Simon Wilkinson [Sat, 26 Sep 2009 09:06:27 +0000 (10:06 +0100)]
Attempt to fix CForeign moredata behaviour
The fetchstore patches changed the behaviour of the multiple chunk handling
that's used in FetchData when the vnode's CForeign bit is set. In the original
code, the data would be read as (length, payload) chunks. The new code does
(length, length, payload), which corrupts the incoming data.
Simon Wilkinson [Thu, 24 Sep 2009 23:27:40 +0000 (00:27 +0100)]
Fix CacheFetchProc in cases where the fileserver hates us
In some situations, the fileserver returns a large negative number
as the length in an FetchData64 call. The old FetchProc code used an int32
to hold this number, and checked length > 0 before attempting to read more
data. The new code uses a uint32, and does while (length), which causes the
cache manage to loop until RX aborts the connection.
This patch restores the old behaviour. length becomes a signed int once more
(and the original 32 bit length from the wire is used, rather than truncating
the 64 bit value), and the conditional checks for > 0.
Andrew Deason [Mon, 21 Sep 2009 17:48:30 +0000 (12:48 -0500)]
Unlink correct files in salvager
Fallout from 0ac956b3384842b3c60e72bde78a4baf58a5877f; a couple of
unlink() calls were not updated to use the absolute path. Update them,
and log errors from unlink(), since otherwise it is difficult to tell
that anything is going wrong.
Andrew Deason [Tue, 22 Sep 2009 21:59:34 +0000 (16:59 -0500)]
Solaris: Default to fs_pathconf in afs_pathconf
Instead of returning EINVAL in afs_pathconf when we don't recognize the
pathconf command, return the result of fs_pathconf. fs_pathconf provides
sensible defaults or correctly represents a filesystem not implementing
a particular pathconf cmd; all in-tree (Open)Solaris filesystems call
fs_pathconf for unimplemented commands. Returning EINVAL allegedly
represents that the fileystem does not support pathconf at all.
Also, account for OpenSolaris adding another parameter to
pathconf-related calls.
Simon Wilkinson [Wed, 23 Sep 2009 17:18:34 +0000 (18:18 +0100)]
Refactor the cache bypass determination code
The code which determines whether the cache can be bypassed occurs in
multiple locations in this file. Make a single static inline function
that can do this, and use it.
Andrew Deason [Mon, 21 Sep 2009 21:57:01 +0000 (16:57 -0500)]
Implement _PC_FILESIZEBITS for solaris pathconf
Using recent NFS clients and servers with the translator under Solaris
causes AFS to be queried for the _PC_FILESIZEBITS pathconf value. Right
now we don't implement it and return EINVAL, causing at least some
modern NFS clients to be unable to mount AFS via the translator on at
least some modern NFS servers.
So, return _PC_FILESIZEBITS as either 32 or 64, depending on whether we
are a 64-bit client or not.
Andrew Deason [Mon, 21 Sep 2009 19:28:29 +0000 (14:28 -0500)]
Avoid salvager vol header read assert
When we read the volume header in order to write it back with a modified
inUse while salvaging, we were aborting if we couldn't read the header.
Since we can fail to read the header data if the volume header file
isn't associated with any data (and will be deleted by the salvager),
don't abort. Do still abort if we can't write the data back, since if
the data can be read but not written, other programs may think that the
volume is not being salvaged.
Andrew Deason [Mon, 21 Sep 2009 16:09:56 +0000 (11:09 -0500)]
DAFS: Put back volumes we get in FSSYNC handlers
fssync-server.c has a few issues with not properly VPutVolume_r'ing
volumes that were VGetVolume_r'd. The most important of these was that
the handler for FSYNC_VOL_MOVE can put back a volume it did not get,
when DAFS is enabled.
Fix that, and another erroneous edge case in the FSYNC_VOL_QUERY_HDR
handler when DAFS is not enabled.
Windows: Protect against null serverp in cm_Analyze
If cm_Analyze is called with both 'serverp' and 'connp' set
to NULL and an RX error is provided, a null pointer dereference
will occur. Test for non-NULL serverp before dereferencing
Windows: Do not mark server down due to Store / Fetch Data protocol error
When performing a StoreData or FetchData operation there are
several data validation checks performed to ensure that the
lengths of data obtained with rx_Write and rx_Read are consistent
with the RXAFS_FetchData and RXAFS_StoreData protocol operations.
When an inconsistency is detected the cache manager terminates the
call and returns an error to the caller which is passed to cm_Analyze().
The cache manager was returning -1 as the error code which is
equivalent to RX_CALL_DEAD which in turn will result in the server
being marked down.
This commit makes the following changes:
. add trace logging to permit monitoring this case
. instead of returning -1 return either RX_PROTOCOL_ERROR or RX_EOF
depending on the situation
. in cm_Analyze do not mark a server as down for rx errors other
than RX_CALL_DEAD. Instead, force a new connection and retry
until the request timeout limit is reached.
Windows: Use "Name not found" instead of "File not found"
When a file cannot be opened because the name of the file or
a directory in the path cannot be found, return "Name not found"
instead of "File not found". "File not found" is the error returned
by the smb redirector to the application when the file cannot be
located in the search path. "Name not found" indicates that the
entry is not present at the location requested.
The use of "File not found" prevented execution of applications
from the \\AFS name space on Windows 7.
Windows: trace logging changes for smb_ReceiveTran2QPathInfo
Add new trace log entries in smb_ReceiveTran2QPathInfo to
help track down the reason for queries in which the path and
tidPath are both the empty string.
Windows: Improve WKSSRC and SRVSVC compatibility with Windows
This commit includes several changes to improve compatibility
with Windows (in particular Windows 2000).
1. Specify a Lan Workgroup name. We use "AFS".
2. Ensure that the server name returned does not include
leading slash or backslash characters. The name provided
might include them but they are not part of the name and
cannot be returned.
3. The NetrWkstaGetInfo and NetrServerGetInfo responses must
be consistent. Otherwise, the Explorer Shell will get confused and
refuse to provide access to the server shares.
This commit also includes some minor comment changes.
Even if the rand_s() function is supported by the compiler
it is not supported on Windows 2000 because the kernel level
functionality it requires does not exist on that platform.
Calling rand_s() on Windows 2000 will throw an exception
and terminate the service.
Marc Dionne [Mon, 14 Sep 2009 21:40:23 +0000 (17:40 -0400)]
Linux: Restore aklog -setpag functionality for kernel 2.6.32+
With kernel 2.6.32 it is now possible for a process to copy its session
keyring to its parent through the use of the KEYCTL_SESSION_TO_PARENT
function of the keyctl syscall.
We can't use this easily from kernel space to cover all calls to
VIOCSETTOK with the setpag flag - we'd need to make a syscall
or have keyctl exported. Instead, a hook is added to ktc_SetToken to
make it honour the AFS_SETTOK_SETPAG flag, which was ineffective with recent
kernels.
This should cover the most common cases (ex: aklog) where this is needed.
The syscall is coded directly to avoid introducing a dependency on the
keyutils library or header files which may not be installed everywhere.
An initial pass at adding indexing to the Windows release notes.
The next pass should refine the index terms and add appropriate
secondary index values.
make fileserver avoid salvage loop on init failure
if the vlserver or prserver setup can't succeed, it doesn't indicate
a condition which salvaging is required to fix; instead, come up
and retry in the background.
Felix Frank [Thu, 16 Jul 2009 06:26:55 +0000 (08:26 +0200)]
Code beautifications.
* get rid of register declarations
* remove unused local var InStatus
* comment prototypes properly (correct .c file)
* save some linebreaks in function headers
Felix Frank [Mon, 13 Jul 2009 11:28:41 +0000 (13:28 +0200)]
Cosmetics in CacheStoreDCaches, CacheStoreVCache and storeInit.
* StoreProc: renamed alen to size.
* StoreProc: Make connection before do {}
* rename fP to tfile.
* Declare nchunks later in StoreProc.
* Fixed order of storeInit parameters.
* storeInit: renamed tlen to length.
Andrew Deason [Wed, 9 Sep 2009 14:22:02 +0000 (09:22 -0500)]
Do not respond to SYNC_COM_CHANNEL_CLOSE requests
SYNC clients, when closing a channel, send a SYNC_COM_CHANNEL_CLOSE
command, and immediately disconnect before waiting for a response. So,
don't send a SYNC response, since by the time we send it, the other end
will most likely have already hung up, causing a lot of needless
'SYNC_putRes: write failed' messages whenever a SYNC channel is closed
(e.g. when a demand-salvage finishes).
Windows: Handle "(Default)" regsitry value in MountGlobalDrivesThread
In MountGlobalDrivesThread(), if the "(Default)" registry value
is defined that should be interpreted as a drive mapping to a
device with no name. This is specified using NULL instead of the
nul-string.
theoretically a user thread can race us during shutdown and end up
panicing us if the soclose happens at the wrong time. if we're shutting down
just return. using afs_shuttingdown would have the side effect that we'd lose
the ability to add any graceful behavior.
Felix Frank [Mon, 13 Jul 2009 07:07:17 +0000 (09:07 +0200)]
Added guard against missing call and moved alength assignment in fetchInit.
The returned value of rx_NewCall is important of course and must be taken
into account before trying to start RPCs. Do assign the length output
variable ASAP.
Also fixes an overlong line and the type of the pos local var to unsigned.
More style fixes:
* Moved length64 to use proper scope, initialized code.
* Generally make more tidy
Russ Allbery [Sat, 22 Aug 2009 01:59:01 +0000 (18:59 -0700)]
Stop using sig_t
acinclude.m4 was adding to afsconfig.h some code to define sig_t as the
type of a signal handler. This definition was in terms of RETSIGTYPE,
which is deprecated by Autoconf. It also adds an unnecessary abstraction
for only two places in the AFS source code where it was used. Remove it
and change those two spots to use the standard C declaration of the
function pointer.
Reviewed-on: http://gerrit.openafs.org/335 Tested-by: Simon Wilkinson <sxw@inf.ed.ac.uk> Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk> Reviewed-by: Derrick Brashear <shadow@dementia.org>
Russ Allbery [Sat, 22 Aug 2009 01:12:39 +0000 (18:12 -0700)]
Move restorevol to bin from sbin
restorevol only requires access to a dump file and write access to the
directory in which the dump is being unpacked. It doesn't require being
a superuser, so it should be installed in bin instead of sbin. Also
move the man page to section 1 and update references accordingly.
Derrick Brashear [Thu, 13 Aug 2009 14:05:44 +0000 (10:05 -0400)]
make salvager able to cope with corrupt class index
right now if a directory ends up in the small vnode index, the salvager
will never fix it. unlinking from the index (and recovering an orphan later)
beats crashing forever
Felix Frank [Mon, 13 Jul 2009 06:54:23 +0000 (08:54 +0200)]
Cosmetics: Rename some variables, fix types.
* Replaced tsize by new local var llbytes in rxfs_storeInit.
* Make int32 lengths unsigned in rxfs_storeInit.
* Renamed lengthFound to length64.
* renamed abase to base.
This is rxfs-specific, so move it out of CacheStoreProc.
It must be done before entering the do { } while (moredata) loop proper
now, as rxfs_fetchMore is never called during the first iteration
(moredata is always 0), but the length may need fixing (note that
this was done after what is now the fetchMore op originally). Thus
it appears in rxfs_fetchInit.
To prevent a bogus call during the first loop iteration, also check
for length!=0. Finally, don't bother with fetchMore at all unless
CForeign is set.
In rxfs_fetchInit, we added an additional check for length_hi being
zero.
Windows: Add data validation to ktc_xxxx functions that perform pioctls
The ktc_GetToken and ktc_ListTokens functions perform a pioctl
and then parse the response data. There is no validation that the
data required is not longer than the pioctl output or that the
data received fits into the data structures that are being written.
As a result, random crashes have occurred when the wrong data
has been received from the pioctl.
This commit adds data validation to at least ensure that these
functions cannot read beyond the data provided or write beyond
the allocated memory.
Russ Allbery [Sat, 22 Aug 2009 07:31:22 +0000 (00:31 -0700)]
Only force a specific compiler where necessary
Rather than setting the compiler to cc on all platforms by default,
use the Autoconf default unless the specific compiler might matter.
Conservatively set the compiler to cc for all non-Linux, non-BSD
operating systems that previously didn't explicitly set it. Fix a
few places on Linux where the compiler was set to gcc explicitly
rather than using the Autoconf result.
Don't bother setting the Linux i386 compiler to gcc -pipe. The compile
performance difference isn't enough to bother with the special
exception, and we don't do this for other Linux systems.
With this change, setting CC at Autoconf time will correctly set the
compiler per the user's preferences unless they're on an operating
system where we care about having a particular compiler for kernel
purposes. This can be relaxed further in the future, particularly if
the kernel compiler is broken out to a separate setting.
Russ Allbery [Sat, 22 Aug 2009 02:11:58 +0000 (19:11 -0700)]
Remove old disabled code to support truncated passwords
ka_UserAuthenticateGeneral had code disabled with #ifdef OLDCRUFT to
retry failed authentications by truncating the password to eight
characters, with a comment that the truncating behavior of kpasswd
was disabled in 1990. Nothing references this preprocessor define in
the source tree. Delete the dead code.
Windows: Prevent pioctl races from crashing afsd_service
The SMB redirector will permit two processes to open the
pioctl file at the same time without giving SMB server an
opportunity to say 'no'. As a result multiple reads and writes
on the allocated smb_fid->ioctl can play havoc with the pioctl
state. Since afsd_service doesn't know the writes and reads
are coming from separate requests there is nothing it can do
to prevent incorrect data going to the wrong process. However,
it can (and should) protect itself when the state becomes invalid.
Two prevention methods are applied:
1. add an additional state flag that explicitly indicates
when the ioctl is in the dataout state
2. validate the length of data in the ioctl input or
output buffers before copying it. If the length
becomes negative, return a CM_ERROR_INVAL error.
In addition, when the invalid state results in a failure to
to find a matching pioctl function do not return CM_ERROR_BADOP.
CM_ERROR_BADOP can only be returned if the SMB operation is not
supported. Returning it in response to a ReadFile request will
cause the SMB client to drop the connection.
Finally, fix smb_FindFID to prevent the same 'fid' from being
used for more than one open file.
The fake scache object used for pioctl operations was not
fully initialized. The magic value, data version, and
several locks were not initialized. Do so.
Since the fid of the fake scache object is 0.0.0.0
remove the assert in cm_GetSCache for cell != 0.
Instead simply return CM_ERROR_INVAL.
The Windows pioctl implementation makes an incorrect assumption.
It is not true that every CreateFile() operation results in a
SMB NTCreateX operation being delivered to SMB Server. The SMB
client can combine open requests from multiple processes or threads
onto a single SMB file descriptor and locally manage the operations.
This is a problem for pioctls since the Transceive operation requires
that a WriteFile/ReadFile combination must belong to the same request.
Prior to this change simultaneous pioctl operations would be
combined and the individual reads and writes could overlap resulting
in responses going to the wrong requestor and end of file errors
being received by the others.
Due to lack of data validation in fs.c, ktc_nt.c, symlink.c,
etc random crashes are produced.
This change alters the sharing mode under which the pioctl file is
opened. Instead of FILE_SHARE_READ | FILE_SHARE_WRITE, only
FILE_SHARE_READ is specified to CreateFile(). This ensures that
the CreateFile will fail with a sharing violation if the pioctl
file was previously opened for writing.
A sharing violation check is provided and the CreateFile is retried
indefinitely until the open succeeds or the error is not a sharing
violation.
smb_FindShareCSCPolicy() ignored the error state of RegCreateKeyEx()
and would pass the uninitialized hkCSCPolicy to RegQueryValueEx()
and RegCloseKey(). While this did not produce invalid results, it
did result in unnecessary operations and exception handling within
the Win32 registry apis.
Jeffrey Altman [Sat, 29 Aug 2009 18:16:45 +0000 (14:16 -0400)]
Correct nvldbentry and vldbentry misuse in uss/uss_vol.c
The uss module relies on MapNetworkToHost / MapHostToNetwork from
src/volser. These functions convert a struct nvldbentry and not
a struct vldbentry. When src/volser was converted to struct nvldbentry
src/uss must have been forgotten.
In uss_vol.c convert GetServerAndPart() to accept a nvldbentry
instead of a vldbentry.
Add two static functions:
* ovlentry_to_nvlentry() to convert from vldbentry to nvldbentry
if required
* uss_vol_GetEntryByID() which first attempts to use
ubik_VL_GetEntryByIDN() and if that is not supported falls
back to ubik_VL_GetEntryByID() and ovlentry_to_nvlentry().
Remove struct from AFS_UCRED instantiations (opaque credential type support)
The identifier AFS_UCRED is intended as a preprocessor alias to
a possibly-opaque credential type. A platform header will normally
rename AFS_UCRED to a platform credential type with #define.
This is not intended to change the meaning of AFS_UCRED, but removes
the assumption that it is a struct type, which may not be true, depending
on the platform and other decisions made by the AFS client port.
The attempt to follow the smb protocol specification by returning
extended responses to NTCreateAndX requests (when specified)
resulted in random "invalid parameter" errors from the Explorer
Shell (and common control dialogs) on Vista SP2.
As a result we won't send the extended responses.
Windows: Freelance get callback sync and uninitialized variables
In cm_GetCallback the Freelance mode case did not properly
synchronize attempts to fake obtain a callback.
cm_GetCallback also failed to initialize the contents of afsStatus and
volSync which are used as input to cm_MergeStatus.
cm_MergeStatus special cased the freelance root.afs volume root
directory but failed to handle any other freelance volume objects.
As a result it used the contents of the uninitialzed input structures
to populate the status of the object for which the callback was
obtained.
Andrew Deason [Mon, 31 Aug 2009 16:10:10 +0000 (11:10 -0500)]
Update accessDate on volume access
Right now accessDate is simply never updated, so the last access time
for a volume is never reported. Simply update the field in
VBumpVolumeUsage_r, so we track the last time the volume was accessed.
Note that this does not increase disk writes to the volume header; the
performance impact is effectively nil.
Adds conditional trace logging to MCAS object cache and supporting GC,
using ViceLog. While in future this should be normalized, it is correct
for both fileserver and volserver, the two programs using MCAS currently.
Treat a file request for "name::$DATA" as if it were specified as
"name". Otherwise, the inclusion of the colon in the file name
will cause it to be treated as invalid.
Jason Edgecombe [Sun, 30 Aug 2009 21:54:16 +0000 (17:54 -0400)]
Updated Chapter 2, Section 3.2 of the Admin Guide
Removed the reference to the Authentication Server and added a reference to the Kerberos Server and Kerberos 5 authentication for foreign clients.
Replaced AFS Product Support with the AFS registrar as the maintainer of the
public CellServDB file. A link was added to grand.central.org for getting the
latest copy of the file and submitting changes for the local site.
Remove the conditional and Autoconf flag for enabling BosConfig.new
handling and change bosserver to always rename BosConfig.new to BosConfig
on startup if the former exists.
Document BosConfig.new handling in the bosserver and BosConfig man pages.
Tone down the warning about the BosConfig file format changing and warn
that bosserver rewrites BosConfig when shutting down.
Andrew Deason [Wed, 29 Jul 2009 15:56:34 +0000 (11:56 -0400)]
DAFS: avoid shutdown hang during salvage
Right now, when the fileserver shuts down, it tries to cancel any
demand-salvages in progress. This causes the fileserver to hang, since
during shutdown, the salvageserver may already be gone. This avoids
cancelling in-progress salvages, and allows salvages to continue after
the fileserver has shut down.
To do this, the salvageserver now closes SALVSYNC sockets in spawned
children, so the children don't get SALVSYNC requests directed at them,
since they can't handle them. The salvageserver also now periodically
scans for logs of salvaging children that have terminated, and
incorporates them into SalsrvLog, just like it does for it's own
children. The salvageserver children that actually perform salvages now
also set the inUse volume header field to their programType, so the
fileserver knows not to schedule new salvages for that volume in the
event of a fileserver restart during a salvage.
Andrew Deason [Thu, 27 Aug 2009 17:43:03 +0000 (12:43 -0500)]
Fix cache tracking for small fragsizes
The tracked amount of disk cache used by a client can be incorrect when
afs_fsfragsize is tuned to below 1023. Since we round up to the next
nearest afs_fsfragsize+1 then round down to the kb, if afs_fsfragsize+1
< 1kb, we can undershoot the cache usage.
This enforces afs_fsfragsize to always be at least 1023.
Christof Hanke [Mon, 31 Aug 2009 13:39:02 +0000 (15:39 +0200)]
Remove unnecessary type ViceFid
The type "ViceFid" is just a clone of the type AFSFid and used only in a couple of places.
Thus, for simplicity, rename all occurences of ViceFid to AFSFid and remove the
typedef itself.
Windows: Permit cygwin apps to read from AFS again
For some reason specifying a unique GUID for each open
file based on the cm_fid results in cygwin apps being
unable to read from AFS. ReadFile() calls fail with
Invalid Device Request errors instead.
While fixing that issue discovered that not all of the
data was properly set for QueryPathInfoAll operations.
The previous fix prevented a null pointer dereference but
forgot to set 'effDomain' to the domain specified by the
caller if it exists and is not the local machine name.
projects / packages / o / openafs.git / log