[pmg-devel] [PATCH api 2/2] pam: set PAM_RHOST

[Wolfgang Bumiller]

This allows pam modules to restrict users by host. For
instance, you could restrict root at pam to only 127.0.0.1.

Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
 src/PMG/AccessControl.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/PMG/AccessControl.pm b/src/PMG/AccessControl.pm
index 7926d4b..5ac4bc0 100644
--- a/src/PMG/AccessControl.pm
+++ b/src/PMG/AccessControl.pm
@@ -138,6 +138,12 @@ sub authenticate_pam_user {
 	return @res;
     });
 
+    if (my $rpcenv = PMG::RESTEnvironment->get()) {
+	if (my $ip = $rpcenv->get_client_ip()) {
+	    $pamh->pam_set_item(PAM_RHOST(), $ip);
+	}
+    }
+
     if (!ref($pamh)) {
 	my $err = $pamh->pam_strerror($pamh);
 	die "Error during PAM init: $err";
-- 
2.39.2