Attachment #1713 for bug #1583

Lines 78-83 auth_krb5_password(Authctxt *authctxt, c Link Here

(-)auth-krb5.c (-1 / +9 lines)
78	krb5_error_code problem;	78	krb5_error_code problem;
79	krb5_ccache ccache = NULL;	79	krb5_ccache ccache = NULL;
80	int len;	80	int len;
		81	char client, platform_client;
		82
		83	/* get platform-specific kerberos client principal name (if it exists) */
		84	platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
		85	client = platform_client ? platform_client : authctxt->pw->pw_name;
81		86
82	temporarily_use_uid(authctxt->pw);	87	temporarily_use_uid(authctxt->pw);
83		88
Lines 85-91 auth_krb5_password(Authctxt *authctxt, c Link Here
85	if (problem)	90	if (problem)
86	goto out;	91	goto out;
87		92
88	problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name,	93	problem = krb5_parse_name(authctxt->krb5_ctx, client,
89	&authctxt->krb5_user);	94	&authctxt->krb5_user);
90	if (problem)	95	if (problem)
91	goto out;	96	goto out;
Lines 176-181 auth_krb5_password(Authctxt *authctxt, c Link Here
176		181
177	out:	182	out:
178	restore_uid();	183	restore_uid();
		184
		185	if (platform_client != NULL)
		186	xfree(platform_client);
179		187
180	if (problem) {	188	if (problem) {
181	if (ccache)	189	if (ccache)




	solaris_contract_post_fork_child();
#endif
}

char *
platform_krb5_get_principal_name(const char *pw_name)
{
#ifdef _AIX
	return aix_krb5_get_principal_name(pw_name);
#else
	return NULL;
#endif
}

Lines 21-23 Link Here

(-)platform.h (+1 lines)
21	void platform_pre_fork(void);	21	void platform_pre_fork(void);
22	void platform_post_fork_parent(pid_t child_pid);	22	void platform_post_fork_parent(pid_t child_pid);
23	void platform_post_fork_child(void);	23	void platform_post_fork_child(void);
		24	char * platform_krb5_get_principal_name(const char *);





# endif /* WITH_AIXAUTHENTICATE */

/*
 * aix_krb5_get_principal_name: returns the user's kerberos client principal name if
 * configured, otherwise NULL.  Caller must free returned string.
 */
char *
aix_krb5_get_principal_name(char *pw_name)
{
	char *authname = NULL, *authdomain = NULL, *client = NULL;

	setuserdb(S_READ);
	if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0)
		debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno));
	if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0)
		debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno));

	if (authdomain != NULL) {
		if (xasprintf(&client, "%s@%s", authname ? authname : pw_name,
		    authdomain) != -1){
			char *newclient = xstrdup(client);
			enduserdb();
			return newclient;
		}
	} else if (authname != NULL){
		enduserdb();
		return xstrdup(authname);
	}
	enduserdb();
	return NULL;
}

# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)
# undef getnameinfo
/*

Lines 97-102 char *sys_auth_get_lastlogin_msg(const c Link Here

(-)openbsd-compat/port-aix.h (+1 lines)
97	# define CUSTOM_FAILED_LOGIN 1	97	# define CUSTOM_FAILED_LOGIN 1
98	#endif	98	#endif
99		99
		100	char * aix_krb5_get_principal_name(char *);
100	void aix_setauthdb(const char *);	101	void aix_setauthdb(const char *);
101	void aix_restoreauthdb(void);	102	void aix_restoreauthdb(void);
102	void aix_remove_embedded_newlines(char *);	103	void aix_remove_embedded_newlines(char *);

Return to bug 1583

Lines 44-46 platform_post_fork_child(void) Link Here

(-)platform.c (+10 lines)
44	solaris_contract_post_fork_child();	44	solaris_contract_post_fork_child();
45	#endif	45	#endif
46	}	46	}
		47
		48	char *
		49	platform_krb5_get_principal_name(const char *pw_name)
		50	{
		51	#ifdef _AIX
		52	return aix_krb5_get_principal_name(pw_name);
		53	#else
		54	return NULL;
		55	#endif
		56	}

Lines 374-379 aix_restoreauthdb(void) Link Here

(-)openbsd-compat/port-aix.c (+30 lines)
374		374
375	# endif /* WITH_AIXAUTHENTICATE */	375	# endif /* WITH_AIXAUTHENTICATE */
376		376
		377	/*
		378	* aix_krb5_get_principal_name: returns the user's kerberos client principal name if
		379	* configured, otherwise NULL. Caller must free returned string.
		380	*/
		381	char *
		382	aix_krb5_get_principal_name(char *pw_name)
		383	{
		384	char authname = NULL, authdomain = NULL, *client = NULL;
		385
		386	setuserdb(S_READ);
		387	if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0)
		388	debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno));
		389	if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0)
		390	debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno));
		391
		392	if (authdomain != NULL) {
		393	if (xasprintf(&client, "%s@%s", authname ? authname : pw_name,
		394	authdomain) != -1){
		395	char *newclient = xstrdup(client);
		396	enduserdb();
		397	return newclient;
		398	}
		399	} else if (authname != NULL){
		400	enduserdb();
		401	return xstrdup(authname);
		402	}
		403	enduserdb();
		404	return NULL;
		405	}
		406
377	# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)	407	# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)
378	# undef getnameinfo	408	# undef getnameinfo
379	/*	409	/*