Added support for AIX security database:

configure.in: check for AIX security library, set in AUTH_LIBS macro top.mk: add AUTH_LIBS macro to SECURITY_LIBS portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader) passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix: getpwnam must always succeed for the given user. It is not a fatal error if getspnam returns no result for the user: On systems that support /etc/shadow, its usage is optional. The same logic applies for AIX, SCO/HP SecureWare, etc.
2025-12-20 22:59:34 -05:00 · 2000-05-11 10:10:53 +00:00 · 2000-05-11 10:10:53 +00:00 · 605832eaa5
commit 605832eaa5
parent a556140e65
4 changed files with 37 additions and 17 deletions
--- a/build/top.mk
+++ b/build/top.mk
@ -126,7 +126,8 @@ KRB5_LIBS = @KRB5_LIBS@
 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
 SASL_LIBS = @SASL_LIBS@
 TLS_LIBS = @TLS_LIBS@
-SECURITY_LIBS = @SASL_LIBS@ $(KRB_LIBS) @TLS_LIBS@
+AUTH_LIBS = @AUTH_LIBS@
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)

 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
 MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
--- a/configure.in
+++ b/configure.in
@ -481,6 +481,7 @@ SASL_LIBS=
 TERMCAP_LIBS=
 TLS_LIBS=
 MODULES_LIBS=
+AUTH_LIBS=

 dnl ================================================================
 dnl Checks for programs
@ -633,6 +634,13 @@ if test "${ol_cv_mkdep}" = no ; then
 	AC_MSG_WARN([do not know how to generate dependencies])
 fi

+dnl ----------------------------------------------------------------
+dnl Check for AIX security library
+AC_CHECK_LIB(s, afopen, [
+	AUTH_LIBS=-ls
+	AC_DEFINE(HAVE_AIX_SECURITY,1,[define if you have AIX security lib])
+])
+
 dnl ----------------------------------------------------------------
 dnl Check for module support
 ol_link_modules=no
@ -2457,6 +2465,7 @@ AC_SUBST(SASL_LIBS)
 AC_SUBST(TERMCAP_LIBS)
 AC_SUBST(TLS_LIBS)
 AC_SUBST(MODULES_LIBS)
+AC_SUBST(AUTH_LIBS)

 AC_SUBST(SLAPD_SQL_LDFLAGS)
 AC_SUBST(SLAPD_SQL_LIBS)
--- a/include/portable.h.in
+++ b/include/portable.h.in
@ -598,6 +598,9 @@
 /* defined to be the EXE extension */
 #undef EXEEXT

+/* define if you have AIX security lib */
+#undef HAVE_AIX_SECURITY
+
 /* define if you have libtool -ltdl */
 #undef HAVE_LIBLTDL

--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@ -42,6 +42,9 @@
 #ifdef HAVE_PWD_H
 #	include <pwd.h>
 #endif
+#ifdef HAVE_AIX_SECURITY
+#	include <userpw.h>
+#endif

 #include <lber.h>

@ -162,8 +165,8 @@ static const struct pw_scheme pw_schemes[] =

 #ifdef SLAPD_CRYPT
 	{ {sizeof("{CRYPT}")-1, "{CRYPT}"},	chk_crypt, hash_crypt },
-# if defined( HAVE_GETSPNAM ) \
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+#endif
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
 	{ {sizeof("{UNIX}")-1, "{UNIX}"},	chk_unix, NULL },
 # endif
 #endif
@ -833,8 +836,7 @@ static int chk_crypt(
 	return strcmp( passwd->bv_val, cr ) ? 1 : 0;
 }

-# if defined( HAVE_GETSPNAM ) \
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
 static int chk_unix(
 	const struct pw_scheme *sc,
 	const struct berval * passwd,
@ -862,18 +864,6 @@ static int chk_unix(
 		return -1;	/* passwd must behave like a string */
 	}

-#  ifdef HAVE_GETSPNAM
-	{
-		struct spwd *spwd = getspnam(passwd->bv_val);
-
-		if(spwd == NULL) {
-			return -1;	/* not found */
-		}
-
-		pw = spwd->sp_pwdp;
-	}
-
-#  else
 	{
 		struct passwd *pwd = getpwnam(passwd->bv_val);

@ -883,6 +873,23 @@ static int chk_unix(

 		pw = pwd->pw_passwd;
 	}
+#  ifdef HAVE_GETSPNAM
+	{
+		struct spwd *spwd = getspnam(passwd->bv_val);
+
+		if(spwd != NULL) {
+			pw = spwd->sp_pwdp;
+		}
+	}
+#  endif
+#  ifdef HAVE_AIX_SECURITY
+	{
+		struct userpw *upw = getuserpw(passwd->bv_val);
+
+		if (upw != NULL) {
+			pw = upw->upw_passwd;
+		}
+	}
 #  endif

 	if( pw == NULL || pw[0] == '\0' || pw[1] == '\0' ) {