Bugzilla – Attachment 1713 Details for
Bug 1583
User principal name in AIX
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Generic patch
krb5patch.diff (text/plain), 4.00 KB, created by
Miguel Sanders
on 2009-10-29 23:59:11 AEDT
(
hide
)
Description:
Generic patch
Filename:
MIME Type:
Creator:
Miguel Sanders
Created:
2009-10-29 23:59:11 AEDT
Size:
4.00 KB
patch
obsolete
>Index: auth-krb5.c >=================================================================== >RCS file: /cvs/openssh/auth-krb5.c,v >retrieving revision 1.35 >diff -u -p -r1.35 auth-krb5.c >--- auth-krb5.c 5 Aug 2006 02:39:39 -0000 1.35 >+++ auth-krb5.c 29 Oct 2009 12:49:24 -0000 >@@ -78,6 +78,11 @@ auth_krb5_password(Authctxt *authctxt, c > krb5_error_code problem; > krb5_ccache ccache = NULL; > int len; >+ char *client, *platform_client; >+ >+ /* get platform-specific kerberos client principal name (if it exists) */ >+ platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); >+ client = platform_client ? platform_client : authctxt->pw->pw_name; > > temporarily_use_uid(authctxt->pw); > >@@ -85,7 +90,7 @@ auth_krb5_password(Authctxt *authctxt, c > if (problem) > goto out; > >- problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name, >+ problem = krb5_parse_name(authctxt->krb5_ctx, client, > &authctxt->krb5_user); > if (problem) > goto out; >@@ -176,6 +181,9 @@ auth_krb5_password(Authctxt *authctxt, c > > out: > restore_uid(); >+ >+ if (platform_client != NULL) >+ xfree(platform_client); > > if (problem) { > if (ccache) >Index: platform.c >=================================================================== >RCS file: /cvs/openssh/platform.c,v >retrieving revision 1.1 >diff -u -p -r1.1 platform.c >--- platform.c 30 Aug 2006 17:24:41 -0000 1.1 >+++ platform.c 29 Oct 2009 12:49:25 -0000 >@@ -44,3 +44,13 @@ platform_post_fork_child(void) > solaris_contract_post_fork_child(); > #endif > } >+ >+char * >+platform_krb5_get_principal_name(const char *pw_name) >+{ >+#ifdef _AIX >+ return aix_krb5_get_principal_name(pw_name); >+#else >+ return NULL; >+#endif >+} >Index: platform.h >=================================================================== >RCS file: /cvs/openssh/platform.h,v >retrieving revision 1.1 >diff -u -p -r1.1 platform.h >--- platform.h 30 Aug 2006 17:24:41 -0000 1.1 >+++ platform.h 29 Oct 2009 12:49:25 -0000 >@@ -21,3 +21,4 @@ > void platform_pre_fork(void); > void platform_post_fork_parent(pid_t child_pid); > void platform_post_fork_child(void); >+char * platform_krb5_get_principal_name(const char *); >Index: openbsd-compat/port-aix.c >=================================================================== >RCS file: /cvs/openssh/openbsd-compat/port-aix.c,v >retrieving revision 1.44 >diff -u -p -r1.44 port-aix.c >--- openbsd-compat/port-aix.c 16 Aug 2009 23:40:00 -0000 1.44 >+++ openbsd-compat/port-aix.c 29 Oct 2009 12:49:25 -0000 >@@ -374,6 +374,36 @@ aix_restoreauthdb(void) > > # endif /* WITH_AIXAUTHENTICATE */ > >+/* >+ * aix_krb5_get_principal_name: returns the user's kerberos client principal name if >+ * configured, otherwise NULL. Caller must free returned string. >+ */ >+char * >+aix_krb5_get_principal_name(char *pw_name) >+{ >+ char *authname = NULL, *authdomain = NULL, *client = NULL; >+ >+ setuserdb(S_READ); >+ if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0) >+ debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno)); >+ if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0) >+ debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno)); >+ >+ if (authdomain != NULL) { >+ if (xasprintf(&client, "%s@%s", authname ? authname : pw_name, >+ authdomain) != -1){ >+ char *newclient = xstrdup(client); >+ enduserdb(); >+ return newclient; >+ } >+ } else if (authname != NULL){ >+ enduserdb(); >+ return xstrdup(authname); >+ } >+ enduserdb(); >+ return NULL; >+} >+ > # if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) > # undef getnameinfo > /* >Index: openbsd-compat/port-aix.h >=================================================================== >RCS file: /cvs/openssh/openbsd-compat/port-aix.h,v >retrieving revision 1.31 >diff -u -p -r1.31 port-aix.h >--- openbsd-compat/port-aix.h 20 Aug 2009 06:20:50 -0000 1.31 >+++ openbsd-compat/port-aix.h 29 Oct 2009 12:49:25 -0000 >@@ -97,6 +97,7 @@ char *sys_auth_get_lastlogin_msg(const c > # define CUSTOM_FAILED_LOGIN 1 > #endif > >+char * aix_krb5_get_principal_name(char *); > void aix_setauthdb(const char *); > void aix_restoreauthdb(void); > void aix_remove_embedded_newlines(char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1713">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1583
:
1621
|
1622
|
1627
|
1653
|
1654
|
1672
| 1713 |
1745