From 605832eaa5dee305e96dea3033b76bbd2f7c2bfd Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 11 May 2000 10:10:53 +0000
Subject: [PATCH] Added support for AIX security database:   configure.in:
 check for AIX security library, set in AUTH_LIBS macro   top.mk: add
 AUTH_LIBS macro to SECURITY_LIBS   portable.h.in: added HAVE_AIX_SECURITY
 macro (via autoheader)   passwd.c: use AIX getuserpw in chk_unix. Also fix
 logic in chk_unix:   	getpwnam must always succeed for the given user. It is
 not a 	fatal error if getspnam returns no result for the user: On 
 systems that support /etc/shadow, its usage is optional. The 	same logic
 applies for AIX, SCO/HP SecureWare, etc.

---
 build/top.mk                |  3 ++-
 configure.in                |  9 +++++++++
 include/portable.h.in       |  3 +++
 libraries/liblutil/passwd.c | 35 +++++++++++++++++++++--------------
 4 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/build/top.mk b/build/top.mk
index 84581cd54b..3feb2e587c 100644
--- a/build/top.mk
+++ b/build/top.mk
@@ -126,7 +126,8 @@ KRB5_LIBS = @KRB5_LIBS@
 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
 SASL_LIBS = @SASL_LIBS@
 TLS_LIBS = @TLS_LIBS@
-SECURITY_LIBS = @SASL_LIBS@ $(KRB_LIBS) @TLS_LIBS@
+AUTH_LIBS = @AUTH_LIBS@
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
 
 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
 MODULES_LDFLAGS = @SLAPD_MODULES_LDFLAGS@
diff --git a/configure.in b/configure.in
index 130d6b3e8c..aba593f2ca 100644
--- a/configure.in
+++ b/configure.in
@@ -481,6 +481,7 @@ SASL_LIBS=
 TERMCAP_LIBS=
 TLS_LIBS=
 MODULES_LIBS=
+AUTH_LIBS=
 
 dnl ================================================================
 dnl Checks for programs
@@ -633,6 +634,13 @@ if test "${ol_cv_mkdep}" = no ; then
 	AC_MSG_WARN([do not know how to generate dependencies])
 fi
 
+dnl ----------------------------------------------------------------
+dnl Check for AIX security library
+AC_CHECK_LIB(s, afopen, [
+	AUTH_LIBS=-ls
+	AC_DEFINE(HAVE_AIX_SECURITY,1,[define if you have AIX security lib])
+])
+
 dnl ----------------------------------------------------------------
 dnl Check for module support
 ol_link_modules=no
@@ -2457,6 +2465,7 @@ AC_SUBST(SASL_LIBS)
 AC_SUBST(TERMCAP_LIBS)
 AC_SUBST(TLS_LIBS)
 AC_SUBST(MODULES_LIBS)
+AC_SUBST(AUTH_LIBS)
 
 AC_SUBST(SLAPD_SQL_LDFLAGS)
 AC_SUBST(SLAPD_SQL_LIBS)
diff --git a/include/portable.h.in b/include/portable.h.in
index 0e5447f1ea..21319188ce 100644
--- a/include/portable.h.in
+++ b/include/portable.h.in
@@ -598,6 +598,9 @@
 /* defined to be the EXE extension */
 #undef EXEEXT
 
+/* define if you have AIX security lib */
+#undef HAVE_AIX_SECURITY
+
 /* define if you have libtool -ltdl */
 #undef HAVE_LIBLTDL
 
diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index cd4e42666d..ce910e5d87 100644
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -42,6 +42,9 @@
 #ifdef HAVE_PWD_H
 #	include <pwd.h>
 #endif
+#ifdef HAVE_AIX_SECURITY
+#	include <userpw.h>
+#endif
 
 #include <lber.h>
 
@@ -162,8 +165,8 @@ static const struct pw_scheme pw_schemes[] =
 
 #ifdef SLAPD_CRYPT
 	{ {sizeof("{CRYPT}")-1, "{CRYPT}"},	chk_crypt, hash_crypt },
-# if defined( HAVE_GETSPNAM ) \
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+#endif
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
 	{ {sizeof("{UNIX}")-1, "{UNIX}"},	chk_unix, NULL },
 # endif
 #endif
@@ -833,8 +836,7 @@ static int chk_crypt(
 	return strcmp( passwd->bv_val, cr ) ? 1 : 0;
 }
 
-# if defined( HAVE_GETSPNAM ) \
-  || ( defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD ) )
+# if defined( HAVE_GETPWNAM ) && defined( HAVE_PW_PASSWD )
 static int chk_unix(
 	const struct pw_scheme *sc,
 	const struct berval * passwd,
@@ -862,26 +864,31 @@ static int chk_unix(
 		return -1;	/* passwd must behave like a string */
 	}
 
-#  ifdef HAVE_GETSPNAM
 	{
-		struct spwd *spwd = getspnam(passwd->bv_val);
+		struct passwd *pwd = getpwnam(passwd->bv_val);
 
-		if(spwd == NULL) {
+		if(pwd == NULL) {
 			return -1;	/* not found */
 		}
 
-		pw = spwd->sp_pwdp;
+		pw = pwd->pw_passwd;
 	}
-
-#  else
+#  ifdef HAVE_GETSPNAM
 	{
-		struct passwd *pwd = getpwnam(passwd->bv_val);
+		struct spwd *spwd = getspnam(passwd->bv_val);
 
-		if(pwd == NULL) {
-			return -1;	/* not found */
+		if(spwd != NULL) {
+			pw = spwd->sp_pwdp;
 		}
+	}
+#  endif
+#  ifdef HAVE_AIX_SECURITY
+	{
+		struct userpw *upw = getuserpw(passwd->bv_val);
 
-		pw = pwd->pw_passwd;
+		if (upw != NULL) {
+			pw = upw->upw_passwd;
+		}
 	}
 #  endif
 
-- 
2.39.5