expose $SSH_CONNECTION in the PAM environment

This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741

auth-pam.c

@@ -673,6 +673,7 @@ sshpam_init(Authctxt *authctxt)
 {
 	const char *pam_rhost, *pam_user, *user = authctxt->user;
 	const char **ptr_pam_user = &pam_user;
+	char *laddr, *conninfo;
 	struct ssh *ssh = active_state; /* XXX */
 
 	if (sshpam_handle != NULL) {
@@ -702,6 +703,15 @@ sshpam_init(Authctxt *authctxt)
 		sshpam_handle = NULL;
 		return (-1);
 	}
+
+        laddr = get_local_ipaddr(packet_get_connection_in());
+        xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
+	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+	    laddr, ssh_local_port(ssh));
+	pam_putenv(sshpam_handle, conninfo);
+	free(laddr);
+	free(conninfo);
+
 #ifdef PAM_TTY_KLUDGE
 	/*
 	 * Some silly PAM modules (e.g. pam_time) require a TTY to operate.

session.c

@@ -1162,15 +1162,18 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
 		char **p;
 
 		/*
-		 * Don't allow SSH_AUTH_INFO variables posted to PAM to leak
+		 * Don't allow PAM-internal env vars to leak
-		 * back into the environment.
+		 * back into the session environment.
 		 */
+#define PAM_ENV_BLACKLIST  "SSH_AUTH_INFO*,SSH_CONNECTION*"
 		p = fetch_pam_child_environment();
-		copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
+		copy_environment_blacklist(p, &env, &envsize,
+		    PAM_ENV_BLACKLIST);
 		free_pam_environment(p);
 
 		p = fetch_pam_environment();
-		copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
+		copy_environment_blacklist(p, &env, &envsize,
+		    PAM_ENV_BLACKLIST);
 		free_pam_environment(p);
 	}
 #endif /* USE_PAM */