Avoid a potential NULL pointer dereference if the ParentObjectInfo
object cannot be found. If the Btree lookup fails, do not call
AFSCreateSymlink() and do not decrement the ObjectInfo refcount.
Doing so will result in a BSOD.
Change-Id: Ibd3e4ebb343f6c3cff8bf1cb160e42938d0f906c
Reviewed-on: http://gerrit.openafs.org/9643 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Thu, 21 Mar 2013 10:28:25 +0000 (06:28 -0400)]
Windows: Remove Driver Verifier warning of memory leak
Work items are now queued in an AFSRedir.sys data structure
and are not freed when AFSRedirLib.sys is unloaded. Therefore,
do allocate the memory with AFSLibExAllocatePoolWithTag().
The allocation by AFSLibExAllocatePoolWithTag results in a false
Driver Verifier warning of a memory leak on unload.
Change-Id: I268c4b6d20090e88114456a24b7648eef59f6289
Reviewed-on: http://gerrit.openafs.org/9641 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Wed, 20 Mar 2013 14:10:03 +0000 (10:10 -0400)]
Windows: buf_ClearRDRFlag and cm_directIO
When 'cm_directIO' is true, there are no RDR held buffers therefore
there is nothing for buf_ClearRDRFlag() to do. Do not pass 'Go',
do not obtain cm_scache.rw exclusive nor buf_globalLock shared.
Simply return immediately.
Jeffrey Altman [Wed, 20 Mar 2013 14:04:41 +0000 (10:04 -0400)]
Windows: buf_CleanVnode avoid lock contention
In the middle of the big loop do not obtain buf_globalLock unless
cm_buf.qFlags & CM_BUF_QREDIR is non-zero. buf_globalLock is heavily
contested and any reduction in contention is an improvement.
CM_BUF_QREDIR is never set when 'cm_directIO' is true (now the default)
so this is a huge win.
Jeffrey Altman [Tue, 19 Mar 2013 15:48:42 +0000 (11:48 -0400)]
windows: AFSQueryDirectoryQueryDirect no Symlinks
When evaluating symlinks for directory enumerations, the response
must properly set the FILE_ATTRIBUTE_DIRECTORY flag based upon the
file attributes of the target. At the present time the target is
not evaluated by the service and AFSQueryDirectoryQueryDirect does
not have the correct context in which to evaluate the target.
Instead of returning an incorrect result to the application, exit
AFSQueryDirectoryQueryDirect() returning STATUS_REPARSE_OBJECT which
is interpreted by AFSQueryDirectory() to perform a full directory
enumeration.
Change-Id: Ic35dcff31f1098b9f40f3a37534b79439e0e3f1f
Reviewed-on: http://gerrit.openafs.org/9633 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Andrew Deason [Tue, 11 Sep 2012 23:46:42 +0000 (18:46 -0500)]
rx: Save errno in LWP rxi_Sendmsg
Much of this code examines errno or WSAGetLastError to determine what
to do. However, some other operations between the actual sendmsg call
and code that examines errno may modify errno. So, save the value of
errno to ensure errno reflects the actual error we got from sendmsg;
this also slightly simplifies some of the logic.
Andrew Deason [Wed, 20 Jun 2012 21:28:51 +0000 (16:28 -0500)]
vos: Avoid creating volume with the same RO/BK ids
If we specified an RW id of 5, an RO id of 6, and no BK id, this code
would assign the BK id to RW+1, or 6. This gives the RO and BK volumes
the same volume id, which is a mistake. Choose a different id instead.
Marc Dionne [Thu, 22 Sep 2011 23:09:52 +0000 (19:09 -0400)]
viced: fix incorrect error message
The error message was obviously copied from another location in the
code (after the pr_Initialize call) and is misleading. Adapt it for
vl_Initialize failure.
Simon Wilkinson [Thu, 28 Feb 2013 13:45:00 +0000 (13:45 +0000)]
Unix CM: Don't overflow ICL logs array
When checking whether a user supplied index into the ICL logs array
is out of bounds, we need to check whether it is greater or equal
to the maxmimum number of elements. Otherwise we can access one
more than the number of elements in the array.
Simon Wilkinson [Thu, 28 Feb 2013 15:26:15 +0000 (15:26 +0000)]
Unix CM: Fix hash table overflow in dnlc code
In GetMeAnEntry, we can end up overflowing the nameHash array by one
element if the stars are particularly badly aligned.
nameptr is a static across function calls, so nameptr and j are not
equal. If nameptr is increment to NHSIZE in the same loop iteration
as j reaches NHSIZE + 2, the loop will terminate. We'll then
lookup nameHash[NHSIZE], which is 1 element passed the end of the
array.
Add an if statement which loops nameptr outside the loop (in the
same way as the if statement in the loop)
Simon Wilkinson [Fri, 1 Mar 2013 11:22:26 +0000 (11:22 +0000)]
kauth: Don't overflow cellinfo hostAddrs array
The hostaddrs array has MAXHOSTSPERCELL (8) available elements.
The ubik connections list has MAXSERVERS (20) elements - when copying
from the ubik list into the cellinfo hostaddrs list, be careful not
to overflow it.
Simon Wilkinson [Fri, 1 Mar 2013 11:31:31 +0000 (11:31 +0000)]
unlog: Don't overflow cells array
cells has a maximum size of MAXCELLS. Doing cells[MAXCELLS] overflows
that array. Clamp our maximum number of cells at one below this to
avoid the overflow.
Simon Wilkinson [Fri, 1 Mar 2013 11:47:03 +0000 (11:47 +0000)]
ubik: Don't overflow server's addr array
We're checking to see if we've overflowed the array _after_ we've
looked up an element within it - so on the final iteration, we
always read past the end of the array.
Fix this by swapping the order of the tests in the for statemen
Simon Wilkinson [Fri, 1 Mar 2013 12:01:19 +0000 (12:01 +0000)]
util: Fix overflows in address parsing
The extractAddr function (which turns a dotted quad into an IP
address), has a number of overflows when one or more elements of
the quad are more than 31 characters in length.
The array allocated for each portion is 32 bytes long, but we only
stop writing into the array when the indexing pointer reaches 32,
which doesn't leave us with space for the trailing NULL.
Rework this so we always allow space for the NULL, and use a #define
for the array length to make it more clear whats going on.
Caught by coverity (#985591, #985592, #985593, #985594)
Simon Wilkinson [Fri, 1 Mar 2013 12:12:07 +0000 (12:12 +0000)]
up: Fix improper use of readlink
readlink returns a non-NUL terminated string. If the string must be
terminated, we need to have space in the buffer for it. So, the
buffer passed to readlink must be 1 less than the real length of
the buffer.
Change-Id: I1dd039bfceaff7891c9145cf4799469b2de2f23a
Reviewed-on: http://gerrit.openafs.org/9371 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Simon Wilkinson [Wed, 20 Feb 2013 14:54:55 +0000 (14:54 +0000)]
volser: Make it clear what's copied from partList
XVolListPartitions uses partList to maintain a list of partition
IDs - it does not use the partFlags field. Make it clear when we
populate the partEntries field that we are only copying the
partition list.
Simon Wilkinson [Tue, 26 Feb 2013 12:17:29 +0000 (12:17 +0000)]
viced: Don't write out garbage when extending file
When we extend a file, we write a single byte of data to it - tlen
is used as a source for this single byte. However, in the current
code, tlen is used uninitialised. Set it to 0, so we don't write a
byte of stack garbage.
Caught by coverity (#986015)
Reviewed-on: http://gerrit.openafs.org/9271 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit e191cb889c941848fe09f04c24d969111e6dc494)
Change-Id: I517b5772241314a0854094655e25f3f75eba90d1
Reviewed-on: http://gerrit.openafs.org/9358 Tested-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Simon Wilkinson [Tue, 26 Feb 2013 12:21:59 +0000 (12:21 +0000)]
ubik: Zero header before writing to disk
The ubik disk header contains a padding field, which is never
zeroed before being written out to disk. This means that there is
a shorts worth of stack garbage in every ubik label!
Just zero the whole structure with memset before we populate it.
Caught by coverity (#986011)
Reviewed-on: http://gerrit.openafs.org/9272 Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit d8fa251a14e9469fb6ec722d100b6a8557248694)
Change-Id: I1d3baf4ced6583f22458155edcc16344acc5757e
Reviewed-on: http://gerrit.openafs.org/9357 Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
OpenBSD: Replace "vnodeop_desc" with "vops" in kernel module.
In OpenBSD 4.9, the vnode operations vector in the "vnode" struct
was changed from using a "vnodeop_desc" struct to a new "vops"
struct. This patch makes the appropriate changes to the OpenBSD
kernel module support to accommodate the change.
Michael Laß [Sat, 22 Dec 2012 21:54:20 +0000 (22:54 +0100)]
Remove AFSLore from wiki URLs
The URL of the openafs wiki doesn't contain "AFSLore" anymore. Although
these old URLs still work, replace them to point users to the correct
address in the first place. Also be consistent and always use a
trailing /.
Reviewed-on: http://gerrit.openafs.org/8819 Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com> Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Tested-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit df4d971ec1a014826929dfeac017fb24d37ac38a)
Change-Id: I99027c23c3a2e5604f927f51961298b5ec27d1c1
Reviewed-on: http://gerrit.openafs.org/9504 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Jeff Blaine [Sun, 5 Jun 2011 20:38:53 +0000 (16:38 -0400)]
Remove completed tasks from todo list, add info about git/gerrit preference
Removed completed tasks (fstrace subcommand help in-binary and issue with
-noexecute vs. -dryrun in vos delentry) from todo list. Added info about
git/gerrit preference for documentation help, but patches still allowed
to the openafs-doc list.
Ben Kaduk [Wed, 6 Mar 2013 18:51:15 +0000 (13:51 -0500)]
Only have one build rule for budb_errs.c
This commit squashes two cherry-picks from master together, as the
first one broke the build with pthreaded ubik enabled.
The first commit:
Author: Simon Wilkinson <sxw@your-file-system.com>
Date: Mon Feb 21 00:29:33 2011 +0000
budb: Only have one build rule for budb_errs.c
budb had two build rules that could produce budb_errs.c, but only
one of them also produced budb_client.h. This led to problems with
parallel makes, as depending on which rule fired first, budb_client.h
might, or might not, exist.
Rework all of this so that it's cleaner. Instead of producing two
copies of the error table, just make budb_client.h a static file,
and include the dynamically generated budb_errs.h from it. This
reduces code duplication, and means that we have to run compile_et
one less time.
Jeffrey Altman [Mon, 18 Mar 2013 16:07:55 +0000 (12:07 -0400)]
Windows: Avoid cm_Analyze race on cm_serverRef lists
cm_Analyze() accepted as a parameter a pointer to the first element
on a cm_serverRef list which is only ever used for VL operations.
cm_Analyze() would separately call cm_GetVolServerList() to obtain
the cm_serverRef list for RXAFS operations. Then the variable 'serversp'
would be set to the first element of the list.
'serversp' was then used to refer to the list and would be passed to
cm_SetServerBusyStatus() and cm_ResetServerBusyStatus() which would
in turn obtain the cm_serverLock while it manipulated the cm_serverRef
status flags for the elements in the list.
The problem is that passing a pointer to the first element of the
cm_serverRef list without holding cm_serverLock can permit the list
contents to be altered including removal of the first element. If the
race is lost and the memory associated with the first element is freed
before access, the afsd_service.exe will crash.
This patchset makes a number of changes. First, the cm_serverRef_t
parameter is changed from a pointer to the first element of the list
to be a pointer to the HEAD pointer of the list. Since it is ever only
used for cm_cell.vlServerp lists, the parameter is renamed to
'vlServerspp'. Second, a separate "cm_serverRef_t ** volServerspp"
variable is allocated for the return value from the cm_GetVolServerList()
operations.
cm_SetServerBusyStatus() and cm_ResetServerBusyStatus() are altered to
accept a pointer to the HEAD of the list instead of a pointer to the first
element. The cm_serverLock is now held read instead of write because the
list itself is not being altered. All of the state changes being applied
to the cm_serverRef objects are atomic.
Finally, cm_serverLock is held across all list traversals within
cm_Analyze(). A read lock is obtained if the elements of the list are not
being removed or inserted and a write lock is obtained if they are.
Jeffrey Altman [Fri, 15 Mar 2013 15:40:29 +0000 (11:40 -0400)]
Windows: Increase AFS DeviceObject StackSize
Increase the StackSize parameter of the DeviceObjects allocated
by the AFS Redirector framework. The StackSize parameter is used
to notify callers how many Irp Stack frames will be consumed. Now
that the redirector is using IoCompletion routines, an additional
stack frame is required to handle calls to the AFS Redirector library
driver.
Thanks to Peter Scott for identifying the solution.
FIXES 131618
Change-Id: Ib66f884911f0d425e6e07f338a36b3ebedeb8871
Reviewed-on: http://gerrit.openafs.org/9609 Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Simon Wilkinson [Thu, 19 May 2011 17:56:27 +0000 (18:56 +0100)]
vlserver: Use correct memsets in vlentry convertor
The various vlentry_to_<blah> conversion functions have obviously
been copy and pasted from each other. However, the size of the
structure which is being zeroed has not been updated when we are
zeroing different structures. Fix this, so that we always clear all
of the structure that we are filling.
Change-Id: Ic822e1d2b17494574074c332c7680e94d4701c66
Reviewed-on: http://gerrit.openafs.org/4773 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 90507fcb104313154679f89ac22c1947c713a65d)
Reviewed-on: http://gerrit.openafs.org/9019 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com> Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Sat, 16 Mar 2013 05:18:14 +0000 (01:18 -0400)]
Windows: File Attribute Reporting Consistency
Do a better job of consistently reporting file attribute information
via directory queries and file information queries. Avoid computing file
attribute information for file information queries that do not return them
(e.g., Name Information) because computing it is expensive.
Jeffrey Altman [Sat, 16 Mar 2013 05:15:01 +0000 (01:15 -0400)]
Windows: netbios name comparisons are case insensitive
When parsing the symlink target string to categorize it as AFS Symlink
or DFS Link, the comparison with the netbios name string must be case
insensitive. Otherwise, symlinks are reported to the redirector as
DFS Links. For the most part they will work since the AFS redirector
requesting MUP to Reparse the \\AFS path will call back into the AFS
redirector. However, the attributes on symlinks to files will be wrong
as DFS Links can only be links to directories.
Jeffrey Altman [Sat, 16 Mar 2013 05:13:01 +0000 (01:13 -0400)]
Windows: add RDR_ExtAttributes
Add RDR_ExtAttributes to compute the file attributes for redirector
queries. The attributes reported via the RDR interface need to be
different from the SMB interface because the SMB interface does not
support reparse points nor does it support DFSLinks.
Jeffrey Altman [Fri, 15 Mar 2013 17:07:21 +0000 (13:07 -0400)]
Windows: drive mapping enumeration infinite loop
If WNetEnumResource returns an error as opposed to success, such as
ERROR_UNEXP_NET_ERR, the enumeration loop would retry forever passing
zero for 'cEntries' which in turn results in a successful response
containing zero entries.
Change the while conditional to test for continued success instead
of ERROR_NO_MORE_ENTRIES.
Jeffrey Altman [Thu, 14 Mar 2013 23:40:14 +0000 (19:40 -0400)]
Windows: remove last bits of BIOD from Direct Store
Direct I/O Store operations are performed directly against a memory
buffer stored in the background direct store rock structure. There is no
BIOD used in the current implementation. Remove the BIOD from the call
stack.
Jeffrey Altman [Thu, 14 Mar 2013 17:05:28 +0000 (13:05 -0400)]
Windows: VolumeInfoReadOnlyFlag registry option
Windows 7 Explorer Shell has a bug when processing drive letters
mapped to UNC paths whose target volume information specifies the
FILE_READ_ONLY_VOLUME flag. When set, not only is the .readonly
volume treated as read only but all volumes that can be accessed via the
drive letter. This bug is fixed in Windows 8.
Add a registry configuration option to permit configuration of the
behavior. Sites that do not use drive letter mappings will want to
enable it even on Windows 7 because it permits the Explorer Shell
to disable the "Delete" and "Rename" options and others when the current
directory is read only.
The default is disabled on Win7 and below; enabled on Win8 and above.
Stephan Wiesand [Thu, 14 Mar 2013 09:00:14 +0000 (10:00 +0100)]
make 1.6.2.1
Update configure version strings for 1.6.2.1. Note that macos kext
can be of form XXXX.YY[.ZZ[(d|a|b|fc)NNN]] where d dev, a alpha,
b beta, f final candidate so we have no way to represent 1.6.2.1.
Switch to 1.6.3 dev 1 for macos.
Change-Id: I98f4371b8c020ba9ba6a98046690968bbae05744
Reviewed-on: http://gerrit.openafs.org/9600 Tested-by: Stephan Wiesand <stephan.wiesand@desy.de> Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Marc Dionne [Sat, 19 Jan 2013 03:40:03 +0000 (22:40 -0500)]
Linux: setpag() may replace credentials
For recent Linux. setpag() may replace the current process' cred
structure with a new one. This is not a problem for most callers,
but in the case of processing a SetTokens2 pioctl with the setpag
option, the new credentials should be used to determine the target
for the token.
Reviewed-on: http://gerrit.openafs.org/8924 Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b61eac783e8c092cd4ba9f53a2b5ca7d43e08b1b)
Change-Id: I66b5f171318964ff40fe78be24e75519183c3a82
Reviewed-on: http://gerrit.openafs.org/8948 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com> Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Mark Vitale [Thu, 7 Mar 2013 14:34:55 +0000 (09:34 -0500)]
vos: noise messages when attempting to delete non-existent volume
With vos refactor commit f4e73067cdef990262c69c38ac98761620a63f25,
some formerly conditional volume deletes are now unconditional.
This regresses 'vos move' output with harmless "error" messages
when AFSVolTransCreate() returns VNOVOL:
"Failed to start transaction on <volume>"
"Volume not attached, does not exist, or not online"
Modify DoVolDelete() to return early (and silently) with VNOVOL
in this case, allowing the caller to handle this appropriately.
OpenBSD: Replace "vnodeop_desc" with "vops" in kernel module.
In OpenBSD 4.9, the vnode operations vector in the "vnode" struct
was changed from using a "vnodeop_desc" struct to a new "vops"
struct. This patch makes the appropriate changes to the OpenBSD
kernel module support to accommodate the change.
Jeffrey Altman [Mon, 11 Mar 2013 04:43:26 +0000 (00:43 -0400)]
Windows: Enforce free space checks every 1MB
Instead of performing a free space (or quota) check on every extending
write, perform the check only when the file length is increased beyond
the next 1MB boundary. The file server permits 1MB quota over runs
and issuing the volume status rpc to the file server is extremely
expensive. Especially for append only applications that write just a few
bytes at a time.
Simon Wilkinson [Fri, 8 Mar 2013 16:15:51 +0000 (16:15 +0000)]
bos: Remove theoretical overflow in DateOf
DateOf copies the results of ctime into a static buffer. Typically
ctime will return a 26 byte string, but if you pass it a year larger
than 9999 (which we shouldn't), you can get a 32 (or more) byte string.
Get rid of this unlikely event by using strlcpy for the copy. We already
truncate at 24 bytes when we remove the \n, so this shouldn't cause any
further problems.
Really, this whole thing should be rewritten to use strftime.
Simon Wilkinson [Fri, 8 Mar 2013 13:01:28 +0000 (13:01 +0000)]
bos: Don't overflow cellname buffer
Don't overflow the fixed sized cellname buffer when copying the
information in from the command line - instead, just use a
dynamically allocated buffer.
Simon Wilkinson [Mon, 4 Mar 2013 16:34:20 +0000 (16:34 +0000)]
butc: Init volheader before using it for hton
When converting a volume header from host to network order, make
sure that any unused fields in the structure are zero'd, so we don't
end up filling them with stack garbage in the network version of
the structure.
Simon Wilkinson [Mon, 4 Mar 2013 16:31:50 +0000 (16:31 +0000)]
bucoord: restore requires server and partition
The VolRestoreCmd sub command requires that the user specifies
the server and partition - calls which don't do so won't get past
libcmd. Don't check again in the handler that they have been supplied,
as it confuses things.
Jeffrey Altman [Fri, 8 Mar 2013 06:41:22 +0000 (01:41 -0500)]
Windows: Use Microsoft IO_REPARSE_TAG_SYMLINK tag
For symlinks and DFS Links use Microsoft's NTFS Symlink tag,
IO_REPARSE_TAG_SYMLINK, instead of the OpenAFS assigned tag.
The DeleteFile() and RemoveDirectory() Win32 APIs do not delete
non-Microsoft reparse points and instead delete the target object.
While it is possible for Take Command and potentially Cygwin to
alter their behavior with AFS specific knowlege, it is not possible
to alter the Explorer Shell, cmd.exe and powershell.
Using the Microsoft tag is a violation of Microsoft policy.
Jeffrey Altman [Thu, 7 Mar 2013 14:25:09 +0000 (09:25 -0500)]
Windows: cm_BPlusDirEnumBulkStatNext index error
In cm_BPlusDirEnumBulkStatNext the 'next' variable was being set
even if the FileId was not added to the list of objects added to
the cm_bulkStat array. Delay the assignment to ensure that 'next'
refers to the first element in the array.
In the CM_ERROR_BULKSTAT_FAILURE processing, 'next' is used to
obtain a reference to the cm_scache object that is supposed to
correlate to the [1] entry in the array. If 'next' == -1, there
is no such entry. Add a conditional to ensure that 'next' is not
used when its value is -1.
Jeffrey Altman [Mon, 11 Mar 2013 04:03:38 +0000 (00:03 -0400)]
Windows: Report actual volume creation time
The cm_scache.volumeCreationDate is populated by any non-bulkstat
callback issuing operation. If it is not set at the time the
redirector requests volume information, force an RXAFS_FetchStatus
and then use the resulting timestamp in the response.
Jeffrey Altman [Wed, 6 Mar 2013 14:53:41 +0000 (09:53 -0500)]
Windows: Service processing for Symlink creation
Initial support for symlink creation via the Win32 CreateSymbolicLink api.
Add support for AFS_REQUEST_TYPE_CREATE_SYMLINK redirector requests via
the new RDR_CreateSymlinkEntry() function.
Since CreateSymbolicLink api creates a new directory or file object and
then assigns the Microsoft reparse tag data to that object,
RDR_CreateSymlinkEntry must first delete the empty directory or file and
then create the new symlink object in its place. If the empty object can
be removed but the symlink cannot be created, STATUS_FILE_DELETED is
returned to indicate to the redirector that a failure occurred that
changed the state of the directory without creating a new object.
If the empty object cannot be removed, a STATUS_ACCESS_DENIED error will
be returned and the empty object will unfortunately remain in the AFS
directory.
Target path translation is performed. Absolute AFS paths are stored in
UNIX notation. Absolute non-AFS UNC and device paths are prefaced with
"msdfs:".
Simon Wilkinson [Sat, 2 Mar 2013 13:01:14 +0000 (13:01 +0000)]
auth: Don't overflow buffer in CompFindUser
The fullname buffer in CompFindUser is theoretically big enough
to take the data usually supplied to it. However, play it safe by
using strlcat and strlcpy to catch buffer overflows.
Simon Wilkinson [Sat, 2 Mar 2013 12:55:18 +0000 (12:55 +0000)]
auth: Catch long cells in backwards compat code
ktc_SetTokenEx can fall back to calling the SetToken pioctl when
the kernel module doesn't support the newer call. When we do this,
we have to transform the token structure into the older format.
Catch tokens whose cells are too long to be represented in the
older format, and bail with KTC_INVAL, rather than overflowing the
array.
Simon Wilkinson [Sat, 2 Mar 2013 12:38:49 +0000 (12:38 +0000)]
audit: Fix overflow in file backend
If the filename passed to open_file was larger than MAXPATHLEN-5,
then we'd overflow the oldName buffer when creating the backup
filename. Fix the overflow by using a malloc'd buffer instead.
Jeffrey Altman [Sun, 10 Mar 2013 14:49:42 +0000 (10:49 -0400)]
Windows: IsSpaceAvail lock order violation
cm_IsSpaceAvailable() obtains the cm_scache.rw lock of the volume
root directory. Therefore it is a lock order violation to call the
function while any other cm_scache.rw lock is held belonging to an
object in the same volume. vnode 1 is always less than any other
vnode value.
Jeffrey Altman [Sat, 9 Mar 2013 20:43:14 +0000 (15:43 -0500)]
Windows: Fix directory to service null mask lookups
The direct to service for non-wildcard lookups, commit b7ba97ad537bd0e9a241f052ddd1c3a50c74745b, introduced a bug when the search
mask is left unspecified. Do not set bNonWildcardMatch to TRUE
when the mask is NULL.
Change-Id: I6c4846b443acc7e5e42d4e83e75ef383fc400db9
Reviewed-on: http://gerrit.openafs.org/9542 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Peter Scott <pscott@kerneldrivers.com> Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Jeffrey Altman [Fri, 8 Mar 2013 03:05:20 +0000 (22:05 -0500)]
Windows: Permit deletion of reparse points
AFSSetDispositionInfo did not set the AFS_DIR_ENTRY_PENDING_DELETE
flag if the DirectoryCB type was mountpoint, symlink, dfslink or invalid.
This patchset permits the flag to be set so reparse point objects can be
deleted without using the AFS "symlink.exe remove" command.
Jeffrey Altman [Thu, 7 Mar 2013 22:39:05 +0000 (17:39 -0500)]
Windows: AFSLocateNameEntry Backup Volume Change
When AFSLocateNameEntry() calls AFSBackupEntry() in the name array it is
possible that the DirectoryCB returned belongs to a different VolumeCB.
If so, pCurrentVolume must be updated and reference counts must be
adjusted.
pete scott [Tue, 5 Mar 2013 20:21:41 +0000 (13:21 -0700)]
Windows: RDR SymbolicLink create support
Permit the redirector to handle Microsoft's IO_REPARSE_TAG_MOUNT_POINT
and IO_REPARSE_TAG_SYMLINK requests. The IO_REPARSE_TAG_SYMLINK request
is issued as a result of a CreateSymbolicLink Win32 API.
Creating a symlink in Windows is not equivalent to the way a symlink is
created in AFS or UNIX. Instead of creating a symlink object whose data
string represents the target and mode bits indicate that the stream should
be treated as a link, on Windows it is a two step process.
To create a symlink to a directory, create an empty directory and then
assign the reparse tag data to the directory object. To create a symlink
to anything else, create an empty file and assign the reparse tag data to
the file. Deleting a reparse point simply removes the reparse tag data
and not the underlying directory or file.
The way this will work for AFS is that assigning reparse data to an
existing directory or file will require that the object be deleted from
the directory and a new symlink object be created in its place. This is
why upon successful completion of the upcall to the service the directory
object information has the AFS_OBJECT_FLAGS_DIRECTORY_ENUMERATED flag
cleared.
This patchset permits symlink creation but does not do anything to support
symlink removal.
Jeffrey Altman [Tue, 5 Mar 2013 12:52:37 +0000 (07:52 -0500)]
Windows: Avoid race during cm_FreeServerList
cm_FreeServerList obtains cm_serverLock exclusively and in some
circumstances will call cm_FreeServer(). cm_FreeServer() will
drop the cm_serverLock if the cm_server_t.refCount is zero in order to
avoid a lock order violation when calling cm_GCConnections() since
cm_connLock is higher in the lock hierarchy.
The call to cm_FreeServer is performed after the cm_serverRef_t
to be deleted is identified but before it is removed from the list.
There is the potential for two threads calling cm_FreeServerList()
to race and for more than one thread to attempt to delete the same
cm_serverRef_t twice.
Fix this by:
1. maintain a private copy of the cm_server_t pointer, delete the
cm_serverRef_t and update the list pointers before calling cm_FreeServer().
2. obtain and release a refcnt on the next cm_serverRef_t to ensure
that it is not deleted out from underneath the thread in case the
cm_serverLock is dropped.
Simon Wilkinson [Sat, 2 Mar 2013 12:15:22 +0000 (12:15 +0000)]
aklog: Protect against overflows from cmdline
The cell, realm and path arrays are populated based on the user's
command line, and xlog_path is populated from their passwd map
entry. Protect against all of these overflowing, by making suitable
use of strlcpy and strlcat.
Simon Wilkinson [Sat, 2 Mar 2013 12:04:46 +0000 (12:04 +0000)]
aklog: Fix overflows in auth_to_path
In the auth_to_path routine, don't use strcpy and strcat when
working with the fixed length pathtocheck buffer. Instead, use
strlcpy and strlcat to ensure that all string operations fit within
the buffer limits.
Simon Wilkinson [Sat, 2 Mar 2013 10:27:47 +0000 (10:27 +0000)]
util: Avoid overflow in GetNameByINet
We copy the results of gethostbyaddr into a fixed length buffer
without checking whether they fit. Add a length check, and use
strlcpy to do the copy to make sure we can't overflow.
Simon Wilkinson [Sat, 2 Mar 2013 09:35:01 +0000 (09:35 +0000)]
kauth: Don't overflow stack when building username
knfs constructs the userName by combining the clientName.name
and clientName.instance arrays, along with a dot separator. Make
sure that the userName array is big enough to hold these, and
use strlcpy and strlcat just to make sure.
Simon Wilkinson [Fri, 1 Mar 2013 12:08:46 +0000 (12:08 +0000)]
fs: Fix improper use of readlink
readlink returns a non-NUL terminated buffer. If we are going to
terminate its response, we need to make sure that there's space to
do so. So the length passed to readlink should be one less than the
real length of the buffer.
Simon Wilkinson [Sat, 2 Mar 2013 11:49:13 +0000 (11:49 +0000)]
fstrace: Don't read uninitialised data
The pftix variable points to the next free element in the
printfTypes array, so when we iterate through that array to
read that data back, we should stop when our iterator equals
pftix, not when it is greater than it.
Simon Wilkinson [Sat, 2 Mar 2013 11:44:02 +0000 (11:44 +0000)]
readpwd: Make sure user supplies a passwdfile
If the user supplies enough command line arguments, but doesn't
provide a passwdfile, then we can end up trying to open whatever
garbage is on the stack.
Once we've finished parsing the command line arguments, make sure
that a filename was supplied.
Simon Wilkinson [Sat, 2 Mar 2013 11:44:02 +0000 (11:44 +0000)]
readgroup: Make sure user supplies a groupfile
If the user supplies enough command line arguments, but doesn't
provide a groupfile, then we can end up trying to open whatever
garbage is on the stack.
Once we've finished parsing the command line arguments, make sure
that a filename was supplied.
projects / packages / o / openafs.git / log