From dean@arctic.org Thu Jul  8 23:26:04 2004
Date: Thu, 8 Jul 2004 23:25:44 -0700 (PDT)
From: dean gaudet <dean@arctic.org>
To: alexm@hsys.msk.ru
Subject: logging improvement for checkpassword-pam

this patch for checkpassword-pam adds PAM_RHOST support using the
TCPREMOTEIP env variable set up by tcpserver.  this way the log will have
"rhost=foo" for auth failures.

additionally it sets up the syslog id to the service_name ... which makes
the log easier to parse if multiple services are using checkpassword-pam.

thanks for checkpassword-pam!

-dean


diff -pru checkpassword-pam-0.98.deborig/checkpassword-pam.c checkpassword-pam-0.98/checkpassword-pam.c
--- checkpassword-pam-0.98.deborig/checkpassword-pam.c	2003-08-06 15:03:22.000000000 -0700
+++ checkpassword-pam-0.98/checkpassword-pam.c	2004-07-08 23:06:04.000000000 -0700
@@ -80,7 +80,7 @@ main (int argc, char *argv[])
     char* service_name = NULL;
     int exit_status = 1;

-    init_logging();
+    init_logging(argv[0]);

     /* process command line options */
     opterr = 0;
@@ -142,6 +142,9 @@ main (int argc, char *argv[])
 	}
     }

+    terminate_logging();
+    init_logging(service_name);
+
     /* read the username/password */
     protocol = fdopen(PROTOCOL_FD, "r");
     if (protocol == NULL) {
diff -pru checkpassword-pam-0.98.deborig/debian/changelog checkpassword-pam-0.98/debian/changelog
--- checkpassword-pam-0.98.deborig/debian/changelog	2003-08-06 12:48:56.000000000 -0700
+++ checkpassword-pam-0.98/debian/changelog	2004-07-08 23:07:11.000000000 -0700
@@ -1,3 +1,12 @@
+checkpassword-pam (0.98-1.dg1) unstable; urgency=low
+
+  * set PAM_RHOST to TCPREMOTEIP if it exists so that the remote ip
+    is logged
+  * use the service_name for openlog() so that different services
+    can be distinguished in syslog
+
+ -- dean gaudet <dean@arctic.org>  Thu,  8 Jul 2004 23:06:08 -0700
+
 checkpassword-pam (0.98-1) unstable; urgency=low

   * Update to 0.98.
diff -pru checkpassword-pam-0.98.deborig/logging.h checkpassword-pam-0.98/logging.h
--- checkpassword-pam-0.98.deborig/logging.h	2003-07-03 12:58:08.000000000 -0700
+++ checkpassword-pam-0.98/logging.h	2004-07-08 23:06:01.000000000 -0700
@@ -24,9 +24,9 @@
 extern int opt_use_stdout;
 extern int opt_debugging;

-#define init_logging() \
+#define init_logging(id) \
   do { \
-    openlog("checkpassword-pam", LOG_PID, LOG_AUTH); \
+    openlog(id, LOG_PID, LOG_AUTH); \
   } while (0)


diff -pru checkpassword-pam-0.98.deborig/pam-support.c checkpassword-pam-0.98/pam-support.c
--- checkpassword-pam-0.98.deborig/pam-support.c	2003-07-03 12:28:50.000000000 -0700
+++ checkpassword-pam-0.98/pam-support.c	2004-07-08 22:34:24.000000000 -0700
@@ -91,6 +91,7 @@ authenticate_using_pam (const char* serv
     struct pam_conv pam_conversation = { conversation, NULL };
     pam_handle_t* pamh;
     int retval;
+    char *remoteip;

     /* to be used later from conversation() */
     global_password = password;
@@ -104,6 +105,13 @@ authenticate_using_pam (const char* serv
     }
     debugging("Pam library initialization succeeded");

+    /* provided by tcpserver */
+    remoteip = getenv("TCPREMOTEIP");
+    if (remoteip) {
+	/* we don't care if this succeeds or not */
+	pam_set_item(pamh, PAM_RHOST, remoteip);
+    }
+
     /* Authenticate the user */
     retval = pam_authenticate(pamh, 0);
     if (retval != PAM_SUCCESS) {