On Fri, Oct 25, 2019 at 7:08 AM <wardrago...@gmail.com> wrote: > > From: Paolo Cerrito <wardrago...@gmail.com> > > Without this patch, the PAM environment lacks any information about the > remote client address. > > syslog output for auth and authpriv facilities changes > from: > Oct 25 11:52:02 openvpndev openvpn: pam_unix(openvpn:auth): authentication > failure; > logname=root uid=0 euid=0 tty= ruser= rhost= > Oct 25 11:52:33 openvpndev openvpn: pam_unix(openvpn:auth): authentication > failure; > logname=root uid=0 euid=0 tty= ruser= rhost= user=**** > to: > Oct 25 10:56:11 openvpndev openvpn: pam_unix(openvpn:auth): authentication > failure; > logname=root uid=0 euid=0 tty= ruser= rhost=198.51.100.10 > Oct 25 10:57:02 openvpndev openvpn: pam_unix(openvpn:auth): authentication > failure; > logname=root uid=0 euid=0 tty= ruser= rhost=198.51.100.10 > user=**** > > Furthermore, the presence of the remote client address in PAM > environment, enables usage of pam modules like pam_recent > [https://github.com/az143/pam_recent]. > > Signed-off-by: Paolo Cerrito <wardrago...@gmail.com>
So, apart from the commit message, what are the changes in v2? I don't see that my comment about ensuring remote read from env is not NULL addressed, nor any response to a number of other points raised by David. > --- > src/plugins/auth-pam/auth-pam.c | 39 ++++++++++++++++++++++++++++----- > 1 file changed, 33 insertions(+), 6 deletions(-) > > diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c > index 88b53204..f7b39e36 100644 > --- a/src/plugins/auth-pam/auth-pam.c > +++ b/src/plugins/auth-pam/auth-pam.c > @@ -115,6 +115,7 @@ struct user_pass { > char password[128]; > char common_name[128]; > char response[128]; > + char remote[40]; Textual ipv6 address buffer is usually defined to be at least 46 bytes including NUL (not 40) to handle all cases. (cf. INET6_ADDRSTRLEN = 46 in <netinet/in.h>) Selva _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel