Cyrus SASL Hack: Always pass authentication for one host

[Andreas Winkelmann]

Am Donnerstag 18 Dezember 2008 15:19:23 schrieb ram:

> I am trying to write a hack into pam and always pass authentication for
> a particular host
>
> So I modified pam_mysql.c , but the issue is for cyrus I am always
> getting rhost as null
>
> This is what I put in pam_mysql.c
>
> ....
> PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags,
>                 int argc, const char **argv) {
> ....
> pam_get_item(pamh, PAM_RHOST,(PAM_GET_ITEM_CONST void **)&rhost);
> syslog(LOG_INFO,"RHOST  = %s",  rhost);
> ....
>
> I always get rhost as null. Is there a way I can get rhost set

I don't know exactly what rhost means here. Would guess something like Remote-
Host?

From the logical Point of View. PAM is invoked from saslauthd, the Library 
sends in behalf of the Application only 4 things to saslauthd. The Username, 
Realm, Servicename and the Password. Nothing else. So there is just not enough 
data in saslauthd to give something about the remote Host to PAM.

You would have to change the protocol between the SASL-Library and saslauthd 
to pass something about the Remote End to saslauthd and then change the PAM-
Stuff in saslauthd to set the RHOST Data.

--
Andreas