During login from ssh, send remote host IP address in AUTH request

The hack is to run getpeername on fd 0, because during ssh connections,
it is a socket from the remote host.  This is a bit fragile...

Normally fd 0 interactively will be a pty or tty, so getpeername() will fail.

There may be some daemons where fd0 is a socket, and returns a local or
some other remote IP address, and if so, it could lead to some
confusion, but it shouldn't ever break anything.

I ran with tshark watching the packet exchange, and verified that the
remote address field is set for ssh sessions at the start of the ssh
session, and not when run in other uses.  The customer ran a 3.2.1
package with this change, and it resolved their issue.

1 files changed, 2 insertions, 1 deletions

diff --git a/debian/changelog b/debian/changelog
index fefa524..43d371e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,5 @@
 libnss-tacplus (1.0.2) unstable; urgency=low
   * added config variable "timeout" to limit time attempting to
-    connect to non-responding TACACS server.
   * added config variable "exclude_users" in /etc/tacplus_nss
     to avoid looking up "local" user accounts via TACACS servers.  This
     improves overall system performance for local users, and avoids significant
@@ -10,6 +9,8 @@ libnss-tacplus (1.0.2) unstable; urgency=low
   * Improved debugging messages.
   * Minor corrections to Copyright and licensing
   * Added vrf config variable, so NSS lookups work correctly$
+  * During login, send remote add IP address in AUTH request
+    connect to non-responding TACACS server.
 
  -- Dave Olson <olson@cumulusnetworks.com>  Tue, 07 Mar 2017 12:58:03 -0800