| Subject: | Build issues --with-kdc-kdb-update HPUX 11.23 and Linux x86_64 |
| CC: | mike.coyne@paccar.com |
please note this may be a repost as i have been bounced from the mail
server when using the krb5-send-pr
System: HP-UX pbccfd01 B.11.23 U ia64 0508688805 unlimited-user license
the 1.4.4 version of the kdc we have in production should be updated
due to recent problems with kadmin. We use
the kdc-kdb-update feature to track last usage based on authication.
The feature is missing or has old referances
to krb5_db_init and krb5_db_set_name . I am trying a patch based on a
posting in the kerberos mailing list. It
was pointed out the lack of locking in the update function was non
ideal, although not worse than the 1.4.x version
we are using currently . One thing not covered in the posting was the
issue of what to do with the dbargs argument to the
int the krb5_db_open call. I set the value to NULL based on some other
calls to the function . But i could not
locact the documentaion for the api.. So this is a guess/hack.
Also there are issues with the hpux version compiling the db2 module .
To creat the module you have to change to
the src/plugins/kdb/db2 directory and create the plugin by a "make
db2.sl" although the library is actualy a db2.so
for the hpux64 version , Also to make a usable plugin the Makefile in
that directory was modified to add -lnsl and -lc
to fix unresolved referances so the db2 module would load. I created a
hard link in the modules directory bewteen db2.sl db2.so and db2
just to cover the bases on the dlopen.
SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto
$(KDB5_DB_LIB) $(SUPPORT_LIB) $(LIBS) -lnsl -lc
There was a series of problems in the src/plugins/kdb/db2/libdb2
directory revolving arround
....
making all in plugins/kdb/db2/libdb2/hash...
gmake[3]: Entering directory
`/home/mcoyne/krb5/humm/krb5-1.6.2_ab/src/plugins/kdb/db2/libdb2/hash'
cc -Ae +DD64 +z -DSHARED -DHAVE_CONFIG_H -I../../../../../include
-I./../../../../../include -I. -I./../include -I../include -I./../mpool
-I./../db -DKRB5_DEPRECATED=1 -DKRB5_PRIVATE=1 -g -D_REENTRANT
-D_THREAD_SAFE -D_POSIX_C_SOURCE=199506L -c hash_log2.c -o
hash_log2.so.o && mv -f hash_log2.so.o hash_log2.so
"/usr/include/sys/_inttypes.h", line 111: error #2084: invalid
combination of
type specifiers
typedef int int32_t; /* 32-bit signed integer */
^
... putting <sys/types.h> ahead of or in db-int.h header ,
fixed this, note other files needed the fix as well in this
directory...
./configure --with-kdc-kdb-update --prefix=/opt/krb5-1.6.2p/hpux64
CC="cc -Ae +DD64"
"diff of pulugins libdb2/include "
diff -c include/db-int.h
/home/mcoyne/krb5/krb5-1.6.2_ab/src/plugins/kdb/db2/libdb2/include/db-int.h
*** include/db-int.h Sun May 23 12:20:09 2004
---
/home/mcoyne/krb5/krb5-1.6.2_ab/src/plugins/kdb/db2/libdb2/include/db-int.h
Fri Sep 7 13:20:44 2007
***************
*** 35,41 ****
#ifndef _DB_INT_H_
#define _DB_INT_H_
!
#include "config.h"
#include "db.h"
--- 35,41 ----
#ifndef _DB_INT_H_
#define _DB_INT_H_
! #include <sys/types.h>
#include "config.h"
#include "db.h"
Suggested patch based on posting to correct --kdb-kdc-update .
*** krb5-1.6.2_ab/src/kdc/do_as_req.c 2007-09-06 13:01:10.000000000 -0500
--- krb5-1.6.2/src/kdc/do_as_req.c 2006-11-14 16:47:21.000000000 -0600
***************
*** 475,521 ****
if (sname)
free(sname);
if (c_nprincs) {
- /*
#ifdef KRBCONF_KDC_MODIFIES_KDB
if (update_client) {
krb5_db_put_principal(kdc_context, &client, &c_nprincs);
- */
/*
* ptooey. We want krb5_db_sync() or something like that.
*/
! /* krb5_db_fini(kdc_context);
if (kdc_active_realm->realm_dbname)
krb5_db_set_name(kdc_active_realm->realm_context,
kdc_active_realm->realm_dbname);
krb5_db_init(kdc_context);
! */ /* Reset master key */
! /* krb5_db_set_mkey(kdc_context,
&kdc_active_realm->realm_mkey);
}
! #endif
! */
! /* KRBCONF_KDC_MODIFIES_KDB */
!
! #ifdef KRBCONF_KDC_MODIFIES_KDB
! if (update_client) {
! krb5_db_put_principal(kdc_context, &client, &c_nprincs);
! /*
! ** ptooey. We want krb5_db_sync() or something like that.
! **/
! krb5_db_fini(kdc_context);
! if (kdc_active_realm->realm_dbname)
! if ((errcode =
krb5_set_default_realm(kdc_active_realm->realm_context,
kdc_active_realm->realm_dbname))) {
! return errcode;
! }
! /* if((errcode =
krb5_db_open(kdc_active_realm->realm_context, kdc_active_realm->db_args,
KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC)))
! */
! if((errcode =
krb5_db_open(kdc_active_realm->realm_context, NULL , KRB5_KDB_OPEN_RW |
KRB5_KDB_SRV_TYPE_KDC)))
! return errcode;
! /* Reset master key */
! krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);
! }
! #endif /* KRBCONF_KDC_MODIFIES_KDB */
!
!
krb5_db_free_principal(kdc_context, &client, c_nprincs);
}
if (s_nprincs)
--- 475,495 ----
if (sname)
free(sname);
if (c_nprincs) {
#ifdef KRBCONF_KDC_MODIFIES_KDB
if (update_client) {
krb5_db_put_principal(kdc_context, &client, &c_nprincs);
/*
* ptooey. We want krb5_db_sync() or something like that.
*/
! krb5_db_fini(kdc_context);
if (kdc_active_realm->realm_dbname)
krb5_db_set_name(kdc_active_realm->realm_context,
kdc_active_realm->realm_dbname);
krb5_db_init(kdc_context);
! /* Reset master key */
! krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);
}
! #endif /* KRBCONF_KDC_MODIFIES_KDB */
krb5_db_free_principal(kdc_context, &client, c_nprincs);
}
if (s_nprincs)
server when using the krb5-send-pr
Show quoted text
>Submitter-Id: net
>Originator: mike coyne
>Organization:
>Originator: mike coyne
>Organization:
Show quoted text
>Confidential: no
>Synopsis: Build issues --with-kdc-kdb-update HPUX 11.23
>Severity: serious
>Priority: medium
>Category: krb5-build
>Class: sw-bug
>Release: 1.6.2
>Environment:
>Synopsis: Build issues --with-kdc-kdb-update HPUX 11.23
>Severity: serious
>Priority: medium
>Category: krb5-build
>Class: sw-bug
>Release: 1.6.2
>Environment:
System: HP-UX pbccfd01 B.11.23 U ia64 0508688805 unlimited-user license
Show quoted text
>Description:
The default system dose not compile with kdc-kdb-update optionthe 1.4.4 version of the kdc we have in production should be updated
due to recent problems with kadmin. We use
the kdc-kdb-update feature to track last usage based on authication.
The feature is missing or has old referances
to krb5_db_init and krb5_db_set_name . I am trying a patch based on a
posting in the kerberos mailing list. It
was pointed out the lack of locking in the update function was non
ideal, although not worse than the 1.4.x version
we are using currently . One thing not covered in the posting was the
issue of what to do with the dbargs argument to the
int the krb5_db_open call. I set the value to NULL based on some other
calls to the function . But i could not
locact the documentaion for the api.. So this is a guess/hack.
Also there are issues with the hpux version compiling the db2 module .
To creat the module you have to change to
the src/plugins/kdb/db2 directory and create the plugin by a "make
db2.sl" although the library is actualy a db2.so
for the hpux64 version , Also to make a usable plugin the Makefile in
that directory was modified to add -lnsl and -lc
to fix unresolved referances so the db2 module would load. I created a
hard link in the modules directory bewteen db2.sl db2.so and db2
just to cover the bases on the dlopen.
SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 -lcom_err -lk5crypto
$(KDB5_DB_LIB) $(SUPPORT_LIB) $(LIBS) -lnsl -lc
There was a series of problems in the src/plugins/kdb/db2/libdb2
directory revolving arround
....
making all in plugins/kdb/db2/libdb2/hash...
gmake[3]: Entering directory
`/home/mcoyne/krb5/humm/krb5-1.6.2_ab/src/plugins/kdb/db2/libdb2/hash'
cc -Ae +DD64 +z -DSHARED -DHAVE_CONFIG_H -I../../../../../include
-I./../../../../../include -I. -I./../include -I../include -I./../mpool
-I./../db -DKRB5_DEPRECATED=1 -DKRB5_PRIVATE=1 -g -D_REENTRANT
-D_THREAD_SAFE -D_POSIX_C_SOURCE=199506L -c hash_log2.c -o
hash_log2.so.o && mv -f hash_log2.so.o hash_log2.so
"/usr/include/sys/_inttypes.h", line 111: error #2084: invalid
combination of
type specifiers
typedef int int32_t; /* 32-bit signed integer */
^
... putting <sys/types.h> ahead of or in db-int.h header ,
fixed this, note other files needed the fix as well in this
directory...
Show quoted text
>How-To-Repeat:
./configure --with-kdc-kdb-update --prefix=/opt/krb5-1.6.2p/hpux64
CC="cc -Ae +DD64"
Show quoted text
>Fix:
"diff of pulugins libdb2/include "
diff -c include/db-int.h
/home/mcoyne/krb5/krb5-1.6.2_ab/src/plugins/kdb/db2/libdb2/include/db-int.h
*** include/db-int.h Sun May 23 12:20:09 2004
---
/home/mcoyne/krb5/krb5-1.6.2_ab/src/plugins/kdb/db2/libdb2/include/db-int.h
Fri Sep 7 13:20:44 2007
***************
*** 35,41 ****
#ifndef _DB_INT_H_
#define _DB_INT_H_
!
#include "config.h"
#include "db.h"
--- 35,41 ----
#ifndef _DB_INT_H_
#define _DB_INT_H_
! #include <sys/types.h>
#include "config.h"
#include "db.h"
Suggested patch based on posting to correct --kdb-kdc-update .
*** krb5-1.6.2_ab/src/kdc/do_as_req.c 2007-09-06 13:01:10.000000000 -0500
--- krb5-1.6.2/src/kdc/do_as_req.c 2006-11-14 16:47:21.000000000 -0600
***************
*** 475,521 ****
if (sname)
free(sname);
if (c_nprincs) {
- /*
#ifdef KRBCONF_KDC_MODIFIES_KDB
if (update_client) {
krb5_db_put_principal(kdc_context, &client, &c_nprincs);
- */
/*
* ptooey. We want krb5_db_sync() or something like that.
*/
! /* krb5_db_fini(kdc_context);
if (kdc_active_realm->realm_dbname)
krb5_db_set_name(kdc_active_realm->realm_context,
kdc_active_realm->realm_dbname);
krb5_db_init(kdc_context);
! */ /* Reset master key */
! /* krb5_db_set_mkey(kdc_context,
&kdc_active_realm->realm_mkey);
}
! #endif
! */
! /* KRBCONF_KDC_MODIFIES_KDB */
!
! #ifdef KRBCONF_KDC_MODIFIES_KDB
! if (update_client) {
! krb5_db_put_principal(kdc_context, &client, &c_nprincs);
! /*
! ** ptooey. We want krb5_db_sync() or something like that.
! **/
! krb5_db_fini(kdc_context);
! if (kdc_active_realm->realm_dbname)
! if ((errcode =
krb5_set_default_realm(kdc_active_realm->realm_context,
kdc_active_realm->realm_dbname))) {
! return errcode;
! }
! /* if((errcode =
krb5_db_open(kdc_active_realm->realm_context, kdc_active_realm->db_args,
KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC)))
! */
! if((errcode =
krb5_db_open(kdc_active_realm->realm_context, NULL , KRB5_KDB_OPEN_RW |
KRB5_KDB_SRV_TYPE_KDC)))
! return errcode;
! /* Reset master key */
! krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);
! }
! #endif /* KRBCONF_KDC_MODIFIES_KDB */
!
!
krb5_db_free_principal(kdc_context, &client, c_nprincs);
}
if (s_nprincs)
--- 475,495 ----
if (sname)
free(sname);
if (c_nprincs) {
#ifdef KRBCONF_KDC_MODIFIES_KDB
if (update_client) {
krb5_db_put_principal(kdc_context, &client, &c_nprincs);
/*
* ptooey. We want krb5_db_sync() or something like that.
*/
! krb5_db_fini(kdc_context);
if (kdc_active_realm->realm_dbname)
krb5_db_set_name(kdc_active_realm->realm_context,
kdc_active_realm->realm_dbname);
krb5_db_init(kdc_context);
! /* Reset master key */
! krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);
}
! #endif /* KRBCONF_KDC_MODIFIES_KDB */
krb5_db_free_principal(kdc_context, &client, c_nprincs);
}
if (s_nprincs)