<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Hi Paul,</div><div class=""><br class=""></div>Searching in the code I got the value from the environment using in do_pam_authentication function <div class=""><br class=""></div><div class="">pam_getenv(pamh, "Framed-IP-Address");<br class=""><div class=""><br class=""></div><div class=""> but now i don't know how pass it to xauth result. </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">So far my changes are:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">diff --git a/programs/pluto/pam_conv.c b/programs/pluto/pam_conv.c</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">index a9a01a7..c661113 100644</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">--- a/programs/pluto/pam_conv.c</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+++ b/programs/pluto/pam_conv.c</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">@@ -168,6 +168,10 @@</span><span style="font-variant-ligatures: no-common-ligatures" class=""> bool do_pam_authentication(struct pam_thread_arg *arg)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> break;</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> log_pam_step(arg, what);</span></div><p style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </span><br class="webkit-block-placeholder"></p><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(47, 180, 29); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+</span><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class=""> </span><span style="font-variant-ligatures: no-common-ligatures" class="">// get attribute Framed-IP-Address from environment</span><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2; background-color: #850002" class=""> </span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(47, 180, 29); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+</span><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class=""> </span><span style="font-variant-ligatures: no-common-ligatures" class="">arg->addresspool = pam_getenv(pamh, "Framed-IP-Address");</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(47, 180, 29); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+</span><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class=""> </span><span style="font-variant-ligatures: no-common-ligatures" class="">log_pam_step(arg, what);</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(47, 180, 29); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> /* success! */</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> pam_end(pamh, PAM_SUCCESS);</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> return TRUE;</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">diff --git a/programs/pluto/pam_conv.h b/programs/pluto/pam_conv.h</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">index 5fe3c1e..5dc0e2a 100644</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">--- a/programs/pluto/pam_conv.h</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+++ b/programs/pluto/pam_conv.h</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">@@ -24,6 +24,7 @@</span><span style="font-variant-ligatures: no-common-ligatures" class=""> struct pam_thread_arg {</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> so_serial_t st_serialno;</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> unsigned long c_instance_serial;</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> const char *atype; /* string XAUTH or IKEv2 */</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(47, 180, 29); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">+</span><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class=""> </span><span style="font-variant-ligatures: no-common-ligatures" class="">const char *addresspool;</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> };</span></div><p style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0); min-height: 14px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </span><br class="webkit-block-placeholder"></p><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> extern bool do_pam_authentication(struct pam_thread_arg *arg);</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Thanks,</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 24 Mar 2020, at 13:53, António Silva <<a href="mailto:asilva@wirelessmundi.com" class="">asilva@wirelessmundi.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Paul,<div class=""><br class=""></div><div class="">I’m trying to make it possible to use the frame_ip_address from pam_radius_auth, right now i set the framed_ip_address as an environment variable.</div><div class="">Do you thing that libreswan could use this variable and set this IP address for the authenticate user?</div><div class=""><br class=""></div><div class="">This is my log:</div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi pluto[2803]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">"tunnel1"[12] 192.168.10.188 #25: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi pluto[2803]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">"tunnel1"[12] 192.168.10.188 #25: XAUTH: PAM authentication method requested to authenticate user 'user'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Got user name user</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: ignore last_pass, force_prompt set</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Sending RADIUS request code 1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: DEBUG: get_ipaddr(127.0.0.1) returned 0.</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi radiusd[3081]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">(14) Login OK: [user/1234] (from client nas01 port 13754 cli 192.168.10.188)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Got RADIUS response code 2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Set PAM environment variable : Framed-IP-Address=192.168.20.2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(242, 242, 242); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: authentication succeeded</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi pluto[2803]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">"tunnel1"[12] 192.168.10.188 #25: PAM: #25: completed for user 'user' with status SUCCESSS</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi pluto[2803]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">"tunnel1"[12] 192.168.10.188 #25: XAUTH: User user: Authentication Successful</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi pluto[2803]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">"tunnel1"[12] 192.168.10.188 #25: XAUTH: xauth_inR1(STF_OK)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi pluto[2803]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">"tunnel1"[12] 192.168.10.188 #25: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}</span></div><div style="margin: 0px; font-stretch: normal; font-size: 10px; line-height: normal; font-family: Monaco; color: rgb(255, 255, 255); background-color: rgb(0, 0, 0);" class=""><span style="font-variant-ligatures: no-common-ligatures; color: #f2f2f2" class="">Mar 24 03:46:38 commsmundi pluto[2803]: </span><span style="font-variant-ligatures: no-common-ligatures" class="">"tunnel1"[12] 192.168.10.188 #25: modecfg_inR0(STF_OK)</span></div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">António</div><div class=""><br class=""></div><div class=""><div class=""><br class=""><blockquote type="cite" class=""><div class="">On 15 Nov 2015, at 10:49, Paul Wouters <<a href="mailto:paul@nohats.ca" class="">paul@nohats.ca</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On Fri, 13 Nov 2015, François wrote:<br class=""><br class=""><blockquote type="cite" class="">Do you think it is possible with a tweak in current PAM authentication (not sure if PAM can send back parameters received by RADIUS), or would it require Libreswan to support RADIUS?<br class=""><br class="">Not sure how all this works, but I'm willing to try to make a patch for that if it's not too complex!<br class=""></blockquote><br class="">I guess it might be possible with pam_radius support? If you can figure<br class="">out those parts, we can help with getting the IP address from the pam<br class="">module back into the connection instance.<br class=""><br class="">Paul<br class="">_______________________________________________<br class="">Swan mailing list<br class=""><a href="mailto:Swan@lists.libreswan.org" class="">Swan@lists.libreswan.org</a><br class=""><a href="https://lists.libreswan.org/mailman/listinfo/swan" class="">https://lists.libreswan.org/mailman/listinfo/swan</a><br class=""></div></div></blockquote></div><br class=""></div></div>_______________________________________________<br class="">Swan mailing list<br class=""><a href="mailto:Swan@lists.libreswan.org" class="">Swan@lists.libreswan.org</a><br class="">https://lists.libreswan.org/mailman/listinfo/swan<br class=""></div></blockquote></div><br class=""></div></div></div></body></html>