]> git.proxmox.com Git - pve-access-control.git/commitdiff
projects / pve-access-control.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9d29960)
pam: set PAM_RHOST
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Thu, 1 Jun 2023 09:36:54 +0000 (11:36 +0200)
committerWolfgang Bumiller <w.bumiller@proxmox.com>
Mon, 5 Jun 2023 06:53:42 +0000 (08:53 +0200)
This allows pam modules to restrict users by host. For
instance, you could restrict root@pam to only 127.0.0.1.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
src/PVE/Auth/PAM.pm patch | blob | blame | history

diff --git a/src/PVE/Auth/PAM.pm b/src/PVE/Auth/PAM.pm
index f19320d4e4496fc10f34934f02cdc989fcb8222c..feabc0b18bb564eacd484752fa4b9d065580756a 100755 (executable)
--- a/src/PVE/Auth/PAM.pm
+++ b/src/PVE/Auth/PAM.pm
@@ -43,6 +43,12 @@ sub authenticate_user {
        die "error during PAM init: $err";
     }
 
+    if (my $rpcenv = PVE::RPCEnvironment::get()) {
+       if (my $ip = $rpcenv->get_client_ip()) {
+           $pamh->pam_set_item(PAM_RHOST(), $ip);
+       }
+    }
+
     my $res;
 
     if (($res = $pamh->pam_authenticate(0)) != PAM_SUCCESS) {
Access control framework