*Includes the changes from STABLE14-windows-smb_fid_t-audit-20060125
as well:
"Further testing revealed that some smb_vc_t objects could not be freed
because the associated smb_fid_t objects never reached a zero refcount.
Additional auditing uncovered cases in which there were holds not being
released and others in which they were released to many times. This
patch fixes the problems and improves auditability by modifying the
behavior of the smb_IoctlXXX() functions to not release a reference
that was obtained by the caller. Now the caller releases the reference."
Fixup token deletion logic
Surround all references to smb_fid_t flags and other references
by obtaining and releasing the 'mx' lock.
the dynamic/system inode version of the linux client already keeps an
extra reference when the inode is on the vcache list. the inode/vnode
should not go away while we are trying to flush the dcache children.
Initial cut at an HTML conversion of the POD reference pages. Requires
Pod::Simple be installed (version 3.0 or later, probably). Also fix a POD
formatting bug in the afs(1) man page noticed while testing HTML output.
* re-enable LogoffTokenTransferTimeout and LogoffTokenTransfer.
Tokens are now destroyed at logoff based upon the values specified
here. Default is ON and 120 seconds. Setting this to OFF will
result in tokens never being destroyed. This will leak memory.
* protect global queues with mutexes and avoid a variety of race
conditions.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
The size of h_maxSlots as computed based upon the value of
MAX_FILESERVER_THREAD is too small. It is possible for h_lwpIndex
(in the pthread case) to have produce the same Slot value for multiple
threads. In that case it is possible for the following to occur:
X: h_Hold_r(host)
X: H_UNLOCK
...
E: H_LOCK
E: Check h_Held_r(host); it is true, so don't hold
E: H_UNLOCK
X: H_LOCK
X: h_Release_r(host)
X: h_TossStuff_r(host) [called by h_Release_r]
X: H_UNLOCK
E: CheckHost(host)
The end result would be a crash due to a reference to a null field
in the host processed by CheckHost.
This patch is a bit of a hack in that it solves the problem by increasing
the number of slots for threads and does not determine the correct number
of threads the process should be allowed to produce.
There should never be a case where h_Enumerate calls CheckHost with a
host whose callback_rxcon that is NULL. However, due to a bug it ended up
being the case that it happened. An examination of the CheckHost code
showed that the check for the HOSTDELETED flag should take place before
a reference to callback_rxcon is obtained. If HOSTDELETED were set, the
code would simply release the reference immediately. However, the process
of obtaining and releasing the reference required dropping and obtaining
locks that would be a performance hit.
(1) removes the rest of the dead logoff code that was originally
stripped of any meaning by DELTA
winnt-win2000-win98-afs-client-updates-20010623.
(2) gives new meaning to smb_TokenTransfer and smb_TokenTransferTimeout.
these variables now control how long a smb_username_t and its
associated cm_user_t and its cm_cellinfo_t (including tokens)
will be preserved after a logoff.
(3) adds logic to detect logoff conditions
(4) adds cm_CheckVCs(). This function probes the SMB client with a ECHO
response to determine if the associated SMB virtual circuit is still
valid. This is executed once every five minutes by smb_Daemon()
and whenever the machine's IP addresses change. This allows
abandoned VCs to be detected and the associated user credentials,
file handles, and locks to be cleaned up. This will also prevent
the exhaustion of the limited number of SMB sessions.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
and remember to mark the session dead so it can be re-used
The Integrated Logon hack of setting a token for a smb name different
than the one associated with the current smb session fails when smb
virtual circuits, sessions and username objects are properly reference
counted. When refcounts are not leaked the constructed smb_username_t
is destroyed immediately after the token is set since there are not
references to it from a current session.
The fix is to mark the smb_username_t object with a flag indicating that
it was created by the Network Provider. This flag prevents the destruction
when the refcount is zero so that it will be available at the time the
smb session is created (just a moment or two later.) During the binding
of the smb_username_t to the smb_vc_t the flag is cleared allowing the
tokens to be destroyed when the smb session is closed.
don't fclose(NULL) (found by ober@linbsd.org)
fflush after printf instead of before
add missing trailing newline in WARNING message
consolidate the logic to make it clearer
make tdate bigger (26 chars plus '\0'; not sure this is needed)
* the smb virtual circuits can be active and/or dead. this patch
improves the handling of vc's making the transition from active
to dead
* correct the refcounts on the smb_user_t and smb_vc_t objects
* replace the deprecated GetCurrentTime() with GetTickCounts() which
is the new name. This function needs to be replaced with something
else because its return value wraps after 49.7 days
* hold the correct locks when adjusting the scp->fileLocksH queue
* add new event log entries for unexpected session closures and
send packet failures
the smb_username_t objects are reference counted but they were never
released on their own accord. Instead the smb_uid_t objects when
released were also cleaning up the smb_username_t. Since the smb_username_t
is reused, now that smb_user_t objects are being cleaned up, this was
a problem.
When SMB sessions are prematurely terminated as part of the tear down
of the virtual circuit we must clean up any remaining file handles,
tree connections, and user sessions.
For afsd_service.exe, properly use the Event Log by constructing
message strings stored in a MESSAGETEXT resource. This patch also
removes a large number of debugging related event messages that
should never have been seen by an end user. That data is now
logged to the trace.log where it should have been logged initially.
Similar changes need to be implemented for afslogon.dll and afscreds.exe
The afsd_eventlog.[ch] files should be broken out into its own library
so that it can be reused efficiently.
The afsreg.h header was cleaned up to ensure name consistency and to
remove the last vestiges of "IBM AFS".
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Do not change "AFS Client" to "OpenAFS Client" unless the installers
are also updated.
The afs_pioctl.c change should fix a real crash (panic), but fs flushv isn't
that common an operation.
Other changes:
don't GUNLOCK() around vnode_get(). we weren't consistent about it, and it
doesn't appear to be strictly required.
handle vnode_get() failures in more cases
darwin_vn_hold will panic if vnode is terminating rather than mess up the
refcounts.
Generate vnode_if_newproto.h and vnode_if_typedef.h in case they aren't in
the kernel build directory, for example if the kernel has been configed but
not built.
Add man pages for rxgen and cmdebug. The cmdebug man page was written from
scratch based on the source code. The rxgen man page is a conversion of an
old TeX document to POD.
The procmgmt library replaces the C RunTime Library's signal handlers
but does not restore them on process detachment. This leaves the
process with signal handlers pointing to invalid code that generates
an invalid access error during process termination if the library
was previously unloaded.
potential reclaim in progress fix, and per Chaskiel,
"I don't remember why I put it there, but the fact that
it gets triggered means that we're leaking a vcache object lock. It looks
like the "rename to .__afsXXXX" codepath is responsible (as afsrename does
not use the fact that adp (or aodp) is locked by afs_remove, and locks it
again. I'm surprised it's not deadlocking)" so i coded up a fix
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
chaskiel says
The RHS shouldn't be a double negative...
There's no bug (other than the assert itself)
Add new man pages for livesys and voldump. Fix the man page for sys to say
what it actually does, rather than implying that it works like livesys, and
to recommend livesys instead. Fix a path error in the NetInfo
documentation. Update the README for the current status, including
listing all installed commands that don't have man pages. (There may still
be some subcommands that don't have man pages but aren't listed.)
On installation, substitute the configured paths into the man pages,
replacing the Transarc paths. Also fix a problem with the way that
pinstall was being used to install man pages. (Silly me, I was assuming
it had the same behavior as install.)
This is just a quick first pass. Longer term, it's probably better to
replace all paths in the man pages with unambiguous tokens and then
replace those tokens instead of assuming that the man pages use Transarc
paths and replacing those paths specifically. The current method has a
few minor problems, such as not being able to distinguish between the
various paths that make up /usr/afs/bin. Still, the results of this method
are good enough to start with.
Move man page generation out into a separate script that's just invoked
from regen.sh, so that someone can run that separate script later if they
wish. Make that script more robust against problems such as empty podN
directories. Diagnose a missing pod2man and warn about old versions of
Pod::Man.
Also, remove the old programs used to do the initial conversion from HTML.
Enough post-conversion editing was done that they're no longer necessary
except for historical curiosity, and for that purpose they can be pulled
out of CVS.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
This patch separates the client and viced capabilties;
adds a viced capabilities for 64bit files;
and modifies the Windows client to probe the viced capabilities
the first time the client discovers the server and uses the capabilities
RPC instead of the GetTime RPC to probe for Up/Down status
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
when collecting rx statistics in response to an RPC query, the rx library
attempts to enumerate the number file descriptors in use. This is fine
except that file descriptors are a C Run Time Library concept on Windows
and are not related to networking. In Visual Studio 8, the run time library
will assert() if an invalid file descriptor is passed to fstat() which is
the test used to determine if a file descriptor is valid.
This patch simply returns 0 for the number of file descriptors in use
because that is what would have been returned anyway with the existing
code. What we probably want to return is the number of open socket
handles.
include rx.h in order to safely include rx_prototypes.h in order
to obtain a prototype for osi_Alloc() in order to prevent pointer
truncation on systems with 64-bit pointers and 32-bit int.
This patch extends the krb.conf file allowing the specification of
multiple realms which should be treated as equivalents to the local
cell authentication domain. Additional realms are specified on the
first line of the krb.conf file and are separated by white space.
In addition, the patch adds a new file stored in the same directory
as the krb.conf file called krb.excl. This file contains a list of
principal names, one per line, that must not be treated as local
identities.
The purpose of this patch is to allow organizations that are supporting
multiple realms with synchronized user principal databases to allow
their users to login with any of the realms and treat the principal
names as equivalent to the local PTS identity. The exclusion is
to allow certain names, such as those for administrative IDs, to be
restricted to a subset of the realms.
Further optimization of the afs_krb_exclusion() should be performed to
remove the need to re-read the file. This patch should be considered
a temporary solution until a more permanent set of extensions to the
PT database and RPCs allow for the assignment of mechanism specific
aliases for PT IDs.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
projects / packages / o / openafs.git / log