We already have PAM_USER, PAM_RUSER and PAM_RHOST. Add PAM_HOST for

the sake of completeness. It is automatically set in pam_start(3). git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@443 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2011-10-22 01:01:39 +00:00 · 2011-10-22 01:01:39 +00:00 · 6970f8c093
parent 3f2d2b26cd
commit 6970f8c093
4 changed files with 21 additions and 2 deletions
--- a/include/security/pam_constants.h
+++ b/include/security/pam_constants.h
@ -126,6 +126,7 @@ enum {
 	PAM_REPOSITORY			=  10,
 	PAM_AUTHTOK_PROMPT		=  11,		/* OpenPAM extension */
 	PAM_OLDAUTHTOK_PROMPT		=  12,		/* OpenPAM extension */
+	PAM_HOST			=  13,		/* OpenPAM extension */
 	PAM_NUM_ITEMS					/* OpenPAM extension */
 };

--- a/lib/pam_get_item.c
+++ b/lib/pam_get_item.c
@ -58,7 +58,8 @@ const char *_pam_item_name[PAM_NUM_ITEMS] = {
 	"PAM_USER_PROMPT",
 	"PAM_REPOSITORY",
 	"PAM_AUTHTOK_PROMPT",
-	"PAM_OLDAUTHTOK_PROMPT"
+	"PAM_OLDAUTHTOK_PROMPT",
+	"PAM_HOST",
 };

 /*
@ -87,9 +88,10 @@ pam_get_item(const pam_handle_t *pamh,
 	case PAM_RUSER:
 	case PAM_CONV:
 	case PAM_USER_PROMPT:
+	case PAM_REPOSITORY:
 	case PAM_AUTHTOK_PROMPT:
 	case PAM_OLDAUTHTOK_PROMPT:
-	case PAM_REPOSITORY:
+	case PAM_HOST:
 		*item = pamh->item[item_type];
 		RETURNC(PAM_SUCCESS);
 	default:
@ -139,6 +141,8 @@ pam_get_item(const pam_handle_t *pamh,
 *	=PAM_OLDAUTHTOK_PROMPT:
 *		The prompt to use when asking the applicant for an
 *		expired authentication token prior to changing it.
+ *	=PAM_HOST:
+ *		The name of the host the application runs on.
 *
 * See =pam_start for a description of =struct pam_conv.
 *
--- a/lib/pam_set_item.c
+++ b/lib/pam_set_item.c
@ -79,6 +79,7 @@ pam_set_item(pam_handle_t *pamh,
 	case PAM_USER_PROMPT:
 	case PAM_AUTHTOK_PROMPT:
 	case PAM_OLDAUTHTOK_PROMPT:
+	case PAM_HOST:
 		if (*slot != NULL)
 			osize = strlen(*slot) + 1;
 		if (item != NULL)
--- a/lib/pam_start.c
+++ b/lib/pam_start.c
@ -40,11 +40,19 @@
 #endif

 #include <stdlib.h>
+#include <string.h>
+#include <unistd.h>

 #include <security/pam_appl.h>

 #include "openpam_impl.h"

+#ifdef _SC_HOST_NAME_MAX
+#define HOST_NAME_MAX sysconf(_SC_HOST_NAME_MAX)
+#else
+#define HOST_NAME_MAX 1024
+#endif
+
 /*
 * XSSO 4.2.1
 * XSSO 6 page 89
@ -58,6 +66,7 @@ pam_start(const char *service,
 	const struct pam_conv *pam_conv,
 	pam_handle_t **pamh)
 {
+	char hostname[HOST_NAME_MAX + 1];
 	struct pam_handle *ph;
 	int r;

@ -66,6 +75,10 @@ pam_start(const char *service,
 		RETURNC(PAM_BUF_ERR);
 	if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS)
 		goto fail;
+	if (gethostname(hostname, sizeof hostname) != 0)
+		strlcpy(hostname, "localhost", sizeof hostname);
+	if ((r = pam_set_item(ph, PAM_HOST, hostname)) != PAM_SUCCESS)
+		goto fail;
 	if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS)
 		goto fail;
 	if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS)