Added support for AIX security database:

  configure.in: check for AIX security library, set in AUTH_LIBS macro
  top.mk: add AUTH_LIBS macro to SECURITY_LIBS
  portable.h.in: added HAVE_AIX_SECURITY macro (via autoheader)
  passwd.c: use AIX getuserpw in chk_unix. Also fix logic in chk_unix:
  	getpwnam must always succeed for the given user. It is not a
	fatal error if getspnam returns no result for the user: On
	systems that support /etc/shadow, its usage is optional. The
	same logic applies for AIX, SCO/HP SecureWare, etc.

diff --git a/build/top.mk b/build/top.mk
index 84581cd54b5082f8dccca551ef038ec8b305fd8e..3feb2e587c80375ba42660964dc797dc017fb139 100644 (file)
--- a/build/top.mk
+++ b/build/top.mk
@@ -126,7 +126,8 @@ KRB5_LIBS = @KRB5_LIBS@
 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
 SASL_LIBS = @SASL_LIBS@
 TLS_LIBS = @TLS_LIBS@
-SECURITY_LIBS = @SASL_LIBS@ $(KRB_LIBS) @TLS_LIBS@
+AUTH_LIBS = @AUTH_LIBS@
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
 
 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
 MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@

diff --git a/configure.in b/configure.in
index 130d6b3e8c2828d309f487eb50d42900d9f4aadf..aba593f2ca8230ae6d9bed760c8f09244cdb10d9 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -481,6 +481,7 @@ SASL_LIBS=
 TERMCAP_LIBS=
 TLS_LIBS=
 MODULES_LIBS=
+AUTH_LIBS=
 
 dnl ================================================================
 dnl Checks for programs
@@ -633,6 +634,13 @@ if test "${ol_cv_mkdep}" = no ; then
        AC_MSG_WARN([do not know how to generate dependencies])
 fi
 
+dnl ----------------------------------------------------------------
+dnl Check for AIX security library
+AC_CHECK_LIB(s, afopen, [
+       AUTH_LIBS=-ls
+       AC_DEFINE(HAVE_AIX_SECURITY,1,[define if you have AIX security lib])
+])
+
 dnl ----------------------------------------------------------------
 dnl Check for module support
 ol_link_modules=no
@@ -2457,6 +2465,7 @@ AC_SUBST(SASL_LIBS)
 AC_SUBST(TERMCAP_LIBS)
 AC_SUBST(TLS_LIBS)
 AC_SUBST(MODULES_LIBS)
+AC_SUBST(AUTH_LIBS)
 
 AC_SUBST(SLAPD_SQL_LDFLAGS)
 AC_SUBST(SLAPD_SQL_LIBS)

diff --git a/include/portable.h.in b/include/portable.h.in
index 0e5447f1eac554edcdbf609f3d67dac246da425c..21319188cefc808ee29a96b908dc74b4f1a0102d 100644 (file)
--- a/include/portable.h.in
+++ b/include/portable.h.in
@@ -598,6 +598,9 @@
 /* defined to be the EXE extension */
 #undef EXEEXT
 
+/* define if you have AIX security lib */
+#undef HAVE_AIX_SECURITY
+
 /* define if you have libtool -ltdl */
 #undef HAVE_LIBLTDL
 

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index cd4e42666d6eb3c5e932c7035f8cf072d94ccbe4..ce910e5d873f044d87ee63017fa61423a57de1fc 100644 (file)
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -42,6 +42,9 @@
 #ifdef HAVE_PWD_H
 #      include <pwd.h>
 #endif
+#ifdef HAVE_AIX_SECURITY
+#      include <userpw.h>
+#endif
 
 #include <lber.h>
 
@@ -162,8 +165,8 @@ static const struct pw_scheme pw_schemes[] =
 
 #ifdef SLAPD_CRYPT
        { {sizeof("{CRYPT}")-1, "{CRYPT}"},     chk_crypt, hash_crypt },
-# if defined( HAVE_GETSPNAM ) \
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+#endif
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
        { {sizeof("{UNIX}")-1, "{UNIX}"},       chk_unix, NULL },
 # endif
 #endif
@@ -833,8 +836,7 @@ static int chk_crypt(
        return strcmp( passwd->bv_val, cr ) ? 1 : 0;
 }
 
-# if defined( HAVE_GETSPNAM ) \
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
 static int chk_unix(
        const struct pw_scheme *sc,
        const struct berval * passwd,
@@ -862,26 +864,31 @@ static int chk_unix(
                return -1;      /* passwd must behave like a string */
        }
 
-#  ifdef HAVE_GETSPNAM
        {
-               struct spwd *spwd = getspnam(passwd->bv_val);
+               struct passwd *pwd = getpwnam(passwd->bv_val);
 
-               if(spwd == NULL) {
+               if(pwd == NULL) {
                        return -1;      /* not found */
                }
 
-               pw = spwd->sp_pwdp;
+               pw = pwd->pw_passwd;
        }
-
-#  else
+#  ifdef HAVE_GETSPNAM
        {
-               struct passwd *pwd = getpwnam(passwd->bv_val);
+               struct spwd *spwd = getspnam(passwd->bv_val);
 
-               if(pwd == NULL) {
-                       return -1;      /* not found */
+               if(spwd != NULL) {
+                       pw = spwd->sp_pwdp;
                }
+       }
+#  endif
+#  ifdef HAVE_AIX_SECURITY
+       {
+               struct userpw *upw = getuserpw(passwd->bv_val);
 
-               pw = pwd->pw_passwd;
+               if (upw != NULL) {
+                       pw = upw->upw_passwd;
+               }
        }
 #  endif