|
 |
bd689f |
From 08c49b78942d40c99fae8c40e7668aa73e1bd695 Mon Sep 17 00:00:00 2001
|
|
|
bd689f |
From: Martin Sehnoutka <msehnout@redhat.com>
|
|
|
bd689f |
Date: Tue, 6 Sep 2016 15:01:23 +0200
|
|
|
bd689f |
Subject: [PATCH 05/59] Use hostname when calling PAM authentication module.
|
|
|
bd689f |
|
|
|
bd689f |
Currently the vsftpd passes all logins as IP addresses
|
|
|
bd689f |
into PAM. This prevents administrators from setting up
|
|
|
bd689f |
ACLs based on domain (e.g. .example.com). This patch
|
|
|
bd689f |
enables reverse host lookup and use hostname instead
|
|
|
bd689f |
of address if there is one.
|
|
|
bd689f |
---
|
|
|
bd689f |
sysdeputil.c | 19 ++++++++++++++++---
|
|
|
bd689f |
1 file changed, 16 insertions(+), 3 deletions(-)
|
|
|
bd689f |
|
|
|
bd689f |
diff --git a/sysdeputil.c b/sysdeputil.c
|
|
|
bd689f |
index 06f01f4..b2782da 100644
|
|
|
bd689f |
--- a/sysdeputil.c
|
|
|
bd689f |
+++ b/sysdeputil.c
|
|
|
bd689f |
@@ -16,6 +16,10 @@
|
|
|
bd689f |
#include "tunables.h"
|
|
|
bd689f |
#include "builddefs.h"
|
|
|
bd689f |
|
|
|
bd689f |
+/* For gethostbyaddr, inet_addr */
|
|
|
bd689f |
+#include <netdb.h>
|
|
|
bd689f |
+#include <arpa/inet.h>
|
|
|
bd689f |
+
|
|
|
bd689f |
/* For Linux, this adds nothing :-) */
|
|
|
bd689f |
#include "port/porting_junk.h"
|
|
|
bd689f |
|
|
|
bd689f |
@@ -323,6 +327,10 @@ vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
|
bd689f |
const struct mystr* p_remote_host)
|
|
|
bd689f |
{
|
|
|
bd689f |
int retval = -1;
|
|
|
bd689f |
+#ifdef PAM_RHOST
|
|
|
bd689f |
+ struct sockaddr_in sin;
|
|
|
bd689f |
+ struct hostent *host;
|
|
|
bd689f |
+#endif
|
|
|
bd689f |
pam_item_t item;
|
|
|
bd689f |
const char* pam_user_name = 0;
|
|
|
bd689f |
struct pam_conv the_conv =
|
|
|
bd689f |
@@ -346,7 +354,12 @@ vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
|
bd689f |
return 0;
|
|
|
bd689f |
}
|
|
|
bd689f |
#ifdef PAM_RHOST
|
|
|
bd689f |
- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
|
bd689f |
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
|
|
|
bd689f |
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
|
|
|
bd689f |
+ if (host != (struct hostent*)0)
|
|
|
bd689f |
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
|
|
|
bd689f |
+ else
|
|
|
bd689f |
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
|
bd689f |
if (retval != PAM_SUCCESS)
|
|
|
bd689f |
{
|
|
|
bd689f |
(void) pam_end(s_pamh, retval);
|
|
|
bd689f |
@@ -559,7 +572,7 @@ vsf_sysdep_has_capabilities(void)
|
|
|
bd689f |
}
|
|
|
bd689f |
return s_runtime_has_caps;
|
|
|
bd689f |
}
|
|
|
bd689f |
-
|
|
|
bd689f |
+
|
|
|
bd689f |
#ifndef VSF_SYSDEP_HAVE_LIBCAP
|
|
|
bd689f |
static int
|
|
|
bd689f |
do_checkcap(void)
|
|
|
bd689f |
@@ -1081,7 +1094,7 @@ vsf_sysutil_recv_fd(const int sock_fd)
|
|
|
bd689f |
msg.msg_flags = 0;
|
|
|
bd689f |
/* In case something goes wrong, set the fd to -1 before the syscall */
|
|
|
bd689f |
p_fd = (int*)CMSG_DATA(CMSG_FIRSTHDR(&msg));
|
|
|
bd689f |
- *p_fd = -1;
|
|
|
bd689f |
+ *p_fd = -1;
|
|
|
bd689f |
retval = recvmsg(sock_fd, &msg, 0);
|
|
|
bd689f |
if (retval != 1)
|
|
|
bd689f |
{
|
|
|
bd689f |
--
|
|
|
bd689f |
2.14.4
|
|
|
bd689f |
|