sized types and more krb lib lossage...

Mon Mar 2 21:51:43 CET 1998

| For the athena.mit.edu-case it would be `afs at ATHENA.MIT.EDU' which is
| correct, but for the sipb.mit.edu-case it would try with
| `afs at SIPB.MIT.EDU' which is wrong?

Err, sort-of. afs.athena.mit.edu at ATHENA.MIT.EDU and
afs.sipb.mit.edu at ATHENA.MIT.EDU are correct...

Actually, some more information. I wasn't quite as careful
as I should have been -- for the non- athena cell case, there's
a soft failure, but things keep going:

error getting ticket for SIPB.MIT.EDU
Getting root...
arla loop started
arla> cred-stat
1(100) credentials
cred = 0, type = 0, securityindex = 0
cell = 0, refcount = 1, killme = 0

arla> 

and things worked w/o authentication. Interestingly:

Breakpoint 1, main (argc=2, argv=0xeffff644)
    at /afs/sipb/project/arla/src/arla/arlad/arla.c:450
450                 char *realm = strdup(cell_getthiscell ());
(gdb) next
452                 strupr(realm);
(gdb) next
454                 if (get_cred("afs","",realm, &krbdata.c)p) {
(gdb) print realm
$1 = 0x1dfea8 "SIPB.MIT.EDU"
(gdb) call strcpy(realm,"ATHENA.MIT.EDU")
$2 = 1965736
(gdb) c
Continuing.
Getting root...
arla loop started
arla> cred-stat
2(100) credentials
cred = 0, type = 0, securityindex = 0
cell = 0, refcount = 1, killme = 0

cred = 10786, type = 1, securityindex = 2
cell = 90, refcount = 0, killme = 0

| And why is it getting wrong key version against athena.mit.edu?

Is that a key *version* issue?  I'm a bit puzzled where the

volcache: VL_GetEntryByName(root.afs) failed: 19270408

is coming from, though, since RXKADUNKNOWNKEY only seems to be
returned by decode_krb4_ticket(), which gets called via a function
pointer that gets initialized in rxkad_NewServerSecurityObject, which
doesn't seem to get called anywhere and doesn't seem to be in the
final binary.

Ergo, RXKADUNKNOWNKEY is getting set somewhere else,
but I don't know where.

So, this seems to fix things, but obviously isn't right:

Index: arla.c
===================================================================
RCS file: /afs/sipb/project/arla/repository/arla/arlad/arla.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 arla.c
***************
*** 447,457 ****
      if (strcmp (argv[1], "-t") == 0) {
  #ifdef KERBEROS
  	{
  	    char *realm = strdup(cell_getthiscell ());

  	    strupr(realm);

! 	    if (get_cred("afs","",realm, &krbdata.c)) {
  		ARLADEB(ADEBINIT, ("error getting ticket for %s\n",
  				   realm));
  	    } else if (cred_add_krb4(getuid(), &krbdata.c) == NULL) {
--- 447,458 ----
      if (strcmp (argv[1], "-t") == 0) {
  #ifdef KERBEROS
  	{
+ 	    char *instance = strdup(cell_getthiscell ());
  	    char *realm = strdup(cell_getthiscell ());

  	    strupr(realm);

! 	    if (get_cred("afs", instance, realm, &krbdata.c)) {
  		ARLADEB(ADEBINIT, ("error getting ticket for %s\n",
  				   realm));
  	    } else if (cred_add_krb4(getuid(), &krbdata.c) == NULL) {

Later I'll poke around in aklog and try and see what the
real fix should be.

Getting root...
arla loop started
arla> cred-stat
1(100) credentials
cred = 10786, type = 1, securityindex = 2
cell = 0, refcount = 1, killme = 0

Also, following symlinks doesn't seem to work:

arla> cd athena
read_data
read_data
arla> ls
adir_readdir failed: 20

[portnoy!jhawk] /afs> ls -ld athena
lrwxr-xr-x   1 80176    root          14 Feb 17  1993 athena -> athena.mit.edu

--jhawk