[OpenAFS] Solaris 10 11/06 afs 1.4.2 pam module panic.

Dale Ghent daleg@umbc.edu
Tue, 19 Dec 2006 21:11:44 -0500

On Dec 19, 2006, at 9:04 AM, Dale Ghent wrote:

> With Solaris 10 11/06 (aka update 3), Solaris Trusted Extensions  
> were introduced, and this added a new member (cr_label) to the  
> cred_t struct.
> I'm guessing that we're stomping around inside cred_t when storing  
> the PAG there (right?) and the new member is throwing everything off.

Okay, I looked into this more and a kind soul at Sun pointed me to  
the new (as of Solaris 10) ddi_cred(9F) man page.

This page details public (yet "evolving") interfaces to the otherwise  
private cred_t struct. These interfaces seem to have been implemented  
for the NFSv4 functionality in Solaris 10.

So, instead of molesting a cred_t directly, we should instead be  
using these new calls when compiling on AFS_SUN510_ENV. I made and  
tested a patch to do just that.

I tested this patch on a Solaris 10 SPARC box with kernel patch  
118833-33, the rev delivered with Solaris 10 11/06. I also tested  
this patch by compiling it on a pre-11/06 box with kernel patch  
118833-17, and then used that kernel module there and on the 11/06  
box.  The changes I made passed those tests, the latter one being the  
important one. I also ran the changes through 'cc -E' to make sure I  
wasn't missing anything.

Please download a tarball of unified diffs (against the 1.4.2 code  
base) from the following URL, apply, compile, and test. Like I said I  
have the patches working here on two Solaris 10 boxes, one with a rev  
17 kernel patch and the other with rev 33. I just want to make sure  
I'm not doing something wrong. Speak up if you have any cstyle nits.


Put it in the base of your openafs 1.4.2 source tree and apply with  
'patch -p0 ...'


Dale Ghent
UNIX Systems Specialist
UMBC - Office of Information Technology
ECS 201 - x51705