Bugzilla – Attachment 1672 Details for
Bug 1583
User principal name in AIX
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Make the krb5name patch generic.
openssh-aix-krb5name.patch (text/plain), 4.48 KB, created by
Darren Tucker
on 2009-08-20 20:44:24 AEST
(
hide
)
Description:
Make the krb5name patch generic.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2009-08-20 20:44:24 AEST
Size:
4.48 KB
patch
obsolete
>Index: auth-krb5.c >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/auth-krb5.c,v >retrieving revision 1.35 >diff -u -p -r1.35 auth-krb5.c >--- auth-krb5.c 5 Aug 2006 02:39:39 -0000 1.35 >+++ auth-krb5.c 20 Aug 2009 10:26:58 -0000 >@@ -78,6 +78,11 @@ auth_krb5_password(Authctxt *authctxt, c > krb5_error_code problem; > krb5_ccache ccache = NULL; > int len; >+ char *krbname, *platform_krbname; >+ >+ /* get platform-specific kerberos client info if it exists */ >+ platform_krbname = platform_get_krb5_client_name(authctxt->pw->pw_name); >+ krbname = platform_krbname ? platform_krbname : authctxt->pw->pw_name; > > temporarily_use_uid(authctxt->pw); > >@@ -85,7 +90,7 @@ auth_krb5_password(Authctxt *authctxt, c > if (problem) > goto out; > >- problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name, >+ problem = krb5_parse_name(authctxt->krb5_ctx, krbname, > &authctxt->krb5_user); > if (problem) > goto out; >@@ -141,8 +146,7 @@ auth_krb5_password(Authctxt *authctxt, c > if (problem) > goto out; > >- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, >- authctxt->pw->pw_name)) { >+ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, krbname)) { > problem = -1; > goto out; > } >@@ -177,6 +181,9 @@ auth_krb5_password(Authctxt *authctxt, c > out: > restore_uid(); > >+ if (platform_krbname != NULL) >+ xfree(pclient); >+ > if (problem) { > if (ccache) > krb5_cc_destroy(authctxt->krb5_ctx, ccache); >Index: platform.c >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/platform.c,v >retrieving revision 1.1 >diff -u -p -r1.1 platform.c >--- platform.c 30 Aug 2006 17:24:41 -0000 1.1 >+++ platform.c 20 Aug 2009 10:08:26 -0000 >@@ -44,3 +44,13 @@ platform_post_fork_child(void) > solaris_contract_post_fork_child(); > #endif > } >+ >+char * >+platform_get_krb5_client_name(const char *pw_name) >+{ >+#ifdef USE_AIX_KRB_NAME >+ return aix_get_krb5_client_name(pw_name); >+#else >+ return NULL; >+#endif >+} >Index: platform.h >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/platform.h,v >retrieving revision 1.1 >diff -u -p -r1.1 platform.h >--- platform.h 30 Aug 2006 17:24:41 -0000 1.1 >+++ platform.h 20 Aug 2009 08:30:29 -0000 >@@ -21,3 +21,5 @@ > void platform_pre_fork(void); > void platform_post_fork_parent(pid_t child_pid); > void platform_post_fork_child(void); >+char * platform_get_krb5_client(const char *); >+ >Index: openbsd-compat/port-aix.c >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/port-aix.c,v >retrieving revision 1.44 >diff -u -p -r1.44 port-aix.c >--- openbsd-compat/port-aix.c 16 Aug 2009 23:40:00 -0000 1.44 >+++ openbsd-compat/port-aix.c 20 Aug 2009 10:18:48 -0000 >@@ -374,6 +374,33 @@ aix_restoreauthdb(void) > > # endif /* WITH_AIXAUTHENTICATE */ > >+# ifdef USE_AIX_KRB_NAME >+/* >+ * aix_get_krb5_client_name: returns the user's kerberos principal name if >+ * configured, otherwise NULL. Caller must free returned string. >+ */ >+char * >+aix_get_krb5_client_name(char *pw_name) >+{ >+ char *authname = NULL, *authdomain = NULL, *client = NULL; >+ >+ setuserdb(S_READ); >+ if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0) >+ debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno)); >+ if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0) >+ debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno)); >+ enduserdb(); >+ >+ if (authdomain != NULL) { >+ if (xasprintf(&client, "%s@%s", authname ? authname : pw_name, >+ authdomain) != -1) >+ return client; >+ } else if (authname != NULL) >+ return xstrdup(authname); >+ return NULL; >+} >+# endif /* USE_AIX_KRB_NAME */ >+ > # if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) > # undef getnameinfo > /* >Index: openbsd-compat/port-aix.h >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/port-aix.h,v >retrieving revision 1.31 >diff -u -p -r1.31 port-aix.h >--- openbsd-compat/port-aix.h 20 Aug 2009 06:20:50 -0000 1.31 >+++ openbsd-compat/port-aix.h 20 Aug 2009 10:11:29 -0000 >@@ -95,6 +95,10 @@ int sys_auth_record_login(const char *, > # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG > char *sys_auth_get_lastlogin_msg(const char *, uid_t); > # define CUSTOM_FAILED_LOGIN 1 >+# if defined(S_AUTHDOMAIN) && defined (S_AUTHNAME) >+# define USE_AIX_KRB_NAME >+char *aix_get_krb5_client_name(char *); >+# endif > #endif > > void aix_setauthdb(const char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1672">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1583
:
1621
|
1622
|
1627
|
1653
|
1654
|
1672
|
1713
|
1745