Add rhost item to pam information.

It is very useful to pass additional item like rhost when talking to pam modules, then we can force additional restriction like ip address from which client can connect. For example pam-pgsql utlizies this item, but cannot be used beacuse without this patch rhost is empty.
grzsmp · Oct 13, 2015 · 5e2b102 · 5e2b102
1 parent 6bcce25
commit 5e2b102
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
@@ -1736,7 +1736,9 @@ CheckPAMAuth(Port *port, char *user, char *password)
 {
 	int			retval;
 	pam_handle_t *pamh = NULL;
-
+	char hostinfo[NI_MAXHOST];
+        pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,
+                        hostinfo, sizeof(hostinfo), NULL, 0, NI_NUMERICHOST);
 	/*
 	 * We can't entirely rely on PAM to pass through appdata --- it appears
 	 * not to work on at least Solaris 2.6.  So use these ugly static
@@ -1780,6 +1782,16 @@ CheckPAMAuth(Port *port, char *user, char *password)
 		pam_passwd = NULL;		/* Unset pam_passwd */
 		return STATUS_ERROR;
 	}
+
+	retval = pam_set_item(pamh, PAM_RHOST, hostinfo);
+	if (retval != PAM_SUCCESS)
+	{
+		ereport(LOG,
+                                (errmsg("pam_set_item(PAM_RHOST) failed: %s",
+                                        	pam_strerror(pamh, retval))));
+                pam_passwd = NULL;      	/* Unset pam_passwd */
+                return STATUS_ERROR;
+	}
 
 	retval = pam_set_item(pamh, PAM_CONV, &pam_passw_conv);