__((unused)),
Jan F 28371f7 
   const char *password __attribute__((unused)),
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote __attribute__((unused))
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
     return NULL;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_krb4.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_krb4.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_krb4.h.pam_rhosts	2001-12-04 03:06:54.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_krb4.h	2011-05-23 06:01:56.799114029 +0200
Jan F 28371f7 
@@ -25,5 +25,5 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_krb4(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_krb4(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
 int auth_krb4_init(void);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_krb5.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_krb5.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_krb5.c.pam_rhosts	2009-04-28 17:09:18.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_krb5.c	2011-05-23 06:01:56.930114013 +0200
Jan F 28371f7 
@@ -172,7 +172,8 @@ auth_krb5 (
Jan F 28371f7 
   const char *user,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service,                  /* I: service authenticating to */
Jan F 28371f7 
-  const char *realm                     /* I: user's realm */
Jan F 28371f7 
+  const char *realm,                    /* I: user's realm */
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -340,7 +341,8 @@ auth_krb5 (
Jan F 28371f7 
   const char *user,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service,			/* I: service authenticating to */
Jan F 28371f7 
-  const char *realm			/* I: user's realm */
Jan F 28371f7 
+  const char *realm,			/* I: user's realm */
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -448,7 +450,8 @@ auth_krb5 (
Jan F 28371f7 
   const char *login __attribute__((unused)),
Jan F 28371f7 
   const char *password __attribute__((unused)),
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote __attribute__((unused))
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
     return NULL;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_krb5.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_krb5.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_krb5.h.pam_rhosts	2002-04-25 20:31:38.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_krb5.h	2011-05-23 06:01:57.408105451 +0200
Jan F 28371f7 
@@ -25,5 +25,5 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_krb5(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_krb5(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
 int auth_krb5_init(void);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_ldap.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_ldap.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_ldap.c.pam_rhosts	2004-12-08 13:12:27.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_ldap.c	2011-05-23 06:01:57.529113588 +0200
Jan F 28371f7 
@@ -60,7 +60,8 @@ auth_ldap(
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service,
Jan F 28371f7 
-  const char *realm
Jan F 28371f7 
+  const char *realm,
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -116,7 +117,8 @@ auth_ldap(
Jan F 28371f7 
   const char *login __attribute__((unused)),
Jan F 28371f7 
   const char *password __attribute__((unused)),
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote __attribute__((unused))
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
      return NULL;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_ldap.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_ldap.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_ldap.h.pam_rhosts	2002-06-19 19:35:29.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_ldap.h	2011-05-23 06:01:57.650114168 +0200
Jan F 28371f7 
@@ -25,5 +25,5 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_ldap(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_ldap(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
 int auth_ldap_init(void);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_pam.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_pam.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_pam.c.pam_rhosts	2005-05-15 08:43:19.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_pam.c	2011-05-23 06:01:57.772113703 +0200
Jan F 28371f7 
@@ -186,7 +186,8 @@ auth_pam (
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service,			/* I: service name */
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -213,6 +214,14 @@ auth_pam (
Jan F 28371f7
Jan F 28371f7 
     my_appdata.pamh = pamh;
Jan F 28371f7
Jan F 28371f7 
+    char * remote_host = strdup(remote);
Jan F 28371f7 
+    if (remote_host) {
Jan F 28371f7 
+	char * semicol = strchr(remote_host, ';');
Jan F 28371f7 
+	if (semicol) * semicol = NULL; /* truncate remote_host at the ';' port separator */
Jan F 28371f7 
+	pam_set_item(pamh, PAM_RHOST, remote_host);
Jan F 28371f7 
+	free (remote_host);
Jan F 28371f7 
+    }
Jan F 28371f7 
+
Jan F 28371f7 
     rc = pam_authenticate(pamh, PAM_SILENT);
Jan F 28371f7 
     if (rc != PAM_SUCCESS) {
Jan F 28371f7 
 	syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_authenticate failed: %s",
Jan F 28371f7 
@@ -242,7 +251,8 @@ auth_pam(
Jan F 28371f7 
   const char *login __attribute__((unused)),
Jan F 28371f7 
   const char *password __attribute__((unused)),
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote __attribute__((unused))
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
     return NULL;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_pam.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_pam.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_pam.h.pam_rhosts	2001-12-04 03:06:54.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_pam.h	2011-05-23 06:01:57.909114623 +0200
Jan F 28371f7 
@@ -32,4 +32,4 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_pam(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_pam(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_rimap.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_rimap.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_rimap.c.pam_rhosts	2011-05-23 06:01:52.564110462 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_rimap.c	2011-05-23 06:01:58.034112901 +0200
Jan F 28371f7 
@@ -298,7 +298,8 @@ auth_rimap (
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_rimap.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_rimap.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_rimap.h.pam_rhosts	2001-12-04 03:06:54.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_rimap.h	2011-05-23 06:01:58.159108329 +0200
Jan F 28371f7 
@@ -25,5 +25,5 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_rimap(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_rimap(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
 int auth_rimap_init(void);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_sasldb.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_sasldb.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_sasldb.c.pam_rhosts	2009-04-28 17:09:18.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_sasldb.c	2011-05-23 06:01:58.606109328 +0200
Jan F 28371f7 
@@ -117,13 +117,14 @@ auth_sasldb (
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm
Jan F 28371f7 
+  const char *realm,
Jan F 28371f7 
 #else
Jan F 28371f7 
   const char *login __attribute__((unused)),/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password __attribute__((unused)),  /* I: plaintext password */
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
 #endif
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_sasldb.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_sasldb.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_sasldb.h.pam_rhosts	2001-12-04 03:06:55.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_sasldb.h	2011-05-23 06:01:58.735114581 +0200
Jan F 28371f7 
@@ -25,4 +25,4 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_sasldb(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_sasldb(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_shadow.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_shadow.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_shadow.c.pam_rhosts	2011-05-23 06:01:54.327105960 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_shadow.c	2011-05-23 06:01:58.866114054 +0200
Jan F 28371f7 
@@ -85,7 +85,8 @@ auth_shadow (
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -279,7 +280,8 @@ auth_shadow (
Jan F 28371f7 
   const char *login __attribute__((unused)),
Jan F 28371f7 
   const char *passwd __attribute__((unused)),
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote __attribute__((unused))
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
     return NULL;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_shadow.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_shadow.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_shadow.h.pam_rhosts	2001-12-04 03:06:55.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_shadow.h	2011-05-23 06:01:58.986105629 +0200
Jan F 28371f7 
@@ -25,4 +25,4 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_shadow(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_shadow(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_sia.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_sia.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_sia.c.pam_rhosts	2001-12-04 03:06:55.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_sia.c	2011-05-23 06:01:59.115106407 +0200
Jan F 28371f7 
@@ -56,7 +56,8 @@ auth_sia (
Jan F 28371f7 
   const char *login,			/* I: plaintext authenticator */
Jan F 28371f7 
   const char *password,			/* I: plaintext password */
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote                    /* I: remote host address */
Jan F 28371f7 
   /* END PARAMETERS */
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
@@ -84,7 +85,8 @@ auth_sia(
Jan F 28371f7 
   const char *login __attribute__((unused)),
Jan F 28371f7 
   const char *password __attribute__((unused)),
Jan F 28371f7 
   const char *service __attribute__((unused)),
Jan F 28371f7 
-  const char *realm __attribute__((unused))
Jan F 28371f7 
+  const char *realm __attribute__((unused)),
Jan F 28371f7 
+  const char *remote __attribute__((unused))
Jan F 28371f7 
   )
Jan F 28371f7 
 {
Jan F 28371f7 
     return NULL;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/auth_sia.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/auth_sia.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/auth_sia.h.pam_rhosts	2001-12-04 03:06:55.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/auth_sia.h	2011-05-23 06:01:59.237106457 +0200
Jan F 28371f7 
@@ -25,4 +25,4 @@
Jan F 28371f7 
  * DAMAGE.
Jan F 28371f7 
  * END COPYRIGHT */
Jan F 28371f7
Jan F 28371f7 
-char *auth_sia(const char *, const char *, const char *, const char *);
Jan F 28371f7 
+char *auth_sia(const char *, const char *, const char *, const char *, const char *);
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/ipc_doors.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/ipc_doors.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/ipc_doors.c.pam_rhosts	2004-04-27 18:01:50.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/ipc_doors.c	2011-05-23 06:01:59.386106663 +0200
Jan F 28371f7 
@@ -218,6 +218,7 @@ void do_request(void *cookie, char *data
Jan F 28371f7 
 	char			password[MAX_REQ_LEN + 1]; /* password for authentication            */
Jan F 28371f7 
 	char			service[MAX_REQ_LEN + 1];  /* service name for authentication        */
Jan F 28371f7 
 	char			realm[MAX_REQ_LEN + 1];    /* user realm for authentication          */
Jan F 28371f7 
+	char			client_addr[MAX_REQ_LEN + 1];  /* client address and port            */
Jan F 28371f7
Jan F 28371f7
Jan F 28371f7 
 	/**************************************************************
Jan F 28371f7 
@@ -294,6 +295,22 @@ void do_request(void *cookie, char *data
Jan F 28371f7 
 	memcpy(realm, data, count);
Jan F 28371f7 
 	realm[count] = '\0';
Jan F 28371f7
Jan F 28371f7 
+	/* client_addr */
Jan F 28371f7 
+	memcpy(&count, data, sizeof(unsigned short));
Jan F 28371f7 
+
Jan F 28371f7 
+	count = ntohs(count);
Jan F 28371f7 
+	data += sizeof(unsigned short);
Jan F 28371f7 
+
Jan F 28371f7 
+	if (count > MAX_REQ_LEN || data + count > dataend) {
Jan F 28371f7 
+		logger(L_ERR, L_FUNC, "client_addr exceeds MAX_REQ_LEN: %d",
Jan F 28371f7 
+		       MAX_REQ_LEN);
Jan F 28371f7 
+		send_no("");
Jan F 28371f7 
+		return;
Jan F 28371f7 
+	}
Jan F 28371f7 
+
Jan F 28371f7 
+	memcpy(client_addr, data, count);
Jan F 28371f7 
+	client_addr[count] = '\0';
Jan F 28371f7 
+
Jan F 28371f7 
 	/**************************************************************
Jan F 28371f7 
  	 * We don't allow NULL passwords or login names
Jan F 28371f7 
 	 **************************************************************/
Jan F 28371f7 
@@ -312,7 +329,7 @@ void do_request(void *cookie, char *data
Jan F 28371f7 
 	/**************************************************************
Jan F 28371f7 
 	 * Get the mechanism response from do_auth() and send it back.
Jan F 28371f7 
 	 **************************************************************/
Jan F 28371f7 
-	response = do_auth(login, password, service, realm);
Jan F 28371f7 
+	response = do_auth(login, password, service, realm, client_addr);
Jan F 28371f7
Jan F 28371f7 
 	memset(password, 0, strlen(password));
Jan F 28371f7
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/ipc_unix.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/ipc_unix.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/ipc_unix.c.pam_rhosts	2003-10-30 20:06:42.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/ipc_unix.c	2011-05-23 06:01:59.599108343 +0200
Jan F 28371f7 
@@ -329,6 +329,7 @@ void do_request(int conn_fd) {
Jan F 28371f7 
 	char			password[MAX_REQ_LEN + 1]; /* password for authentication            */
Jan F 28371f7 
 	char			service[MAX_REQ_LEN + 1];  /* service name for authentication        */
Jan F 28371f7 
 	char			realm[MAX_REQ_LEN + 1];    /* user realm for authentication          */
Jan F 28371f7 
+	char			client_addr[MAX_REQ_LEN + 1];  /* client address and port            */
Jan F 28371f7
Jan F 28371f7
Jan F 28371f7 
 	/**************************************************************
Jan F 28371f7 
@@ -399,12 +400,28 @@ void do_request(int conn_fd) {
Jan F 28371f7 
 		send_no(conn_fd, "");
Jan F 28371f7 
 		return;
Jan F 28371f7 
 	}
Jan F 28371f7 
-
Jan F 28371f7 
 	if (rx_rec(conn_fd, (void *)realm, (size_t)count) != (ssize_t)count)
Jan F 28371f7 
 		return;
Jan F 28371f7
Jan F 28371f7 
 	realm[count] = '\0';
Jan F 28371f7
Jan F 28371f7 
+	/* client_addr */
Jan F 28371f7 
+	if (rx_rec(conn_fd, (void *)&count, (size_t)sizeof(count)) != (ssize_t)sizeof(count))
Jan F 28371f7 
+		return;
Jan F 28371f7 
+
Jan F 28371f7 
+	count = ntohs(count);
Jan F 28371f7 
+
Jan F 28371f7 
+	if (count > MAX_REQ_LEN) {
Jan F 28371f7 
+		logger(L_ERR, L_FUNC, "client address exceeded MAX_REQ_LEN: %d", MAX_REQ_LEN);
Jan F 28371f7 
+		send_no(conn_fd, "");
Jan F 28371f7 
+		return;
Jan F 28371f7 
+	}
Jan F 28371f7 
+
Jan F 28371f7 
+	if (rx_rec(conn_fd, (void *)&client_addr, (size_t)count) != (ssize_t)count)
Jan F 28371f7 
+		return;
Jan F 28371f7 
+
Jan F 28371f7 
+	client_addr[count] = '\0';
Jan F 28371f7 
+
Jan F 28371f7 
 	/**************************************************************
Jan F 28371f7 
  	 * We don't allow NULL passwords or login names
Jan F 28371f7 
 	 **************************************************************/
Jan F 28371f7 
@@ -423,7 +440,7 @@ void do_request(int conn_fd) {
Jan F 28371f7 
 	/**************************************************************
Jan F 28371f7 
 	 * Get the mechanism response from do_auth() and send it back.
Jan F 28371f7 
 	 **************************************************************/
Jan F 28371f7 
-	response = do_auth(login, password, service, realm);
Jan F 28371f7 
+	response = do_auth(login, password, service, realm, client_addr);
Jan F 28371f7
Jan F 28371f7 
 	memset(password, 0, strlen(password));
Jan F 28371f7
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/mechanisms.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/mechanisms.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/mechanisms.h.pam_rhosts	2006-03-13 21:17:09.000000000 +0100
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/mechanisms.h	2011-05-23 06:01:59.718110355 +0200
Jan F 28371f7 
@@ -40,8 +40,8 @@ typedef struct {
Jan F 28371f7 
     char *name;				/* name of the mechanism */
Jan F 28371f7 
     int (*initialize)(void);		/* initialization function */
Jan F 28371f7 
     char *(*authenticate)(const char *, const char *,
Jan F 28371f7 
-			  const char *, const char *); /* authentication
Jan F 28371f7 
-							  function */
Jan F 28371f7 
+			  const char *, const char *,
Jan F 28371f7 
+			  const char *); /* authentication function */
Jan F 28371f7 
 } authmech_t;
Jan F 28371f7
Jan F 28371f7 
 extern authmech_t mechanisms[];		/* array of supported auth mechs */
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/saslauthd-main.c.pam_rhosts cyrus-sasl-2.1.23/saslauthd/saslauthd-main.c
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/saslauthd-main.c.pam_rhosts	2009-04-28 17:09:18.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/saslauthd-main.c	2011-05-23 06:01:59.860114122 +0200
Jan F 28371f7 
@@ -367,7 +367,7 @@ int main(int argc, char **argv) {
Jan F 28371f7 
  * return a pointer to a string to send back to the client.
Jan F 28371f7 
  * The caller is responsible for freeing the pointer.
Jan F 28371f7 
  **************************************************************/
Jan F 28371f7 
-char *do_auth(const char *_login, const char *password, const char *service, const char *realm) {
Jan F 28371f7 
+char *do_auth(const char *_login, const char *password, const char *service, const char *realm, const char *remote) {
Jan F 28371f7
Jan F 28371f7 
 	struct cache_result	lkup_result;
Jan F 28371f7 
 	char			*response;
Jan F 28371f7 
@@ -396,7 +396,7 @@ char *do_auth(const char *_login, const
Jan F 28371f7 
 		response = strdup("OK");
Jan F 28371f7 
 		cached = 1;
Jan F 28371f7 
 	} else {
Jan F 28371f7 
-		response = auth_mech->authenticate(login, password, service, realm);
Jan F 28371f7 
+		response = auth_mech->authenticate(login, password, service, realm, remote);
Jan F 28371f7
Jan F 28371f7 
 		if (response == NULL) {
Jan F 28371f7 
 			logger(L_ERR, L_FUNC, "internal mechanism failure: %s", auth_mech->name);
Jan F 28371f7 
@@ -409,18 +409,18 @@ char *do_auth(const char *_login, const
Jan F 28371f7
Jan F 28371f7 
 		if (flags & VERBOSE) {
Jan F 28371f7 
 			if (cached)
Jan F 28371f7 
-				logger(L_DEBUG, L_FUNC, "auth success (cached): [user=%s] [service=%s] [realm=%s]", \
Jan F 28371f7 
-					login, service, realm);
Jan F 28371f7 
+				logger(L_DEBUG, L_FUNC, "auth success (cached): [user=%s] [service=%s] [realm=%s] [remote=%s]", \
Jan F 28371f7 
+					login, service, realm, remote);
Jan F 28371f7 
 			else
Jan F 28371f7 
-				logger(L_DEBUG, L_FUNC, "auth success: [user=%s] [service=%s] [realm=%s] [mech=%s]", \
Jan F 28371f7 
-					login, service, realm, auth_mech->name);
Jan F 28371f7 
+				logger(L_DEBUG, L_FUNC, "auth success: [user=%s] [service=%s] [realm=%s] [remote=%s] [mech=%s]", \
Jan F 28371f7 
+					login, service, realm, remote, auth_mech->name);
Jan F 28371f7 
 		}
Jan F 28371f7 
 		return response;
Jan F 28371f7 
 	}
Jan F 28371f7
Jan F 28371f7 
 	if (strncmp(response, "NO", 2) == 0) {
Jan F 28371f7 
-		logger(L_INFO, L_FUNC, "auth failure: [user=%s] [service=%s] [realm=%s] [mech=%s] [reason=%s]", \
Jan F 28371f7 
-			login, service, realm, auth_mech->name,
Jan F 28371f7 
+		logger(L_INFO, L_FUNC, "auth failure: [user=%s] [service=%s] [realm=%s] [remote=%s] [mech=%s] [reason=%s]", \
Jan F 28371f7 
+			login, service, realm, remote, auth_mech->name,
Jan F 28371f7 
 		        strlen(response) >= 4 ? response+3 : "Unknown");
Jan F 28371f7
Jan F 28371f7 
 		return response;
Jan F 28371f7 
diff -up cyrus-sasl-2.1.23/saslauthd/saslauthd-main.h.pam_rhosts cyrus-sasl-2.1.23/saslauthd/saslauthd-main.h
Jan F 28371f7 
--- cyrus-sasl-2.1.23/saslauthd/saslauthd-main.h.pam_rhosts	2003-05-16 00:21:41.000000000 +0200
Jan F 28371f7 
+++ cyrus-sasl-2.1.23/saslauthd/saslauthd-main.h	2011-05-23 06:01:59.994113718 +0200
Jan F 28371f7 
@@ -88,7 +88,8 @@
Jan F 28371f7
Jan F 28371f7 
 /* saslauthd-main.c */
Jan F 28371f7 
 extern char	*do_auth(const char *, const char *,
Jan F 28371f7 
-			 const char *, const char *);
Jan F 28371f7 
+			 const char *, const char *,
Jan F 28371f7 
+			 const char *);
Jan F 28371f7 
 extern void	set_auth_mech(const char *);
Jan F 28371f7 
 extern void	set_max_procs(const char *);
Jan F 28371f7 
 extern void	set_mech_option(const char *);
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.