From 0f26b1386a8beaa1884178f8793c91d84274ea7d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Feb 2008 23:16:04 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement getgrouplist via getgrset on AIX, rather than iterating over getgrent. This allows, eg, Match and AllowGroups directives to work with NIS and LDAP groups. --- openbsd-compat/port-aix.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'openbsd-compat/port-aix.h') diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 5a04bedad..14024d417 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,9 +1,9 @@ -/* $Id: port-aix.h,v 1.27 2006/09/18 13:54:33 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.28 2008/02/28 12:16:04 dtucker Exp $ */ /* * * Copyright (c) 2001 Gert Doering. All rights reserved. - * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. + * Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -103,4 +103,16 @@ int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, # define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) #endif +/* + * We use getgrset in preference to multiple getgrent calls for efficiency + * plus it supports NIS and LDAP groups. + */ +#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET) +# define HAVE_GETGROUPLIST +# define USE_GETGRSET +int getgrouplist(const char *, gid_t, gid_t *, int *); +int ssh_initgroups(const char *, gid_t); +# define initgroups(a, b) ssh_initgroups((a), (b)) +#endif + #endif /* _AIX */ -- cgit v1.2.3 From 16ba6a8ea25ee45feec55ce5a29a4723c2665ea2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 9 Mar 2008 16:36:55 +1100 Subject: - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups implementation. It's not needed to fix bug #1081 and breaks the build on some AIX configurations. --- ChangeLog | 5 ++++- openbsd-compat/port-aix.c | 11 ----------- openbsd-compat/port-aix.h | 4 +--- 3 files changed, 5 insertions(+), 15 deletions(-) (limited to 'openbsd-compat/port-aix.h') diff --git a/ChangeLog b/ChangeLog index 14b212eb2..ce8b52e65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't always work for all platforms and versions, so test what we can and add a configure flag to turn it of if needed. ok djm@ + - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups + implementation. It's not needed to fix bug #1081 and breaks the build + on some AIX configurations. 20080307 - (djm) OpenBSD CVS Sync @@ -3703,4 +3706,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4861 2008/03/09 00:34:23 dtucker Exp $ +$Id: ChangeLog,v 1.4862 2008/03/09 05:36:55 dtucker Exp $ diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index b19d2296e..5b1cb7387 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -435,17 +435,6 @@ out: *grpcnt = ngroups; return ret; } - -int -ssh_initgroups(const char *user, gid_t group) -{ - gid_t grps[NGROUPS_MAX]; - int grpcnt = NGROUPS_MAX; - - if (getgrouplist(user, group, grps, &grpcnt) == -1) - return -1; - return setgroups(grpcnt, grps); -} # endif /* USE_GETGRSET */ #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 14024d417..ecb9feae8 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.28 2008/02/28 12:16:04 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */ /* * @@ -111,8 +111,6 @@ int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, # define HAVE_GETGROUPLIST # define USE_GETGRSET int getgrouplist(const char *, gid_t, gid_t *, int *); -int ssh_initgroups(const char *, gid_t); -# define initgroups(a, b) ssh_initgroups((a), (b)) #endif #endif /* _AIX */ -- cgit v1.2.3