Menu
▾
▴
[Sblim-commit] Git: SFCB - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-205-ga2c74bc
|
From: Chris B. <buc...@us...> - 2012-03-10 05:01:05
|
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SFCB - Small Footprint CIM Broker".
The branch, master has been updated
via a2c74bc3e03bf961ef2c8dd26c3d977ef99a4b03 (commit)
from 8a4d2ac5f2ec94bc0cac69926a18aa07152984b9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a2c74bc3e03bf961ef2c8dd26c3d977ef99a4b03
Author: buccella <buc...@li...>
Date: Sat Mar 10 00:00:52 2012 -0500
[ 3367332 ] RHOST Support for PAM
-----------------------------------------------------------------------
Summary of changes:
diff --git a/ChangeLog b/ChangeLog
index 9544754..9d166ea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-03-10 Chris Buccella <buc...@li...>
+
+ * httpAdapter.c, sfcBasicPAMAuthentication.c:
+ [ 3367332 ] RHOST Support for PAM
+
2012-03-09 Chris Buccella <buc...@li...>
* httpAdapter.c, control.c, sfcb.cfg.pre.in:
diff --git a/NEWS b/NEWS
index 3fb9b19..f9815bf 100644
--- a/NEWS
+++ b/NEWS
@@ -96,6 +96,7 @@ New Features:
- 3498932 Implement ModifyInstance for CIM_ListenerDestination
- 3440300 Allow forced chunked responses
- 3367333 New entry point for authentication library
+- 3367332 RHOST Support for PAM
Bugs Fixed:
diff --git a/httpAdapter.c b/httpAdapter.c
index a5a68d7..3df82b4 100644
--- a/httpAdapter.c
+++ b/httpAdapter.c
@@ -1066,6 +1066,20 @@ doHttpRequest(CommHndl conn_fd)
if (!authorized && !discardInput && doBa) {
if (inBuf.authorization) {
+
+ /* for PAM, client's IP address is used for host-based authentication */
+ struct sockaddr_storage from;
+ socklen_t from_len = sizeof(from);
+ getsockname(conn_fd.socket, (struct sockaddr *)&from, &from_len);
+#ifdef USE_INET6
+ char ipstr[INET6_ADDRSTRLEN] = {0};
+#else
+ char ipstr[INET_ADDRSTRLEN] = {0};
+#endif
+ if (getnameinfo((struct sockaddr*)&from, from_len, ipstr, sizeof(ipstr), NULL, 0, NI_NUMERICHOST) == 0)
+ extras.clientIp = ipstr;
+ // fprintf(stderr, "client is: %s\n", ipstr);
+
barc = baValidate(inBuf.authorization,&inBuf.principal,&extras);
#ifdef ALLOW_UPDATE_EXPIRED_PW
diff --git a/sfcBasicPAMAuthentication.c b/sfcBasicPAMAuthentication.c
index 6ca11eb..4b2ba80 100644
--- a/sfcBasicPAMAuthentication.c
+++ b/sfcBasicPAMAuthentication.c
@@ -26,6 +26,15 @@
#define SFCB_PAM_APP "sfcb"
+struct auth_extras {
+ void (*release)(pam_handle_t*);
+ char* clientIp;
+ void* authHandle;
+ const char* role;
+};
+typedef struct auth_extras AuthExtras;
+
+
static int
sfcBasicConv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *credentials)
@@ -51,7 +60,7 @@ sfcBasicConv(int num_msg, const struct pam_message **msg,
}
static int
-_sfcBasicAuthenticateRemote(char *user, char *pw, char *rhost)
+_sfcBasicAuthenticateRemote(char *user, char *pw, AuthExtras *extras)
{
struct pam_conv sfcConvStruct = {
sfcBasicConv,
@@ -63,18 +72,15 @@ _sfcBasicAuthenticateRemote(char *user, char *pw, char *rhost)
rc = pam_start(SFCB_PAM_APP, user, &sfcConvStruct, &pamh);
+ if (extras && extras->clientIp) {
+ pam_set_item(pamh, PAM_RHOST, extras->clientIp);
+ }
+
if (rc == PAM_SUCCESS) {
rc = pam_authenticate(pamh, PAM_SILENT);
}
if (rc == PAM_SUCCESS) {
- /*
- * host based authentication not yet supported - needs client IP
- * address extraction in httpAdapter
- */
- if (rhost) {
- pam_set_item(pamh, PAM_RHOST, rhost);
- }
rc = pam_acct_mgmt(pamh, PAM_SILENT);
}
@@ -98,6 +104,13 @@ _sfcBasicAuthenticate(char *user, char *pw)
{
return _sfcBasicAuthenticateRemote(user, pw, NULL);
}
+
+int
+_sfcBasicAuthenticate2(char *user, char *pw, AuthExtras *extras)
+{
+ return _sfcBasicAuthenticateRemote(user, pw, extras);
+}
+
/* MODELINES */
/* DO NOT EDIT BELOW THIS COMMENT */
/* Modelines are added by 'make pretty' */
hooks/post-receive
--
SFCB - Small Footprint CIM Broker
|
