Attachment #1430 for bug #1081

Lines 344-349 Link Here

(-)openssh-4.7p1/config.h.in (+3 lines)
344	/* Define to 1 if you have the `getgrouplist' function. */	344	/* Define to 1 if you have the `getgrouplist' function. */
345	#undef HAVE_GETGROUPLIST	345	#undef HAVE_GETGROUPLIST
346		346
		347	/* Define to 1 if you have the `getgrset' function. */
		348	#undef HAVE_GETGRSET
		349
347	/* Define to 1 if you have the `getluid' function. */	350	/* Define to 1 if you have the `getluid' function. */
348	#undef HAVE_GETLUID	351	#undef HAVE_GETLUID
349		352

Lines 6761-6767 Link Here

(-)openssh-4.7p1/configure (-1 / +2 lines)
6761		6761
6762		6762
6763		6763
6764	for ac_func in setauthdb	6764
		6765	for ac_func in getgrset setauthdb
6765	do	6766	do
6766	as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`	6767	as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`
6767	{ echo "$as_me:$LINENO: checking for $ac_func" >&5	6768	{ echo "$as_me:$LINENO: checking for $ac_func" >&5

Lines 343-349 Link Here

(-)openssh-4.7p1/configure.ac (-1 / +1 lines)
343	[],	343	[],
344	[#include <usersec.h>]	344	[#include <usersec.h>]
345	)	345	)
346	AC_CHECK_FUNCS(setauthdb)	346	AC_CHECK_FUNCS(getgrset setauthdb)
347	AC_CHECK_DECL(F_CLOSEM,	347	AC_CHECK_DECL(F_CLOSEM,
348	AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),	348	AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
349	[],	349	[],




/*
 *
 * Copyright (c) 2001 Gert Doering.  All rights reserved.
 * Copyright (c) 2003,2004,2005,2006 Darren Tucker.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions

}
# endif /* AIX_GETNAMEINFO_HACK */

# if defined(USE_GETGRSET)
#  include <stdlib.h>
int
getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt)
{
	char *cp, *grplist, *grp;
	gid_t gid;
	int ret = 0, ngroups = 0, maxgroups;
	long l;

	maxgroups = *grpcnt;

	if ((cp = grplist = getgrset(user)) == NULL)
		return -1;

	/* handle zero-length case */
	if (maxgroups <= 0) {
		*grpcnt = 0;
		return -1;
	}

	/* copy primary group */
	groups[ngroups++] = pgid;

	/* copy each entry from getgrset into group list */
	while ((grp = strsep(&grplist, ",")) != NULL) {
		l = strtol(grp, NULL, 10);
		if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) {
			ret = -1;
			goto out;
		}
		gid = (gid_t)l;
		if (gid == pgid)
			continue;	/* we have already added primary gid */
		groups[ngroups++] = gid;
	}
out:
	free(cp);
	*grpcnt = ngroups;
	return ret;
}

int
ssh_initgroups(const char *user, gid_t group)
{
	gid_t grps[NGROUPS_MAX];
	int grpcnt = NGROUPS_MAX;

	if (getgrouplist(user, group, grps, &grpcnt) == -1)
		return -1;
	return setgroups(grpcnt, grps);
}
# endif	/* USE_GETGRSET */

#endif /* _AIX */

Lines 3-9 Link Here

(-)openssh-4.7p1/openbsd-compat/port-aix.h (-1 / +10 lines)
3	/*	3	/*
4	*	4	*
5	* Copyright (c) 2001 Gert Doering. All rights reserved.	5	* Copyright (c) 2001 Gert Doering. All rights reserved.
6	* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.	6	* Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved.
7	*	7	*
8	* Redistribution and use in source and binary forms, with or without	8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions	9	* modification, are permitted provided that the following conditions
Lines 103-106 Link Here
103	# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g))	103	# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g))
104	#endif	104	#endif
105		105
		106	/* We use getgrset in preference to multiple getgrent calls for efficiency */
		107	#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET)
		108	# define HAVE_GETGROUPLIST
		109	# define USE_GETGRSET
		110	int getgrouplist(const char , gid_t, gid_t , int *);
		111	int ssh_initgroups(const char *, gid_t);
		112	# define initgroups(a, b) ssh_initgroups((a), (b))
		113	#endif
		114
106	#endif /* _AIX */	115	#endif /* _AIX */

Return to bug 1081

Lines 1-7 Link Here

(-)openssh-4.7p1/openbsd-compat/port-aix.c (-1 / +55 lines)
1	/*	1	/*
2	*	2	*
3	* Copyright (c) 2001 Gert Doering. All rights reserved.	3	* Copyright (c) 2001 Gert Doering. All rights reserved.
4	* Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved.	4	* Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved.
5	*	5	*
6	* Redistribution and use in source and binary forms, with or without	6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions	7	* modification, are permitted provided that the following conditions
Lines 394-397 Link Here
394	}	394	}
395	# endif /* AIX_GETNAMEINFO_HACK */	395	# endif /* AIX_GETNAMEINFO_HACK */
396		396
		397	# if defined(USE_GETGRSET)
		398	# include <stdlib.h>
		399	int
		400	getgrouplist(const char user, gid_t pgid, gid_t groups, int *grpcnt)
		401	{
		402	char cp, grplist, *grp;
		403	gid_t gid;
		404	int ret = 0, ngroups = 0, maxgroups;
		405	long l;
		406
		407	maxgroups = *grpcnt;
		408
		409	if ((cp = grplist = getgrset(user)) == NULL)
		410	return -1;
		411
		412	/* handle zero-length case */
		413	if (maxgroups <= 0) {
		414	*grpcnt = 0;
		415	return -1;
		416	}
		417
		418	/* copy primary group */
		419	groups[ngroups++] = pgid;
		420
		421	/* copy each entry from getgrset into group list */
		422	while ((grp = strsep(&grplist, ",")) != NULL) {
		423	l = strtol(grp, NULL, 10);
		424	if (ngroups >= maxgroups \|\| l == LONG_MIN \|\| l == LONG_MAX) {
		425	ret = -1;
		426	goto out;
		427	}
		428	gid = (gid_t)l;
		429	if (gid == pgid)
		430	continue; /* we have already added primary gid */
		431	groups[ngroups++] = gid;
		432	}
		433	out:
		434	free(cp);
		435	*grpcnt = ngroups;
		436	return ret;
		437	}
		438
		439	int
		440	ssh_initgroups(const char *user, gid_t group)
		441	{
		442	gid_t grps[NGROUPS_MAX];
		443	int grpcnt = NGROUPS_MAX;
		444
		445	if (getgrouplist(user, group, grps, &grpcnt) == -1)
		446	return -1;
		447	return setgroups(grpcnt, grps);
		448	}
		449	# endif /* USE_GETGRSET */
		450
397	#endif /* _AIX */	451	#endif /* _AIX */