[Fwd: Arla 0.20 and linux 2.2-pre9, misc problems, probably n ot kernel specific]

Neulinger, Nathan R. nneul at umr.edu
Mon Jan 25 19:23:09 CET 1999


:) I meant that in the meantime, I can fix the specific problem I was having
by having ksu do a setpag() and run aklog again. I have enough local changes
to the kerberos source that another one isn't going to matter much.

Correcting the behavior of the system call is a more involved, though more
correct, fix. I will investigate that as well.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul at umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216 

> -----Original Message-----
> From: Derek Atkins [mailto:warlord at MIT.EDU]
> Sent: Monday, January 25, 1999 12:19 PM
> To: Neulinger, Nathan R.
> Cc: 'arla-drinkers at stacken.kth.se'
> Subject: Re: [Fwd: Arla 0.20 and linux 2.2-pre9, misc 
> problems, probably
> n ot kernel specific]
> 
> 
> I think you misunderstand -- it doesn't run 'setpag()' -- it runs an
> internal routine that sets the PAG in the grouplist from the actual
> PAG information...  Basically, it grabs the PAG, runs setgroups, and
> then resets the PAG.
> 
> -derek
> 
> "Neulinger, Nathan R." <nneul at umr.edu> writes:
> 
> > 
> > Thanks Derek. This at least points me in a direction that I 
> can look at. 
> > 
> > If nothing else, it's a relatively easy hack to have ksu 
> setpag() and aklog
> > after switching id's. 
> > 
> > -- Nathan
> > 
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nneul at umr.edu
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216 
> > 
> > > -----Original Message-----
> > > From: Derek Atkins [mailto:warlord at MIT.EDU]
> > > Sent: Monday, January 25, 1999 10:17 AM
> > > To: "Neulinger"@MIT.EDU
> > > Cc: Nathan R." <Nathan.R."; 'arla-drinkers at stacken.kth.se'
> > > Subject: Re: [Fwd: Arla 0.20 and linux 2.2-pre9, misc 
> > > problems, probably
> > > n ot kernel specific]
> > > 
> > > 
> > > Unfortunately I used Transarc's standard replacement for 
> initgroups,
> > > so no, I cannot release it.  Sorry.  Actually, its a 
> replacement for
> > > the setgroups system call, not initgroups...  Basically 
> it sets the
> > > groups and then checks to see if a setpag had already been done in
> > > which case it re-adds the Pag to the grouplist.
> > > 
> > > -derek
> > > 
> > > "Neulinger, Nathan R." <nneul at umr.edu> writes:
> > > 
> > > > 
> > > > > -----Original Message-----
> > > > > From: Derek Atkins [mailto:warlord at MIT.EDU]
> > > > > Sent: Monday, January 25, 1999 9:13 AM
> > > > > To: Nathan Neulinger
> > > > > Cc: kenh at cmf.nrl.navy.mil
> > > > > Subject: Re: [Fwd: Arla 0.20 and linux 2.2-pre9, misc 
> > > > > problems, probably
> > > > > not kernel specific]
> > > > > 
> > > > > 
> > > > > Linux-AFS replaces the 'initgroups' system call, does 
> > > Arla does the
> > > > > same?  I don't know how the Linux-2.2 version of AFS (which is
> > > > > Transarc 3.5) will behave.  I doubt it is a kernel change.
> > > > 
> > > > I figured it did something like that. 
> > > > 
> > > > I verified that a simple initgroups() test fails on 2.2 and 
> > > works on 2.0.35
> > > > (well, behaves the way I want anyway).
> > > > 
> > > > Is your replacement for initgroups() something you can 
> > > release, given that
> > > > it was not intrinsic to transarc's code? Arla already 
> > > preloads getcwd.so,
> > > > should be easy enough to add another one to do initgroups().
> > > > 
> > > > > Check Arla on 2.0.35 and see if it works there.
> > > > > 
> > > > > -derek
> > > > > 
> > > > > Nathan Neulinger <nneul at umr.edu> writes:
> > > > > 
> > > > > > 
> > > > > > This is a multi-part message in MIME format.
> > > > > > --------------9E78052BF545843A7AB710B7
> > > > > > Content-Type: text/plain; charset=us-ascii
> > > > > > Content-Transfer-Encoding: 7bit
> > > > > > 
> > > > > > Hey guys. 
> > > > > > 
> > > > > > I just sent this to the arla list. Got any suggestions on 
> > > > > how to clean
> > > > > > this up in krb5 (or elsewhere) in some way that is not 
> > > just a really
> > > > > > ugly hack?
> > > > > > 
> > > > > > This will no doubt affect use with transarc's 
> client as well.
> > > > > > 
> > > > > > How is this handled on other architectures? Or is 
> > > initgroups() just
> > > > > > broken everywhere?
> > > > > > 
> > > > > > -- Nathan
> > > > > > 
> > > > > > ------------------------------------------------------------
> > > > > > Nathan Neulinger                       EMail:  nneul at umr.edu
> > > > > > University of Missouri - Rolla         Phone: (573) 341-4841
> > > > > > Computing Services                       Fax: (573) 341-4216
> > > > > > --------------9E78052BF545843A7AB710B7
> > > > > > Content-Type: message/rfc822
> > > > > > Content-Transfer-Encoding: 7bit
> > > > > > Content-Disposition: inline
> > > > > > 
> > > > > > Received: from umr.edu (hermes.cc.umr.edu [131.151.1.68]) 
> > > > > by umr-mail01.cc.umr.edu with SMTP (Microsoft Exchange 
> > > > > Internet Mail Service Version 5.5.2232.9)
> > > > > > 	id DQ2R7SPM; Sun, 24 Jan 1999 15:23:56 -0600
> > > > > > Received: from sundance.stacken.kth.se 
> > > > > (sundance.stacken.kth.se [130.237.234.41]) via ESMTP by 
> > > > > hermes.cc.umr.edu (8.8.7/R.4.20) id PAA28277; Sun, 24 Jan 
> > > > > 1999 15:23:43 -0600 (CST)
> > > > > > Received: (from majordom at localhost)
> > > > > > 	by sundance.stacken.kth.se (8.8.8/8.8.8) id WAA12481
> > > > > > 	for arla-drinkers-list; Sun, 24 Jan 1999 
> > > 22:12:25 +0100 (MET)
> > > > > > Received: from umr.edu (hermes.cc.umr.edu [131.151.1.68])
> > > > > > 	by sundance.stacken.kth.se (8.8.8/8.8.8) with 
> > > ESMTP id WAA12477;
> > > > > > 	Sun, 24 Jan 1999 22:12:20 +0100 (MET)
> > > > > > Received: from umr-mail01.cc.umr.edu (umr-mail01.cc.umr.edu 
> > > > > [131.151.37.121]) via ESMTP by hermes.cc.umr.edu 
> > > > > (8.8.7/R.4.20) id PAA24905; Sun, 24 Jan 1999 15:12:18 
> -0600 (CST)
> > > > > > Received: by umr-mail01.cc.umr.edu with Internet Mail 
> > > > > Service (5.5.2232.9)
> > > > > > 	id <DQ2R7S3Q>; Sun, 24 Jan 1999 15:12:27 -0600
> > > > > > Message-ID: 
> > > > > 
> <9DA8D24B915BD1118911006094516EAF019C7E77 at umr-mail02.cc.umr.edu>
> > > > > > From: "Neulinger, Nathan R." <nneul at umr.edu>
> > > > > > To: "'Magnus Ahltorp'" <map at stacken.kth.se>
> > > > > > Cc: arla-drinkers at stacken.kth.se
> > > > > > Subject: RE: Arla 0.20 and linux 2.2-pre9, misc problems, 
> > > > > probably not ker
> > > > > > 	nel  	specific
> > > > > > Date: Sun, 24 Jan 1999 15:12:17 -0600
> > > > > > MIME-Version: 1.0
> > > > > > X-Mailer: Internet Mail Service (5.5.2232.9)
> > > > > > Content-Type: text/plain;
> > > > > > 	charset="ISO-8859-1"
> > > > > > Sender: owner-arla-drinkers at stacken.kth.se
> > > > > > Precedence: bulk
> > > > > > 
> > > > > > > -----Original Message-----
> > > > > > > From: Magnus Ahltorp [mailto:map at stacken.kth.se]
> > > > > > > Sent: Sunday, January 24, 1999 2:58 PM
> > > > > > > To: Neulinger, Nathan R.
> > > > > > > Cc: arla-drinkers at stacken.kth.se
> > > > > > > Subject: Re: Arla 0.20 and linux 2.2-pre9, misc problems, 
> > > > > probably not
> > > > > > > kernel specific
> > > > > > > 
> > > > > > > 
> > > > > > > > It seems to be working ok for me. 
> > > > > > > 
> > > > > > > Great.
> > > > > > > 
> > > > > > > > I do notice one problem. It appears that Arla 
> treats PAG's 
> > > > > > > differently than
> > > > > > > > transarc's AFS. If I do an su to root while 
> logged in, with 
> > > > > > > a token, I no
> > > > > > > > longer have the token, or the pag, in the su'd session:
> > > > > > > 
> > > > > > > That is because your su throws away the secondary groups:
> > > > > > > 
> > > > > > > > infinity(49)>id
> > > > > > > > uid=5879(nneul) gid=5000(afsuser) 
> > > > > groups=33536,32512,5000(afsuser)
> > > > > > > > infinity(50)>su - 
> > > > > > > > Password: 
> > > > > > > > [root at infinity /root]# id
> > > > > > > > uid=0(root) gid=0(root)
> > > > > > > > 
> > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > > > > > > 
> > > > > > > Here, the 33536,32512 has been thrown away, and 
> > > therefore you are
> > > > > > > assumed to be in the default PAG.
> > > > > > 
> > > > > > Right, but it didn't do that before. It's possible that it 
> > > > > is a change in
> > > > > > the kernel from
> > > > > > 2.0.35 to 2.2.
> > > > > > 
> > > > > > I have another machine running 2.0.35 with transarc's code, 
> > > > > and the same
> > > > > > su/ksu. Both perform correctly on that machine. 
> > > > > > 
> > > > > > > 
> > > > > > > > Yes, I am using a mixture of transarc 
> excutables and AFS, 
> > > > > > > but only to
> > > > > > > > demonstrate the problem. Might be good if arla 
> included a 
> > > > > > > tokens executable.
> > > > > > > > Probably is easy enough to write, in fact, I 
> believe I have 
> > > > > > > the code lying
> > > > > > > > around somewhere to do it.
> > > > > > > 
> > > > > > > If you use the kth-krb kerberos distribution, your klist 
> > > > > is able to do
> > > > > > > this (klist -T).
> > > > > > 
> > > > > > Nope, running krb5 with hornstein's patches.
> > > > > > 
> > > > > > -- Nathan
> > > > > > 
> > > > > > --------------9E78052BF545843A7AB710B7--
> > > > > > 
> > > > > 
> > > > > -- 
> > > > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media 
> Laboratory
> > > > >        Member, MIT Student Information Processing 
> Board  (SIPB)
> > > > >        URL: http://web.mit.edu/warlord/      PP-ASEL  
>     N1NWH
> > > > >        warlord at MIT.EDU                        PGP key 
> available
> > > > > 
> > > 
> > > -- 
> > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > >        Member, MIT Student Information Processing Board  (SIPB)
> > >        URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
> > >        warlord at MIT.EDU                        PGP key available
> > > 
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
>        warlord at MIT.EDU                        PGP key available
> 





More information about the Arla-drinkers mailing list