[OpenAFS-devel] rxk5 branch is ready; please test

Douglas E. Engert deengert@anl.gov
Fri, 14 Dec 2007 10:42:20 -0600 

Jim Rees wrote:
> For the past year or more, Matt Benjamin and Marcus Watts have been working
> hard on developing rxk5, a new security mechanism for OpenAFS.  It uses
> kerberos 5 tickets and encryption algorithms straight, and includes support
> for all standard kerberos 5 encryption types including AES256.
> 
> The code is currently on a branch tagged rxk5-devel-1_5_x.  Our plan is to
> merge it to the openafs-devel-1_5_x branch, from which it will eventually
> make its way into an official OpenAFS release at some time in the future.
> 
> Please test this code.  Even if you don't plan to use any of the rxk5
> features, please build it and report back here.

Trying to build with the Solaris 10 version of Kerberos. This is attractive,
as it is a vendor version, and Sun has recently released the krb5.h.

Problem #1:

The Solaris 10 /usr/include/kerberos5/krb5.h has:
> 
>    483  #ifndef _KERNEL
>    484  #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
>    485  #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
>    486  #else
>    487  #define krb5_x(ptr,args) ((*(ptr)) args)
>    488  #define krb5_xc(ptr,args) ((*(ptr)) args)
>    489  #endif
> 
>   1276  #define krb5_cc_get_principal(context, cache, principal) 
           krb5_x((cache)-ops->get_princ,(context, cache, principal))

It looks like the intent is to abort if a function pointer is NULL.

AFS util/assert.h has:
  #define assert(ex) do{if (!(ex)) AssertionFailed(__FILE__, __LINE__);}while(0)

Some how the pre processor is converting the abort to the assert and producing
code in ptuser.c around line 257 like: (wrapped in e-mail to make more readable)

  what = "krb5_cc_get_principal";
  code =  ( ( ( cc ) -> ops -> get_princ ) ? ( ( * ( ( cc ) -> ops -> get_princ ) )
      ( k5context , cc , & in_creds -> client ) ) : ( do { if ( ! ( 0 ))
       AssertionFailed ( "/afs/anl.gov/appl/OpenAFS-dev3/build/1.5.x-rxk5/@sys/src/ptserver/ptuser.c"
        , 258 ) ; } while ( 0 ) , 1 ) );
   if(code) goto Failed;

The compiler Sun compiler (/opt/SUNWspro/bin/cc -V ,cc: Sun C 5.8 Patch 121015-05 2007/08/01)
does not like the do:

"/afs/anl.gov/appl/OpenAFS-dev3/build/1.5.x-rxk5/@sys/src/ptserver/ptuser.c", line 257: syntax error before or at: do
"/afs/anl.gov/appl/OpenAFS-dev3/build/1.5.x-rxk5/@sys/src/ptserver/ptuser.c", line 257: syntax error before or at: ,



The problem first appears the JUAFS compiles of ptserver/ptuser.c
and  auth/rxk5_utilafs.c

A hack was applied to get the compile to proceed.

Problem #2:

Solaris does not have add_error_table or remove_error_table.
libafsrpc.so.1.1 references these, found when trying to link
the linktest in shlibafsrpc





> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444