* [pmg-devel] [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth'
@ 2023-06-27 13:39 Wolfgang Bumiller
2023-06-27 13:39 ` [pmg-devel] [PATCH api 2/2] pam: set PAM_RHOST Wolfgang Bumiller
2023-06-27 14:08 ` [pmg-devel] applied-series: [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth' Thomas Lamprecht
0 siblings, 2 replies; 3+ messages in thread
From: Wolfgang Bumiller @ 2023-06-27 13:39 UTC (permalink / raw)
To: pmg-devel
This allows configuring PAM authentication for PMG via
/etc/pam.d/proxmox-mailgateway-auth
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
src/PMG/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PMG/AccessControl.pm b/src/PMG/AccessControl.pm
index b093666..7926d4b 100644
--- a/src/PMG/AccessControl.pm
+++ b/src/PMG/AccessControl.pm
@@ -127,7 +127,7 @@ sub authenticate_pam_user {
# user need to be able to read /etc/passwd /etc/shadow
- my $pamh = Authen::PAM->new('common-auth', $username, sub {
+ my $pamh = Authen::PAM->new('proxmox-mailgateway-auth', $username, sub {
my @res;
while(@_) {
my $msg_type = shift;
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pmg-devel] [PATCH api 2/2] pam: set PAM_RHOST
2023-06-27 13:39 [pmg-devel] [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth' Wolfgang Bumiller
@ 2023-06-27 13:39 ` Wolfgang Bumiller
2023-06-27 14:08 ` [pmg-devel] applied-series: [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth' Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Wolfgang Bumiller @ 2023-06-27 13:39 UTC (permalink / raw)
To: pmg-devel
This allows pam modules to restrict users by host. For
instance, you could restrict root@pam to only 127.0.0.1.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
src/PMG/AccessControl.pm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/PMG/AccessControl.pm b/src/PMG/AccessControl.pm
index 7926d4b..5ac4bc0 100644
--- a/src/PMG/AccessControl.pm
+++ b/src/PMG/AccessControl.pm
@@ -138,6 +138,12 @@ sub authenticate_pam_user {
return @res;
});
+ if (my $rpcenv = PMG::RESTEnvironment->get()) {
+ if (my $ip = $rpcenv->get_client_ip()) {
+ $pamh->pam_set_item(PAM_RHOST(), $ip);
+ }
+ }
+
if (!ref($pamh)) {
my $err = $pamh->pam_strerror($pamh);
die "Error during PAM init: $err";
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pmg-devel] applied-series: [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth'
2023-06-27 13:39 [pmg-devel] [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth' Wolfgang Bumiller
2023-06-27 13:39 ` [pmg-devel] [PATCH api 2/2] pam: set PAM_RHOST Wolfgang Bumiller
@ 2023-06-27 14:08 ` Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2023-06-27 14:08 UTC (permalink / raw)
To: Wolfgang Bumiller, pmg-devel
Am 27/06/2023 um 15:39 schrieb Wolfgang Bumiller:
> This allows configuring PAM authentication for PMG via
> /etc/pam.d/proxmox-mailgateway-auth
>
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> ---
> src/PMG/AccessControl.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>
applied both patches, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-27 14:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-27 13:39 [pmg-devel] [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth' Wolfgang Bumiller
2023-06-27 13:39 ` [pmg-devel] [PATCH api 2/2] pam: set PAM_RHOST Wolfgang Bumiller
2023-06-27 14:08 ` [pmg-devel] applied-series: [PATCH api 1/2] auth: set PAM context to 'proxmox-mailgateway-auth' Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.