Commit 605832ea authored by Howard Chu's avatar Howard Chu
Browse files

Added support for AIX security database:

  configure.in: check for AIX security library, set in AUTH_LIBS macro
  top.mk: add AUTH_LIBS macro to SECURITY_LIBS
  portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
  passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
  	getpwnam must always succeed for the given user. It is not a
	fatal error if getspnam returns no result for the user: On
	systems that support /etc/shadow, its usage is optional. The
	same logic applies for AIX, SCO/HP SecureWare, etc.
parent a556140e
......@@ -126,7 +126,8 @@ KRB5_LIBS = @KRB5_LIBS@
KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
SASL_LIBS = @SASL_LIBS@
TLS_LIBS = @TLS_LIBS@
SECURITY_LIBS = @SASL_LIBS@ $(KRB_LIBS) @TLS_LIBS@
AUTH_LIBS = @AUTH_LIBS@
SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
......
......@@ -481,6 +481,7 @@ SASL_LIBS=
TERMCAP_LIBS=
TLS_LIBS=
MODULES_LIBS=
AUTH_LIBS=
dnl ================================================================
dnl Checks for programs
......@@ -633,6 +634,13 @@ if test "${ol_cv_mkdep}" = no ; then
AC_MSG_WARN([do not know how to generate dependencies])
fi
dnl ----------------------------------------------------------------
dnl Check for AIX security library
AC_CHECK_LIB(s, afopen, [
AUTH_LIBS=-ls
AC_DEFINE(HAVE_AIX_SECURITY,1,[define if you have AIX security lib])
])
dnl ----------------------------------------------------------------
dnl Check for module support
ol_link_modules=no
......@@ -2457,6 +2465,7 @@ AC_SUBST(SASL_LIBS)
AC_SUBST(TERMCAP_LIBS)
AC_SUBST(TLS_LIBS)
AC_SUBST(MODULES_LIBS)
AC_SUBST(AUTH_LIBS)
AC_SUBST(SLAPD_SQL_LDFLAGS)
AC_SUBST(SLAPD_SQL_LIBS)
......
......@@ -598,6 +598,9 @@
/* defined to be the EXE extension */
#undef EXEEXT
/* define if you have AIX security lib */
#undef HAVE_AIX_SECURITY
/* define if you have libtool -ltdl */
#undef HAVE_LIBLTDL
......
......@@ -42,6 +42,9 @@
#ifdef HAVE_PWD_H
# include <pwd.h>
#endif
#ifdef HAVE_AIX_SECURITY
# include <userpw.h>
#endif
#include <lber.h>
......@@ -162,8 +165,8 @@ static const struct pw_scheme pw_schemes[] =
#ifdef SLAPD_CRYPT
{ {sizeof("{CRYPT}")-1, "{CRYPT}"}, chk_crypt, hash_crypt },
# if defined( HAVE_GETSPNAM ) \
|| ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
#endif
# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
{ {sizeof("{UNIX}")-1, "{UNIX}"}, chk_unix, NULL },
# endif
#endif
......@@ -833,8 +836,7 @@ static int chk_crypt(
return strcmp( passwd->bv_val, cr ) ? 1 : 0;
}
# if defined( HAVE_GETSPNAM ) \
|| ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
static int chk_unix(
const struct pw_scheme *sc,
const struct berval * passwd,
......@@ -862,26 +864,31 @@ static int chk_unix(
return -1; /* passwd must behave like a string */
}
# ifdef HAVE_GETSPNAM
{
struct spwd *spwd = getspnam(passwd->bv_val);
struct passwd *pwd = getpwnam(passwd->bv_val);
if(spwd == NULL) {
if(pwd == NULL) {
return -1; /* not found */
}
pw = spwd->sp_pwdp;
pw = pwd->pw_passwd;
}
# else
# ifdef HAVE_GETSPNAM
{
struct passwd *pwd = getpwnam(passwd->bv_val);
struct spwd *spwd = getspnam(passwd->bv_val);
if(pwd == NULL) {
return -1; /* not found */
if(spwd != NULL) {
pw = spwd->sp_pwdp;
}
}
# endif
# ifdef HAVE_AIX_SECURITY
{
struct userpw *upw = getuserpw(passwd->bv_val);
pw = pwd->pw_passwd;
if (upw != NULL) {
pw = upw->upw_passwd;
}
}
# endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment