All of AFSVolListOneVolume, AFSVolXListOneVolume, AFSVolListVolumes,
AFSVolXListVolumes currrently attach each volume to be listed with
V_READONLY. This makes the fileserver update and sync the volume header
before releasing the volume to the volserver. The result is that volume
list operations are slow, and generate lots of fileserver load, as Jimmy
pointed out during his talk this afternoon.
The attached patch introduces a new attach mode, V_PEEK, which is like a
cross between V_READONLY and V_SECRETLY. It can be used for read-only
operations on the volume header, where it is not necessary to inform the
fileserver that the volume is being accessed. The patch also changes
the above-named RPC's to use the new mode.
during unlink, afs sometimes renames the file instead of deleting it.
this isnt reflected properly in the dcache in linux. the following
patch attempts to address this issue. newname is renamed to afs_newname
and exported.
afs_linux_unlink() checks to see if the file is open. if so, it creates
a negative dcache entry using the name suggested by afs_newname(). then
dmove() moves (exchanges) dp and __dp. __dp is now a negative dentry
for the old name and is put/dropped.
Provide option to users to allow file names to be stored using Windows
ANSI code pages (similar to ISO Latin character sets) instead of the
traditional OEM code pages
There is currently a maximum cache size of 1.3GB. The limit is imposed
by the largest contiguous block of unused memory within the 2GB process
space which can be assigned to the memory mapped file. Unfortunately,
when the executable digital signature verification code is activated
Windows sees fit to further segment the process memory which in turn
reduces the size of the maximum cache file to less then 800MB. If
larger cache sizes are desired, a new registry value should be set:
Setting this value will disable the runtime verification of digital
signatures on afsd_service.exe and the afs dlls which it loads. It
will not disable the the version number check on those same files.
The signature verification is not a security messure and is only meant
to enhance the ability to afsd_service.exe to detect potential
destablizing mixtures of DLLs from incompatible distributions.
Switch the Trust Provider used to verify the validity of executables
and libraries to the Software Publisher Trust Provider.
Add code (with Asanka's help) to extract the certificate details and
log them to afsd_init.log. Ensure that if files are signed that all
of the files are signed by the same entity.
in the freelance root.afs volume, instead of creating a mountpoint when
a name is evaluated and it is a partial representation of a cellname,
create a symlink.
Add support for WinVerifyTrust(). If afsd_service.exe is a digitally
signed executable, make sure that all of the associated binaries not
only have the same file version number but are signed as well.
Implement new functions: cm_freelanceMountPointExists and
cm_freelanceSymlinkExists. Use them along with other validity checks
in cm_freelanceAddMount and cm_freelanceAddSymlink to ensure that name
collisions do not occur and that empty strings are not valid file names.
A symlink may not have a name which would resolve to a valid cell name.
Doing so would prevent access to the cell.
Install registry values to force a mapping from afsdsbmt.ini file updates
via the old profile API to the new HKLM\Software\OpenAFS\Client\Submounts
key.
fix a deadlock situation if an Obtain Tokens dialog is produced
by an expiration event and the user chooses to cancel instead of
obtain new credentials.
some software network adapters use instances of lo but are real network adapters
. allow them to be advertised. the modified functions are called only in the pro
cess of collecting a list to advertise.
at the same time, make sure we mask 127.0.0.1.
i wonder if that's a mistake.
We currently try fairly hard to make stat() on a volume root return the
same vnode number as is listed for the mount point by readdir(). This
behaviour is desirable; in fact, getcwd would not work otherwise.
However, we are _not_ careful about making readdir list correct inode
numbers for "." in a volume root or ".." in a directory whose parent is
a volume root. This means that applications which examine these entries
will still see inconsistent inode numbers. Clearly, it would be more
desirable to report consistent inode numbers in all cases, instead of
only in some cases.
The attached patch, written while I was tracking down some NFS
translator problems (which ultimately proved to be unrelated), makes
readdir return consistent inode numbers for volume roots. We are
running this on a few machines and have seen no problems, but it has not
been extensively tested.
some software network adapters use instances of lo but are real network adapters
. allow them to be advertised. the modified functions are called only in the pro
cess of collecting a list to advertise.
at the same time, make sure we mask 127.0.0.1.
i wonder if that's a mistake.
the problem with rx_PutConnection is h_FreeConnection uses the host global lock
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
the problem with rx_PutConnection is h_FreeConnection uses the host global lock
but it shouldn't matter (callback conn should be a client not server conn and
thus not h_FreeConnection on cleanup)
further, we should free the conns we GetConnection'd not the ones still in
the host struct at the end.
* Add code to block the issuance of AFS tokens by aklog.exe or
afscreds.exe when the Kerberos 5 principal name contains a dot.
* Modify the IsAdmin() function to always treat the local SYSTEM
account as an AFS client administrator. Affects fs.exe and
afs_config.exe.
* Modify the internal handling of Quota Exceeded errors
* Upgrade all reference count fields in the Windows cache manager
and the osi library to use unsigned long instead of signed short.
A similar fix has been applied to the afs rpc (rx) library.
* fix the Windows cache manager to prevent it from replacing the
rx_connection object associated with the cm_conn_t object on each
and every operation if "fs crypt" was set. This explains the
dramatic performance difference when crypt is used vs clear.
The problem: 'cryptall', a boolean flag indicating whether or not
"fs crypt" is set, was being compared to the rx_connection
cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
1 != 2 and therefore the rx_connection was always destroyed
and replaced on each and every operation.
Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
It is not safe for the cm_conn_t object to not be locked because
rx_DestroyConnection might be called from another thread if:
- the user's tokens have changed or expired
- the crypt mode has changed
This fix appears to have also taken care of the problems associated
with Overlapped Writes resulting in Delayed Write errors.
* fix NSIS installer's AdminGroup.exe to properly create and
remove groups when given -create or -remove. The string comparison
test was wrong.
* fs sysname now accepts a list of sysname values
* added a new registry value HKLM\SOFTWARE\OpenAFS\Client "IoctlDebug"
DWORD which when set to a non-zero value will cause error message
text to be output to stderr from the pioctl() routine. Useful in
debugging failures of fs.exe, tokens.exe, etc.
* added a test to the power management code to only perform a
flush operation if there is at least one network adapter which
is not a loopback adapter.
* Fix bug in loading of registry value HKLM\SOFTWARE\OpenAFS\Client
"EnableKFW". This value will not be read if the key
HKCU\SOFTWARE\OpenAFS\Client exists; even if the "EnableKFW"
value under that key does not.
* provide mechanisms to force the use of krb524d for Kerberos 5
ticket to AFS token conversion. For afslogon.dll and afscreds.exe
there is a new registry value "Use524" and for aklog.exe a new
command line parameter "-m".
* Fix the pattern matching algorithm to properly match patterns
ending with a '*'.
* smb_ReceiveCoreRename() was factored to produce smb_Rename()
which is used by both the original function and the new
smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
creation of HardLinks in addition to Renaming. smb_Link()
is a new function which creates HardLinks via cm_Link().
cm_Link() is a new vnodeops function which creates links
using RXAFS_Link().
smb_ReceiveNTRename() does not support the File Copy and
Move Cluster Information operations described in its interface.
ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
* When opening files via symlinks, we should follow the symlinks
until we reach the actual file stat cache entry. The stat cache
entry of the file should then be stored in the FID instead of
stat scache entry of the symlink.
* return bad operation errors for all unimplemented functions
even if we do not know the functions exist.
* Log bad packets and unknown operation packets to the trace log
* Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
0xC09820FF
* Update list of known CIFS operations to include all those listed
in CIFS-TR-1p00_FINAL.pdf.
* Modify the handling of HKLM\SOFTWARE\OpenAFS\Client\Submounts
to support the REG_EXPAND_SZ type.
* fix the Windows cache manager to prevent it from replacing the
rx_connection object associated with the cm_conn_t object on each
and every operation if "fs crypt" was set. This explains the
dramatic performance difference when crypt is used vs clear.
The problem: 'cryptall', a boolean flag indicating whether or not
"fs crypt" is set, was being compared to the rx_connection
cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
1 != 2 and therefore the rx_connection was always destroyed
and replaced on each and every operation.
Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
It is not safe for the cm_conn_t object to not be locked because
rx_DestroyConnection might be called from another thread if:
- the user's tokens have changed or expired
- the crypt mode has changed
* Modify cm_Lookup to evaluate a list of possible values for @sys
instead of just a single entry. Re-write cm_ExpandSysname and
add cm_LookupInternal.
Add a new registry value HKLM/SOFTWARE/OpenAFS/Client "IoctlDebug" DWORD
which when set to a non-zero value will output error messages to stderr.
This is to assist in debugging ioctl failures when fs.exe, tokens.exe,
etc. fail because of an inability to open the ioctl file name.
One more fix for the symlink problem. Access control checks cannot be
performed until after we have walked all of the symlinks. Otherwise,
we are checking access to the symlink itself and not to the file.
projects / packages / o / openafs.git / log