Windows: RDR RXAFS_GetVolumeStatus vs 1.1 'l' only
The Windows redirector relies upon the ability to obtain volume
status information to decide whether a file system volume object
can be created and whether or not an extending write can be
permitted. As of this writing, the file server always performs
a PRFS_READ access check on the volume's root directory (1.1)
vnode as a condition for releasing the volume state information
which includes:
Message of the day (if any)
Offline message (if any)
Online flag
InService flag
Blessed flag
NeedsSalvage flag
Type
MinQuota
MaxQuota
BlocksInUse
PartBlocksAvail
PartMaxBlocks
All of this information is publicly available to anonymous users
via "vos examine" so it is odd that it is hidden from anonymous
cache managers. When RXAFS_GetVolumeStatus fails, the AFS redirector
was failing to create a file system object for the AFS volume. That
in turn prevented the volume from being accessed even if the user
had 'l' in the root directory and full access everywhere else.
This patchset will make up fake data for the AFS volume if the
RPC fails. However, doing so does have consequences. The client
will be unable to make an accurate determination regarding free space
on the file server. As a result, an extending write may be permitted
which writes data into the system page cache which in turn cannot
be written to the file server. Such data will be lost and unrecoverable.
commit f716962ab41847af4450d0a361f5de9195b32ed0
inadvertently broke the offline .readonly is valid functionality
when readonly volume versioning is disabled. Restore it.
commit f716962ab41847af4450d0a361f5de9195b32ed0
clears the cm_scache_t volumeCreationDate field.
It shouldn't because the volumeCreationDate is not a property of
the callback. It is a property of the status information which
does not change simply because the callback expires.
Jeffrey Altman [Tue, 26 Jun 2012 03:06:30 +0000 (23:06 -0400)]
Windows: afslogon expand short domain names
Depending on how the user specifies the domain name during login,
NPLogonNotify may be given a short or a full domain or kerberos
realm name. If the name is the short name, attempt to expand it
automatically if there is no 'realm' configured for the short
domain name.
This patchset relies upon data in the local registry instead of
using an API such as NameTranslate in order to avoid network
queries to the domain controller that might not be reachable.
Jeffrey Altman [Mon, 25 Jun 2012 05:33:02 +0000 (01:33 -0400)]
Windows: Remove HELP from afscreds
The old .hlp format is no longer supported and the text of the
help files is long out of date. Remove the HELP buttons from
the dialogs and all references to WM_HELP message processing
from the application.
Jeffrey Altman [Tue, 19 Jun 2012 02:03:21 +0000 (22:03 -0400)]
Windows: afslogon major refactoring NPLogonNotify()
This is a major refactoring of NPLogonNotify() that is meant
to reduce redundancy and add functionality. Key highlights
include:
* New Domain\user hierarchy that permits configuration
settings to be applied on a per user basis instead of a
domain basis. As part of the extension the username itself
can be mapped.
* Attempt to import the MSLSA credentials prior to performing
KFW_AFS_get_cred().
* Do not perform redundant KFW_AFS_get_cred() calls.
* Add a flag to indicate if the authentication name is the
LSA principal name.
Andrew Deason [Fri, 29 Jun 2012 17:36:36 +0000 (12:36 -0500)]
Remove empty Makefile continuation lines
HP-UX make gets confused by constructs like:
FOO = bar \
BAZ = quux
Where a line continuation is followed by an empty line. So, get rid of
all of these in the tree. Not all of them matter, but removing all of
them makes it easier to find these, and catch them in the future.
Jeffrey Altman [Wed, 27 Jun 2012 05:00:20 +0000 (01:00 -0400)]
Windows: ensure TreeLock obtain and release same pointer
The indirection ObjectInformation->ParentObjectInformation does
not appear to be stable. When acquiring and releasing a parent
TreeLock, use a local variable to store the ParentObjectInformation
pointer and use that to access the TreeLock. This will ensure that
the resource obtained is the one that is released.
Jeffrey Altman [Sun, 24 Jun 2012 14:16:42 +0000 (10:16 -0400)]
Windows: Media Protected if create on RO volume
If there is an attempt to create a file/directory on a readonly
volume as indicated by the Volume Characteristics, return
STATUS_MEDIA_WRITE_PROTECTED immediately. Do not bother contacting
the afsd_service.
Jeffrey Altman [Sat, 23 Jun 2012 19:04:29 +0000 (15:04 -0400)]
Windows: NPGetConnectionPerformance
Restore the implementation of NPGetConnectionPerformance
in AFSRDFSProvider.dll. This time just return 0 for all fields
except for the preferred read/write size which is set to 64K.
When this function is not implemented at all, a query for
performance of a \\AFS path will be processed by the SMB
redirector. This can result in a 20 second timeout while waiting
for the SMB Browser query for "AFS <20>" to complete.
Jeffrey Altman [Fri, 22 Jun 2012 04:25:26 +0000 (00:25 -0400)]
Windows: check perms before RXAFS_GetVolumeStatus
Instead of calling RXAFS_GetVolumeStatus naked, perform a read
permission check using RXAFS_FetchStatus first. This permits EACCES
caching to prevent unnecessary requests.
Regardless of which FileId is queried, always use the root vnode
FileId for the permission check. The file server performs its
permission check using the root vnode.
Jeffrey Altman [Thu, 21 Jun 2012 23:34:58 +0000 (19:34 -0400)]
Windows: Replicated requires more than one site
The VLDB response may include a list of servers some of which
are not valid replicas because the DONOTUSE flag is set or
because the replica site may be out of date. Instead of setting
the replication state based upon the server count in the VLDB
response, use the number of RO sites that were deemed valid
at the end of processing.
Jeffrey Altman [Thu, 21 Jun 2012 23:29:26 +0000 (19:29 -0400)]
Windows: [Inline]BulkStat VolSync not accurate?
Instead of only recording the volume creation date when
cm_readonlyVolumeVersioning is true, record the date whenever
the RPC in use is not a RXAFS_[Inline]BulkStatus. This is
tracked by the addition of flags for cm_MergeStatus and
cm_EndCallBackGrantingCall which identify when the RPC was
in fact a BulkStat variant.
As a reminder, pre- 1.4.11 and 1.6.0 file servers do not
properly set the VolSync structure when responding to BulkStat
RPCs. At present, there is no method of identifying when it
is safe to use them. When cm_readonlyVolumeVersioning is TRUE,
it is assumed that the file servers are new enough to do the
right thing.
Jeffrey Altman [Wed, 20 Jun 2012 04:05:44 +0000 (00:05 -0400)]
Windows: force vldb lookup if server list is empty
The Windows cache manager can mark server references as "deleted"
which can give the impression that a server reference list is not
empty when it is. If the volume list is empty any attempt to
issue an RPC would fail with a CM_ERROR_ALLDOWN error. Since the
VLDB data is current, this condition will remain for two hours.
This patchset adds a new error, CM_ERROR_EMPTY, which is returned
when the server reference list is empty. cm_Analyze() is modified
to process the CM_ERROR_EMPTY error by attempting to update the
server reference list. If the update succeeds and the list is no
longer empty, the RPC is retried. Otherwise, the RPC fails as
before.
Jeffrey Altman [Mon, 18 Jun 2012 14:10:32 +0000 (10:10 -0400)]
Windows: Do not permit RDR worker threads to quit
If the DeviceIoControl from the service's redirector worker threads
fails the thread will terminate. This is a problem because if all
of the threads quit the afs redirector will end up deadlocking
all requests since there will be no method of delivering them to
the service. If there is an error log it (if possible), and retry.
Hopefully it will be transient.
Jeffrey Altman [Thu, 7 Jun 2012 13:23:26 +0000 (09:23 -0400)]
Windows: misplaced brace in KFW_AFS_get_cred
A misplaced brace in KFW_AFS_get_cred() results in KFW_AFS_klog()
being executed twice in a row if successful. The second attempt
could fail due to a KRB5KRB_AP_ERR_REPEAT error issued by the KDC.
Steve Simmons [Wed, 27 Jun 2012 21:28:36 +0000 (17:28 -0400)]
Added build of cscope index to Makefile
Add ability to do 'make cscope' at the top of
the distribution tree and get 'cscope.out' built
in ./src. Index file is removed in 'make clean'.
cscope.out is now ignored in src/.gitignore
Use rk_alloc, rk_calloc, rk_free, rk_realloc instead of Windows
C RTL allocators. The OpenAFS source tree has a bad habit of
allocating memory in one module and freeing it in another. This
is not a problem for POSIX but is disaster on Windows. This change
ensures that all OpenAFS modules share the same allocator.
Andrew Bartlett (1):
Revert "make paranoia check less paranoid" - check that key types strictly match
Jeffrey Altman (3):
do not include stdint.h unprotected
Windows EAFNOSUPPORT defined by VS2010
roken: Use a common allocator for all windows
Love Hornquist Astrand (2):
add rk_getpwnam_r
move windows compat errno constants to after <errno.h> is included
Nicolas Williams (7):
Fixes to make Heimdal -Wall -Werror clean
Make krb5_kuserok() pluggable and add features (including MIT config compat)
Generalize token expansion to allow for context-specific tokens
Address code review comments (use krb5_enomem())
Make master build on Windows
Fix a compiler warning in lib/roken/snprintf.c on 32-bit Ubuntu
Move base into lib
Roland C. Dowdeswell (3):
Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.
Provide support for enctype aliases for ease of use.
Additional changes to make -Wshadow build on Ubuntu 10.04.
Simon Wilkinson (1):
hcrypto: Use correct size for memset in md2
New files are:
roken/realloc.c
roken/win32_alloc.c
Simon Wilkinson [Mon, 2 Jul 2012 13:50:10 +0000 (14:50 +0100)]
roken: Import Windows allocator changes
Roken now supports using a single allocator across all of the objects
which include that roken library. Two additional objects are required
to support this, so add them to the list of symbols that we import.
Heimdal's expand_path.c now makes use of a new function krb5_enomem()
which is a wrapper around krb5_set_error_message(). Add a dummy
implementation to src/cmd/krb5_locl.h so that expand_path.c can
build within the OpenAFS tree.
Remove #if 0 disabled definitions and those for strtoll and
strtoull as they are not used anywhere in the tree. strtoll
and strtoull will conflict with the next roken.h update.
Jeffrey Altman [Mon, 11 Jun 2012 18:45:15 +0000 (14:45 -0400)]
Windows: afslogon is only an authentication provider
afslogon.dll is just a Authentication Provider DLL. It does not
provide network file system browse and mapping functions. Therefore,
do not include the "ProviderPath" registry value when the
AuthentProviderPath variable is sufficient.
Ben Kaduk [Thu, 28 Jun 2012 02:04:24 +0000 (22:04 -0400)]
Patch up FreeBSD-10 support
The auto-guessing code for sysnames produces *_fbsd_100, so we can't
just claim that we'll be *_fbsd_1000 for kicks.
Revert back to the old behavior so as to be less disruptive.
Simon Wilkinson [Tue, 26 Jun 2012 16:42:39 +0000 (17:42 +0100)]
viced: Remove localcellname
Commit 8a040cfd848410b75b4e5ac5498f00f073932598 removed all of the
code which relies on the localcellname variable being set, but didn't
remove the variable itself. So do so.
Simon Wilkinson [Wed, 27 Jun 2012 09:51:37 +0000 (10:51 +0100)]
viced: Make the config directory path global
Store the location of the configuration directory in a global
variable, rather than hardcoding it in multiple locations in the file.
This makes it easier to write unit tests for portions of the fileserver,
and is a step towards producing a fileserver that can be run from
within the test suite.
Simon Wilkinson [Tue, 26 Jun 2012 20:04:41 +0000 (21:04 +0100)]
tests: Abstract out code for a test RPC service
Lots of our tests want to start a test RPC server, and then run
commands against it. Start to abstract out the code to do this
by pulling the code to start a test RPC server into its own
function in the common test directory.
Simon Wilkinson [Tue, 26 Jun 2012 20:16:28 +0000 (21:16 +0100)]
Unix builds: Reference krb5 libs in standard way
Use $(LIB_krb5) and $(LDFLAGS_krb5) to reference the Kerberos
library and linker flags, rather than directly using an autoconf
substitution. This brings us in line with the way other libraries
are handled.
Andrew Deason [Tue, 19 Jun 2012 19:42:23 +0000 (14:42 -0500)]
viced: Clear all client CPS on FlushCPS
Currently the fileserver only finds the first applicable 'client'
structure (via h_ID2Client) for a FlushCPS operation, and invalidates
the CPS for it. However, there may be many 'client' structures in
memory for the given viceid, since we may have many connections for
the same user (possibly from different hosts).
So, modify FlushCPS to find all relevant client structures, and
invalidate the CPS calculation on them.
Andrew Deason [Mon, 18 Jun 2012 22:01:24 +0000 (17:01 -0500)]
cacheout: Perform authenticated RXAFS_FlushCPS
Fileservers may now require RXAFS_FlushCPS calls to be made with
administrator tokens. So, try to make the call with admin tokens, and
provide the usual -noauth and -localauth options.
Andrew Deason [Fri, 15 Jun 2012 21:58:42 +0000 (16:58 -0500)]
viced: Restrict RXAFS_FlushCPS to administrators
RXAFS_FlushCPS currently can be run by anyone, including
unauthenticated users. Forcing CPS calculation can be a relatively
resource-intensive operation, though, if done frequently enough, and
only should need to be done by administrators. Thus, only let
administrators use it.
Andrew Deason [Mon, 18 Jun 2012 20:06:49 +0000 (15:06 -0500)]
doc: Consolidate NetRestrict format docmentation
We were specifying exactly the same format in two different places;
consolidate them into one place. In addition, explicitly say there are
is no way to specify a range of addresses, in case some people are
confused by the previous versions of this man page that erroneously
said you could use 255 as a wildcard.
Ben Kaduk [Sat, 23 Jun 2012 01:33:50 +0000 (21:33 -0400)]
Catch up on fbsd releases
Pull in the changes needed to even have a chance at supporting
FreeBSD 8.3, 8.4, 9-stable, and 10-current.
Conditionals for changed interfaces in a follow-up commit.
Andrew Deason [Sun, 20 May 2012 22:05:12 +0000 (17:05 -0500)]
FBSD: Add osi_fbsd_checkinuse
Add the osi_fbsd_checkinuse function, which contains code common to
the FreeBSD osi_TryEvictVCache and osi_VM_FlushVCache. Implement the
latter two in terms of osi_fbsd_checkinuse.
This commit should incur no behavior changes. This is just a
reorganization so future commits can change the implementations of
osi_TryEvictVCache and osi_VM_FlushVCache.
Niklas Jonsson [Wed, 20 Jun 2012 14:03:54 +0000 (10:03 -0400)]
Auth: increase size of DNS resolver answer buffer
This patchset increases the size of the res_search() answer
buffer from 1024 octets to 4096 octets. This is not a proper
long term solution but will permit sites with longer response
lists to make use of SRV and AFSDB records.
This patchset only impacts UNIX systems. Windows uses the
Win32 DNS resolver which dynamically allocates memory based
upon the size of the response.
Simon Wilkinson [Tue, 15 May 2012 15:45:57 +0000 (16:45 +0100)]
opr: Add simple time type
Add a simple time type to the opr library, which provides helper
routines to implement the 100ns time format selected for on-the-wire
use for AFS-3 (this also provides a handy single integer internal
time format)
Simon Wilkinson [Sat, 9 Jun 2012 21:29:44 +0000 (22:29 +0100)]
viced: Tidy up VL initialization
Tidy up the routines which initialize the VL server so that they
don't reopen an already open configuration directory, and so that
some global variables are less globally scoped.
Simon Wilkinson [Wed, 30 May 2012 17:25:51 +0000 (18:25 +0100)]
rxgen: Make input strings const
Modify the code generation routines so that string inputs to RPCs
are declared as (const char *) on the client side. This doesn't affect
callers as we can freely cast from (char *) to (const char *), but means
it is easier to write API wrappers that accept const arguments.
Simon Wilkinson [Thu, 7 Jun 2012 22:21:48 +0000 (23:21 +0100)]
aklog: Fix error message fallback for Heimdal
Since we reverted to using Russ's upstream version of rra-c-util's
krb5.m4, we no longer check for the existence of the pure com_err
error_message().
So, for error message fallback on Heimdal, use krb5_get_error_message()
instead. As we don't have access to the context in which the error
occurred, build one to get the raw com_err error translation - this
won't give us any additional context specific detail.
Simon Wilkinson [Thu, 10 May 2012 23:34:24 +0000 (00:34 +0100)]
viced: Abstract out hpr thread context code
Every hpr lookup function had a copy of the same code to pull a thread
specific ubik context out of the pthread library, and to create one if
one wasn't already there.
Instead of endlessly repeating this code, create a small inline function
to do the job.
Simon Wilkinson [Tue, 15 May 2012 16:01:50 +0000 (17:01 +0100)]
viced: Remove unused profiling code
src/viced/profile.c is never built, and contains unused code which
is now useless to us. Just remove it from the tree - it is in git if
we ever need it again.
Derrick Brashear [Tue, 12 Jun 2012 18:23:12 +0000 (14:23 -0400)]
uss: allow disabling by configure switch
provide an option to disable building uss. current heimdal
when built static can leak symbol names for its flex/bison parser
causing symbol conflicts. this is but a workaround, but
sites not needing uss can at least use it.
Derrick Brashear [Mon, 11 Jun 2012 20:05:10 +0000 (16:05 -0400)]
viced: fix merge error
when 37fc2dfbb9e3a8a8ecb022febae7ccd04d7340a4 was merged, the close
bracket went in the wrong place, meaning for non-remote calls
we don't re-enable keepalives. fix it.
Andrew Deason [Thu, 31 May 2012 22:45:56 +0000 (17:45 -0500)]
vol: Avoid getting stuck in ATTACHING in attach2
Since commit 5fc2365f, a VNOVOL error early in attach2 meant that we
skipped changing the volume state to anything, and just returned
instead. When we do this, the volume is in VOL_STATE_ATTACHING for
DAFS, and so if we return, the volume will forever be in
VOL_STATE_ATTACHING. The next thing that tries to access the volume
will wait forever for the volume to come out of that state.
So, revert half of 5fc2365f, and transition to ERROR state instead.
This code path should not be hit during normal usage, since a
nonexistant volume access for the fileserver will be detected earlier.
If the volume does not appear to exist at this stage of attachment,
something is wrong with the volume, so this warrants the ERROR state.
For the volserver and other volume utilities, we may hit this when a
request just plain references a nonexistant volume for whatever
reason, but in that case the vp should go away soon. For non-DAFS,
this commit does not change much, since the difference between
error_notbroken and unlocked_error is very small.
The other half of 5fc2365f is not changed, since it is correct. For
VOFFLINE errors at this point, the volume has already been
transitioned to VOL_STATE_UNATTACHED, so it is okay to return. Add a
comment to help make this more explicit.
Andrew Deason [Thu, 31 May 2012 21:41:15 +0000 (16:41 -0500)]
DAFS: Preattach, not attach, in FSYNC_Drop
FSYNC_Drop currently attaches volumes that were checked out by the
dropped fssync handler, but not checked back in, in order to make the
volume available again. For DAFS, however, a full attachment is
unnecessary; just preattach instead.
Andrew Deason [Thu, 31 May 2012 21:15:33 +0000 (16:15 -0500)]
vol-salvage: Unlock volumes before exiting
Normally, volume locks acquired by an exiting salvaging process would
be automatically given up when the process exits, since our FDs are
closed. However, if we exit by calling Exit() or Abort(), we
gracefully shutdown our SYNC channels before exiting. For FSSYNC, this
can result in the fileserver trying to online the volumes we had
checked out but had not yet checked back in, so the fileserver may try
to online a volume we have locked, before the locks have been
released.
To avoid this, unlock all volume locks for all partitions before we
shutdown SYNC channels on exit.
Marc Dionne [Sun, 3 Jun 2012 01:35:53 +0000 (21:35 -0400)]
Linux 3.5: encode_fh API change
The encode_fh export operation now expects two inode arguments
instead of a dentry and a "connectable" flag. Use the inode of
the dentry we're interested in, and NULL as the parent inode which
is the same as passing a 0 flag in the previous API.
Marc Dionne [Sun, 3 Jun 2012 00:45:08 +0000 (20:45 -0400)]
afsd: include sys/resource.h in afsd_kernel.c
With a recent glibc update, sys/wait.h no longer includes
sys/resource.h unless __USE_SVID, __USE_XOPEN or __USE_XOPEN2K8
are set.
Don't rely on the indirect inclusion to get the bits we need;
include it directly in afsd_kernel.c. This include used to be
there but was dropped when afsd_kernel.c was split off.
Jeffrey Altman [Wed, 6 Jun 2012 03:07:40 +0000 (23:07 -0400)]
Windows: SMB GetFileAttributes support
commit 56a2cbb5fbdcab51bd5f4720e610796abbce5c41 added a
GetFileAttributes query to the pioctl interface to protect
against printing pages on printers with a broken smb protocol
implementation. This patchset adds support for GetFileAttribute
on _._AFS_IOCTL_._ files to the SMB implementation.
Jeffrey Altman [Sat, 26 May 2012 22:11:06 +0000 (18:11 -0400)]
Windows: Adjust extent release strategy
All extents were flushed whenever AFSReleaseExtentsWithFlush was
executed. This included a call at the completion of each
NonCached Read operation which could result in heavy thrashing
as the data would be released prior to it being needed by the
application.
This patchset makes the following adjustments. First,
AFSReleaseExtentsWithFlush() has been modified to release all
but 1024 extents belonging to the file. Second, NonCached Reads
only execute AFSReleaseExtentsWithFlush() when there are more
than 4096 extents associated with the file. Third,
AFSReleaseExtentsWithFlush() now has a 'bReleaseAll' parameter
which is used for calls from AFSCleanup() and AFSFlushExtents()
which need to be able to flush all extents attached to a FCB.
projects / packages / o / openafs.git / log