From 0f26b1386a8beaa1884178f8793c91d84274ea7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Feb 2008 23:16:04 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement getgrouplist via getgrset on AIX, rather than iterating over getgrent. This allows, eg, Match and AllowGroups directives to work with NIS and LDAP groups. --- openbsd-compat/port-aix.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) (limited to 'openbsd-compat/port-aix.c') diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 94faec670..b19d2296e 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -1,7 +1,7 @@ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved. + * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -394,4 +394,58 @@ sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, } # endif /* AIX_GETNAMEINFO_HACK */ +# if defined(USE_GETGRSET) +# include +int +getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt) +{ + char *cp, *grplist, *grp; + gid_t gid; + int ret = 0, ngroups = 0, maxgroups; + long l; + + maxgroups = *grpcnt; + + if ((cp = grplist = getgrset(user)) == NULL) + return -1; + + /* handle zero-length case */ + if (maxgroups <= 0) { + *grpcnt = 0; + return -1; + } + + /* copy primary group */ + groups[ngroups++] = pgid; + + /* copy each entry from getgrset into group list */ + while ((grp = strsep(&grplist, ",")) != NULL) { + l = strtol(grp, NULL, 10); + if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) { + ret = -1; + goto out; + } + gid = (gid_t)l; + if (gid == pgid) + continue; /* we have already added primary gid */ + groups[ngroups++] = gid; + } +out: + free(cp); + *grpcnt = ngroups; + return ret; +} + +int +ssh_initgroups(const char *user, gid_t group) +{ + gid_t grps[NGROUPS_MAX]; + int grpcnt = NGROUPS_MAX; + + if (getgrouplist(user, group, grps, &grpcnt) == -1) + return -1; + return setgroups(grpcnt, grps); +} +# endif /* USE_GETGRSET */ + #endif /* _AIX */ -- cgit v1.2.3 From 16ba6a8ea25ee45feec55ce5a29a4723c2665ea2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 9 Mar 2008 16:36:55 +1100 Subject: - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups implementation. It's not needed to fix bug #1081 and breaks the build on some AIX configurations. --- ChangeLog | 5 ++++- openbsd-compat/port-aix.c | 11 ----------- openbsd-compat/port-aix.h | 4 +--- 3 files changed, 5 insertions(+), 15 deletions(-) (limited to 'openbsd-compat/port-aix.c') diff --git a/ChangeLog b/ChangeLog index 14b212eb2..ce8b52e65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't always work for all platforms and versions, so test what we can and add a configure flag to turn it of if needed. ok djm@ + - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups + implementation. It's not needed to fix bug #1081 and breaks the build + on some AIX configurations. 20080307 - (djm) OpenBSD CVS Sync @@ -3703,4 +3706,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4861 2008/03/09 00:34:23 dtucker Exp $ +$Id: ChangeLog,v 1.4862 2008/03/09 05:36:55 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index b19d2296e..5b1cb7387 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -435,17 +435,6 @@ out: *grpcnt = ngroups; return ret; } - -int -ssh_initgroups(const char *user, gid_t group) -{ - gid_t grps[NGROUPS_MAX]; - int grpcnt = NGROUPS_MAX; - - if (getgrouplist(user, group, grps, &grpcnt) == -1) - return -1; - return setgroups(grpcnt, grps); -} # endif /* USE_GETGRSET */ #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 14024d417..ecb9feae8 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.28 2008/02/28 12:16:04 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */ /* * @@ -111,8 +111,6 @@ int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, # define HAVE_GETGROUPLIST # define USE_GETGRSET int getgrouplist(const char *, gid_t, gid_t *, int *); -int ssh_initgroups(const char *, gid_t); -# define initgroups(a, b) ssh_initgroups((a), (b)) #endif #endif /* _AIX */ -- cgit v1.2.3