|
|
bd689f |
From 01b646d2af0ed885d01d31a6479898a3c423a630 Mon Sep 17 00:00:00 2001
|
|
|
bd689f |
From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
|
|
|
bd689f |
Date: Thu, 26 Apr 2018 10:00:19 +0200
|
|
|
bd689f |
Subject: [PATCH 52/59] Fix rDNS with IPv6
|
|
|
bd689f |
|
|
|
bd689f |
Previously IPv6 addresses were not translated to hostnames for PAM to use.
|
|
|
bd689f |
---
|
|
|
bd689f |
privops.c | 3 ++-
|
|
|
bd689f |
sysdeputil.c | 28 +++++++++++++++-------------
|
|
|
bd689f |
sysdeputil.h | 5 ++++-
|
|
|
bd689f |
sysutil.c | 35 +++++++++++++++++++++++++++++++++++
|
|
|
bd689f |
sysutil.h | 4 ++++
|
|
|
bd689f |
5 files changed, 60 insertions(+), 15 deletions(-)
|
|
|
bd689f |
|
|
|
bd689f |
diff --git a/privops.c b/privops.c
|
|
|
bd689f |
index f27c5c4..e577a27 100644
|
|
|
bd689f |
--- a/privops.c
|
|
|
bd689f |
+++ b/privops.c
|
|
|
bd689f |
@@ -383,7 +383,8 @@ handle_local_login(struct vsf_session* p_sess,
|
|
|
bd689f |
struct mystr* p_user_str,
|
|
|
bd689f |
const struct mystr* p_pass_str)
|
|
|
bd689f |
{
|
|
|
bd689f |
- if (!vsf_sysdep_check_auth(p_user_str, p_pass_str, &p_sess->remote_ip_str))
|
|
|
bd689f |
+ if (!vsf_sysdep_check_auth(p_sess, p_user_str, p_pass_str,
|
|
|
bd689f |
+ &p_sess->remote_ip_str))
|
|
|
bd689f |
{
|
|
|
bd689f |
return kVSFLoginFail;
|
|
|
bd689f |
}
|
|
|
bd689f |
diff --git a/sysdeputil.c b/sysdeputil.c
|
|
|
bd689f |
index 2063c87..4fe56c2 100644
|
|
|
bd689f |
--- a/sysdeputil.c
|
|
|
bd689f |
+++ b/sysdeputil.c
|
|
|
bd689f |
@@ -16,10 +16,6 @@
|
|
|
bd689f |
#include "tunables.h"
|
|
|
bd689f |
#include "builddefs.h"
|
|
|
bd689f |
|
|
|
bd689f |
-/* For gethostbyaddr, inet_addr */
|
|
|
bd689f |
-#include <netdb.h>
|
|
|
bd689f |
-#include <arpa/inet.h>
|
|
|
bd689f |
-
|
|
|
bd689f |
/* For Linux, this adds nothing :-) */
|
|
|
bd689f |
#include "port/porting_junk.h"
|
|
|
bd689f |
|
|
|
bd689f |
@@ -242,13 +238,15 @@ void vsf_remove_uwtmp(void);
|
|
|
bd689f |
|
|
|
bd689f |
#ifndef VSF_SYSDEP_HAVE_PAM
|
|
|
bd689f |
int
|
|
|
bd689f |
-vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
|
bd689f |
+vsf_sysdep_check_auth(struct vsf_session* p_sess,
|
|
|
bd689f |
+ struct mystr* p_user_str,
|
|
|
bd689f |
const struct mystr* p_pass_str,
|
|
|
bd689f |
const struct mystr* p_remote_host)
|
|
|
bd689f |
{
|
|
|
bd689f |
const char* p_crypted;
|
|
|
bd689f |
const struct passwd* p_pwd = getpwnam(str_getbuf(p_user_str));
|
|
|
bd689f |
(void) p_remote_host;
|
|
|
bd689f |
+ (void) p_sess;
|
|
|
bd689f |
if (p_pwd == NULL)
|
|
|
bd689f |
{
|
|
|
bd689f |
return 0;
|
|
|
bd689f |
@@ -322,14 +320,14 @@ static int pam_conv_func(int nmsg, const struct pam_message** p_msg,
|
|
|
bd689f |
static void vsf_auth_shutdown(void);
|
|
|
bd689f |
|
|
|
bd689f |
int
|
|
|
bd689f |
-vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
|
bd689f |
+vsf_sysdep_check_auth(struct vsf_session* p_sess,
|
|
|
bd689f |
+ struct mystr* p_user_str,
|
|
|
bd689f |
const struct mystr* p_pass_str,
|
|
|
bd689f |
const struct mystr* p_remote_host)
|
|
|
bd689f |
{
|
|
|
bd689f |
int retval = -1;
|
|
|
bd689f |
#ifdef PAM_RHOST
|
|
|
bd689f |
- struct sockaddr_in sin;
|
|
|
bd689f |
- struct hostent *host;
|
|
|
bd689f |
+ struct mystr hostname = INIT_MYSTR;
|
|
|
bd689f |
#endif
|
|
|
bd689f |
pam_item_t item;
|
|
|
bd689f |
const char* pam_user_name = 0;
|
|
|
bd689f |
@@ -354,13 +352,17 @@ vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
|
bd689f |
return 0;
|
|
|
bd689f |
}
|
|
|
bd689f |
#ifdef PAM_RHOST
|
|
|
bd689f |
- if (tunable_reverse_lookup_enable) {
|
|
|
bd689f |
- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
|
|
|
bd689f |
- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
|
|
|
bd689f |
- if (host != (struct hostent*)0)
|
|
|
bd689f |
- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
|
|
|
bd689f |
+ if (tunable_reverse_lookup_enable)
|
|
|
bd689f |
+ {
|
|
|
bd689f |
+ if (vsf_sysutil_get_hostname(p_sess->p_remote_addr, &hostname) == 0)
|
|
|
bd689f |
+ {
|
|
|
bd689f |
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(&hostname));
|
|
|
bd689f |
+ str_free(&hostname);
|
|
|
bd689f |
+ }
|
|
|
bd689f |
else
|
|
|
bd689f |
+ {
|
|
|
bd689f |
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
|
bd689f |
+ }
|
|
|
bd689f |
} else {
|
|
|
bd689f |
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
|
bd689f |
}
|
|
|
bd689f |
diff --git a/sysdeputil.h b/sysdeputil.h
|
|
|
bd689f |
index 3b6b30a..6f2aa0a 100644
|
|
|
bd689f |
--- a/sysdeputil.h
|
|
|
bd689f |
+++ b/sysdeputil.h
|
|
|
bd689f |
@@ -5,6 +5,8 @@
|
|
|
bd689f |
#include "filesize.h"
|
|
|
bd689f |
#endif
|
|
|
bd689f |
|
|
|
bd689f |
+#include "session.h"
|
|
|
bd689f |
+
|
|
|
bd689f |
/* VSF_SYSDEPUTIL_H:
|
|
|
bd689f |
* Support for highly system dependent features, and querying for support
|
|
|
bd689f |
* or lack thereof
|
|
|
bd689f |
@@ -15,7 +17,8 @@ struct mystr;
|
|
|
bd689f |
|
|
|
bd689f |
/* Authentication of local users */
|
|
|
bd689f |
/* Return 0 for fail, 1 for success */
|
|
|
bd689f |
-int vsf_sysdep_check_auth(struct mystr* p_user,
|
|
|
bd689f |
+int vsf_sysdep_check_auth(struct vsf_session* p_sess,
|
|
|
bd689f |
+ struct mystr* p_user,
|
|
|
bd689f |
const struct mystr* p_pass,
|
|
|
bd689f |
const struct mystr* p_remote_host);
|
|
|
bd689f |
|
|
|
bd689f |
diff --git a/sysutil.c b/sysutil.c
|
|
|
bd689f |
index e847650..b68583b 100644
|
|
|
bd689f |
--- a/sysutil.c
|
|
|
bd689f |
+++ b/sysutil.c
|
|
|
bd689f |
@@ -2356,6 +2356,41 @@ vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,
|
|
|
bd689f |
}
|
|
|
bd689f |
}
|
|
|
bd689f |
|
|
|
bd689f |
+int
|
|
|
bd689f |
+vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr,
|
|
|
bd689f |
+ struct mystr* p_str)
|
|
|
bd689f |
+{
|
|
|
bd689f |
+ struct sockaddr *sa;
|
|
|
bd689f |
+ socklen_t sa_len = 0;
|
|
|
bd689f |
+ char hostname[NI_MAXHOST];
|
|
|
bd689f |
+ int res;
|
|
|
bd689f |
+
|
|
|
bd689f |
+ sa = &p_addr->u.u_sockaddr;
|
|
|
bd689f |
+ if (sa->sa_family == AF_INET)
|
|
|
bd689f |
+ {
|
|
|
bd689f |
+ sa_len = sizeof(struct sockaddr_in);
|
|
|
bd689f |
+ }
|
|
|
bd689f |
+ else if (sa->sa_family == AF_INET6)
|
|
|
bd689f |
+ {
|
|
|
bd689f |
+ sa_len = sizeof(struct sockaddr_in6);
|
|
|
bd689f |
+ }
|
|
|
bd689f |
+ else
|
|
|
bd689f |
+ {
|
|
|
bd689f |
+ die("can only support ipv4 and ipv6 currently");
|
|
|
bd689f |
+ }
|
|
|
bd689f |
+ res = getnameinfo(sa, sa_len, hostname, sizeof(hostname), NULL, 0,
|
|
|
bd689f |
+ NI_NAMEREQD);
|
|
|
bd689f |
+ if (res == 0)
|
|
|
bd689f |
+ {
|
|
|
bd689f |
+ str_alloc_text(p_str, hostname);
|
|
|
bd689f |
+ return 0;
|
|
|
bd689f |
+ }
|
|
|
bd689f |
+ else
|
|
|
bd689f |
+ {
|
|
|
bd689f |
+ return -1;
|
|
|
bd689f |
+ }
|
|
|
bd689f |
+}
|
|
|
bd689f |
+
|
|
|
bd689f |
struct vsf_sysutil_user*
|
|
|
bd689f |
vsf_sysutil_getpwuid(const unsigned int uid)
|
|
|
bd689f |
{
|
|
|
bd689f |
diff --git a/sysutil.h b/sysutil.h
|
|
|
bd689f |
index 7a59f13..2df14ed 100644
|
|
|
bd689f |
--- a/sysutil.h
|
|
|
bd689f |
+++ b/sysutil.h
|
|
|
bd689f |
@@ -7,6 +7,8 @@
|
|
|
bd689f |
#include "filesize.h"
|
|
|
bd689f |
#endif
|
|
|
bd689f |
|
|
|
bd689f |
+#include "str.h"
|
|
|
bd689f |
+
|
|
|
bd689f |
/* Return value queries */
|
|
|
bd689f |
int vsf_sysutil_retval_is_error(int retval);
|
|
|
bd689f |
enum EVSFSysUtilError
|
|
|
bd689f |
@@ -266,6 +268,8 @@ int vsf_sysutil_connect_timeout(int fd,
|
|
|
bd689f |
unsigned int wait_seconds);
|
|
|
bd689f |
void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,
|
|
|
bd689f |
const char* p_name);
|
|
|
bd689f |
+int vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr,
|
|
|
bd689f |
+ struct mystr* p_str);
|
|
|
bd689f |
/* Option setting on sockets */
|
|
|
bd689f |
void vsf_sysutil_activate_keepalive(int fd);
|
|
|
bd689f |
void vsf_sysutil_rcvtimeo(int fd);
|
|
|
bd689f |
--
|
|
|
bd689f |
2.14.4
|
|
|
bd689f |
|