[Fwd: Arla 0.20 and linux 2.2-pre9, misc problems, probably n ot kernel specific]
Neulinger, Nathan R.
nneul at umr.edu
Mon Jan 25 19:23:09 CET 1999
:) I meant that in the meantime, I can fix the specific problem I was having
by having ksu do a setpag() and run aklog again. I have enough local changes
to the kerberos source that another one isn't going to matter much.
Correcting the behavior of the system call is a more involved, though more
correct, fix. I will investigate that as well.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Derek Atkins [mailto:warlord at MIT.EDU]
> Sent: Monday, January 25, 1999 12:19 PM
> To: Neulinger, Nathan R.
> Cc: 'arla-drinkers at stacken.kth.se'
> Subject: Re: [Fwd: Arla 0.20 and linux 2.2-pre9, misc
> problems, probably
> n ot kernel specific]
>
>
> I think you misunderstand -- it doesn't run 'setpag()' -- it runs an
> internal routine that sets the PAG in the grouplist from the actual
> PAG information... Basically, it grabs the PAG, runs setgroups, and
> then resets the PAG.
>
> -derek
>
> "Neulinger, Nathan R." <nneul at umr.edu> writes:
>
> >
> > Thanks Derek. This at least points me in a direction that I
> can look at.
> >
> > If nothing else, it's a relatively easy hack to have ksu
> setpag() and aklog
> > after switching id's.
> >
> > -- Nathan
> >
> > ------------------------------------------------------------
> > Nathan Neulinger EMail: nneul at umr.edu
> > University of Missouri - Rolla Phone: (573) 341-4841
> > Computing Services Fax: (573) 341-4216
> >
> > > -----Original Message-----
> > > From: Derek Atkins [mailto:warlord at MIT.EDU]
> > > Sent: Monday, January 25, 1999 10:17 AM
> > > To: "Neulinger"@MIT.EDU
> > > Cc: Nathan R." <Nathan.R."; 'arla-drinkers at stacken.kth.se'
> > > Subject: Re: [Fwd: Arla 0.20 and linux 2.2-pre9, misc
> > > problems, probably
> > > n ot kernel specific]
> > >
> > >
> > > Unfortunately I used Transarc's standard replacement for
> initgroups,
> > > so no, I cannot release it. Sorry. Actually, its a
> replacement for
> > > the setgroups system call, not initgroups... Basically
> it sets the
> > > groups and then checks to see if a setpag had already been done in
> > > which case it re-adds the Pag to the grouplist.
> > >
> > > -derek
> > >
> > > "Neulinger, Nathan R." <nneul at umr.edu> writes:
> > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Derek Atkins [mailto:warlord at MIT.EDU]
> > > > > Sent: Monday, January 25, 1999 9:13 AM
> > > > > To: Nathan Neulinger
> > > > > Cc: kenh at cmf.nrl.navy.mil
> > > > > Subject: Re: [Fwd: Arla 0.20 and linux 2.2-pre9, misc
> > > > > problems, probably
> > > > > not kernel specific]
> > > > >
> > > > >
> > > > > Linux-AFS replaces the 'initgroups' system call, does
> > > Arla does the
> > > > > same? I don't know how the Linux-2.2 version of AFS (which is
> > > > > Transarc 3.5) will behave. I doubt it is a kernel change.
> > > >
> > > > I figured it did something like that.
> > > >
> > > > I verified that a simple initgroups() test fails on 2.2 and
> > > works on 2.0.35
> > > > (well, behaves the way I want anyway).
> > > >
> > > > Is your replacement for initgroups() something you can
> > > release, given that
> > > > it was not intrinsic to transarc's code? Arla already
> > > preloads getcwd.so,
> > > > should be easy enough to add another one to do initgroups().
> > > >
> > > > > Check Arla on 2.0.35 and see if it works there.
> > > > >
> > > > > -derek
> > > > >
> > > > > Nathan Neulinger <nneul at umr.edu> writes:
> > > > >
> > > > > >
> > > > > > This is a multi-part message in MIME format.
> > > > > > --------------9E78052BF545843A7AB710B7
> > > > > > Content-Type: text/plain; charset=us-ascii
> > > > > > Content-Transfer-Encoding: 7bit
> > > > > >
> > > > > > Hey guys.
> > > > > >
> > > > > > I just sent this to the arla list. Got any suggestions on
> > > > > how to clean
> > > > > > this up in krb5 (or elsewhere) in some way that is not
> > > just a really
> > > > > > ugly hack?
> > > > > >
> > > > > > This will no doubt affect use with transarc's
> client as well.
> > > > > >
> > > > > > How is this handled on other architectures? Or is
> > > initgroups() just
> > > > > > broken everywhere?
> > > > > >
> > > > > > -- Nathan
> > > > > >
> > > > > > ------------------------------------------------------------
> > > > > > Nathan Neulinger EMail: nneul at umr.edu
> > > > > > University of Missouri - Rolla Phone: (573) 341-4841
> > > > > > Computing Services Fax: (573) 341-4216
> > > > > > --------------9E78052BF545843A7AB710B7
> > > > > > Content-Type: message/rfc822
> > > > > > Content-Transfer-Encoding: 7bit
> > > > > > Content-Disposition: inline
> > > > > >
> > > > > > Received: from umr.edu (hermes.cc.umr.edu [131.151.1.68])
> > > > > by umr-mail01.cc.umr.edu with SMTP (Microsoft Exchange
> > > > > Internet Mail Service Version 5.5.2232.9)
> > > > > > id DQ2R7SPM; Sun, 24 Jan 1999 15:23:56 -0600
> > > > > > Received: from sundance.stacken.kth.se
> > > > > (sundance.stacken.kth.se [130.237.234.41]) via ESMTP by
> > > > > hermes.cc.umr.edu (8.8.7/R.4.20) id PAA28277; Sun, 24 Jan
> > > > > 1999 15:23:43 -0600 (CST)
> > > > > > Received: (from majordom at localhost)
> > > > > > by sundance.stacken.kth.se (8.8.8/8.8.8) id WAA12481
> > > > > > for arla-drinkers-list; Sun, 24 Jan 1999
> > > 22:12:25 +0100 (MET)
> > > > > > Received: from umr.edu (hermes.cc.umr.edu [131.151.1.68])
> > > > > > by sundance.stacken.kth.se (8.8.8/8.8.8) with
> > > ESMTP id WAA12477;
> > > > > > Sun, 24 Jan 1999 22:12:20 +0100 (MET)
> > > > > > Received: from umr-mail01.cc.umr.edu (umr-mail01.cc.umr.edu
> > > > > [131.151.37.121]) via ESMTP by hermes.cc.umr.edu
> > > > > (8.8.7/R.4.20) id PAA24905; Sun, 24 Jan 1999 15:12:18
> -0600 (CST)
> > > > > > Received: by umr-mail01.cc.umr.edu with Internet Mail
> > > > > Service (5.5.2232.9)
> > > > > > id <DQ2R7S3Q>; Sun, 24 Jan 1999 15:12:27 -0600
> > > > > > Message-ID:
> > > > >
> <9DA8D24B915BD1118911006094516EAF019C7E77 at umr-mail02.cc.umr.edu>
> > > > > > From: "Neulinger, Nathan R." <nneul at umr.edu>
> > > > > > To: "'Magnus Ahltorp'" <map at stacken.kth.se>
> > > > > > Cc: arla-drinkers at stacken.kth.se
> > > > > > Subject: RE: Arla 0.20 and linux 2.2-pre9, misc problems,
> > > > > probably not ker
> > > > > > nel specific
> > > > > > Date: Sun, 24 Jan 1999 15:12:17 -0600
> > > > > > MIME-Version: 1.0
> > > > > > X-Mailer: Internet Mail Service (5.5.2232.9)
> > > > > > Content-Type: text/plain;
> > > > > > charset="ISO-8859-1"
> > > > > > Sender: owner-arla-drinkers at stacken.kth.se
> > > > > > Precedence: bulk
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Magnus Ahltorp [mailto:map at stacken.kth.se]
> > > > > > > Sent: Sunday, January 24, 1999 2:58 PM
> > > > > > > To: Neulinger, Nathan R.
> > > > > > > Cc: arla-drinkers at stacken.kth.se
> > > > > > > Subject: Re: Arla 0.20 and linux 2.2-pre9, misc problems,
> > > > > probably not
> > > > > > > kernel specific
> > > > > > >
> > > > > > >
> > > > > > > > It seems to be working ok for me.
> > > > > > >
> > > > > > > Great.
> > > > > > >
> > > > > > > > I do notice one problem. It appears that Arla
> treats PAG's
> > > > > > > differently than
> > > > > > > > transarc's AFS. If I do an su to root while
> logged in, with
> > > > > > > a token, I no
> > > > > > > > longer have the token, or the pag, in the su'd session:
> > > > > > >
> > > > > > > That is because your su throws away the secondary groups:
> > > > > > >
> > > > > > > > infinity(49)>id
> > > > > > > > uid=5879(nneul) gid=5000(afsuser)
> > > > > groups=33536,32512,5000(afsuser)
> > > > > > > > infinity(50)>su -
> > > > > > > > Password:
> > > > > > > > [root at infinity /root]# id
> > > > > > > > uid=0(root) gid=0(root)
> > > > > > > >
> > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > > > > > >
> > > > > > > Here, the 33536,32512 has been thrown away, and
> > > therefore you are
> > > > > > > assumed to be in the default PAG.
> > > > > >
> > > > > > Right, but it didn't do that before. It's possible that it
> > > > > is a change in
> > > > > > the kernel from
> > > > > > 2.0.35 to 2.2.
> > > > > >
> > > > > > I have another machine running 2.0.35 with transarc's code,
> > > > > and the same
> > > > > > su/ksu. Both perform correctly on that machine.
> > > > > >
> > > > > > >
> > > > > > > > Yes, I am using a mixture of transarc
> excutables and AFS,
> > > > > > > but only to
> > > > > > > > demonstrate the problem. Might be good if arla
> included a
> > > > > > > tokens executable.
> > > > > > > > Probably is easy enough to write, in fact, I
> believe I have
> > > > > > > the code lying
> > > > > > > > around somewhere to do it.
> > > > > > >
> > > > > > > If you use the kth-krb kerberos distribution, your klist
> > > > > is able to do
> > > > > > > this (klist -T).
> > > > > >
> > > > > > Nope, running krb5 with hornstein's patches.
> > > > > >
> > > > > > -- Nathan
> > > > > >
> > > > > > --------------9E78052BF545843A7AB710B7--
> > > > > >
> > > > >
> > > > > --
> > > > > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media
> Laboratory
> > > > > Member, MIT Student Information Processing
> Board (SIPB)
> > > > > URL: http://web.mit.edu/warlord/ PP-ASEL
> N1NWH
> > > > > warlord at MIT.EDU PGP key
> available
> > > > >
> > >
> > > --
> > > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > > Member, MIT Student Information Processing Board (SIPB)
> > > URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
> > > warlord at MIT.EDU PGP key available
> > >
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
> warlord at MIT.EDU PGP key available
>
More information about the Arla-drinkers
mailing list