Attachment #1672 for bug #1583

Lines 78-83 auth_krb5_password(Authctxt *authctxt, c Link Here

(-)auth-krb5.c (-3 / +10 lines)
78	krb5_error_code problem;	78	krb5_error_code problem;
79	krb5_ccache ccache = NULL;	79	krb5_ccache ccache = NULL;
80	int len;	80	int len;
		81	char krbname, platform_krbname;
		82
		83	/* get platform-specific kerberos client info if it exists */
		84	platform_krbname = platform_get_krb5_client_name(authctxt->pw->pw_name);
		85	krbname = platform_krbname ? platform_krbname : authctxt->pw->pw_name;
81		86
82	temporarily_use_uid(authctxt->pw);	87	temporarily_use_uid(authctxt->pw);
83		88
Lines 85-91 auth_krb5_password(Authctxt *authctxt, c Link Here
85	if (problem)	90	if (problem)
86	goto out;	91	goto out;
87		92
88	problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name,	93	problem = krb5_parse_name(authctxt->krb5_ctx, krbname,
89	&authctxt->krb5_user);	94	&authctxt->krb5_user);
90	if (problem)	95	if (problem)
91	goto out;	96	goto out;
Lines 141-148 auth_krb5_password(Authctxt *authctxt, c Link Here
141	if (problem)	146	if (problem)
142	goto out;	147	goto out;
143		148
144	if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,	149	if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, krbname)) {
145	authctxt->pw->pw_name)) {
146	problem = -1;	150	problem = -1;
147	goto out;	151	goto out;
148	}	152	}
Lines 177-182 auth_krb5_password(Authctxt *authctxt, c Link Here
177	out:	181	out:
178	restore_uid();	182	restore_uid();
179		183
		184	if (platform_krbname != NULL)
		185	xfree(pclient);
		186
180	if (problem) {	187	if (problem) {
181	if (ccache)	188	if (ccache)
182	krb5_cc_destroy(authctxt->krb5_ctx, ccache);	189	krb5_cc_destroy(authctxt->krb5_ctx, ccache);




	solaris_contract_post_fork_child();
#endif
}

char *
platform_get_krb5_client_name(const char *pw_name)
{
#ifdef USE_AIX_KRB_NAME
	return aix_get_krb5_client_name(pw_name);
#else
	return NULL;
#endif
}

Lines 21-23 Link Here

(-)platform.h (+2 lines)
21	void platform_pre_fork(void);	21	void platform_pre_fork(void);
22	void platform_post_fork_parent(pid_t child_pid);	22	void platform_post_fork_parent(pid_t child_pid);
23	void platform_post_fork_child(void);	23	void platform_post_fork_child(void);
		24	char * platform_get_krb5_client(const char *);
		25





# endif /* WITH_AIXAUTHENTICATE */

# ifdef USE_AIX_KRB_NAME
/*
 * aix_get_krb5_client_name: returns the user's kerberos principal name if
 * configured, otherwise NULL.  Caller must free returned string.
 */
char *
aix_get_krb5_client_name(char *pw_name)
{
	char *authname = NULL, *authdomain = NULL, *client = NULL;

	setuserdb(S_READ);
	if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0)
		debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno));
	if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0)
		debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno));
	enduserdb();

	if (authdomain != NULL) {
		if (xasprintf(&client, "%s@%s", authname ? authname : pw_name,
		    authdomain) != -1)
			return client;
	} else if (authname != NULL)
		return xstrdup(authname);
	return NULL;
}
# endif /* USE_AIX_KRB_NAME */

# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)
# undef getnameinfo
/*

Lines 95-100 int sys_auth_record_login(const char *, Link Here

(-)openbsd-compat/port-aix.h (+4 lines)
95	# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG	95	# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
96	char sys_auth_get_lastlogin_msg(const char , uid_t);	96	char sys_auth_get_lastlogin_msg(const char , uid_t);
97	# define CUSTOM_FAILED_LOGIN 1	97	# define CUSTOM_FAILED_LOGIN 1
		98	# if defined(S_AUTHDOMAIN) && defined (S_AUTHNAME)
		99	# define USE_AIX_KRB_NAME
		100	char aix_get_krb5_client_name(char );
		101	# endif
98	#endif	102	#endif
99		103
100	void aix_setauthdb(const char *);	104	void aix_setauthdb(const char *);

Return to bug 1583

Lines 374-379 aix_restoreauthdb(void) Link Here

(-)openbsd-compat/port-aix.c (+27 lines)
374		374
375	# endif /* WITH_AIXAUTHENTICATE */	375	# endif /* WITH_AIXAUTHENTICATE */
376		376
		377	# ifdef USE_AIX_KRB_NAME
		378	/*
		379	* aix_get_krb5_client_name: returns the user's kerberos principal name if
		380	* configured, otherwise NULL. Caller must free returned string.
		381	*/
		382	char *
		383	aix_get_krb5_client_name(char *pw_name)
		384	{
		385	char authname = NULL, authdomain = NULL, *client = NULL;
		386
		387	setuserdb(S_READ);
		388	if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0)
		389	debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno));
		390	if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0)
		391	debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno));
		392	enduserdb();
		393
		394	if (authdomain != NULL) {
		395	if (xasprintf(&client, "%s@%s", authname ? authname : pw_name,
		396	authdomain) != -1)
		397	return client;
		398	} else if (authname != NULL)
		399	return xstrdup(authname);
		400	return NULL;
		401	}
		402	# endif /* USE_AIX_KRB_NAME */
		403
377	# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)	404	# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)
378	# undef getnameinfo	405	# undef getnameinfo
379	/*	406	/*

Lines 44-46 platform_post_fork_child(void) Link Here

(-)platform.c (+10 lines)
44	solaris_contract_post_fork_child();	44	solaris_contract_post_fork_child();
45	#endif	45	#endif
46	}	46	}
		47
		48	char *
		49	platform_get_krb5_client_name(const char *pw_name)
		50	{
		51	#ifdef USE_AIX_KRB_NAME
		52	return aix_get_krb5_client_name(pw_name);
		53	#else
		54	return NULL;
		55	#endif
		56	}