rpms/vsftpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
vsftpd/0005-Use-hostname-when-calling-PAM-authentication-module.patch
Ondřej Lysoněk 7c0626d6c4 Fix a segfault when running as PID 1 
Also rebase the patches.
2018-07-25 13:32:54 +02:00

76 lines
2.2 KiB
Diff
Raw Permalink Blame History

From 08c49b78942d40c99fae8c40e7668aa73e1bd695 Mon Sep 17 00:00:00 2001
From: Martin Sehnoutka <msehnout@redhat.com>
Date: Tue, 6 Sep 2016 15:01:23 +0200
Subject: [PATCH 05/59] Use hostname when calling PAM authentication module.
Currently the vsftpd passes all logins as IP addresses
into PAM. This prevents administrators from setting up
ACLs based on domain (e.g. .example.com). This patch
enables reverse host lookup and use hostname instead
of address if there is one.
---
sysdeputil.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/sysdeputil.c b/sysdeputil.c
index 06f01f4..b2782da 100644
--- a/sysdeputil.c
+++ b/sysdeputil.c
@@ -16,6 +16,10 @@
#include "tunables.h"
#include "builddefs.h"
+/* For gethostbyaddr, inet_addr */
+#include <netdb.h>
+#include <arpa/inet.h>
+
/* For Linux, this adds nothing :-) */
#include "port/porting_junk.h"
@@ -323,6 +327,10 @@ vsf_sysdep_check_auth(struct mystr* p_user_str,
const struct mystr* p_remote_host)
{
int retval = -1;
+#ifdef PAM_RHOST
+ struct sockaddr_in sin;
+ struct hostent *host;
+#endif
pam_item_t item;
const char* pam_user_name = 0;
struct pam_conv the_conv =
@@ -346,7 +354,12 @@ vsf_sysdep_check_auth(struct mystr* p_user_str,
return 0;
}
#ifdef PAM_RHOST
- retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
+ sin.sin_addr.s_addr = inet_addr(str_getbuf(p_remote_host));
+ host = gethostbyaddr((char*)&sin.sin_addr.s_addr,sizeof(struct in_addr),AF_INET);
+ if (host != (struct hostent*)0)
+ retval = pam_set_item(s_pamh, PAM_RHOST, host->h_name);
+ else
+ retval = pam_set_item(s_pamh, PAM_RHOST, str_getbuf(p_remote_host));
if (retval != PAM_SUCCESS)
{
(void) pam_end(s_pamh, retval);
@@ -559,7 +572,7 @@ vsf_sysdep_has_capabilities(void)
}
return s_runtime_has_caps;
}
-
+
#ifndef VSF_SYSDEP_HAVE_LIBCAP
static int
do_checkcap(void)
@@ -1081,7 +1094,7 @@ vsf_sysutil_recv_fd(const int sock_fd)
msg.msg_flags = 0;
/* In case something goes wrong, set the fd to -1 before the syscall */
p_fd = (int*)CMSG_DATA(CMSG_FIRSTHDR(&msg));
- *p_fd = -1;
+ *p_fd = -1;
retval = recvmsg(sock_fd, &msg, 0);
if (retval != 1)
{
--
2.14.4
Reference in New Issue View Git Blame Copy Permalink