[Date Prev][Date Next]
Support for getpeereid() on AIX 5.2 (ITS#3271)
Full_Name: Luke Howard
OS: AIX 5.2
Submission from: (NULL) (220.127.116.11)
OpenLDAP does not support SASL EXTERNAL authentication with ldapi:// on AIX,
because AIX does not support getpeereid() or SO_PEERCRED/LOCAL_PEERCRED, nor
does it (unless compiled with BSD compatability flags) have the msg_accrights
field in struct msghdr.
This patch adds support for using the msg_control field in struct msghdr instead
of msg_accrights. In implementing this I ran into another problem which I
suspect is a bug in AIX.
In the current implementation of ldapi://, the client sends a dummy Abandon PDU
along with the file descriptor denoting the client's UNIX credentials.
getpeereid() calls recvmsg() with MSG_PEEK, so the PDU is passed to slapd (and
ignored). This doesn't work on AIX - the file descriptor returned in msg_control
is bogus unless MSG_PEEK is omitted. So we need to actually receive the data. I
have kept the client sending the Abandon PDU so that hopefully we don't need to
change the client protocol when this bug is fixed. Probably we should check that
this is a real AIX bug (Kurt?) and then test for it so that we have better
behaviour on other platforms that support msg_control.
Note that the patch does not include a regenerated configure script, although a
patch to configure.in is included.