[OpenAFS] Re: OpenAFS + Kerb5

Jeff Blaine jblaine@mitre.org
Tue, 21 Feb 2006 15:27:03 -0500 

I will look at the patch, but it was with MIT Kerberos 5
version 1.4.3

--with-krb5-conf=/export/home/src/krb5-1.4.3/src/krb5-config

Douglas E. Engert wrote:
> This sounds like you are using the SEAM Kerberos support. I sent a bug
> report on 1/27/2006 for 1.4.1-rc5 regarding using aklog with SEAM on
> Solaris 10 which had some of the same problems.
> 
> The attached patch might help.
> 
> Jeff Blaine wrote:
> 
>> Okay.  Still treading water far from shore after
>> downloading and installing Sun Studio 11 (/opt/SUNWspro/bin/cc)
>>
>> :(
>>
>> Solaris 9 SPARC.
>>
>> ...
>> make[3]: Entering directory 
>> `/export/home/src/openafs-1.4.1-rc7/src/aklog'
>> /opt/SUNWspro/bin/cc  -O -I/export/home/krb5/include -DALLOW_REGISTER
>> -I/export/home/src/openafs-1.4.1-rc7/src/config -I. -I.
>> -I/export/home/src/openafs-1.4.1-rc7/include
>> -I/export/home/src/openafs-1.4.1-rc7/include/afs
>> -I/export/home/src/openafs-1.4.1-rc7/include/rx
>> -I/export/home/src/openafs-1.4.1-rc7
>> -I/export/home/src/openafs-1.4.1-rc7/src
>> -I/export/home/src/openafs-1.4.1-rc7/src -dy -Bdynamic -c aklog.c
>> "aklog.h", line 57: syntax error before or at: u_int32_t
>> "aklog.h", line 67: incomplete struct/union/enum ktext: ticket_st
>> "aklog.h", line 71: warning: unnamed struct member
>> "aklog.h", line 73: syntax error before or at: typedef
>> "aklog.c", line 19: member cannot be function: main
>> "aklog.c", line 19: warning: syntax requires ";" after last struct/union
>> member
>> "aklog.c", line 19: syntax error before or at: {
>> cc: acomp failed for aklog.c
>>
>>
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>>
> 
> 
> ------------------------------------------------------------------------
> 
> --- ./,aklog.h	Mon Jul 11 14:07:00 2005
> +++ ./aklog.h	Fri Jan 27 08:32:13 2006
> @@ -51,6 +51,10 @@
>  #define INST_SZ 40
>  #endif /* INST_SZ */
>  
> +#ifndef u_int32_t
> +#define u_int32_t uint32_t
> +#endif
> +
>  struct ktext {
>      unsigned int length;
>      unsigned char dat[MAX_KTXT_LEN];
> --- ./,aklog_main.c	Mon Jul 18 21:51:53 2005
> +++ ./aklog_main.c	Fri Jan 27 13:39:17 2006
> @@ -201,7 +201,7 @@
>  #if !defined(HAVE_KRB5_524_CONVERT_CREDS) && defined(HAVE_KRB524_CONVERT_CREDS_KDC)
>  #define krb5_524_convert_creds krb524_convert_creds_kdc
>  #elif !defined(HAVE_KRB5_524_CONVERT_CREDS) && !defined(HAVE_KRB524_CONVERT_CREDS_KDC)
> -#error "You must have one of krb5_524_convert_creds or krb524_convert_creds_kdc available"
> +#define HAVE_NO_KRB5_524
>  #endif
>  
>  #endif /* WINDOWS */
> @@ -631,6 +631,7 @@
>  		   get_cred_keylen(v5cred));
>  	    atoken.ticketLen = v5cred->ticket.length;
>  	    memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
> +#ifndef HAVE_NO_KRB5_524
>  	} else {
>      	    CREDENTIALS cred;
>  
> @@ -665,6 +666,7 @@
>  	    memcpy(&atoken.sessionKey, cred.session, 8);
>  	    atoken.ticketLen = cred.ticket_st.length;
>  	    memcpy(atoken.ticket, cred.ticket_st.dat, atoken.ticketLen);
> +#endif /* HAVE_NO_KRB5_524 */
>  	}
>  	
>  	if (!force &&
> @@ -1187,7 +1189,11 @@
>  	    "[-d] [[-cell | -c] cell [-k krb_realm]] ",
>  	    "[[-p | -path] pathname]\n",
>  	    "    [-zsubs] [-hosts] [-noauth] [-noprdb] [-force] [-setpag] \n"
> -	    "    [-linked] [-524]\n");
> +	    "    [-linked]"
> +#ifndef HAVE_NO_KRB5_524
> +		" [-524]"
> +#endif
> +		"\n");
>      fprintf(stderr, "    -d gives debugging information.\n");
>      fprintf(stderr, "    krb_realm is the kerberos realm of a cell.\n");
>      fprintf(stderr, "    pathname is the name of a directory to which ");
> @@ -1199,7 +1205,9 @@
>      fprintf(stderr, "    -force means replace identical tickets. \n");
>      fprintf(stderr, "    -linked means if AFS node is linked, try both. \n");
>      fprintf(stderr, "    -setpag set the AFS process authentication group.\n");
> +#ifndef HAVE_NO_KRB5_524
>      fprintf(stderr, "    -524 means use the 524 converter instead of V5 directly\n");
> +#endif
>      fprintf(stderr, "    No commandline arguments means ");
>      fprintf(stderr, "authenticate to the local cell.\n");
>      fprintf(stderr, "\n");
> @@ -1272,8 +1280,10 @@
>  		linked++;
>  	else if (strcmp(argv[i], "-force") == 0)
>  	    force++;
> +#ifndef HAVE_NO_KRB5_524
>  	else if (strcmp(argv[i], "-524") == 0)
>  	    do524++;
> +#endif
>      else if (strcmp(argv[i], "-setpag") == 0)
>  	    afssetpag++;
>  	else if (((strcmp(argv[i], "-cell") == 0) ||
> @@ -1526,14 +1536,13 @@
>  #include <afs/error_table.h>
>  #undef error_table
>  
> -#ifndef HAVE_ADD_ERROR_TABLE
> -void add_error_table (const struct error_table *);
> -#endif /* !HAVE_ADD_ERROR_TABLE */
> -
>  void
>  add_to_error_table(struct et_list *new_table)
>  {
> +/*if we don't have it, we can't call it */
> +#ifdef HAVE_ADD_ERROR_TABLE
>  	add_error_table((struct error_table *) new_table->table);
> +#endif
>  }
>  #endif /* HAVE_ADD_TO_ERROR_TABLE */
>