Michael Meffie [Sat, 21 May 2011 16:38:03 +0000 (12:38 -0400)]
volinfo: fix volume aux totals output
Do not print the volumes aux totals prematurely when running
volinfo with the -headers flag on an namei fileserver. Instead
print the aux totals only once after the link table size is found.
Michael Meffie [Fri, 20 May 2011 17:53:48 +0000 (13:53 -0400)]
doc: document volinfo -filenames option
Add the namei -filenames option to the volinfo man page.
Note this option as implemented implies the -vnode flag, but for
consistency with the other fields that modify the default mode
output, it is documented to be accompany the -vnode flag.
Michael Meffie [Wed, 18 May 2011 17:42:27 +0000 (13:42 -0400)]
volinfo: fix -filenames option check
Fix the logic for checking the presense of the volinfo -filenames
option. The original patch inadvertently added the -filenames
check as an if-else cause to the -orphaned flag check, which
prevents filenames from being printed when listing orphaned
vnodes.
Derrick Brashear [Fri, 20 May 2011 18:13:01 +0000 (14:13 -0400)]
macos: bulkstat redux
simplify the logic which can require sleeps in various vcache
resolution paths. instead of the two-pass system we had before,
just guess using the even/odd hack what type a vnode will be.
if a vnode turns out to be a link and thus we are wrong, we
do a fixup later. other callers who "race" with bulkstat
(which is a supported feature, otherwise you'd have to block
callbacks) will also call through a fixup to get the correct
backing vnode type. this is necessary as the KPI doesn't
let us change the type of a vnode after it's been created.
side effect: eliminate many of the ugly cases where we had been
sleeping waiting for a vnode to be finalized even before bulkstat.
Derrick Brashear [Fri, 20 May 2011 18:10:49 +0000 (14:10 -0400)]
dynroot: mark vnode types on dynroot vnodes
when we create a vnode using a dynroot fid, we weren't bothering
to update the type from the default (typically VREG); most
dynroot vnodes are actually VDIR...
Andrew Deason [Thu, 19 May 2011 22:02:35 +0000 (17:02 -0500)]
SOLARIS: Reset syscalls on mod_install failure
If our call to mod_install fails for any reason (for example, if the
afs entry is missing from /etc/name_to_sysnum), we may still have set
the sysent structures for setgroups and ioctl to point at libafs code.
So calls to those syscalls will cause a panic, since the code they
point to is no longer loaded.
To avoid this, just reset the sysent entries back to what they were if
we fail to load, just like we do when unloading the module.
Andrew Deason [Thu, 5 May 2011 20:10:54 +0000 (15:10 -0500)]
libafs: Implement unixuser RW locks
Currently code dealing with changing unixuser structs does not obtain
any locks protecting the contents of the unixuser struct, though some
functions like afs_GetUser have a parameter indicating what type of
lock should be obtained. This can result in the token data for a user
being changed at the same time another thread tries to use the token
data.
To ensure mutual exclusion of such operations, add a lock field to the
unixuser struct, and actually lock it according to the intentions of
the relevant code.
Andrew Deason [Mon, 16 May 2011 18:45:49 +0000 (13:45 -0500)]
libafs: Always use anonymous VL connections
afs_NewVolumeByName was using the areq given by the caller for
afs_SetupVolume, which may represent authenticated credentials. Give
afs_SetupVolume &treq instead, which will be anonymous, so we don't
have to deal with rxkad for VL lookups.
Jeff Blaine [Thu, 19 May 2011 01:46:52 +0000 (21:46 -0400)]
Hide -noexecute in favor of -dryrun
Makes all previous -noexecute arguments hidden (still callable)
and replaces them with -dryrun whose help text has been made
common where appropriate instead of the 3 previous ways the
argument was explained.
Jeffrey Altman [Wed, 18 May 2011 17:51:53 +0000 (13:51 -0400)]
auth: failback to afs3-vlserver for afs3-prserver
If the DNS SRV lookup is for afs3-prserver or afs3-kaserver,
fallback to a lookup for afs3-vlserver since those services
are traditionally hosted on the same machine as the vlserver.
Andrew Deason [Mon, 16 May 2011 20:02:14 +0000 (15:02 -0500)]
viced: Check vnode length on Rename and Link
Commit 2578555d7e08131bf2fe4cdd0aa4b32567a76eb2 added vnode length
checks when we create or remove vnodes, but not during Rename and Link
operations (when vnodes are neither created nor destroyed). Add the
check in Rename and Link.
Andrew Deason [Thu, 12 May 2011 15:57:09 +0000 (10:57 -0500)]
viced: Enable NAT ping on hosts
Turn on NAT ping on the Rx connection for the callback channel for
hosts. This should help improve behavior for clients behind NATs and
stateful firewalls, even for clients that predate NAT ping
functionality.
Andrew Deason [Fri, 6 May 2011 18:12:17 +0000 (13:12 -0500)]
dasalvager: unlink fsstate.dat when standalone
If the DAFS salvager is running in a standalone mode, unlink the
fileserver's fsstate.dat file if any volumes change. Otherwise, volume
data could have changed and the fileserver will retain callback
promises for the data in those volumes until it tries to attach the
volume. This way, callbacks are broken via callback state
reinitialization.
A better solution is to record which volumes have changed, and the
fileserver can break callbacks for them on startup. But this at least
eliminates a regression from non-DAFS behavior.
Simon Wilkinson [Sun, 24 Apr 2011 19:29:37 +0000 (15:29 -0400)]
cmd tests: Initialise string retval
The cmd_OptionAsString function attempts to free the previous value
of the string passed to it. Make sure that we initialise the return
value to NULL before passing it in in the test suite.
Andrew Deason [Tue, 10 May 2011 19:16:06 +0000 (14:16 -0500)]
libafs: Flush vcaches in afs_shutdown
Currently, a few platforms (linux, linux24, solaris, irix) flush all
vcaches during shutdown. However, they do this before calling
afs_shutdown(), resulting in afs_FlushVCache queueing VCBs and
possibly trying to give the callbacks back to the server.
Instead of this, perform the flushes in afs_shutdown itself, so we do
this after we try to give up all callbacks to all servers, and we do
this while afs_shuttingdown is set, so we don't try to queue VCBs.
This also consolidates some of the duplicated code to flush all
vcaches, and now does this for all platforms.
Andrew Deason [Tue, 10 May 2011 17:54:53 +0000 (12:54 -0500)]
libafs: Do not write-lock afs_xserver on ICBS
Our RXAFSCB_InitCallBackState* handler currently write-locks
afs_xserver when it clears the SCAPS_KNOWN flag for the relevant
server. However, the afs_xserver lock is for protecting the global
list and hash table of server structures, and is not necessary to
acquire in order to modify the flags of an individual server struct.
For instance, CkSrv_GetCaps does not acquire any locks to modify the
server flags.
Taking this lock conflicts with a read lock on afs_xserver acquired by
afs_FlushVCBs when it traverses the list of server structures.
afs_FlushVCBs may contact a server that then calls InitCallBackState
on us, causing a deadlock if ICBS waits for the afs_xserver lock.
So, avoid locking afs_xserver in this case, to avoid that deadlock.
Marc Dionne [Sun, 15 May 2011 00:57:12 +0000 (20:57 -0400)]
Linux: fix reading files larger than the chunk size
Commit 2571b6285d5da8ef62ab38c3a938258ddd7bac4e fixed an issue with
the use of tmpfs as a disk cache and ftruncate() on files in AFS.
But it introduced a problem reading larger files as reported in
RT ticket 129880.
What should be compared against the current cache file size is the
offset into the current chunk, not the overall offset for the whole
file.
Marc Dionne [Sat, 14 May 2011 17:19:52 +0000 (13:19 -0400)]
Linux: fix permission op test for certain compilers
Some compilers complain that _inode is used uninitialised here.
Since this test requires -Werror, it causes the test to fail
and our permission op to be used in RCU mode, leading to lockups.
Initialise it to make the compilers happy.
Fixes a lockup seen on kernels 2.6.38+ on Gentoo and Debian.
Jeffrey Altman [Mon, 9 May 2011 14:46:46 +0000 (10:46 -0400)]
Windows: always try afs/cell@USER-REALM first
In the KFW_AFS library, always try afs/cell@USER-REALM
first, even when KFW_AFS_klog() is called with an explicit
realm mapping for the cell. An afs service principal from
the user's realm is always preferred. No cross realm and
if the realm is AD, the ability to avoid the inclusion of
a PAC.
Andrew Deason [Thu, 5 May 2011 16:18:08 +0000 (11:18 -0500)]
libafs: Get rx conn ref with afs conn ref
When we get a reference to an afs_conn with afs_Conn and its variants,
we assume we can use the tc->id rx connection without holding any
locks. However, if tc->forceConnectFS gets set, the tc->id connection
can be destroyed and recreated out from under us. So, to avoid using a
possibly freed rx connection, grab a reference to the rx connection at
the same time as we grab a reference to the afs conn. And also put
back the same reference with afs_PutConn.
Jeffrey Altman [Fri, 6 May 2011 13:49:52 +0000 (09:49 -0400)]
Windows: replace CYGWIN envvar with CYGWINDIR
The environment variable CYGWIN (starting with cygwin 1.7.1) is
now used by CYGWIN to set configuration parameters for the cygwin
runtime library. OpenAFS used it to indicate the location of the
Cygwin install directory. Since there is a conflict, rename CYGWIN
to CYGWINDIR.
Andrew Deason [Thu, 5 May 2011 16:37:12 +0000 (11:37 -0500)]
libafs: Correct afs_LoopServers flags
AFS_LS_DOWN was actually checking up servers, and AFS_LS_UP was
checking down servers. Fix the handling of the 'adown' flag so we do
the right thing. Also make afs_FlushVCBs use the symbolic name for
adown.
Russ Allbery [Mon, 2 May 2011 21:54:35 +0000 (14:54 -0700)]
Further fix gssapi.m4 for Heimdal without libroken
The gssapi.m4 fix for Heimdal without libroken was incomplete. It now
doesn't attempt to link with libroken when probing for GSS-API
symbols. Thanks, Antoine Verheijen.
Andrew Deason [Wed, 27 Apr 2011 21:24:46 +0000 (16:24 -0500)]
viced: Improve deleted client log messages
Change the information logged related to deleted clients to be a
little more useful. In particular this includes adding the client and
host refcounts, to help see if the cause is a reference count leak.
Andrew Deason [Wed, 27 Apr 2011 20:36:44 +0000 (15:36 -0500)]
viced: Do not try to reuse deleted client
When h_FindClient_r encounters a deleted client structure, it does not
try to find a different client structure to use. Force it to use a new
client structure by setting client to NULL when it detects a deleted
client.
This arguably reverts part of 4e55e30f5b2c149b350b6d6875793adf722fdc21, but the code paths in
h_FindClient_r are very different now, so that commit is probably not
too relevant.
Jeffrey Altman [Sun, 1 May 2011 04:11:13 +0000 (00:11 -0400)]
Windows: Fix caching of non-existing vols
In cm_UpdateVolumeLocation() the conditional that would
trigger the immediate return of CM_ERROR_NOSUCHVOLUME
was backwards which prevented the caching from working.
cm_CheckOfflineVolumes() is called by the daemon thread
to reset the status of offline volumes. Non-existing
volumes are by definition offline and cannot be brought
online. Therefore, the cm_CheckOfflineVolumes() function
should skip volumes with the CM_VOLUMEFLAG_NOEXIST flag
set.
Andrew Deason [Thu, 28 Apr 2011 21:13:20 +0000 (16:13 -0500)]
Add missing LIB_roken references
With the usage of asprintf in libcmd, some more binaries require
libroken to link. Add LIB_roken to their link lines. In src/venus for
the fstrace rule, this causes the HP-UX case to be identical to the
default case, so just remove the HP-UX special case.
Andrew Deason [Tue, 15 Feb 2011 18:04:32 +0000 (12:04 -0600)]
libafs: Drop xvcache for AllocCBR
Normally when we AllocCBR, we are holding xvcache write-locked, since
it is called from FlushVCache. Before a309e274632993c5aeec04c6e090f5ac95837a40, when AllocCBR needs to flush
CBRs due to a lack of space, we hit the net, giving up callbacks on
fileservers.
This can cause a problem if one of those fileservers needs to contact
us in order to complete that request, since the callback service
thread may be waiting for xvcache, causing a deadlock (that is
eventually broken by network timeouts).
To avoid this, drop xvcache if AllocCBR looks like it does not have
sufficient space. Fix all callers of afs_FlushVCache to handle the
case where we sleep, since with this change, afs_FlushVCache can sleep
on all platforms.
This partially reverts a309e274632993c5aeec04c6e090f5ac95837a40, as it
contains an alternative method of avoiding the xvcache lock in this
situation. This commit restores much of the code path to be much more
similar to how it used to be, except that it allows for dropping
xvcache for AllocCBR. This should make any change to our prior
behavior smaller/simpler, and thus safer and more consistent with
existing clients. This reintroduces the hard limit to how much space
we allocate for CBRs, although the part of a309e274632993c5aeec04c6e090f5ac95837a40 that raised this limit is
retained.
Andrew Deason [Thu, 28 Apr 2011 16:48:18 +0000 (11:48 -0500)]
libafs: Use vcount, not maxvcount to trim vcaches
Every five minutes we afs_ShakeLooseVCaches to try and return the
number of vcaches in use down to the originally configured -stat level
(when we are using dynamic vcaches). We should calculate how many
vcaches to flush based on the number of currently active vcaches
(afs_vcount), not the peak number (afs_maxvcount). Otherwise, once we
exceed the configured -stat level, we will always keep trying to flush
numerous vcaches, even if we barely have any vcaches in use.
The ok_program function in the shell libtap.sh library no longer
strips text after a colon and a space from the program output if the
expected status is non-zero. Instead, if program output may contain
system-specific error messages after a colon and a space, put the new
function strip_colon_error before the program to do this stripping.
Thanks to Carsten Hey for the idea.
strip_colon_error is now smarter about preserving an initial word
ending in a colon (which is generally the program name) while still
stripping error messages later in the line.
The test_file_path function in the shell libtap.sh library now always
returns the empty string, rather than possible absolute paths starting
at /, if $BUILD and $SOURCE are not set.
Flush standard error in the C TAP library before printing results for
more deterministic output. Thanks to Carsten Hey for the idea.
All of C TAP Harness now compiles with gcc -ansi -pedantic and should
be fully C89-compatible. Note that either C99 or SUSv3 is required to
build C TAP Harness. (This should not be a problem on any modern
platform.) Based on work by Carsten Hey.
Simplify and improve output formatting in the summary of failing tests
in some edge cases.
Add explicit license statements to the files meant to be copied into
other packages rather than referring to LICENSE.
Add a test_file_path() function to the basic C and shell TAP
libraries, which searches the build and source directories for a
particular file and returns the full path. This is a utility function
that can be used to find test data files.
The cmd/command-t test requires libroken and was misspelled in the
TESTS file. Multiple tests require LD_LIBRARY_PATH to be set to find
libafsroken if it hasn't been installed, so set it when running
runtests via make check. (Note that this means runtests -o will not
work properly unless the user also sets LD_LIBRARY_PATH.)
Andrew Deason [Wed, 27 Apr 2011 19:23:43 +0000 (14:23 -0500)]
viced: Avoid ref leak on origin callback break
When breaking a callback, sometimes we send a callback to the host
that performed the callback-inducing operation. When we do this,
currently BreakCallBack gives the origin host structure to
MultiBreakCallBack_r, which avoids releasing that host after the
callback is broken.
However, BreakCallBack obtains a reference to every host to which it
delivers a callback, even if it is the origin host, so a reference is
leaked. Fix this by not ever passing a host to MultiBreakCallBack_r,
and just have MultiBreakCallBack_r release a reference for every host
to which it delivers a callback break.
Andrew Deason [Wed, 27 Apr 2011 18:51:23 +0000 (13:51 -0500)]
viced: Transfer host ref in h_FindClient_r
In h_FindClient_r, we can change which client structure we're dealing
with if we find a different client struct in the Rx conn-specific
data. We adjust the refcounts for the client structures themselves,
but not the associated hosts. While the host structures should be the
same most of the time, we are not guaranteed that, so adjust their
refcounts as well.
Simon Wilkinson [Wed, 20 Apr 2011 21:26:14 +0000 (22:26 +0100)]
cmd: Support splitting switches and values with '='
Some of our code uses arguments of the form -name=value. Add support
to libcmd for dealing with this type of argument, where name is
declared as CMD_SINGLE (or CMD_SINGLE_OR_FLAG)
Simon Wilkinson [Tue, 19 Apr 2011 18:59:13 +0000 (19:59 +0100)]
cmd: Tidy up -help output
Tidy up the output that comes from cmd's -help option by wrapping
at 78 characters, and picking the breaks sensibly. This changes:
Usage: ./vos move -id <volume name or ID> -fromserver <machine name on source> -
frompartition <partition name on source> -toserver <machine name on destination>
-topartition <partition name on destination> [-live] [-cell <cell name>] [-noau
th] [-localauth] [-verbose] [-encrypt] [-noresolve] [-help]
to...
Usage: ./vos move -id <volume name or ID>
-fromserver <machine name on source>
-frompartition <partition name on source>
-toserver <machine name on destination>
-topartition <partition name on destination> [-live]
[-cell <cell name>] [-noauth] [-localauth] [-verbose]
[-encrypt] [-noresolve] [-help]
Simon Wilkinson [Tue, 19 Apr 2011 18:37:37 +0000 (19:37 +0100)]
cmd: Add support for params with optional values
Add the CMD_SINGLE_OR_FLAG option which permits a parameter to
either have a single value, or no value at all. If it has no value,
then it behaves in the same way as the current 'flag' implementation.
Simon Wilkinson [Tue, 19 Apr 2011 11:20:14 +0000 (12:20 +0100)]
cmd: Add parameter aliasing
Add support for adding aliases for parameters, in the same way as we
can for syntaxes. This allows multiple different names for a single
option, as well as providing a way around problems with abbreviations.
Simon Wilkinson [Tue, 19 Apr 2011 10:41:54 +0000 (11:41 +0100)]
cmd: Add accessor functions for options
Add a load of accessor functions to help with pulling values out
from the the cmd_syndesc structure. The idea here is to make it
simpler to manipulate command line values, as well as starting to
hide the structure of the cmd_syndesc structure from callers, with
a view to eventually making it private to the cmd library.
Simon Wilkinson [Tue, 19 Apr 2011 08:01:25 +0000 (09:01 +0100)]
cmd: Add option to add a param at a specific pos
Rather than having to use cmd_Seek, followed by cmd_AddParam,
followed by another cmd_Seek, add a function which permits parameters
to be added at specific reference points. This allows programs to
declare a list (either as an enum or specific #defines) of parameter
code points, rather than using raw numbers.
Thomas L. Kula [Sun, 6 Feb 2011 01:11:56 +0000 (20:11 -0500)]
Add -usetokens option to libadmin test 'afscp'
This adds a -usetokens option to poorly named libadmin test 'afscp' program.
If called with this flag, 'afscp' will assume you have already acquired
tokens, and will fetch and use them. If ran with the -authcell option,
it will look for tokens for that cell, otherwise it will look for tokens
in the local cell. Since the function used to fetch local tokens is
incompatable with the kas functions, all of the kas commands have been
modified to complain and exit if any of them all called with -usetokens.
Fixed whitespace, again.
Change-Id: I4f9bcbae42f6eb179168bb5d152ed36df3db8dd5
Reviewed-on: http://gerrit.openafs.org/3899 Reviewed-by: Derrick Brashear <shadow@dementia.org> Reviewed-by: Dan Hyde <drh@umich.edu> Reviewed-by: Steve Simmons <scs@umich.edu> Tested-by: Derrick Brashear <shadow@dementia.org>
Simon Wilkinson [Mon, 25 Apr 2011 18:18:39 +0000 (14:18 -0400)]
Linux: Don't read pages beyond the cache eof
If we attempt to read past the end of the current cache file (for
example, when we're extending the file with ftruncate), don't force
the backend filesystem to populate that page with non-existent data.
This will hopefully fix a bus error when using tmpfs as a backing
cache.
Andrew Deason [Tue, 26 Apr 2011 19:44:46 +0000 (14:44 -0500)]
Build libafscp when we lack kerberos
Currently, venus fails to build without kerberos, since the
dependencies for afsio always include afscp.h, which does not exist
when we do not build libafscp. To fix this the easy way, and since
libafscp is still very useful without kerberos, allow libafscp to
build without kerberos support (which limits it to anonymous
connections only).
Simon Wilkinson [Tue, 26 Apr 2011 19:48:32 +0000 (15:48 -0400)]
Irix: Add a simple osi_ReadRandom implementation
Add an implementation of osi_ReadRandom for Irix, which just panics
(Irix has no source of cryptographically safe entropy in the kernel).
Whilst hcrypto requires an implementation of osi_ReadRandom, nothing
in the current kernel module will cause it to be called, so this
panic should never be reached.
Andrew Deason [Tue, 26 Apr 2011 19:32:25 +0000 (14:32 -0500)]
Fix --without-krb5
Currently, specifying --without-krb5 causes the AM_CONDITIONAL
KRB5_USES_COM_ERR to not be defined, which makes configure refuse to
run successfully. Fix this by forcing KRB5_USES_COM_ERR to always be
false if we are running explicitly without krb5.
Fixes breakage on freebsd for missing malloc.h, reported by GAWollman,
and, since roken.h already includes stdlib.h to pull in malloc, is no
longer necessary
Marc Dionne [Sat, 23 Apr 2011 02:23:21 +0000 (22:23 -0400)]
ubik: add uvote_HaveSyncAndVersion
Add a new function uvote_HaveSyncAndVersion() that combines the
logic from uvote_GetSyncSite and uvote_eq_dbVersion, without
releasing the vote lock in between. Make use of it in
urecovery_AllBetter.
Marc Dionne [Sat, 23 Apr 2011 01:24:34 +0000 (21:24 -0400)]
ubik: Defer updateUbikNetworkAddress until after RX startup
The beacon package initialization has been moved to precede starting
RX services, but the broadcast of addresses to other servers should
be deferred until after RX is started.
Make updateUbikNetworkAddress an exported function and call it
from the general initilization sequence.
Marc Dionne [Sat, 29 Jan 2011 19:37:23 +0000 (14:37 -0500)]
ubik: locking in recovery.c
Locking changes in recovery.c:
- In urecovery_Initialize, hold the DB lock over ReplayLog
and InitializeDB
- Hold the DB lock over larger portions of urecovery_interact.
Some values which should be protected were examined and modified
without holding any locks.
- In the early part of urecovery_interact, only take the DB lock
when it's really needed, now that some values are protected by other
locks.
- DoProbe is now called without the DB lock, so it doesn't need to
drop and re-aquire it.
Marc Dionne [Sat, 16 Apr 2011 18:19:57 +0000 (14:19 -0400)]
ubik: always hold DB lock for urecovery_ResetState()
ubik_ResetState requires callers to hold the DB lock, since it modifies
urecovery_state. All callers of ubeacon_AmSyncSite outside of the beacon
package hold the DB lock, but calls from the beacon thread do not, and
can't block on getting the DB lock if we're sync site.
Add a beacon internal version of ubeacon_AmSyncSite that skips the
call to ResetState, and have the callers take the DB lock and call
ResetState themselves if needed. They can take the lock in this case
because we know we're not the sync site. Refactor the exported
ubeacon_AmSyncSite in terms of this new function.
Marc Dionne [Sat, 16 Apr 2011 16:56:05 +0000 (12:56 -0400)]
ubik: set UBIK_RECLABELDB before propagating version
Quoting Jeffrey Hutzelman:
In udisk_commit(), when committing the first write transaction
after becoming sync site, the database is relabelled. In this
case, the UBIK_RECLABELDB recovery state bit should be set before
propagating the label change to other servers, rather than after.
This is because ContactQuorum_DISK_Setversion() will
release the database lock, at which point the recovery state may
be cleared by urecovery_ResetState() running in another thread.
It is important that a relabelling which occurs before recovery
state is cleared not result in the UBIK_RECLABELDB recovery state
bit being set after; otherwise, the server may fail to correctly
relabel the database the next time it becomes sync site.
Marc Dionne [Sat, 16 Apr 2011 15:52:57 +0000 (11:52 -0400)]
ubik: remote: fix DB lock usage
Many of the RPC functions in the remote package have a similar
prologue that makes use of ubik_currentTrans before taking the
DB lock. Take the lock earlier, and rely on the ubik_dbase global
instead of the dbase pointer in ubik_currentTrans.
In GetVersion, take the lock earlier to cover the call to
ubeacon_AmSyncSite.
Ben Kaduk [Sun, 19 Dec 2010 04:52:43 +0000 (23:52 -0500)]
Rename libcom_err to libafscom_err
We no longer provide a compatible libcom_err, and in fact
we renamed the symbols in our libcom_err several years ago
to reflect this fact.
When we build on a system where KRB5_LIBS includes
-lkrb5 -lcom_err , the new Unix build system will pick up
our libcom_err (as $(AFS_LDFLAGS) is the first argument in
AFS_LDRULE and pulls in a linker search path for our libcom_err)
which does not provide all the needed symbols for libkrb5.
Fully rename our libcom_err away to avoid these conflicts.
Marc Dionne [Fri, 22 Apr 2011 19:23:27 +0000 (15:23 -0400)]
Linux: cleanup aio support
Code that called directly into the aio operations (ex: readv/writev)
would bypass the AFS specific operations found in afs_linux_read
and afs_linux_write.
Rework the handlers:
- For newer kernels with aio, let the kernel use its default read
and write operations, and define the aio_read and aio_write operations,
with the AFS specific bits, calling into generic_file_aio_read/write.
The kernels default read/write operations are just wrappers around the
aio versions.
- For older kernels, leave things as is, pointing read and write to
afs_linux_read/write
Simon Wilkinson [Tue, 19 Apr 2011 10:47:08 +0000 (11:47 +0100)]
cmd: Split up dispatch function
Split up the command line parsing behaviour out of the cmd_Dispatch
function, and into a function of its own - cmd_Parse. This lets servers
which only have a single "syntax" installed just parse, without needing
to go through a dispatch function, and all of the control flow
complexity that requires.
Simon Wilkinson [Mon, 18 Apr 2011 07:25:55 +0000 (08:25 +0100)]
cmd: Add function to disable positional commands
Add a new cmd_DisablePositionalCommands function which can be used
to completely disable positional commands, for functions which have
no desire to make use of them.
Simon Wilkinson [Sat, 23 Apr 2011 15:42:54 +0000 (11:42 -0400)]
cmd: Add some tests to the test suite
Add some tests for the command library to the integrated test
suite in tests. These are far from complete, and are mainly there
to ensure that we don't break any of this functionality when modifying
the library.
Andrew Deason [Mon, 25 Apr 2011 18:58:34 +0000 (13:58 -0500)]
pam: Fix password torching const-ness
In some code branches, the PAM code "torches" a password by zeroing
it. However, it does this through a const pointer which we otherwise
know is not actually const. Make sure we get better type checking by
doing this through a non-const pointer.
Andrew Deason [Mon, 25 Apr 2011 18:53:52 +0000 (13:53 -0500)]
pam: Password is const in setcred
afs_setcred.c gets the "password" pointer from pam_get_data, which
always gives a const pointer (unlike pam_get_item used in afs_auth.c
&c, which sometimes gives a const or not-const pointer, depending on
the PAM implementation).
So, declare password const, to get better type checking.
If the Kerberos v5 library cannot be loaded (pkrb5_init_context
equal to NULL) return a reasonable error code instead of
returning success and doing nothing.
Windows: NPLogonNotify provide password in all cases
When calling KFW_AFS_get_cred() from NPLogonNotify()
always provide the user password. Do not count on a
credential cache existing from a previous call.
Marc Dionne [Sat, 16 Apr 2011 15:22:54 +0000 (11:22 -0400)]
pam: Clear up PAM_CONST related warnings on Linux
Commit 78d1f8d8 expanded the use of PAM_CONST and introduced many
new warnings on Linux where pam expects "const" arguments.
This clears up the warnings by doing the following:
- Cast "user" to char * when kalling ka* functions
- Change the signature of pam_afs_prompt and pam_afs_printf to use
PAM_CONST
- Use a separate non-const password pointer for pam_afs_prompt
Simon Wilkinson [Thu, 21 Apr 2011 15:07:05 +0000 (16:07 +0100)]
Linux: Restrict # of cbrs we allocate at once
With commit a309e274632993c5aeec04c6e090f5ac95837a40, we changed the
number of CBRs that we allocate in a chunk from 300 to 1024. However,
this change takes the amount of memory requried to allocate a chunk
of CBRs above PAGE_SIZE on Linux. This changes the allocator that we
use from kmalloc to vmalloc. Whilst we can, and do, prevent kmalloc
from flushing filesystem pages when we invoke it, we don't have a
similar level of control over vmalloc.
In one reported case, clients deadlock whilst attempting to allocate
this memory, in a call stack that looks something like:
projects / packages / o / openafs.git / log