[OpenAFS] Building aklog without krb524

Douglas E. Engert deengert@anl.gov
Thu, 06 Apr 2006 13:35:45 -0500


This is a multi-part message in MIME format.
--------------030705030304000502050602
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



Ken Hornstein wrote:

>>As of OpenAFS 1.4.x, the openafs source code includes its own version of 
>>aklog, which does not require the 524 service (however, it can optionally 
>>make use of it with a command line flag).
> 
> 
> Ahem.  I believe you mean, "as of OpenAFS 1.3.x".

But even in 1.4.1-rc10 to build aklog, you still needed the krb524 library.

I sent in these changes to get around this I sentin these changes 0n 8/23
for 1.4.1-rc1 but nothing was ever done with them. (The changes were added
so aklog could be built on Solaris 10 using the Sun provided Kerberos which
does not have krb524.)

Thanks.


> 
> --Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

--------------030705030304000502050602
Content-Type: text/x-diff;
 name="aklog.1.4.1-rc10.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="aklog.1.4.1-rc10.patch"

--- ,aklog.h	Mon Jul 11 14:07:00 2005
+++ aklog.h	Tue Apr  4 16:40:26 2006
@@ -51,6 +51,10 @@
 #define INST_SZ 40
 #endif /* INST_SZ */
 
+#ifndef u_int32_t
+#define u_int32_t uint32_t
+#endif
+
 struct ktext {
     unsigned int length;
     unsigned char dat[MAX_KTXT_LEN];
--- ,aklog_main.c	Mon Jul 18 21:51:53 2005
+++ aklog_main.c	Tue Apr  4 16:42:27 2006
@@ -201,7 +201,7 @@
 #if !defined(HAVE_KRB5_524_CONVERT_CREDS) && defined(HAVE_KRB524_CONVERT_CREDS_KDC)
 #define krb5_524_convert_creds krb524_convert_creds_kdc
 #elif !defined(HAVE_KRB5_524_CONVERT_CREDS) && !defined(HAVE_KRB524_CONVERT_CREDS_KDC)
-#error "You must have one of krb5_524_convert_creds or krb524_convert_creds_kdc available"
+#define HAVE_NO_KRB5_524
 #endif
 
 #endif /* WINDOWS */
@@ -631,6 +631,7 @@
 		   get_cred_keylen(v5cred));
 	    atoken.ticketLen = v5cred->ticket.length;
 	    memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
+#ifndef HAVE_NO_KRB5_524
 	} else {
     	    CREDENTIALS cred;
 
@@ -665,6 +666,7 @@
 	    memcpy(&atoken.sessionKey, cred.session, 8);
 	    atoken.ticketLen = cred.ticket_st.length;
 	    memcpy(atoken.ticket, cred.ticket_st.dat, atoken.ticketLen);
+#endif /* HAVE_NO_KRB5_524 */
 	}
 	
 	if (!force &&
@@ -1187,7 +1189,11 @@
 	    "[-d] [[-cell | -c] cell [-k krb_realm]] ",
 	    "[[-p | -path] pathname]\n",
 	    "    [-zsubs] [-hosts] [-noauth] [-noprdb] [-force] [-setpag] \n"
-	    "    [-linked] [-524]\n");
+	    "    [-linked]"
+#ifndef HAVE_NO_KRB5_524
+		" [-524]"
+#endif
+		"\n");
     fprintf(stderr, "    -d gives debugging information.\n");
     fprintf(stderr, "    krb_realm is the kerberos realm of a cell.\n");
     fprintf(stderr, "    pathname is the name of a directory to which ");
@@ -1199,7 +1205,9 @@
     fprintf(stderr, "    -force means replace identical tickets. \n");
     fprintf(stderr, "    -linked means if AFS node is linked, try both. \n");
     fprintf(stderr, "    -setpag set the AFS process authentication group.\n");
+#ifndef HAVE_NO_KRB5_524
     fprintf(stderr, "    -524 means use the 524 converter instead of V5 directly\n");
+#endif
     fprintf(stderr, "    No commandline arguments means ");
     fprintf(stderr, "authenticate to the local cell.\n");
     fprintf(stderr, "\n");
@@ -1272,8 +1280,10 @@
 		linked++;
 	else if (strcmp(argv[i], "-force") == 0)
 	    force++;
+#ifndef HAVE_NO_KRB5_524
 	else if (strcmp(argv[i], "-524") == 0)
 	    do524++;
+#endif
     else if (strcmp(argv[i], "-setpag") == 0)
 	    afssetpag++;
 	else if (((strcmp(argv[i], "-cell") == 0) ||
@@ -1526,14 +1536,13 @@
 #include <afs/error_table.h>
 #undef error_table
 
-#ifndef HAVE_ADD_ERROR_TABLE
-void add_error_table (const struct error_table *);
-#endif /* !HAVE_ADD_ERROR_TABLE */
-
 void
 add_to_error_table(struct et_list *new_table)
 {
+/*if we don't have it, we can't call it */
+#ifdef HAVE_ADD_ERROR_TABLE
 	add_error_table((struct error_table *) new_table->table);
+#endif
 }
 #endif /* HAVE_ADD_TO_ERROR_TABLE */
 

--------------030705030304000502050602--