You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
196 lines
5.6 KiB
196 lines
5.6 KiB
From 01b646d2af0ed885d01d31a6479898a3c423a630 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
|
|
Date: Thu, 26 Apr 2018 10:00:19 +0200
|
|
Subject: [PATCH 52/59] Fix rDNS with IPv6
|
|
|
|
Previously IPv6 addresses were not translated to hostnames for PAM to use.
|
|
---
|
|
privops.c | 3 ++-
|
|
sysdeputil.c | 28 +++++++++++++++-------------
|
|
sysdeputil.h | 5 ++++-
|
|
sysutil.c | 35 +++++++++++++++++++++++++++++++++++
|
|
sysutil.h | 4 ++++
|
|
5 files changed, 60 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/privops.c b/privops.c
|
|
index f27c5c4..e577a27 100644
|
|
--- a/privops.c
|
|
+++ b/privops.c
|
|
@@ -383,7 +383,8 @@ handle_local_login(struct vsf_session* p_sess,
|
|
struct mystr* p_user_str,
|
|
const struct mystr* p_pass_str)
|
|
{
|
|
- if (!vsf_sysdep_check_auth(p_user_str, p_pass_str, &p_sess->remote_ip_str))
|
|
+ if (!vsf_sysdep_check_auth(p_sess, p_user_str, p_pass_str,
|
|
+ &p_sess->remote_ip_str))
|
|
{
|
|
return kVSFLoginFail;
|
|
}
|
|
diff --git a/sysdeputil.c b/sysdeputil.c
|
|
index 2063c87..4fe56c2 100644
|
|
--- a/sysdeputil.c
|
|
+++ b/sysdeputil.c
|
|
@@ -16,10 +16,6 @@
|
|
#include "tunables.h"
|
|
#include "builddefs.h"
|
|
|
|
-/* For gethostbyaddr, inet_addr */
|
|
-#include <netdb.h>
|
|
-#include <arpa/inet.h>
|
|
-
|
|
/* For Linux, this adds nothing :-) */
|
|
#include "port/porting_junk.h"
|
|
|
|
@@ -242,13 +238,15 @@ void vsf_remove_uwtmp(void);
|
|
|
|
#ifndef VSF_SYSDEP_HAVE_PAM
|
|
int
|
|
-vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
+vsf_sysdep_check_auth(struct vsf_session* p_sess,
|
|
+ struct mystr* p_user_str,
|
|
const struct mystr* p_pass_str,
|
|
const struct mystr* p_remote_host)
|
|
{
|
|
const char* p_crypted;
|
|
const struct passwd* p_pwd = getpwnam(str_getbuf(p_user_str));
|
|
(void) p_remote_host;
|
|
+ (void) p_sess;
|
|
if (p_pwd == NULL)
|
|
{
|
|
return 0;
|
|
@@ -322,14 +320,14 @@ static int pam_conv_func(int nmsg, const struct pam_message** p_msg,
|
|
static void vsf_auth_shutdown(void);
|
|
|
|
int
|
|
-vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
+vsf_sysdep_check_auth(struct vsf_session* p_sess,
|
|
+ struct mystr* p_user_str,
|
|
const struct mystr* p_pass_str,
|
|
const struct mystr* p_remote_host)
|
|
{
|
|
int retval = -1;
|
|
#ifdef PAM_RHOST
|
|
- struct sockaddr_in sin;
|
|
- struct hostent *host;
|
|
+ struct mystr hostname = INIT_MYSTR;
|
|
#endif
|
|
pam_item_t item;
|
|
const char* pam_user_name = 0;
|
|
@@ -354,13 +352,17 @@ vsf_sysdep_check_auth(struct mystr* p_user_str,
|
|
return 0;
|
|
}
|
|
#ifdef PAM_RHOST
|
|
- if (tunable_reverse_lookup_enable) {
|
|
- sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
|
|
- host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
|
|
- if (host != (struct hostent*)0)
|
|
- retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
|
|
+ if (tunable_reverse_lookup_enable)
|
|
+ {
|
|
+ if (vsf_sysutil_get_hostname(p_sess->p_remote_addr, &hostname) == 0)
|
|
+ {
|
|
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(&hostname));
|
|
+ str_free(&hostname);
|
|
+ }
|
|
else
|
|
+ {
|
|
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
+ }
|
|
} else {
|
|
retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
|
|
}
|
|
diff --git a/sysdeputil.h b/sysdeputil.h
|
|
index 3b6b30a..6f2aa0a 100644
|
|
--- a/sysdeputil.h
|
|
+++ b/sysdeputil.h
|
|
@@ -5,6 +5,8 @@
|
|
#include "filesize.h"
|
|
#endif
|
|
|
|
+#include "session.h"
|
|
+
|
|
/* VSF_SYSDEPUTIL_H:
|
|
* Support for highly system dependent features, and querying for support
|
|
* or lack thereof
|
|
@@ -15,7 +17,8 @@ struct mystr;
|
|
|
|
/* Authentication of local users */
|
|
/* Return 0 for fail, 1 for success */
|
|
-int vsf_sysdep_check_auth(struct mystr* p_user,
|
|
+int vsf_sysdep_check_auth(struct vsf_session* p_sess,
|
|
+ struct mystr* p_user,
|
|
const struct mystr* p_pass,
|
|
const struct mystr* p_remote_host);
|
|
|
|
diff --git a/sysutil.c b/sysutil.c
|
|
index e847650..b68583b 100644
|
|
--- a/sysutil.c
|
|
+++ b/sysutil.c
|
|
@@ -2356,6 +2356,41 @@ vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,
|
|
}
|
|
}
|
|
|
|
+int
|
|
+vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr,
|
|
+ struct mystr* p_str)
|
|
+{
|
|
+ struct sockaddr *sa;
|
|
+ socklen_t sa_len = 0;
|
|
+ char hostname[NI_MAXHOST];
|
|
+ int res;
|
|
+
|
|
+ sa = &p_addr->u.u_sockaddr;
|
|
+ if (sa->sa_family == AF_INET)
|
|
+ {
|
|
+ sa_len = sizeof(struct sockaddr_in);
|
|
+ }
|
|
+ else if (sa->sa_family == AF_INET6)
|
|
+ {
|
|
+ sa_len = sizeof(struct sockaddr_in6);
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ die("can only support ipv4 and ipv6 currently");
|
|
+ }
|
|
+ res = getnameinfo(sa, sa_len, hostname, sizeof(hostname), NULL, 0,
|
|
+ NI_NAMEREQD);
|
|
+ if (res == 0)
|
|
+ {
|
|
+ str_alloc_text(p_str, hostname);
|
|
+ return 0;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ return -1;
|
|
+ }
|
|
+}
|
|
+
|
|
struct vsf_sysutil_user*
|
|
vsf_sysutil_getpwuid(const unsigned int uid)
|
|
{
|
|
diff --git a/sysutil.h b/sysutil.h
|
|
index 7a59f13..2df14ed 100644
|
|
--- a/sysutil.h
|
|
+++ b/sysutil.h
|
|
@@ -7,6 +7,8 @@
|
|
#include "filesize.h"
|
|
#endif
|
|
|
|
+#include "str.h"
|
|
+
|
|
/* Return value queries */
|
|
int vsf_sysutil_retval_is_error(int retval);
|
|
enum EVSFSysUtilError
|
|
@@ -266,6 +268,8 @@ int vsf_sysutil_connect_timeout(int fd,
|
|
unsigned int wait_seconds);
|
|
void vsf_sysutil_dns_resolve(struct vsf_sysutil_sockaddr** p_sockptr,
|
|
const char* p_name);
|
|
+int vsf_sysutil_get_hostname(struct vsf_sysutil_sockaddr *p_addr,
|
|
+ struct mystr* p_str);
|
|
/* Option setting on sockets */
|
|
void vsf_sysutil_activate_keepalive(int fd);
|
|
void vsf_sysutil_rcvtimeo(int fd);
|
|
--
|
|
2.14.4
|
|
|