Andrew Deason [Fri, 11 Jun 2010 21:51:02 +0000 (16:51 -0500)]
vlclient: work with non-space whitespace
Make vlclient work with non-space whitespace separating arguments.
This also makes it cope with a trailing newline that fgets() gives us,
making this more intuitive to use.
Matt Benjamin [Thu, 27 May 2010 23:14:20 +0000 (19:14 -0400)]
windows cm_BeginDirOp add flags (nobuildtree)
Add a flags argument to cm_BeginDirOp, and define a flag
CM_DIROP_FLAG_NOBUILDTREE which asserts that the operation
being synchronized does not require scp->dirPlus to be
constructed.
Simon Wilkinson [Fri, 11 Jun 2010 09:48:37 +0000 (10:48 +0100)]
RX: Can't assert a void result
We can't assert(MUTEX_DESTROY(blah) == 0) when the MUTEX_DESTROY
macro already returns void (and asserts), as it does in the
pthread case. This fixes the build failure introduced by 53c9258cd7300c03be3f3e50003cad3dfc59baf3
Matt Benjamin [Tue, 8 Jun 2010 22:29:13 +0000 (18:29 -0400)]
rx service specific data
Adds rx_GetServiceSpecific and rx_SetServiceSpecific to the rx_service interface,
conforming to the equivalent calls in the rx_connection interface.
For consistency, the implementation strategy is the same. The intended
use is to more cleanly support server multiplexing within an RPC-based
test dispatch library.
Andrew Deason [Thu, 22 Oct 2009 03:16:38 +0000 (22:16 -0500)]
Break origin's callback for RXAFS_Rename target
When we RXAFS_Rename something, the status of the renamed FID can
sometimes change, and thus we break callbacks on it. Currently, however,
we do not break the callback for the originating client, even though the
status of the target changes and we do not return an AFSFetchStatus to
the caller.
Since the callback is not always broken for the target, it may not be
immediately obvious to client implementations to implicitly break the
target's callback. Since we do not have an explicit protocol
specification saying that the callback is implicitly broken, break the
callback for the origin client as well, to be safe.
Andrew Deason [Wed, 9 Sep 2009 20:56:26 +0000 (15:56 -0500)]
Avoid unnecessarily updating .. in SAFSS_Rename
Currently the .. entry for a directory is always recreated on a Rename
operation, even if the parent directory does not change. Now, avoid
altering the directory at all (including no COW nor DV bump nor vnode
modify time update) when we don't need to.
Jeffrey Altman [Wed, 9 Jun 2010 17:55:14 +0000 (13:55 -0400)]
Windows: Revise SMB QuerySecurityInfo for MS10-020
MS10-020 (http://support.microsoft.com/kb/980232) has caused
many problems for implementors of SMB 1.0 servers and applications
that call GetFileSecurity() without checking the return code to
determine if the call succeeded. The gist of the vulnerability
was that the SMB redirector would pass any buffer it received
to the application regardless of whether or not it was valid.
MS10-020 protects the applications by strictly validating the
SMB response data structure and the data in the security descriptor
that is returned.
The problem for SMB 1.0 server implementors is that there have
been at least three different protocol descriptions for
NT_TRANSACT_QUERY_SECURITY_DESC published over the last decade
and all of them are incomplete. Therefore, just about no one but
Microsoft has an SMB 1.0 server implementation that produces the
exact out that they are expecting to validate.
The end result is that in an attempt to protect applications from
crashing due to invalid input being passed in directly caused
dozens of applications to crash by not returning any security
descriptor data at all. Even when the applications didn't crash
they might not have been able to save their data. Cisco WAAS
and NetApp DataOnTap systems were most adversely affected and
they have had CIFS protocol licenses for many many years.
To fix OpenAFS here is what needed to be done:
1. Instead of returning a security descriptor that gives ownership
to the NUL SID, give it to the Everyone SID and set the flag
that states that everyone has full access.
2. Validate the input parameters. In particular, check to ensure
that the SMB file descriptor is valid and the file has not
been deleted.
3. Enforce the maximum output data and parameter counts.
4. Handle buffer overflow and buffertoosmall conditions
in the manner that Microsoft expects them to be handled.
In particular, note that the parameter data which is returned
in the SMB Data Region is not counted in the Data Count.
Even if MaxData is 0, we can still return parameters values
as long as MaxParm is large enough.
Andrew Deason [Fri, 21 May 2010 16:47:42 +0000 (11:47 -0500)]
Install pthreaded ptserver and vlserver
When --enable-pthreaded-ubik is specified, install the pthreaded
versions of ptserver and vlserver instead of the non-pthreaded
versions. Previously, the pthreaded versions were getting built but
not installed with 'make dest' or 'make install'.
Andrew Deason [Fri, 21 May 2010 16:19:53 +0000 (11:19 -0500)]
Move FreeBlock prototype to vlserver_internal.h
FreeBlock is only used in internal vlserver code and should not be
called by anything else; it should not be prototyped in a public
header. Move its prototype to go along with the other vlserver
internal prototypes.
Russ Allbery [Wed, 9 Jun 2010 01:40:11 +0000 (18:40 -0700)]
Add okv function to the TAP test library
Add an okv() varient of the ok() function that takes the arguments as
a va_list instead of as a variable argument list. This makes it easier
to reuse ok() when writing other tests.
Jeffrey Altman [Mon, 7 Jun 2010 22:18:39 +0000 (18:18 -0400)]
Windows: Detect if AFSCache is memory mapped to a new address
The Windows AFSCache paging file contains pointer addresses
that are only valid if the file is memory mapped at a specific
memory address. If the file is mapped at a new address, the
pointer values will be invalid and the service will crash with
an invalid memory access.
Check for address consistency and force the cache to be rebuilt
if the consistency is lost.
Andrew Deason [Tue, 8 Jun 2010 15:38:07 +0000 (10:38 -0500)]
Solaris: lookup "" like "."
At least on some versions of solaris, we can get passed an empty
string to afs_lookup, if the root directory is in AFS (e.g. after a
chroot). Interpret this as the same as looking up the "." entry;
otherwise we return ENOENT, implying that the "/" directory does not
exist, even if its subdirectories do.
FIXES 127356
Change-Id: I84283e78fbf33b946afaf3c80ef4a1a679e8fc93
Reviewed-on: http://gerrit.openafs.org/2096 Tested-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk> Reviewed-by: Derrick Brashear <shadow@dementia.org> Tested-by: Derrick Brashear <shadow@dementia.org>
Andrew Deason [Tue, 18 May 2010 16:39:21 +0000 (11:39 -0500)]
libafs: consistently hold vnode refs
Make all common libafs code call AFS_FAST_HOLD to hold an afs vnode
reference, instead of sometimes calling VN_HOLD(AFSTOV(tvc)) directly.
Make AFS_FAST_HOLD always call osi_vnhold, and have each platform
define osi_vnhold for their platform-specific quirks (as it was doing
before).
This way, if a platform has an osi_vnhold that is special somehow (on
solaris, we bump a VFS refcount if the vnode refcount goes from 0->1),
it will always be called on vnode references.
Andrew Deason [Mon, 7 Jun 2010 16:42:02 +0000 (11:42 -0500)]
AIX: make osi_procname a stub
'curproc', 'curthread', or other such conveniences do not exist on
AIX, so the current osi_procname implementation breaks the build.
Determining the current process name on AIX is, while possible,
difficult and error-prone. Since we only need the process name for
informational messages to users, don't bother trying to determine it,
and just return the empty string so we can build.
Andrew Deason [Mon, 7 Jun 2010 17:18:53 +0000 (12:18 -0500)]
Make lib/afs.exp in sys_depinstall
The AIX libafs uses lib/afs.exp to build, and libafs depends on
sys_depinstall. So, make lib/afs.exp in addition to
include/afs/afs.exp in sys_depinstall.
Jeffrey Altman [Thu, 3 Jun 2010 16:04:15 +0000 (12:04 -0400)]
Windows: Update fs newcell and add VIOCNEWCELL2
The Windows version of "fs newcell" did not accept any parameters
and behaved quite differently from the Unix version. Instead of
permitting new cell information to be added, the Windows version
simply forced the existing cell information to be reacquired.
This update adds a new pioctl, VIOCNEWCELL2, to support the
implementation of a Unix-style "fs newcell". The functionality
added here differs from the Unix version in the following ways:
1. "fs newcell" with no arguments is still accepted
in order to maintain compatibility with prior Windows
behavior.
2. "fs newcell -cell <cell> -dns" instructs the cache manager
to add the new cell but obtain the vldb server info from
DNS.
3. "fs newcell -cell <cell> ... -registry" instructs the cache
manager to add the new cell and also save the cell configuration
data in the registry for use the next time the service restarts.
4. The -vlport and -fsport options are accepted although the
-fsport value is currently unsupported by the cache manager.
Jeffrey Altman [Thu, 3 Jun 2010 15:59:45 +0000 (11:59 -0400)]
Windows: Freelance Import CellServDB
Add a new registry option that permits automatic generation of
Freelance mountpoints for every cell listed in the CellServDB info
(file and registry). "FreelanceImportCellServDB". This functionality
is only triggered when the afsd_service is started. The operation
is performed in the background by the daemon thread after the firewall
configuration is set.
Russ Allbery [Sat, 29 May 2010 21:45:04 +0000 (16:45 -0500)]
Comprehensive edit of Admin Guide chapter two (first 20%)
Update and revise chapter two (Issues in Cell Configuration and
Administration) of the Administration Guide for current AFS and current
computing concepts.
Remove references to an AFS-provided login utility and discuss local login
configuration for Kerberos more generically. Further clarify the role of
ssh in ensuring the user has access to files in AFS during remote login.
Improve the inode and namei discussion slightly. Update the setuid
discussion for the new default of disabling setuid for cells and for the
known security flaws in enabling setuid. Modernize terminology for DNS
around cell naming and remove the descriptions of TLDs. We can now assume
our target audience knows this stuff.
Move index terms into the appropriate section for what's being indexed in
a few more cases.
Lots of other, more minor wording changes and updates.
this code makes us work in the face of a sub1500 mtu network.
a subsequent commit is needed to make it more effective: attempts
to grow the mtu must be scheduled so we aren't forced to heavily
brute-force on failure to discover the exact mtu immediately;
for performance, we do want to grow to the real mtu.
Asanka Herath [Fri, 4 Jun 2010 03:58:42 +0000 (23:58 -0400)]
Windows: Support building a lite-client installer
If LITECLIENT is defined when invoking the WiX based MSI installer
build, we will build a light-weight client installer MSI. This
minimizes the size of the installer for users who only need client
functionality from OpenAFS.
The light-weight client excludes:
- Server components
- Control center components
- Administration utilities
- Debug symbols
Lite-client installer can also be built by invoking target wix-lite
from the root NTMakefile.
"fs checkservers" during cache creation can crash client
Many pioctl calls pass as soon as the afs_resourceinit_flag is set,
which happens relatively early, alas before the cell name is set.
PCheckServers and others need the latter and dereference NULL.
Easiest: set the cell name as soon as it is known and the dynroot initialisation
piggy-backed to it can be done.
Jeffrey Altman [Thu, 3 Jun 2010 15:54:04 +0000 (11:54 -0400)]
Windows: Fix usage of cm_FreeServerList
cm_FreeServerList will set the input variable to NULL if the
contents of the list could in fact be freed. If they could not
be freed, the individual entries are marked for deletion and will
not be subsequently used. Do not set the list variable to NULL
after calling cm_FreeServerList otherwise memory can be leaked.
afs_vop_access->afs_VerifyVCache2->afs_GetVCache->afs_FetchStatus->
afs_Analyze->afs_NotifyUser can recurse and try to notify us. Don't
worry about it; we're best-effort.
we lack a lock primitive to see if we own this lock.
Andrew Deason [Thu, 3 Jun 2010 14:54:28 +0000 (09:54 -0500)]
up: refuse multicharacter arguments
The 'up' command currently silently accepts and discards extra
characters when specifying arguments. This can produce rather
confusing behavior such as mistyping '-v -1' as '-v-1' resulting in
the '-v' switch being honored, but the '-1' being ignored. The same
thing occurs for specifying '-v1', even though the usage message
implies that you can combine arguments.
So instead, report an error message for any arguments specified that
are longer than 2 characters, since they are never valid.
Asanka Herath [Wed, 26 May 2010 16:34:08 +0000 (12:34 -0400)]
Windows: Fix midl options for generating stub code
MIDL is used to generate server stub code for implementing SMB RPC.
Fix the invocation of MIDL so that MIDL can locate include files and
respect AFSDEV_AUXMIDLFLAGS.
modify setpeermtu to work when a peer is passed in. modify existing
callers. note solaris caches a whole host's pmtu, so use that
on all peers at the host.
Russ Allbery [Thu, 27 May 2010 21:40:21 +0000 (16:40 -0500)]
Add warnings for Authentication Server commands
For each command only useful with the Authentication Server, add
warnings that the Authentication Server is obsolete and will be
removed in a future version of OpenAFS. Encourage people who care
to update uss to work with a modern Kerberos KDC, recommend kinit
and aklog or klog.krb5 over klog, and warn that klog will be of
limited use without an Authentication Server.
Rod Widdowson [Thu, 20 May 2010 17:27:11 +0000 (18:27 +0100)]
Rewrite vldb_check -fix
vldb_check -fix was very 'topical' in nature. It showed signs that
each sucessive corruption had been treated as a one off needing a
specific fix. This made the code difficult to understand and
incomplete: for instance a single volume on the wrong hash only was
not corrected. Further there was some rather unfortunately code which
would under certain circumstances stamp the last volume at various
places across the file.
This checkin removes all the old code and replaces it with a
'systematic' fix. During the last scan across all the volumes, all
four of the hash chains are rebuild from the ground up. We can then
get rid of the outer 'Mung Until Now Good' iteration and further we
benefit from a linear run time.
Tested by building several different forms of broken-ness in all three
chains and then fixing it.
Now with improved logging and correct non insertion of nonexistant elements
and clean compiled with extra warning.
Rod Widdowson [Wed, 19 May 2010 09:45:57 +0000 (10:45 +0100)]
Add bounds checking prior to IOs in vldb_check
vldb_check would just read where it was sent. This means that if a
hash entry was beyond the end of file the read would fail and halt the
program dead.
This change adds checks for that so we can go limping on.
There is no code to fix this sort of corruption. I have another
(preexisting) checkin to do that which will happen once I can get a
clean test run.
This checkin also removes a some pointless debugging printfs.
Russ Allbery [Fri, 28 May 2010 16:35:28 +0000 (11:35 -0500)]
Import C TAP Harness 1.2 as a testing harness
Creates a new top-level tests directory that will be used for all
future automated test code eventually. Import runtests and the
basic TAP library from C TAP Harness 1.2. Add top-level check and
test targets that build the full source tree and then the new tests
directory, and then runs runtests on the test list.
Russ Allbery [Fri, 28 May 2010 16:03:50 +0000 (11:03 -0500)]
Clean up warnings in the tests directory
Build repair.o with strict aliasing disabled because it addresses the
same data structure via two different structs at the same time. Fix
various other, more minor warnings.
Several fixes here require more Autoconf glue to work properly, but
that's deferred to future work (such as some HAVE_* defines that we
don't probe for and the handling of non-native 64-bit integers in
some of the code).
Russ Allbery [Thu, 27 May 2010 16:45:06 +0000 (11:45 -0500)]
Comprehensive edit of chapter one of the Administration Guide
Update and revise chapter one (An Overview of OpenAFS Administration)
of the Administration Guide for current AFS and current computing
concepts.
Replace the Kerberos Server terminology with Kerberos KDC and add
additional details about the relationship between AFS and a Kerberos
KDC. Remove some remaining Authentication Server references. Add
some details about the Protection Server management of the mapping
from Kerberos principals to AFS IDs.
Remove some now-obsolete distinctions and concepts between mainframes
and workstations and recommendations for server systems.
Reorganize the order in which the servers are discussed to follow a
somewhat more natural order.
Be clear that the Backup Server is optional and that there are other
methods available to back up AFS. Mention backing up to disk as well
as tape in a few places.
Russ Allbery [Thu, 27 May 2010 04:23:10 +0000 (23:23 -0500)]
Add k_haspag to libkopenafs
Add the k_haspag function to libkopenafs, which returns true if the
current process is in a PAG and false otherwise.
The implementation currently duplicates code from the ktc_curpag
function since the latter calls the regular pioctl() interface and
hence introduces an Rx dependency that we're avoiding for libkopenafs.
This should be refactored to avoid the code duplication at some point,
but that will require building a utility library that can be reasonably
linked into libkopenafs and is therefore deferred for future work.
Russ Allbery [Thu, 27 May 2010 17:33:57 +0000 (12:33 -0500)]
Clean up warnings in libadmin/bos/afs_bosAdmin.c
Use the correct data structures for BOS timestamps. Use afs_int32 for
the expressed timestamps for executables since that's what the BOS RPC
says it's using for right now; we should change this, but when we do,
warnings will catch this use along with the others. Cast some const
char *'s that are passed into BOS functions that take char *'s.
Change-Id: Iff3a6c42241953ed086f8e739cdb344a41a44635
Reviewed-on: http://gerrit.openafs.org/2050 Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com> Tested-by: Marc Dionne <marc.c.dionne@gmail.com> Reviewed-by: Derrick Brashear <shadow@dementia.org> Tested-by: Derrick Brashear <shadow@dementia.org>
Russ Allbery [Thu, 27 May 2010 14:41:38 +0000 (09:41 -0500)]
Clean up the introduction to the Administration Guide
Provide a more useful abstract and remove the (outdated) specific list
of supported platforms and the M.m version number placeholders. Update
the list of associated documents to match their current titles, and
provide a better description of the Reference Manual.
Reformat the parent document and preface for easier maintenance in the
future.
Andrew Deason [Mon, 17 May 2010 00:47:04 +0000 (19:47 -0500)]
libuafs: Remove afsd symlink in setup
Remove the 'afsd' symlink in the build setup, along with the other
symlinks. Otherwise, we try to recreate it every time and fail, since
it already exists.
Russ Allbery [Wed, 26 May 2010 21:07:43 +0000 (16:07 -0500)]
Flesh out NEWS for recent work
Add entries to NEWS for all development releases back to 1.5.36, which
is the point at which I got bored, taken from the release announcements
to openafs-announce. Try to use a relatively readable and consistent
formatting for all the entries and convert the old entries to the new
format (mostly).
Further history can be added from the release announcements when I or
someone else gets bored.
Russ Allbery [Thu, 27 May 2010 03:04:48 +0000 (22:04 -0500)]
Fix compilation of the imported config_file.c parser
Include additional missing header files for proper function prototypes,
define TRUE and FALSE, and declare krb5_clear_error_message as unused
so that the config_file.c will compile and pass --enable-checking.
Marc Dionne [Wed, 26 May 2010 21:50:43 +0000 (17:50 -0400)]
scout.c: only declare width once
The width variable was declared twice, for the whole function
and also within the for loop, leaving the first one unused
and triggering a warning and a failed build with enable-checking.
Andrew Deason [Wed, 31 Mar 2010 16:40:42 +0000 (11:40 -0500)]
Protect ubik cache accesses
Currently, ubik application cached data could be updated and read by
different threads simultaneously. Add a mechanism in ubik for
protecting accessing and updating the cached data. This adds the
function ubik_CheckCache to do this, and removes ubik_CacheUpdate as
an exported function (since it's not safe).
Update all callers to use the new mechanism. In ptserver, remove the
'initd' variable; just rely on cachedVersion and ubik_CheckCache to
tell us when to re-read the database. Remove db.lock in buserver and
cheader_lock in kaserver, which served similar (though not completely
threadsafe) protection as ubik_CheckCache. Add the ubik database lock
cache_lock to protect the application cache.
Russ Allbery [Wed, 26 May 2010 17:20:57 +0000 (12:20 -0500)]
Remove references to IBM AFS
Change references to the documentation sets that we still ship to
reference the OpenAFS manuals instead of the IBM AFS manuals. Remove
references to the IBM AFS/DFS Migration documentation, since that
doesn't appear to be available anywhere any more, replacing them where
relevant to more generic references to the DFS documentation. Add
links to docs.openafs.org for mentions of the manuals in SEE ALSO, and
standardize on one link format. Replace a few references to the IBM
AFS Release Notes with the actual information in those notes, or drop
the reference if it doesn't seem particularly useful.
Russ Allbery [Wed, 26 May 2010 16:33:29 +0000 (11:33 -0500)]
Remove references to AFS Product Support in -oktozap
salvager and salvageserver's documentation of -oktozap says to not use
without consultation with AFS Development or Product Support, left over
from the IBM product. Remove those references and add a caution more
in line with open source.
Russ Allbery [Wed, 26 May 2010 16:28:57 +0000 (11:28 -0500)]
Remove -rebuildDB flag to ptserver
The -rebuildDB flag was documented to rebuild the Protection Database at
startup, but it was accepted and ignored in the ptserver source, doing
nothing. Remove the documentation and the option recognition in ptserver.
Russ Allbery [Wed, 26 May 2010 16:25:39 +0000 (11:25 -0500)]
Remove documentation of kaserver -fastKeys
-fastKeys wasn't accepted by the kaserver binary, but was still
mentioned in the usage message and the kaserver man page. Remove
the remnants of the flag.
Simon Wilkinson [Tue, 27 Apr 2010 21:53:47 +0000 (22:53 +0100)]
Add an OpenAFS config file parser
This adds a Kerberos INI style config file parser to OpenAFS, using
the parser contained in Heimdal as a base. Currently, it only exports
a very small number of functions, but exporting further functions is
simply a matter of adding additional shims to hide the Kerberos
context and other specifics.
Note that we don't want to just use the parser as a library because
firstly, we don't want OpenAFS to have a Kerberos dependency (as
other crypto mechanisms will, and do, exist). Secondly, MIT and
Heimdal use a different API here, so we would have to shim anyway.
Also, our own parser means that we don't need to worry about passing
in the krb5 context, and all of the issues that that presents.
Russ Allbery [Tue, 25 May 2010 19:37:05 +0000 (14:37 -0500)]
Synchronize LICENSE files
We have two LICENSE files, which had been somewhat independently
modified. Resynchronize them, remove trailing whitespace, and convert
from ISO 8859-1 to UTF-8.
Simon Wilkinson [Thu, 20 May 2010 10:57:20 +0000 (11:57 +0100)]
Linux: Disable syscall probes if we have keyrings
If we are building for are kernel with keyrings, and we can
guarantee that we can make use of those keyrings, then we no longer
need to probe for the syscall table at all. Change our default
behaviour so that when these two conditions are true, syscall probing
is disabled. Both --enable-linux-syscall-probing and
--disable-linux-syscall-probing can be used to override the
autodetection and force things one way or the other.
We have to check that we can use the keyrings because there was a
window in the 2.6 kernel series where keryings were available, but
the key_type_keyring definiton (which we use to create the session
keyring) wasn't exported. In that situation, we attempt to traverse
the process table and use the type of init's session keyring. This
traversal is fragile, and if it fails, keyring PAGs will be disabled.
So, we still want to be able to fall back to patching the syscall
table, if we can, in this case.
Russ Allbery [Tue, 25 May 2010 03:03:49 +0000 (22:03 -0500)]
Fix libafs_tree's cross-architecture support
The results of libafs_tree are supposed to build on any platform that
shares the same basic kernel code, but this had broken in two ways:
libafs_tree was including a pre-built afs/param.h, which needs to be
regenerated on different architectures, and the Linux kernel build
makefile was being pre-generated despite having some architecture-specific
options.
Copy over more of src/config and postpone generation of afs/param.h and
generation of libafs/Makefile to the libafs build.
Remove the substitution of AFS_SYSNAME from make_libafs_tree.pl; it was
unused and now definitely shouldn't be used since it will break the
architecture-independence of the resulting tree.
Russ Allbery [Tue, 25 May 2010 02:34:53 +0000 (21:34 -0500)]
Postmoderize use of AC_CHECK_TYPE
Use AC_TYPE_SSIZE_T to handle the ssize_t check (introduced in Autconf
2.60). Use AC_CHECK_TYPE, not AC_CHECK_TYPES, to check for sig_atomic_t
and socklen_t, and define them in afsconfig.h if they're not present on
this platform. Do not define them in stds.h, since stds.h is an installed
header file and cannot rely on Autoconf defines.
Russ Allbery [Mon, 24 May 2010 19:28:01 +0000 (14:28 -0500)]
Update fs {get,set}serverprefs documentation for DNS
Mention in the fs getserverprefs and fs setserverprefs documentation
that VL servers may also come from DNS AFSDB and SRV records. Document
that SRV record information is not (yet) properly used.
Rod Widdowson [Tue, 18 May 2010 13:48:38 +0000 (14:48 +0100)]
Read volume at correct address when looking for broken forward links.
vldb_check was reading a volume at the index rather than the file
offset to read the volume. This was giving rise to phantom warnings
since the hash was usually 0.
The possibility of a broken flink is determined in another manner
which is why in normal case we are not flooded with warnings.
At the same time make the error message slightly more coherent.
Simon Wilkinson [Sat, 22 May 2010 08:40:05 +0000 (09:40 +0100)]
Autoconf: Tidy up resolver retrans retry test
There's no need for the retrans retry test to be a TRY_RUN test,
TRY_COMPILE will pick up the existence of the '_res' structure and
its elements.
Also, clean up the use of the cache variable to set the result. In
the old implementation a true test result would print '1', not 'yes',
a false result would result in bad output in the config.log, and a
cross compiling output would give
#define HAVE_RES_RETRANSRETRY no
which will give unexpected results with #ifdef tests.
Russ Allbery [Mon, 10 May 2010 00:58:33 +0000 (17:58 -0700)]
Update bos addkey/listkeys and KeyFile man pages for asetkey
Clearly prefer asetkey to bos addkey in the KeyFile, bos addkey, and
bos listkeys man pages. Reference asetkey list and asetkey delete as
alternatives to bos listkeys and bos removekey. Distinguish between
Authentication Server cells and Kerberos v5 cells and mention the
preferred afs/<cell> principal format. Add some cautions around
matching enctypes and salts when synchronizing keys with a v5 KDC.
Update man-pages/README for completion of this task, clean up some
other wording, and remove some other now-irrelevant information.
projects / packages / o / openafs.git / log