Simon Wilkinson [Mon, 16 Jul 2012 19:09:04 +0000 (20:09 +0100)]
auth: Fix GetTokenEx with NULL cellName
If GetTokenEx is called with a NULL cellName, it means use the
local cell. To do this with the legacy interface, a 0 length string
must be used for the cell instance of the ktc_principal passed to
GetToken. Fix this so that we do so, rather than attempting to
strcpy(..., NULL) which never ends well.
When queue_Scan is executed on an empty queue the queue element
variable, in this case 'rpc_stat' is the queue head, _RXQ(q),
and not NULL. Callers of rxi_FindRpcStat() expect NULL on failure
to find or create an rx_interface_stat object. Correct the behavior
by testing for an empty queue and return NULL immediately if the
queue is empty and the caller is not requesting creation.
Simon Wilkinson [Wed, 7 Sep 2011 17:31:32 +0000 (18:31 +0100)]
afsd: Tidy up system calls
Tidy up the way that we do system calls from afsd, by making
afsd_syscall a va_arg function, using a structure to pass system call
information around, and simplifying the #ifdef ladder that converts our
platform independent system calls into something platform specific.
This fixes all of the warnings in afsd which required the -Wno-error
option, the only warnings remaining are related to daemon being
deprecated on Darwin.
There's no need for type-punning here; usr_getspecific() is a macro
that just assigns to the variable whose address we provide, so the
cast was just unnecessary (and erroneous) obfuscation. This is the
only caller of usr_getspecific(), so if it needs to be more complex
in the future, it should probably just be open-coded here.
strcompose: NULL must always be cast when passed to a variadic function
The C standard allows NULL to be defined as a bare "0", which will
be passed to variadic functions as an int. If the function expects
a pointer type, demons fly out of your nose. strcompose() is such
a function, so make sure that all of its callers cast NULL appropriately.
(None of them did.) This may be an opportune time to change all of
the callers to spell it opr_strcompose() as well, and avoid using a
reserved identifier, but this change does not do so.
opr: constify various string functions and mark them AFS_NONNULL()
All of these string functions require at least one non-null argument.
Mark them as AFS_NONNULL() so that the compiler and static checker can
find erroneous uses. The "source" arguments of lcstring and ucstring
can be const, so do so. (This doesn't affect anything in the tree
right now.) While here, note a few unfixed issues with these interfaces.)
xdr: fix two old FIXMEs related to signed/unsigned arithmetic
It's implementation-defined whether the C '>>' operator, when
applied to a signed integer, is sign-extending or zero-filling.
If you want unsigned arithmetic, you have to ask for it explicitly.
One assumes the reason for the shift is to avoid overflow if the
returned size/count is later converted to a signed int, in which
case maybe it would be better to use INT_MAX here. This is the
minimal change necessary for correctness.
If there are extents in the list with a non-zero ActiveCount,
those extents will be skipped and the list 'le' will never
become empty. Add an additional condition to ensure that the
loop is only executed once for each extent in the list.
Replace AFSExFreePool() with AFSExFreePoolWithTag() which is
a wrapper around both ExFreePool() and ExFreePoolWithTag().
If a 'Tag' value, is provided, ExFreePoolWithTag() is used.
Otherwise, ExFreePool().
Specify allocation tag values wherever possible. Path name buffer
tags are not specified because they are allocated using multiple
tags. The same is true for network provider string buffers.
This is being done in order to debug a memory corruption issue.
Warning: this is a change to the AFSRedir->AFSRedirLib interface
and therefore both drivers must be updated with a reboot and
not simply restarting the service.
rx: rxi_ReceiveDataPacket do not set rprev on drop
In KERNEL builds if there are no available packet buffers the
new packet is dropped on the floor. In that case, the call's
rprev field should not be updated because the packet was never
"received" for delivery to the application.
Remove a dead comment from the same block of code.
Windows: avoid memory overrun during extent release
While tearing down extents, if an extent is found to be in use
it will be skipped. Must use 'ulReleaseCount' as the index
into the released extent array.
Originally, the first store to "code" was dead here. Refactor the
error exits to follow the non-error exit path, which has the effect
of making the store to "code" live again (and also makes it less
likely that any new cleanup code will be unintentionally omitted).
In the ubik_ClientInit recovery case, handle the possibility that
aproc() returned zero and return UINTERNAL rather than letting the
caller think that this operation succeeded.
the whole of the api used for icon handling when you steal it
from a resource fork is deprecated in new macos. fine. we'll just make
an app bundle by cheating, move andy into a standalone icns file,
install him into the "bundle" and open it the macos way.
afs_server: remove 3 dead assignments in LoopServers, move live one
The assignments to conns, rxconns, and conntimer are all dead, so
remove them. The assignment to nconns is live, but rather far from
the for loop that actually uses it; move it to just before the loop.
Michael Meffie [Thu, 7 Jun 2012 16:58:54 +0000 (12:58 -0400)]
libafs: use afs_ResetVCache in flush volume data
Remove some code duplication by using afs_ResetVCache
in the flush volume data pioctl. Adds a flag to
ResetVCache to avoid unneeded calls to purge dnlc
when reseting all the vcaches in a volume.
Adds freeing of vcache link data in the flush volume
data pioctl.
util: LogCommandLine: argc is an int, so assert that it's positive
In practice, argc should never be negative, but by convention it's
a signed int, so change the assertion to require it to be positive
rather than merely nonzero to get some help to the static analyzer.
budb: don't malloc(0) on error condition in GetText()
malloc(0) is non-portable (may return a pointer to no space, or it
may return NULL. Just set the result to NULL without bothering to
call malloc(), as is done earlier in this function.
rx: don't leak a connection hash table in unlikely error condition
If getsockname() returns an error (which shouldn't be possible),
rx_InitHost would leak a connection hash table (which probably
doesn't matter because the caller will just exit anyway). Make
the analyzer happy by freeing the memory anyway.
The AFS file server had always performed a PRSFS_READ permission
check on the volume's root directory (1.1) vnode before responding
succesfully to the client. A successful response contains the
following volume state information:
Message of the day (if any)
Offline message (if any)
Online flag
InService flag
Blessed flag
NeedsSalvage flag
Type
MinQuota
MaxQuota
BlocksInUse
PartBlocksAvail
PartMaxBlocks
All of this information is publicly available to anonymous users
via other services so it is odd that it is hidden from anonymous
cache managers.
As sites begin to tighten the ACLs on volumes due to privacy
and security concerns this READ permission check is begin to
cause problems for Windows clients that rely upon the quota and
block counts to determine whether or not it is likely to be safe
to perform an extending write. In many environments volumes are
being configured such that the root directory is 'l' for all and
only the subdirectories provide for 'ridw'. Under these situations
the user is able to read/write the data but cannot determine how
much free space is available. Since all of the data returned by
RXAFS_GetVolumeStatus is publicly available, the patchset removes
the access check entirely.
bozo: small-notifier: don't ignore return from system()
Nobody can possibly be using this program, but even so, don't ignore
return values. Unfortunately, the return value of system() is a bit
complicated to interpret.
The interface flag has one fewer T than normal English usage would
suggest, so this code was never compiled on systems that don't have
the normally-spelled version as an alias.
FBSD: don't reference libc_r; no release OpenAFS works on still uses it
libc_r is the old user-mode threading library. Modern versions of
FreeBSD don't include it, and the conditionals here that (nearly
always) override it with the correct library, libpthread, are true
on every version of FreeBSD for which OpenAFS might plausibly be
compiled. So just use the correct library all the time.
Michael Meffie [Wed, 4 Jul 2012 21:54:02 +0000 (17:54 -0400)]
vlserver: fix logging of ip addresses
Remove the spurious dates surrounding IP addresess in the VLLog.
Instead of multiple calls to the logging function for a given log
line, format a string containing the addresses and call the log
function once.
Changes the log output from,
... The following fileserver is being registered in the VLDB:
... [Tue Jul 4 14:11:43 2012 192.168.10.128Tue Jul 4 14:11:43 2012 ]
... It will create a new entry in the VLDB.
to,
... The following fileserver is being registered in the VLDB:
... [192.168.10.128]
... It will create a new entry in the VLDB.
Use interlocked increment and decrement to track the waiters
and use the wait queue itself to determine if there are waiters
instead of the CM_SCACHEFLAG_WAITING flag.
When performing a RXAFS_FetchData[64] RPC, a short read from
rx_Read[v] is not a reason to stop processing the call unless
it is the first read and the file server FetchData offset bug
has been detected. If not, only stop processing if the
rx_Read[v] return value is <= 0.
The Windows cache manager stores the mount point or symlink target
string in the cm_scache_t object. If the string is the empty string
then the target needs to be resolved. Otherwise it is considered
up to date. With this approach, care must be taken to ensure that
the string is erased whenever the data version changes.
This patchset records the data version of the mount point target
string in the cm_scache_t object. Being up to date is determined
by comparing the current data version of the object to the mount
point string version. A match and the string is up to date.
Andrew Deason [Wed, 20 Jun 2012 21:28:51 +0000 (16:28 -0500)]
vos: Avoid creating volume with the same RO/BK ids
If we specified an RW id of 5, an RO id of 6, and no BK id, this code
would assign the BK id to RW+1, or 6. This gives the RO and BK volumes
the same volume id, which is a mistake. Choose a different id instead.
Andrew Deason [Fri, 29 Jun 2012 04:16:33 +0000 (23:16 -0500)]
viced: fsprobe needs MT_LIBS
fsprobe is built pthreaded, so it needs MT_LIBS; otherwise HP-UX and
possibly other platforms complain about missing pthread symbols. Just
copy the libs from the fileserver link line.
On multiprocessor systems, spin counts are faster than entering
a processor wait state when there is critical section contention.
Microsoft recommends a count of 4000. This feature is only available
on XP and above which is fine since OpenAFS master and 1.7 no longer
support Windows 2000.
Windows: Apply cm_GetVolServerList() to cm_ConnFromVolume()
Use cm_GetVolServerList() in cm_ConnFromVolume() to ensure an
error is returned instead of dereferencing a NULL pointer if
the serverRef list for the requested volume cannot be obtained.
Windows: Apply cm_GetVolServerList() to cm_Analyze()
Using cm_GetVolServerList() it is possible to simplify
the logic in cm_Analyze(). It is no longer necessary
for cm_Analyze() to call cm_GetServerList() which must
obtain its own reference the the cm_volume_t object via
a fileId lookup. This reduces lock contention and makes
the code a bit more readable.
cm_GetVolServerList() is a wrapper for cm_GetVolServers() that
returns CM_ERROR_NOSUCHVOLUME if the server list cannot be
obtained for the requested volume.
Windows: Modify cm_GetVolServers and cm_GetServerList
Move the determination of the 'replicated' state into
cm_GetVolServers() so that cm_GetServerList() and
cm_ConnFromVolume() can be implemented without duplicating
the resolution of the cm_vol_state_t object.
Windows: RDR RXAFS_GetVolumeStatus vs 1.1 'l' only
The Windows redirector relies upon the ability to obtain volume
status information to decide whether a file system volume object
can be created and whether or not an extending write can be
permitted. As of this writing, the file server always performs
a PRFS_READ access check on the volume's root directory (1.1)
vnode as a condition for releasing the volume state information
which includes:
Message of the day (if any)
Offline message (if any)
Online flag
InService flag
Blessed flag
NeedsSalvage flag
Type
MinQuota
MaxQuota
BlocksInUse
PartBlocksAvail
PartMaxBlocks
All of this information is publicly available to anonymous users
via "vos examine" so it is odd that it is hidden from anonymous
cache managers. When RXAFS_GetVolumeStatus fails, the AFS redirector
was failing to create a file system object for the AFS volume. That
in turn prevented the volume from being accessed even if the user
had 'l' in the root directory and full access everywhere else.
This patchset will make up fake data for the AFS volume if the
RPC fails. However, doing so does have consequences. The client
will be unable to make an accurate determination regarding free space
on the file server. As a result, an extending write may be permitted
which writes data into the system page cache which in turn cannot
be written to the file server. Such data will be lost and unrecoverable.
commit f716962ab41847af4450d0a361f5de9195b32ed0
inadvertently broke the offline .readonly is valid functionality
when readonly volume versioning is disabled. Restore it.
commit f716962ab41847af4450d0a361f5de9195b32ed0
clears the cm_scache_t volumeCreationDate field.
It shouldn't because the volumeCreationDate is not a property of
the callback. It is a property of the status information which
does not change simply because the callback expires.
Jeffrey Altman [Tue, 26 Jun 2012 03:06:30 +0000 (23:06 -0400)]
Windows: afslogon expand short domain names
Depending on how the user specifies the domain name during login,
NPLogonNotify may be given a short or a full domain or kerberos
realm name. If the name is the short name, attempt to expand it
automatically if there is no 'realm' configured for the short
domain name.
This patchset relies upon data in the local registry instead of
using an API such as NameTranslate in order to avoid network
queries to the domain controller that might not be reachable.
Jeffrey Altman [Mon, 25 Jun 2012 05:33:02 +0000 (01:33 -0400)]
Windows: Remove HELP from afscreds
The old .hlp format is no longer supported and the text of the
help files is long out of date. Remove the HELP buttons from
the dialogs and all references to WM_HELP message processing
from the application.
Jeffrey Altman [Tue, 19 Jun 2012 02:03:21 +0000 (22:03 -0400)]
Windows: afslogon major refactoring NPLogonNotify()
This is a major refactoring of NPLogonNotify() that is meant
to reduce redundancy and add functionality. Key highlights
include:
* New Domain\user hierarchy that permits configuration
settings to be applied on a per user basis instead of a
domain basis. As part of the extension the username itself
can be mapped.
* Attempt to import the MSLSA credentials prior to performing
KFW_AFS_get_cred().
* Do not perform redundant KFW_AFS_get_cred() calls.
* Add a flag to indicate if the authentication name is the
LSA principal name.
Andrew Deason [Fri, 29 Jun 2012 17:36:36 +0000 (12:36 -0500)]
Remove empty Makefile continuation lines
HP-UX make gets confused by constructs like:
FOO = bar \
BAZ = quux
Where a line continuation is followed by an empty line. So, get rid of
all of these in the tree. Not all of them matter, but removing all of
them makes it easier to find these, and catch them in the future.
Jeffrey Altman [Wed, 27 Jun 2012 05:00:20 +0000 (01:00 -0400)]
Windows: ensure TreeLock obtain and release same pointer
The indirection ObjectInformation->ParentObjectInformation does
not appear to be stable. When acquiring and releasing a parent
TreeLock, use a local variable to store the ParentObjectInformation
pointer and use that to access the TreeLock. This will ensure that
the resource obtained is the one that is released.
Jeffrey Altman [Sun, 24 Jun 2012 14:16:42 +0000 (10:16 -0400)]
Windows: Media Protected if create on RO volume
If there is an attempt to create a file/directory on a readonly
volume as indicated by the Volume Characteristics, return
STATUS_MEDIA_WRITE_PROTECTED immediately. Do not bother contacting
the afsd_service.
Jeffrey Altman [Sat, 23 Jun 2012 19:04:29 +0000 (15:04 -0400)]
Windows: NPGetConnectionPerformance
Restore the implementation of NPGetConnectionPerformance
in AFSRDFSProvider.dll. This time just return 0 for all fields
except for the preferred read/write size which is set to 64K.
When this function is not implemented at all, a query for
performance of a \\AFS path will be processed by the SMB
redirector. This can result in a 20 second timeout while waiting
for the SMB Browser query for "AFS <20>" to complete.
projects / packages / o / openafs.git / log