[OpenAFS-devel] Re: [OpenAFS] Solaris 10 11/06 afs 1.4.2 pam module panic.

Dale Ghent daleg@umbc.edu
Tue, 19 Dec 2006 21:11:44 -0500


On Dec 19, 2006, at 9:04 AM, Dale Ghent wrote:

> With Solaris 10 11/06 (aka update 3), Solaris Trusted Extensions  
> were introduced, and this added a new member (cr_label) to the  
> cred_t struct.
>
> I'm guessing that we're stomping around inside cred_t when storing  
> the PAG there (right?) and the new member is throwing everything off.

Okay, I looked into this more and a kind soul at Sun pointed me to  
the new (as of Solaris 10) ddi_cred(9F) man page.

This page details public (yet "evolving") interfaces to the otherwise  
private cred_t struct. These interfaces seem to have been implemented  
for the NFSv4 functionality in Solaris 10.

So, instead of molesting a cred_t directly, we should instead be  
using these new calls when compiling on AFS_SUN510_ENV. I made and  
tested a patch to do just that.

I tested this patch on a Solaris 10 SPARC box with kernel patch  
118833-33, the rev delivered with Solaris 10 11/06. I also tested  
this patch by compiling it on a pre-11/06 box with kernel patch  
118833-17, and then used that kernel module there and on the 11/06  
box.  The changes I made passed those tests, the latter one being the  
important one. I also ran the changes through 'cc -E' to make sure I  
wasn't missing anything.

Please download a tarball of unified diffs (against the 1.4.2 code  
base) from the following URL, apply, compile, and test. Like I said I  
have the patches working here on two Solaris 10 boxes, one with a rev  
17 kernel patch and the other with rev 33. I just want to make sure  
I'm not doing something wrong. Speak up if you have any cstyle nits.

     http://elektronkind.org/osol/openafs-solaris-tx-compat.patch

Put it in the base of your openafs 1.4.2 source tree and apply with  
'patch -p0 ...'

/dale

--
Dale Ghent
UNIX Systems Specialist
UMBC - Office of Information Technology
ECS 201 - x51705