tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-09-25 19:08:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement

Browse Source 
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
   This allows, eg, Match and AllowGroups directives to work with NIS and
   LDAP groups.
This commit is contained in:
Darren Tucker 2008-02-28 23:16:04 +11:00
parent 3d295a6cf0
commit 0f26b1386a
4 changed files with 77 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -7,6 +7,10 @@
SSLeay_add_all_algorithms as a macro already. SSLeay_add_all_algorithms as a macro already.
- (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL
compat glue into openssl-compat.h. compat glue into openssl-compat.h.
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
20080225 20080225
- (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
@ -3637,4 +3641,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.4844 2008/02/28 08:22:04 dtucker Exp $ $Id: ChangeLog,v 1.4845 2008/02/28 12:16:04 dtucker Exp $

6
configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.391 2008/02/28 04:01:13 dtucker Exp $ # $Id: configure.ac,v 1.392 2008/02/28 12:16:04 dtucker Exp $
# #
# Copyright (c) 1999-2004 Damien Miller # Copyright (c) 1999-2004 Damien Miller
# #
@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
AC_REVISION($Revision: 1.391 $) AC_REVISION($Revision: 1.392 $)
AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h) AC_CONFIG_HEADER(config.h)
@ -357,7 +357,7 @@ int main(void) { exit(0); }
[], [],
[#include <usersec.h>] [#include <usersec.h>]
) )
AC_CHECK_FUNCS(setauthdb) AC_CHECK_FUNCS(getgrset setauthdb)
AC_CHECK_DECL(F_CLOSEM, AC_CHECK_DECL(F_CLOSEM,
AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
[], [],

56
openbsd-compat/port-aix.c
View File

@ -1,7 +1,7 @@
/* /*
* *
* Copyright (c) 2001 Gert Doering. All rights reserved. * Copyright (c) 2001 Gert Doering. All rights reserved.
* Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved. * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -394,4 +394,58 @@ sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
} }
# endif /* AIX_GETNAMEINFO_HACK */ # endif /* AIX_GETNAMEINFO_HACK */
# if defined(USE_GETGRSET)
# include <stdlib.h>
int
getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt)
{
char *cp, *grplist, *grp;
gid_t gid;
int ret = 0, ngroups = 0, maxgroups;
long l;
maxgroups = *grpcnt;
if ((cp = grplist = getgrset(user)) == NULL)
return -1;
/* handle zero-length case */
if (maxgroups <= 0) {
*grpcnt = 0;
return -1;
}
/* copy primary group */
groups[ngroups++] = pgid;
/* copy each entry from getgrset into group list */
while ((grp = strsep(&grplist, ",")) != NULL) {
l = strtol(grp, NULL, 10);
if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) {
ret = -1;
goto out;
}
gid = (gid_t)l;
if (gid == pgid)
continue; /* we have already added primary gid */
groups[ngroups++] = gid;
}
out:
free(cp);
*grpcnt = ngroups;
return ret;
}
int
ssh_initgroups(const char *user, gid_t group)
{
gid_t grps[NGROUPS_MAX];
int grpcnt = NGROUPS_MAX;
if (getgrouplist(user, group, grps, &grpcnt) == -1)
return -1;
return setgroups(grpcnt, grps);
}
# endif /* USE_GETGRSET */
#endif /* _AIX */ #endif /* _AIX */

16
openbsd-compat/port-aix.h
View File

@ -1,9 +1,9 @@
/* $Id: port-aix.h,v 1.27 2006/09/18 13:54:33 dtucker Exp $ */ /* $Id: port-aix.h,v 1.28 2008/02/28 12:16:04 dtucker Exp $ */
/* /*
* *
* Copyright (c) 2001 Gert Doering. All rights reserved. * Copyright (c) 2001 Gert Doering. All rights reserved.
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. * Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -103,4 +103,16 @@ int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t,
# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) # define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g))
#endif #endif
/*
* We use getgrset in preference to multiple getgrent calls for efficiency
* plus it supports NIS and LDAP groups.
*/
#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET)
# define HAVE_GETGROUPLIST
# define USE_GETGRSET
int getgrouplist(const char *, gid_t, gid_t *, int *);
int ssh_initgroups(const char *, gid_t);
# define initgroups(a, b) ssh_initgroups((a), (b))
#endif
#endif /* _AIX */ #endif /* _AIX */