Bugzilla – Attachment 1745 Details for
Bug 1583
User principal name in AIX
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
openssh-aix-krb5.patch
openssh-aix-krb5.patch (text/plain), 4.46 KB, created by
Darren Tucker
on 2009-12-10 18:30:06 AEDT
(
hide
)
Description:
openssh-aix-krb5.patch
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2009-12-10 18:30:06 AEDT
Size:
4.46 KB
patch
obsolete
>Index: auth-krb5.c >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/auth-krb5.c,v >retrieving revision 1.35 >diff -u -p -r1.35 auth-krb5.c >--- auth-krb5.c 5 Aug 2006 02:39:39 -0000 1.35 >+++ auth-krb5.c 10 Dec 2009 06:14:38 -0000 >@@ -78,6 +78,11 @@ auth_krb5_password(Authctxt *authctxt, c > krb5_error_code problem; > krb5_ccache ccache = NULL; > int len; >+ char *client, *platform_client; >+ >+ /* get platform-specific kerberos client principal name (if it exists) */ >+ platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); >+ client = platform_client ? platform_client : authctxt->pw->pw_name; > > temporarily_use_uid(authctxt->pw); > >@@ -85,7 +90,7 @@ auth_krb5_password(Authctxt *authctxt, c > if (problem) > goto out; > >- problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name, >+ problem = krb5_parse_name(authctxt->krb5_ctx, client, > &authctxt->krb5_user); > if (problem) > goto out; >@@ -141,8 +146,7 @@ auth_krb5_password(Authctxt *authctxt, c > if (problem) > goto out; > >- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, >- authctxt->pw->pw_name)) { >+ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { > problem = -1; > goto out; > } >@@ -176,6 +180,9 @@ auth_krb5_password(Authctxt *authctxt, c > > out: > restore_uid(); >+ >+ if (platform_client != NULL) >+ xfree(platform_client); > > if (problem) { > if (ccache) >Index: platform.c >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/platform.c,v >retrieving revision 1.2 >diff -u -p -r1.2 platform.c >--- platform.c 8 Dec 2009 02:39:48 -0000 1.2 >+++ platform.c 10 Dec 2009 06:15:29 -0000 >@@ -56,3 +56,13 @@ platform_post_fork_child(void) > oom_adjust_restore(); > #endif > } >+ >+char * >+platform_krb5_get_principal_name(const char *pw_name) >+{ >+#ifdef USE_AIX_KRB_NAME >+ return aix_krb5_get_principal_name(pw_name); >+#else >+ return NULL; >+#endif >+} >Index: platform.h >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/platform.h,v >retrieving revision 1.2 >diff -u -p -r1.2 platform.h >--- platform.h 8 Dec 2009 02:39:48 -0000 1.2 >+++ platform.h 10 Dec 2009 06:02:06 -0000 >@@ -22,3 +22,5 @@ void platform_pre_listen(void); > void platform_pre_fork(void); > void platform_post_fork_parent(pid_t child_pid); > void platform_post_fork_child(void); >+char * platform_get_krb5_client(const char *); >+ >Index: openbsd-compat/port-aix.c >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/port-aix.c,v >retrieving revision 1.44 >diff -u -p -r1.44 port-aix.c >--- openbsd-compat/port-aix.c 16 Aug 2009 23:40:00 -0000 1.44 >+++ openbsd-compat/port-aix.c 10 Dec 2009 07:28:59 -0000 >@@ -374,6 +374,31 @@ aix_restoreauthdb(void) > > # endif /* WITH_AIXAUTHENTICATE */ > >+# ifdef USE_AIX_KRB_NAME >+/* >+ * aix_krb5_get_principal_name: returns the user's kerberos client principal name if >+ * configured, otherwise NULL. Caller must free returned string. >+ */ >+char * >+aix_krb5_get_principal_name(char *pw_name) >+{ >+ char *authname = NULL, *authdomain = NULL, *principal = NULL; >+ >+ setuserdb(S_READ); >+ if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0) >+ debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno)); >+ if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0) >+ debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno)); >+ >+ if (authdomain != NULL) >+ xasprintf(&principal, "%s@%s", authname ? authname : pw_name, authdomain); >+ else if (authname != NULL) >+ principal = xstrdup(authname); >+ enduserdb(); >+ return principal; >+} >+# endif /* USE_AIX_KRB_NAME */ >+ > # if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) > # undef getnameinfo > /* >Index: openbsd-compat/port-aix.h >=================================================================== >RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/port-aix.h,v >retrieving revision 1.31 >diff -u -p -r1.31 port-aix.h >--- openbsd-compat/port-aix.h 20 Aug 2009 06:20:50 -0000 1.31 >+++ openbsd-compat/port-aix.h 10 Dec 2009 06:12:10 -0000 >@@ -95,6 +95,10 @@ int sys_auth_record_login(const char *, > # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG > char *sys_auth_get_lastlogin_msg(const char *, uid_t); > # define CUSTOM_FAILED_LOGIN 1 >+# if defined(S_AUTHDOMAIN) && defined (S_AUTHNAME) >+# define USE_AIX_KRB_NAME >+char *aix_krb5_get_principal_name(char *); >+# endif > #endif > > void aix_setauthdb(const char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1745">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1583
:
1621
|
1622
|
1627
|
1653
|
1654
|
1672
|
1713
| 1745