mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Resolve incorrect handling of rhost in pam (#3171)

Browse source
This commit is contained in:
Firstyear 2024-11-03 10:13:26 +10:00 committed by GitHub
parent 1b58e4169a
commit ea1fcf59e5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
unix_integration/common/src/unix_proto.rs
View file

@ -107,7 +107,8 @@ pub enum PamAuthRequest {
pub struct PamServiceInfo { pub struct PamServiceInfo {
pub service: String, pub service: String,
pub tty: String, pub tty: String,
pub rhost: String, // Only set if it really is a remote host?
pub rhost: Option<String>,
} }
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
@ -144,7 +145,10 @@ impl ClientRequest {
ClientRequest::NssGroupByName(id) => format!("NssGroupByName({})", id), ClientRequest::NssGroupByName(id) => format!("NssGroupByName({})", id),
ClientRequest::PamAuthenticateInit { account_id, info } => format!( ClientRequest::PamAuthenticateInit { account_id, info } => format!(
"PamAuthenticateInit{{ account_id={} tty={} pam_secvice{} rhost={} }}", "PamAuthenticateInit{{ account_id={} tty={} pam_secvice{} rhost={} }}",
account_id, info.service, info.tty, info.rhost account_id,
info.service,
info.tty,
info.rhost.as_deref().unwrap_or("")
), ),
ClientRequest::PamAuthenticateStep(_) => "PamAuthenticateStep".to_string(), ClientRequest::PamAuthenticateStep(_) => "PamAuthenticateStep".to_string(),
ClientRequest::PamAccountAllowed(id) => { ClientRequest::PamAccountAllowed(id) => {

2
unix_integration/pam_kanidm/src/pam/module.rs
View file

@ -256,7 +256,7 @@ impl PamHandle {
tracing::debug!(?maybe_tty, ?maybe_rhost, ?maybe_service); tracing::debug!(?maybe_tty, ?maybe_rhost, ?maybe_service);
match (maybe_tty, maybe_rhost, maybe_service) { match (maybe_tty, maybe_rhost, maybe_service) {
(Some(tty), Some(rhost), Some(service)) => Ok(PamServiceInfo { (Some(tty), rhost, Some(service)) => Ok(PamServiceInfo {
service, service,
tty, tty,
rhost, rhost,

2
unix_integration/resolver/src/bin/kanidm-unix.rs
View file

@ -68,7 +68,7 @@ async fn main() -> ExitCode {
info: PamServiceInfo { info: PamServiceInfo {
service: "kanidm-unix".to_string(), service: "kanidm-unix".to_string(),
tty: "/dev/null".to_string(), tty: "/dev/null".to_string(),
rhost: "localhost".to_string(), rhost: None,
}, },
}; };
loop { loop {

2
unix_integration/resolver/src/resolver.rs
View file

@ -1087,7 +1087,7 @@ impl Resolver {
let pam_info = PamServiceInfo { let pam_info = PamServiceInfo {
service: "kanidm-unix-test".to_string(), service: "kanidm-unix-test".to_string(),
tty: "/dev/null".to_string(), tty: "/dev/null".to_string(),
rhost: "localhost".to_string(), rhost: None,
}; };
let mut auth_session = match self let mut auth_session = match self