remove SUPERGROUPS condition for compilation of pts commands:
Interactive, Quit, Source, Sleep
fix the assignment of 'source' to permit it to function
replace bcopy and bzero with memcpy and memset to permit compilation
on Windows
replace ubik_Call(xxx) with ubik_xxx() (testpt.c)
add -DSUPERGROUPS and map.c to NTMakefile
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
This delta is a minimal variation on vice-hash-20070808.
The differences between the two are that there has not been a
significant updating of ViceLog entries and renaming of functions
and variables for consistency has not been performed.
(1) fixes a bug that could cause a 'host' structure to not be removed
from the global host list if the 'host' did not possess an interface
list. This would happen with older AFS clients that do not support the
WhoAreYou family of RPCs. Windows clients older than 1.3.80 and old
Transarc UNIX clients.
(2) fixes a bug which could result in ViceLog being called with an
uninitialized 'hoststr' buffer as a parameter.
(3) ensures that only addresses known to belong to the 'host' are
added to the address hash table. The list of addresses provided by
the client are stored as alternates and are only used when searching
for a client that is no longer accessible on the primary address.
These addresses are not stored in the address hash table within
initInterfaceAddr_r().
The addresses provided by the client should not be added to the hash
table because they have not been verified as belonging to the 'host'
that provided them. The contents of the list may in fact be completely
unreliable. Consider the existing UNIX clients that generate the list
at startup and never alter it even after the client has migrated to a
different network. If two client's both claim the same address,
lookups by address may fail to find the correct one.
a. The client list might contain private address ranges which
are likely to be re-used by many clients allocated addresses
by a NAT.
b. The client list will not include any public addresses that
are hidden by a NAT.
c. Private address ranges that are exposed to the server will
be obtained from the rx connections that use them.
d. Lists provided by the client are not necessarily truthful.
Many existing clients (UNIX) do not refresh the IP address
list as the actual assigned addresses change. The end result
is that they report the initial address list for the lifetime
of the process. In other words, a client can report addresses
that they are in fact not using. Adding these addresses to
the host interface list without verification is not only
pointless, it is downright dangerous.
e. The reported addresses do not include port numbers and
guessing that the port number is 7001 does not work when
port mapping devices such as NATs or some VPNs are in
use.
(4) [not in this delta]
(5) logs the UUID along with the client addresses when initializing the
host's interface list. (level 125)
(6) saves memory by using a smaller structure for the UUID hash table
MultiProbeAlternateAddress_r badly indexes the list of interfaces for
clients with multiple IP interfaces, resulting in peers with IP
address 0 port 0 to be created. This in turn results in rxi_sendmsg
errors (on systems where caught early, as on Linux, on others it may
pass unnoticed).
Add a new fs newalias man page. Add -help to the synopsis and options of
the other new man pages. Add additional missing links in the fs man page.
Fix some wording in the CellAlias man page.
Complete the documentation of the afsd flags and update a few things like
-settime and -nosettime. Add man pages for fs setcrypt, fs getcrypt, and
CellAlias. Based on work by Jason Edgecombe and then extensively edited,
so any errors I probably introduced.
Mention aklog and kinit in klog's man page, add -dynroot to the afsd man
page, and mention that -skipauth tells uss not to create any Kerberos
principal and this has to be done separately.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
2.6.21.1 introduces an additional .parent pointer in the middle of
the structure. As the OpenAFS code just initialises the structure
with a list, this causes it to assign the value intended
for .proc_handler to .parent
In rxkad_CheckResponse, when checking the return value from tkt_CheckTimes,
the order is == 0, == -1, < -1, <= 0. The <= 0 case is extraneous so
remove it. Both < -1 and <= 0 returned RXKADBADTICKET.
Problems fixed with this patch:
/1/ supergroup bug: when updating an entry in prdb, the logic in
pt_mywrite is supposed to unset flagged & found bitmap entries.
This failed on little-endian architecture machines.
/2/ warnings; a few fixes to eliminate some compiler noise.
the permission to obtain a write-lock is granted either by having the
"w" permission or the "i" when owning the file. The permission to obtain
a read-lock has been granted by having the "k" permission. However it
makes no sense that someone can obtain a write-lock but not a read-lock.
This patch grants permission to obtain read-locks to those who can obtain
write-locks.
Background: OpenAFS is vulnerable to crashing in the linux kernel symlink
code when running on kernel versions between 2.6.10 to 2.6.12. This also
includes all RHEL4 kernels, because RHEL4 includes the code from 2.6.10. The
problem is that the symlink text caching API, page_follow_link() et al, is
unsuitable for network filesystems where the page cache may be invalidated
in parallel with a path lookup.
This crash can be triggered easily by doing a bunch of path lookups
involving symlinks (e.g., stat() on various files pointed to through links),
while simultaneously running 'fs flushvol' on the volume containing the
symlinks.
The simplest way to fix this problem is to disable the use of symlink text
caching when the kernel does not provide a usable symlink API.
Based on Chris Wing's analysis which stated in part:
GFP_NOFS tells the allocator not to recurse back into the filesystem if it's
necessary to free up memory. However, vmalloc() does not have such an
option. Therefore, calling osi_Alloc() to request more than a page of
memory may end up recursing back into AFS to try to free unused inodes or
dentries.
In this case, what happened was that osi_Alloc() is called within an
AFS_GLOCK(); osi_Alloc() calls vmalloc() which tries to free dentry objects,
which then calls back into the AFS module. Unfortunately, AFS_GLOCK() is
already held and we deadlock.
The afskfw library contains an unprotected call to krb5_free_context
which can result in krb5_free_context being called with a NULL pointer.
MIT's Kerberos libraries do not check that the pointer is non-NULL and
will attempt to use it as a valid pointer which will in turn result
in an invalid memory access error.
This library is used by afslogon.dll which is loaded by winlogon.exe.
If the krb5 profile is invalid, the krb5_init_context call will fail
to allocate a krb5_context structure which can then result in
krb5_free_context being called with a NULL pointer.
An unhandled exception within winlogon.exe will cause a blue screen event
on Windows 2000, XP and 2003.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
remove afs_krb_get_lrealm from afsauthent.dll it conflicts with libutil.lib
projects / packages / o / openafs.git / log