Felix Frank [Mon, 13 Jul 2009 06:54:23 +0000 (08:54 +0200)]
Cosmetics: Rename some variables, fix types.
* Replaced tsize by new local var llbytes in rxfs_storeInit.
* Make int32 lengths unsigned in rxfs_storeInit.
* Renamed lengthFound to length64.
* renamed abase to base.
This is rxfs-specific, so move it out of CacheStoreProc.
It must be done before entering the do { } while (moredata) loop proper
now, as rxfs_fetchMore is never called during the first iteration
(moredata is always 0), but the length may need fixing (note that
this was done after what is now the fetchMore op originally). Thus
it appears in rxfs_fetchInit.
To prevent a bogus call during the first loop iteration, also check
for length!=0. Finally, don't bother with fetchMore at all unless
CForeign is set.
In rxfs_fetchInit, we added an additional check for length_hi being
zero.
Windows: Add data validation to ktc_xxxx functions that perform pioctls
The ktc_GetToken and ktc_ListTokens functions perform a pioctl
and then parse the response data. There is no validation that the
data required is not longer than the pioctl output or that the
data received fits into the data structures that are being written.
As a result, random crashes have occurred when the wrong data
has been received from the pioctl.
This commit adds data validation to at least ensure that these
functions cannot read beyond the data provided or write beyond
the allocated memory.
Russ Allbery [Sat, 22 Aug 2009 07:31:22 +0000 (00:31 -0700)]
Only force a specific compiler where necessary
Rather than setting the compiler to cc on all platforms by default,
use the Autoconf default unless the specific compiler might matter.
Conservatively set the compiler to cc for all non-Linux, non-BSD
operating systems that previously didn't explicitly set it. Fix a
few places on Linux where the compiler was set to gcc explicitly
rather than using the Autoconf result.
Don't bother setting the Linux i386 compiler to gcc -pipe. The compile
performance difference isn't enough to bother with the special
exception, and we don't do this for other Linux systems.
With this change, setting CC at Autoconf time will correctly set the
compiler per the user's preferences unless they're on an operating
system where we care about having a particular compiler for kernel
purposes. This can be relaxed further in the future, particularly if
the kernel compiler is broken out to a separate setting.
Russ Allbery [Sat, 22 Aug 2009 02:11:58 +0000 (19:11 -0700)]
Remove old disabled code to support truncated passwords
ka_UserAuthenticateGeneral had code disabled with #ifdef OLDCRUFT to
retry failed authentications by truncating the password to eight
characters, with a comment that the truncating behavior of kpasswd
was disabled in 1990. Nothing references this preprocessor define in
the source tree. Delete the dead code.
Windows: Prevent pioctl races from crashing afsd_service
The SMB redirector will permit two processes to open the
pioctl file at the same time without giving SMB server an
opportunity to say 'no'. As a result multiple reads and writes
on the allocated smb_fid->ioctl can play havoc with the pioctl
state. Since afsd_service doesn't know the writes and reads
are coming from separate requests there is nothing it can do
to prevent incorrect data going to the wrong process. However,
it can (and should) protect itself when the state becomes invalid.
Two prevention methods are applied:
1. add an additional state flag that explicitly indicates
when the ioctl is in the dataout state
2. validate the length of data in the ioctl input or
output buffers before copying it. If the length
becomes negative, return a CM_ERROR_INVAL error.
In addition, when the invalid state results in a failure to
to find a matching pioctl function do not return CM_ERROR_BADOP.
CM_ERROR_BADOP can only be returned if the SMB operation is not
supported. Returning it in response to a ReadFile request will
cause the SMB client to drop the connection.
Finally, fix smb_FindFID to prevent the same 'fid' from being
used for more than one open file.
The fake scache object used for pioctl operations was not
fully initialized. The magic value, data version, and
several locks were not initialized. Do so.
Since the fid of the fake scache object is 0.0.0.0
remove the assert in cm_GetSCache for cell != 0.
Instead simply return CM_ERROR_INVAL.
The Windows pioctl implementation makes an incorrect assumption.
It is not true that every CreateFile() operation results in a
SMB NTCreateX operation being delivered to SMB Server. The SMB
client can combine open requests from multiple processes or threads
onto a single SMB file descriptor and locally manage the operations.
This is a problem for pioctls since the Transceive operation requires
that a WriteFile/ReadFile combination must belong to the same request.
Prior to this change simultaneous pioctl operations would be
combined and the individual reads and writes could overlap resulting
in responses going to the wrong requestor and end of file errors
being received by the others.
Due to lack of data validation in fs.c, ktc_nt.c, symlink.c,
etc random crashes are produced.
This change alters the sharing mode under which the pioctl file is
opened. Instead of FILE_SHARE_READ | FILE_SHARE_WRITE, only
FILE_SHARE_READ is specified to CreateFile(). This ensures that
the CreateFile will fail with a sharing violation if the pioctl
file was previously opened for writing.
A sharing violation check is provided and the CreateFile is retried
indefinitely until the open succeeds or the error is not a sharing
violation.
smb_FindShareCSCPolicy() ignored the error state of RegCreateKeyEx()
and would pass the uninitialized hkCSCPolicy to RegQueryValueEx()
and RegCloseKey(). While this did not produce invalid results, it
did result in unnecessary operations and exception handling within
the Win32 registry apis.
Jeffrey Altman [Sat, 29 Aug 2009 18:16:45 +0000 (14:16 -0400)]
Correct nvldbentry and vldbentry misuse in uss/uss_vol.c
The uss module relies on MapNetworkToHost / MapHostToNetwork from
src/volser. These functions convert a struct nvldbentry and not
a struct vldbentry. When src/volser was converted to struct nvldbentry
src/uss must have been forgotten.
In uss_vol.c convert GetServerAndPart() to accept a nvldbentry
instead of a vldbentry.
Add two static functions:
* ovlentry_to_nvlentry() to convert from vldbentry to nvldbentry
if required
* uss_vol_GetEntryByID() which first attempts to use
ubik_VL_GetEntryByIDN() and if that is not supported falls
back to ubik_VL_GetEntryByID() and ovlentry_to_nvlentry().
Remove struct from AFS_UCRED instantiations (opaque credential type support)
The identifier AFS_UCRED is intended as a preprocessor alias to
a possibly-opaque credential type. A platform header will normally
rename AFS_UCRED to a platform credential type with #define.
This is not intended to change the meaning of AFS_UCRED, but removes
the assumption that it is a struct type, which may not be true, depending
on the platform and other decisions made by the AFS client port.
The attempt to follow the smb protocol specification by returning
extended responses to NTCreateAndX requests (when specified)
resulted in random "invalid parameter" errors from the Explorer
Shell (and common control dialogs) on Vista SP2.
As a result we won't send the extended responses.
Windows: Freelance get callback sync and uninitialized variables
In cm_GetCallback the Freelance mode case did not properly
synchronize attempts to fake obtain a callback.
cm_GetCallback also failed to initialize the contents of afsStatus and
volSync which are used as input to cm_MergeStatus.
cm_MergeStatus special cased the freelance root.afs volume root
directory but failed to handle any other freelance volume objects.
As a result it used the contents of the uninitialzed input structures
to populate the status of the object for which the callback was
obtained.
Andrew Deason [Mon, 31 Aug 2009 16:10:10 +0000 (11:10 -0500)]
Update accessDate on volume access
Right now accessDate is simply never updated, so the last access time
for a volume is never reported. Simply update the field in
VBumpVolumeUsage_r, so we track the last time the volume was accessed.
Note that this does not increase disk writes to the volume header; the
performance impact is effectively nil.
Adds conditional trace logging to MCAS object cache and supporting GC,
using ViceLog. While in future this should be normalized, it is correct
for both fileserver and volserver, the two programs using MCAS currently.
Treat a file request for "name::$DATA" as if it were specified as
"name". Otherwise, the inclusion of the colon in the file name
will cause it to be treated as invalid.
Jason Edgecombe [Sun, 30 Aug 2009 21:54:16 +0000 (17:54 -0400)]
Updated Chapter 2, Section 3.2 of the Admin Guide
Removed the reference to the Authentication Server and added a reference to the Kerberos Server and Kerberos 5 authentication for foreign clients.
Replaced AFS Product Support with the AFS registrar as the maintainer of the
public CellServDB file. A link was added to grand.central.org for getting the
latest copy of the file and submitting changes for the local site.
Remove the conditional and Autoconf flag for enabling BosConfig.new
handling and change bosserver to always rename BosConfig.new to BosConfig
on startup if the former exists.
Document BosConfig.new handling in the bosserver and BosConfig man pages.
Tone down the warning about the BosConfig file format changing and warn
that bosserver rewrites BosConfig when shutting down.
Andrew Deason [Wed, 29 Jul 2009 15:56:34 +0000 (11:56 -0400)]
DAFS: avoid shutdown hang during salvage
Right now, when the fileserver shuts down, it tries to cancel any
demand-salvages in progress. This causes the fileserver to hang, since
during shutdown, the salvageserver may already be gone. This avoids
cancelling in-progress salvages, and allows salvages to continue after
the fileserver has shut down.
To do this, the salvageserver now closes SALVSYNC sockets in spawned
children, so the children don't get SALVSYNC requests directed at them,
since they can't handle them. The salvageserver also now periodically
scans for logs of salvaging children that have terminated, and
incorporates them into SalsrvLog, just like it does for it's own
children. The salvageserver children that actually perform salvages now
also set the inUse volume header field to their programType, so the
fileserver knows not to schedule new salvages for that volume in the
event of a fileserver restart during a salvage.
Andrew Deason [Thu, 27 Aug 2009 17:43:03 +0000 (12:43 -0500)]
Fix cache tracking for small fragsizes
The tracked amount of disk cache used by a client can be incorrect when
afs_fsfragsize is tuned to below 1023. Since we round up to the next
nearest afs_fsfragsize+1 then round down to the kb, if afs_fsfragsize+1
< 1kb, we can undershoot the cache usage.
This enforces afs_fsfragsize to always be at least 1023.
Christof Hanke [Mon, 31 Aug 2009 13:39:02 +0000 (15:39 +0200)]
Remove unnecessary type ViceFid
The type "ViceFid" is just a clone of the type AFSFid and used only in a couple of places.
Thus, for simplicity, rename all occurences of ViceFid to AFSFid and remove the
typedef itself.
Windows: Permit cygwin apps to read from AFS again
For some reason specifying a unique GUID for each open
file based on the cm_fid results in cygwin apps being
unable to read from AFS. ReadFile() calls fail with
Invalid Device Request errors instead.
While fixing that issue discovered that not all of the
data was properly set for QueryPathInfoAll operations.
The previous fix prevented a null pointer dereference but
forgot to set 'effDomain' to the domain specified by the
caller if it exists and is not the local machine name.
Claudio Bisegni [Fri, 28 Aug 2009 19:16:52 +0000 (21:16 +0200)]
Fixed the tokens update and update .gitignore for MacOSX packaging file
Fixed the tokens update on preference pane if operation is made with NSStatusItem.
Has been updated the src/packaging/MacOS/.gitingore for CellServDB file and src/libafs/.gitignore has been added afs.x86_darwin_100.plist.
Jeffrey Altman [Thu, 27 Aug 2009 07:59:02 +0000 (03:59 -0400)]
Windows: SMB Server does not support streams, so say that
The SMB server does not support streams. When replying to
NT Create operations with extended responses report that
there are no streams. In addition, add support for Query
Path/File Stream Information and return only the null stream.
Correct the 'totalData' response field in several places
within Trans2QPathInfo and Trans2QFileInfo.
Return CM_ERROR_BADOP for SMB NT Transact operations that
are not supported instead of CM_ERROR_INVAL.
Russ Allbery [Wed, 26 Aug 2009 04:00:33 +0000 (21:00 -0700)]
Initialize xferStartTime for StoreData timings
In the reorganization of fetch and store procs, the initialization of
the transfer start time for a store was lost, leading to meaningless
statistics from the uninitialized variable. Initialize the transfer
time at the start of transferring each chunk and move the variable into
the for loop.
Russ Allbery [Sat, 22 Aug 2009 01:37:41 +0000 (18:37 -0700)]
Add automatic sysname detection for ARM Linux
Add arm*-linux* to the case statement that attempts to automatically
determine the AFS sysname, similar to the other Linux sysname
determination cases.
Claudio Bisegni [Wed, 26 Aug 2009 15:18:37 +0000 (17:18 +0200)]
10.6 update(Workaround for kerberos bug) and cleaning of deprecated function form code
For aklog has been added the workaround for kerberos function KLAcquireInitialTickets that in 10.6 return always error.
First is called KLCacheHasValidTickets for check user ticket presence, if there are no ticket KLAcquireNewInitialTickets will be called for get user credential.
Has been removed also many deprecated api.
Felix Frank [Wed, 8 Jul 2009 14:36:34 +0000 (16:36 +0200)]
Add the padd storeOp and unify statistics keeping.
Filling with zeroes is done within a storeop of its own. This raises
consistency and readability.
Also, the formerly copy-pasted (to afs_dcache and afs_segments respectively)
statistics code is now in a seperate function of its own.
Felix Frank [Tue, 14 Jul 2009 10:42:44 +0000 (12:42 +0200)]
More CacheStoreProc call context to afs_fetchstore from afs_segments
The loop over the dcaches is performed in afs_fetchstore now as well,
in a new routine afs_CacheStoreVCache that is called in afs_CacheStoreProc's
stead. The original afs_CacheStoreProc has largely moved to
afs_CacheStoreDCaches in afs_fetchstore.c.
Enhances readability of afs_StoreAllSegments. rxfs_storeInit() can be
performed earlier now, which is instrumental for the inclusion of
alternative protocols (which will call other storeInit() functions).
Felix Frank [Tue, 14 Jul 2009 09:19:31 +0000 (11:19 +0200)]
Open/close connections in afs_fetchstore rather than afs_segments
The respective snippets are moved from afs_StoreAllSegments to
rxfs_storeDestroy and rxfs_storeInit respectively. This makes sense
and enhances readability.
Simon Wilkinson [Tue, 21 Jul 2009 18:58:16 +0000 (19:58 +0100)]
Make lockIDSet readable by mortals
The lockIDSet function was a sprawling mess of #ifdefs. This change
consolidates it so there is completely different function for each
platform, with some internal #ifdefs remaining for platform-specific
variations. The side effect of this is that the function is now readable.
Felix Frank [Tue, 14 Jul 2009 09:07:07 +0000 (11:07 +0200)]
Move statistics and and call-closing from afs_segments to afs_fetchstore.
Rather than in afs_StoreAllSegments, do statistics in afs_CacheStoreProc,
further boosting the former's readability. Calls are closed in a new
storeOp now, rxfs_storeClose, and have been moved there from
afs_StoreAllSegments as well.
Jeffrey Altman [Thu, 20 Aug 2009 21:22:08 +0000 (17:22 -0400)]
Windows: Correct buf_Write data loss errors
buf_Write has two errors in it. First, if offset at which the
write is supposed to begin does not align with the cm_data.blockSize,
then (offset %blockSize) octets at the end of the write will fail
to be written to the file server. Second, if there is no knowledge
of the file server's ability to handle RXAFS_StoreData64 calls
and the file server does not support StoreData64 calls, then the
first chunkSize of data will be written to the file server before
the RXGEN_OPCODE error is detected. In this case a retry using
RXAFS_StoreData is performed but the values of 'nbytes' and 'qdp'
were not reset before the retry. As a result, the first chunkSize
of data would fail to be written to the file server.
The second problem can reliably occur when connectivity between the
cache manager and the file server is interrupted due to firewall
port mapping closures. Upon establishing a new rx connection, a
SRXAFSCB_InitCallBackState3 RPC will be issued by the file server
erasing any prior knowledge of the file server's ability to process
64-bit data operations. If the first 64-bit operation is a
StoreData64, then data loss will occur.
Jeffrey Altman [Thu, 20 Aug 2009 14:54:47 +0000 (10:54 -0400)]
Windows: cleanup smb polution of non-smb modules
There are a variety of functions that are declared in smb modules
that are used within non-smb modules. In order to reduce some of
the polution, several time conversion functions and the thread
priority operations are migrated to cm_utils. As part of this
migration the unused !USE_NUMERIC_TIME_CONV time implementations
are removed.
In addition, an unnecessary use of an SMB preprocessor symbols
is removed from cm_freelance.c and smb_ioctls.h is no longer
included within afsd.h.
Jeffrey Altman [Thu, 20 Aug 2009 18:30:27 +0000 (14:30 -0400)]
Windows: Init root.afs before smb_Init
It is not safe to initialize the root.afs cm_scache object
after the SMB package. Break it out of afsd_InitDaemon()
into its own afsd_InitRoot() and call from afsd_InitCM().
Russ Allbery [Wed, 19 Aug 2009 23:07:27 +0000 (16:07 -0700)]
Describe 's' PTS group permissions more accurately
PTS groups with 's' access permissions can be examined by members of the
group and the owner of the group in addition to system:administrators.
State this in the manual page.
Jeffrey Altman [Thu, 20 Aug 2009 13:21:53 +0000 (09:21 -0400)]
Windows: Ensure consistency of error code mapping
For Windows, the error mapping table used throughout the system
is located in util/errmap_nt.h. This table was incomplete and
WINNT/afsd/cm_utils.c added additional mapping locally. Move
said error mapping to util/errmap_nt.h.
When including afs/unified_afs.h it must be done after including
afs/errmap_nt.h. Otherwise, undefined errors are mapped to EIO
which should not be.
Felix Frank [Tue, 14 Jul 2009 08:57:21 +0000 (10:57 +0200)]
Move statistics keeping from afs_dcache to afs_fetchstore.
More context of the afs_CacheFetchProc() call in GetDCache is now inlined
in the afs_CacheFetchProc. Boosts readability of GetDCache and saves
stack, as counter pointers need not be passed anymore. The statistics
code is more readable due to lesser indentation.
Jeffrey Altman [Wed, 19 Aug 2009 22:10:43 +0000 (18:10 -0400)]
Windows: cm_conn_t must not be referenced after cm_Analyze is called
The 64-bit Large File Support added a reference to the cm_conn_t
object after cm_Analyze() is called and releases the hold. This
permits the object to be freed if it is appropriate to do so
which can result in an invalid memory reference.
Jeffrey Altman [Wed, 19 Aug 2009 12:04:30 +0000 (08:04 -0400)]
Windows: Permit build system to update symbol store
Microsoft Debugging Tools for Windows, Visual Studio Debugger,
and SysInternals tools can all make use of a Symbol Server.
http://msdn.microsoft.com/en-us/magazine/cc163563.aspx
The commit adds functionality to the build system to automatically
add binaries and symbols to a symbol store during the build.
This functionality is only enabled if two environment variables
are defined:
SYMSTORE_EXE - specifies the location of symstore.exe
SYMSTORE_ROOT - specifies the location of the symbol store
an optional environment variable permits an arbitrary comment
to be added to the symbol store history file.
SYMSTORE_COMMENT - arbitrary text to be added to the history
Simon Wilkinson [Tue, 18 Aug 2009 21:31:38 +0000 (22:31 +0100)]
Make MacOS installer pane permit dashes
The MacOS installer only permits characters in [0-9A-Za-z] in cellnames.
However, OpenAFS itself will also allow dashes, and they're in use by some
sites.
This trivially amends the installer pane to permit dashes.
Michael Meffie [Tue, 18 Aug 2009 18:51:57 +0000 (14:51 -0400)]
Fix stack corruption on 64 bit linux when md5inum is enabled
Fix a stack overflow on 64 bit linux which corrupts the stack
saved arguments and causes a kernel panic. This bug is seen
on platforms where ino_t is 64 bits and the md5inum sysctl
option is enabled.
Jeffrey Altman [Mon, 17 Aug 2009 16:33:09 +0000 (12:33 -0400)]
Windows: Be more conservative about checking error conditions
It has been reported that winlogon.exe is crashing on some
systems. The reports indicate that the failure is somewhere
in GetLogonDomainOptions. This commit ensures that we are
more conservative about the assumptions that are made regarding
which Lsa operations can fail.
Jeffrey Altman [Sun, 16 Aug 2009 12:43:23 +0000 (08:43 -0400)]
Windows: Prevent smb_StartedLock use before initialization
The smb_StartedLock osi_mutex can be obtained before
initialization due to a race if the IP address configuration
is in a state of flux as afsd_service is starting up.
To avoid the problem call cm_InitDaemons() after smb_Init().
This race is the cause of the periodic assertions in some
environments when lock order validation is enabled.
Jeffrey Altman [Sat, 15 Aug 2009 01:40:22 +0000 (21:40 -0400)]
Windows: Prevent cm_daemon thread from terminating during suspend
Remove the check for powerStateSuspend that caused the cm_daemon
thread to terminate when the machine enters suspend mode. When
the machine awakens there is no thread to check the down server
state, new IP address bindings, etc.
Felix Frank [Tue, 14 Jul 2009 08:51:03 +0000 (10:51 +0200)]
Move context of CacheFetchProc from afs_dcache.c to afs_fetchstore.c
GetDCache() is quite bloated. This inlinining makes code more
readable. For protocols to come besides rxfs (such as rxosd), some
initializations may need to be performed differently. Thus, much
has to be moved to the specific rxfs_fetchInit() function rather than
afs_CacheFetchProc() proper.
Simon Wilkinson [Wed, 22 Jul 2009 22:05:48 +0000 (23:05 +0100)]
Fix gtx_create calls to all share a prototype
All of the different _create calls need to share a prototype, so
function pointers can be stuffed into a structure. Use an anonymous
pointer so that we can acheive this.
Asanka Herath [Wed, 12 Aug 2009 18:56:56 +0000 (14:56 -0400)]
Handle more RPC service names
While the Windows client only implements support for WKSSVC and
SRVSVC RPC services, it should be aware of and handle requests
for other well known service names.
This patch refactors service name checks to a separate
MSRPC_IsWellKnownService() function. In addition, it separates
the tests for IPC TIDs from the test for well known service
names. An IPC TID may be used for generic pipe operations as
well as for RPC message pipe operations. Therefore the fact that
a TID was opened for IPC doesn't necessarily mean that it will
only be used for RPC.
Asanka Herath [Wed, 12 Aug 2009 17:57:11 +0000 (13:57 -0400)]
rand_s isn't supported on older Visual C compilers
We still support building on Visual Studio 2003 where rand_s() is
not available. If we are building on a Visual C compiler prior
to version 15.00, failover to srand()/rand() instead of using
rand_s().
Jeffrey Altman [Tue, 11 Aug 2009 14:37:19 +0000 (10:37 -0400)]
Windows: Dfs Referrals Processing. Not all errors are errors.
When processing a Dfs Referral request, not all lookup errors
should be treated as if the path does not exist. Servers being
down or busy, volumes offline, cell vldb servers not found, etc.
do not mean that the client should go searching elsewhere to
evaluate the path.
Jeffrey Altman [Tue, 11 Aug 2009 12:43:53 +0000 (08:43 -0400)]
Windows: Avoid unnecessary DNS lookups
Windows will attempt to open connections to a broad
range of pipe service (share) names which do not contain
a dot in them. Attempts to search for these names as
cell names in DNS result in timeouts and sluggish behavior
when browsing \\AFS in the Explorer Shell.
To avoid this problem, do not perform a DNS lookup for a
cellname that doesn't not contain a dot in it.
Jeffrey Altman [Tue, 11 Aug 2009 12:59:39 +0000 (08:59 -0400)]
Windows: Setting Server Preferences
The Windows cache manager can apply administrator specified
server preferences as specified in the registry. When these
rankings are applied the CM_SERVERFLAG_PREF_SET flag was not
set on the cm_server_t object. In addition, appropriate locking
was not being used in the places where the flag was set.
projects / packages / o / openafs.git / log