summaryrefslogtreecommitdiff
path: root/openbsd-compat
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2008-02-28 23:16:04 +1100
committerDarren Tucker <dtucker@zip.com.au>2008-02-28 23:16:04 +1100
commit0f26b1386a8beaa1884178f8793c91d84274ea7d (patch)
tree7c94a0d48e39fd8d10f6bc68f985b048893a31b7 /openbsd-compat
parent3d295a6cf0c4e240509f035d514393eec4abd43d (diff)
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
getgrouplist via getgrset on AIX, rather than iterating over getgrent. This allows, eg, Match and AllowGroups directives to work with NIS and LDAP groups.
Diffstat (limited to 'openbsd-compat')
-rw-r--r--openbsd-compat/port-aix.c56
-rw-r--r--openbsd-compat/port-aix.h16
2 files changed, 69 insertions, 3 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 94faec670..b19d2296e 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * 2 *
3 * Copyright (c) 2001 Gert Doering. All rights reserved. 3 * Copyright (c) 2001 Gert Doering. All rights reserved.
4 * Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved. 4 * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -394,4 +394,58 @@ sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
394} 394}
395# endif /* AIX_GETNAMEINFO_HACK */ 395# endif /* AIX_GETNAMEINFO_HACK */
396 396
397# if defined(USE_GETGRSET)
398# include <stdlib.h>
399int
400getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt)
401{
402 char *cp, *grplist, *grp;
403 gid_t gid;
404 int ret = 0, ngroups = 0, maxgroups;
405 long l;
406
407 maxgroups = *grpcnt;
408
409 if ((cp = grplist = getgrset(user)) == NULL)
410 return -1;
411
412 /* handle zero-length case */
413 if (maxgroups <= 0) {
414 *grpcnt = 0;
415 return -1;
416 }
417
418 /* copy primary group */
419 groups[ngroups++] = pgid;
420
421 /* copy each entry from getgrset into group list */
422 while ((grp = strsep(&grplist, ",")) != NULL) {
423 l = strtol(grp, NULL, 10);
424 if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) {
425 ret = -1;
426 goto out;
427 }
428 gid = (gid_t)l;
429 if (gid == pgid)
430 continue; /* we have already added primary gid */
431 groups[ngroups++] = gid;
432 }
433out:
434 free(cp);
435 *grpcnt = ngroups;
436 return ret;
437}
438
439int
440ssh_initgroups(const char *user, gid_t group)
441{
442 gid_t grps[NGROUPS_MAX];
443 int grpcnt = NGROUPS_MAX;
444
445 if (getgrouplist(user, group, grps, &grpcnt) == -1)
446 return -1;
447 return setgroups(grpcnt, grps);
448}
449# endif /* USE_GETGRSET */
450
397#endif /* _AIX */ 451#endif /* _AIX */
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 5a04bedad..14024d417 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,9 +1,9 @@
1/* $Id: port-aix.h,v 1.27 2006/09/18 13:54:33 dtucker Exp $ */ 1/* $Id: port-aix.h,v 1.28 2008/02/28 12:16:04 dtucker Exp $ */
2 2
3/* 3/*
4 * 4 *
5 * Copyright (c) 2001 Gert Doering. All rights reserved. 5 * Copyright (c) 2001 Gert Doering. All rights reserved.
6 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 6 * Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -103,4 +103,16 @@ int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t,
103# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) 103# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g))
104#endif 104#endif
105 105
106/*
107 * We use getgrset in preference to multiple getgrent calls for efficiency
108 * plus it supports NIS and LDAP groups.
109 */
110#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET)
111# define HAVE_GETGROUPLIST
112# define USE_GETGRSET
113int getgrouplist(const char *, gid_t, gid_t *, int *);
114int ssh_initgroups(const char *, gid_t);
115# define initgroups(a, b) ssh_initgroups((a), (b))
116#endif
117
106#endif /* _AIX */ 118#endif /* _AIX */