[krbdev.mit.edu #3122] KRB 1.4.1 AIX 5.2 fixes

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #3122] KRB 1.4.1 AIX 5.2 fixes

Greg Hudson via RT
Due to all the wonderful "features" of AIX, Kerberos doesn't work well on
AIX 5.2.  The following patch attempts to fix some of the issues:

 - the select() API in AIX is unusual.  The 16 high bits of the first
   argument is special, so select(0x00010000, ...) doesn't work.  Since
   8*sizeof(fd_set) == 0x10000 is used as the first argument in serveral
   places, things break.

 - AIX loves to return a sockaddr_in6 structure when you getpeername() on
   an inet4 socket.  However, special error-checking "features" will
   throw back an error if you pass that sockaddr_in6 structure back to
   connect().  I love AIX.

 - fake-addrinfo isn't needed for AIX 5.1+

Also, please note RT Ticket# 2902 that resolves crashes on res_ninit().

All of the problems should be present in krb5-1.4-current as well, and all
the problems except the fake-addrinfo should also be in krb5-current.


Without further ado, here's the useful part:

diff -ru krb5-1.4.1.orig/src/appl/bsd/krlogin.c krb5-1.4.1/src/appl/bsd/krlogin.c
--- krb5-1.4.1.orig/src/appl/bsd/krlogin.c 2003-05-09 20:00:58.000000000 -0400
+++ krb5-1.4.1/src/appl/bsd/krlogin.c 2005-07-14 01:39:27.000000000 -0400
@@ -1101,7 +1101,7 @@
     for (;;) {
  FD_ZERO(&waitread);
  FD_SET(0, &waitread);
- n = select(8*sizeof(waitread), &waitread, 0, 0, 0, 0);
+ n = select(1, &waitread, 0, 0, 0, 0);
  if (n < 0 && errno == EINTR)
   continue;
  if (n > 0)
diff -ru krb5-1.4.1.orig/src/appl/bsd/krlogind.c krb5-1.4.1/src/appl/bsd/krlogind.c
--- krb5-1.4.1.orig/src/appl/bsd/krlogind.c 2005-04-07 17:17:25.000000000 -0400
+++ krb5-1.4.1/src/appl/bsd/krlogind.c 2005-07-14 01:39:31.000000000 -0400
@@ -1045,7 +1045,7 @@
     }
  }
 
- if (select(8*sizeof(ibits), &ibits, &obits, &ebits, 0) < 0) {
+ if (select(((p>f)?p:f)+1, &ibits, &obits, &ebits, 0) < 0) {
     if (errno == EINTR)
       continue;
     fatalperror(f, "select");
diff -ru krb5-1.4.1.orig/src/appl/bsd/krsh.c krb5-1.4.1/src/appl/bsd/krsh.c
--- krb5-1.4.1.orig/src/appl/bsd/krsh.c 2004-05-24 15:43:17.000000000 -0400
+++ krb5-1.4.1/src/appl/bsd/krsh.c 2005-07-14 01:39:36.000000000 -0400
@@ -512,7 +512,7 @@
       rewrite:
  FD_ZERO(&rembits);
  FD_SET(rem, &rembits);
- if (select(8*sizeof(rembits), 0, &rembits, 0, 0) < 0) {
+ if (select(rem+1, 0, &rembits, 0, 0) < 0) {
     if (errno != EINTR) {
  perror("select");
  exit(1);
@@ -550,7 +550,7 @@
     FD_SET(rem, &readfrom);
     do {
  ready = readfrom;
- if (select(8*sizeof(ready), &ready, 0, 0, 0) < 0) {
+ if (select(((rfd2>rem)?rfd2:rem)+1, &ready, 0, 0, 0) < 0) {
     if (errno != EINTR) {
  perror("select");
  exit(1);
diff -ru krb5-1.4.1.orig/src/appl/bsd/krshd.c krb5-1.4.1/src/appl/bsd/krshd.c
--- krb5-1.4.1.orig/src/appl/bsd/krshd.c 2005-04-07 17:17:25.000000000 -0400
+++ krb5-1.4.1/src/appl/bsd/krshd.c 2005-07-14 01:35:09.000000000 -0400
@@ -440,6 +440,15 @@
  fd = 0;
     }
 
+#ifdef KRB5_USE_INET6
+    if (((struct sockaddr*)&from)->sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa2sin6(&from)->sin6_addr)) {
+ sa2sin(&from)->sin_len = sizeof(struct sockaddr_in);
+ sa2sin(&from)->sin_family = AF_INET;
+ sa2sin(&from)->sin_port = sa2sin6(&from)->sin6_port;
+ memcpy(&(sa2sin(&from)->sin_addr.s_addr), &(sa2sin6(&from)->sin6_addr.u6_addr.u6_addr8[12]), 4);
+    }
+#endif
+
     if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
    sizeof (on)) < 0)
  syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
@@ -1198,6 +1207,7 @@
     goto signout_please;
  }
  if (pid) {
+    int maxfd;
 #ifdef POSIX_SIGNALS
     sa.sa_handler = cleanup;
     (void)sigaction(SIGINT, &sa, (struct sigaction *)0);
@@ -1231,11 +1241,15 @@
     
     FD_ZERO(&readfrom);
     FD_SET(f, &readfrom);
+    maxfd = f;
     if(port) {
  FD_SET(s, &readfrom);
+ if (f > maxfd) maxfd = s;
  FD_SET(pv[0], &readfrom);
+ if (pv[0] > maxfd) maxfd = pv[0];
     }
     FD_SET(pw[0], &readfrom);
+    if (pw[0] > maxfd) maxfd = pw[0];
     
     /* read from f, write to px[1] -- child stdin */
     /* read from s, signal child */
@@ -1244,7 +1258,7 @@
 
     do {
  ready = readfrom;
- if (select(8*sizeof(ready), &ready, (fd_set *)0,
+ if (select(maxfd+1, &ready, (fd_set *)0,
    (fd_set *)0, (struct timeval *)0) < 0) {
     if (errno == EINTR) {
  continue;
--- krb5-1.4/src/include/fake-addrinfo.h~ 2005-03-04 18:19:30.000000000 -0500
+++ krb5-1.4/src/include/fake-addrinfo.h 2005-03-04 18:19:57.000000000 -0500
@@ -135,7 +135,7 @@
 #define FAI_CACHE
 #endif
 
-#if (defined (__linux__) && defined(HAVE_GETADDRINFO)) || defined (_AIX)
+#if (defined (__linux__) && defined(HAVE_GETADDRINFO)) || (defined (_AIX) && !defined(_AIXVERSION_510))
 /* See comments below.  */
 #  define WRAP_GETADDRINFO
 #endif

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3122] KRB 1.4.1 AIX 5.2 fixes

Greg Hudson via RT
Jonathan Chen via RT <[hidden email]> writes:

> Due to all the wonderful "features" of AIX, Kerberos doesn't work well
> on AIX 5.2.  The following patch attempts to fix some of the issues:

>  - the select() API in AIX is unusual.  The 16 high bits of the first
>    argument is special, so select(0x00010000, ...) doesn't work.  Since
>    8*sizeof(fd_set) == 0x10000 is used as the first argument in serveral
>    places, things break.

Even with these patches applied, I still get:

This rlogin session is encrypting all data transmissions.
klogind: select: Bad file number.
Connection closed.

from klogind on AIX 5.2.  Is this the same problem that this patch is
trying to fix?  If so, do you have an idea as to why it might still not be
working?

--
Russ Allbery ([hidden email])             <http://www.eyrie.org/~eagle/>

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3122] KRB 1.4.1 AIX 5.2 fixes

Greg Hudson via RT
In reply to this post by Greg Hudson via RT
Russ Allbery via RT <[hidden email]> writes:

> Even with these patches applied, I still get:

> This rlogin session is encrypting all data transmissions.
> klogind: select: Bad file number.
> Connection closed.

Hang on, this may still just be a mistake on my part.  Looking at it now.

--
Russ Allbery ([hidden email])             <http://www.eyrie.org/~eagle/>

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3122] KRB 1.4.1 AIX 5.2 fixes

Greg Hudson via RT
In reply to this post by Greg Hudson via RT
Jonathan Chen via RT <[hidden email]> writes:

> Due to all the wonderful "features" of AIX, Kerberos doesn't work well
> on AIX 5.2.  The following patch attempts to fix some of the issues:

>  - the select() API in AIX is unusual.  The 16 high bits of the first
>    argument is special, so select(0x00010000, ...) doesn't work.  Since
>    8*sizeof(fd_set) == 0x10000 is used as the first argument in serveral
>    places, things break.

>  - AIX loves to return a sockaddr_in6 structure when you getpeername() on
>    an inet4 socket.  However, special error-checking "features" will
>    throw back an error if you pass that sockaddr_in6 structure back to
>    connect().  I love AIX.

>  - fake-addrinfo isn't needed for AIX 5.1+

> Also, please note RT Ticket# 2902 that resolves crashes on res_ninit().

> All of the problems should be present in krb5-1.4-current as well, and
> all the problems except the fake-addrinfo should also be in
> krb5-current.

> Without further ado, here's the useful part:

[...]

I can confirm that this patch fixes all of these issues on AIX 5.2.

--
Russ Allbery ([hidden email])             <http://www.eyrie.org/~eagle/>

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #3122] KRB 1.4.1 AIX 5.2 fixes

Greg Hudson via RT
In reply to this post by Greg Hudson via RT
>>>>> "Jonathan" == Jonathan Chen via RT <[hidden email]> writes:

Jonathan> Also, please note RT Ticket# 2902 that resolves crashes on
Jonathan> res_ninit().

I'm not sure the supplied patch for ticket #2902 is correct, as
res_ninit() is not going to be re-entrant if _res gets used, at least
on some platforms.  It would probably be more correct to simply treat
AIX 5+ as not having a working res_ninit().

---Tom

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs