From cb1730a07c0ed597b2cd59e85366204af459f2ea Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 3 Aug 2004 18:27:52 +0000 Subject: [PATCH] windows-misc-20040803 Increase max chunksize to 128K from 32K. Windows uses 64K SMB writes. The large chunksize helps reduce the overlapped write to afs issue. Increase number of server threads from 4 to 25. Also helps to aleviate the symptoms of the overlapped write to afs issue. I can now write files as large as 80MB. 120MB files still fail. Export pr_CreateUser and pr_SNameToId from afsauthent.lib in order to allow aklog.exe to use them to determine if a new pts uid should be created for a user when accessing a foreign cell. Modify pioctl to output a message to stderr if a Downgrade Detection error has been returned when attempting to open the __IOCTL__ file. Increase version number to 1.3.6601 Use HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer:Logon User Name to determine the current user name for the afscreds.exe display Do not allow submount names to have forward or backward slashes Add debug info to cm_ioctl to track token addition and deletion Add register new user code to aklog.exe from KenH's AFS kit Correct test in cm_callback.c for freelance root.afs volume which should not have been applied when freelance was not active. --- src/WINNT/afsd/cm_callback.c | 54 +++++++------- src/WINNT/afsd/cm_config.h | 4 +- src/WINNT/afsd/cm_ioctl.c | 16 ++++- src/WINNT/aklog/aklog.c | 101 ++++++++++++++++++++++++--- src/WINNT/client_config/drivemap.cpp | 20 +++--- src/WINNT/client_creds/window.cpp | 98 ++++++++++++++------------ src/config/NTMakefile.i386_nt40 | 2 +- src/libafsauthent/afsauthent.def | 4 +- src/sys/pioctl_nt.c | 8 ++- 9 files changed, 209 insertions(+), 98 deletions(-) diff --git a/src/WINNT/afsd/cm_callback.c b/src/WINNT/afsd/cm_callback.c index 0f9b5eb4b..ddc9af057 100644 --- a/src/WINNT/afsd/cm_callback.c +++ b/src/WINNT/afsd/cm_callback.c @@ -789,40 +789,38 @@ long cm_GetCallback(cm_scache_t *scp, struct cm_user *userp, osi_Log2(afsd_logp, "GetCallback scp %x flags %lX", scp, flags); #ifdef AFS_FREELANCE_CLIENT - // yj // The case where a callback is needed on /afs is handled // specially. We need to fetch the status by calling // cm_MergeStatus and mark that cm_fakeDirCallback is 2 - if (cm_freelanceEnabled && - scp->fid.cell==AFS_FAKE_ROOT_CELL_ID && - scp->fid.volume==AFS_FAKE_ROOT_VOL_ID && - scp->fid.unique==0x1 && - scp->fid.vnode==0x1) { - // Start by indicating that we're in the process - // of fetching the callback - - lock_ObtainMutex(&cm_Freelance_Lock); - cm_fakeGettingCallback = 1; - lock_ReleaseMutex(&cm_Freelance_Lock); - - // Fetch the status info - cm_MergeStatus(scp, &afsStatus, &volSync, userp, 0); - - // Indicate that the callback is not done - lock_ObtainMutex(&cm_Freelance_Lock); - cm_fakeDirCallback = 2; - // Indicate that we're no longer fetching the callback - cm_fakeGettingCallback = 0; - lock_ReleaseMutex(&cm_Freelance_Lock); + if (cm_freelanceEnabled) { + if (scp->fid.cell==AFS_FAKE_ROOT_CELL_ID && + scp->fid.volume==AFS_FAKE_ROOT_VOL_ID && + scp->fid.unique==0x1 && + scp->fid.vnode==0x1) { + // Start by indicating that we're in the process + // of fetching the callback + + lock_ObtainMutex(&cm_Freelance_Lock); + cm_fakeGettingCallback = 1; + lock_ReleaseMutex(&cm_Freelance_Lock); + + // Fetch the status info + cm_MergeStatus(scp, &afsStatus, &volSync, userp, 0); - return 0; - } + // Indicate that the callback is not done + lock_ObtainMutex(&cm_Freelance_Lock); + cm_fakeDirCallback = 2; + // Indicate that we're no longer fetching the callback + cm_fakeGettingCallback = 0; + lock_ReleaseMutex(&cm_Freelance_Lock); + + return 0; + } if (scp->fid.cell==AFS_FAKE_ROOT_CELL_ID && scp->fid.volume==AFS_FAKE_ROOT_VOL_ID) { - osi_Log0(afsd_logp,"cm_getcallback should NEVER EVER get here... "); - } - // yj: end of getcallback modifications --------------- - + osi_Log0(afsd_logp,"cm_getcallback should NEVER EVER get here... "); + } + } #endif /* AFS_FREELANCE_CLIENT */ mustCall = (flags & 1); diff --git a/src/WINNT/afsd/cm_config.h b/src/WINNT/afsd/cm_config.h index 33318b341..ae8a2cde1 100644 --- a/src/WINNT/afsd/cm_config.h +++ b/src/WINNT/afsd/cm_config.h @@ -13,9 +13,9 @@ #define CM_CONFIGDEFAULT_CACHESIZE 20480 #define CM_CONFIGDEFAULT_BLOCKSIZE 4096 #define CM_CONFIGDEFAULT_STATS 1000 -#define CM_CONFIGDEFAULT_CHUNKSIZE 15 +#define CM_CONFIGDEFAULT_CHUNKSIZE 17 #define CM_CONFIGDEFAULT_DAEMONS 2 -#define CM_CONFIGDEFAULT_SVTHREADS 4 +#define CM_CONFIGDEFAULT_SVTHREADS 25 #define CM_CONFIGDEFAULT_TRACEBUFSIZE 5000 #ifndef __CM_CONFIG_INTERFACES_ONLY__ diff --git a/src/WINNT/afsd/cm_ioctl.c b/src/WINNT/afsd/cm_ioctl.c index 0104d1a1a..234e7755f 100644 --- a/src/WINNT/afsd/cm_ioctl.c +++ b/src/WINNT/afsd/cm_ioctl.c @@ -1690,9 +1690,13 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp) if (flags & PIOCTL_LOGON) { /* SMB user name with which to associate tokens */ smbname = tp; - osi_Log1(smb_logp,"cm_IoctlSetToken for user [%s]",osi_LogSaveString(smb_logp,smbname)); + osi_Log2(smb_logp,"cm_IoctlSetToken for user [%s] smbname [%s]", + osi_LogSaveString(smb_logp,uname), osi_LogSaveString(smb_logp,smbname)); fprintf(stderr, "SMB name = %s\n", smbname); tp += strlen(tp) + 1; + } else { + osi_Log1(smb_logp,"cm_IoctlSetToken for user [%s]", + osi_LogSaveString(smb_logp,uname)); } #ifndef DJGPP /* for win95, session key is back in pioctl */ @@ -1701,8 +1705,10 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp) if (!cm_FindTokenEvent(uuid, sessionKey)) return CM_ERROR_INVAL; #endif /* !DJGPP */ - } else + } else { cellp = cm_rootCellp; + osi_Log0(smb_logp,"cm_IoctlSetToken - no name specified"); + } if (flags & PIOCTL_LOGON) { userp = smb_FindCMUserByName(smbname, ioctlp->fidp->vcp->rname); @@ -1711,6 +1717,7 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp) /* store the token */ lock_ObtainMutex(&userp->mx); ucellp = cm_GetUCell(userp, cellp); + osi_Log1(smb_logp,"cm_IoctlSetToken ucellp %lx", ucellp); ucellp->ticketLen = ticketLen; if (ucellp->ticketp) free(ucellp->ticketp); /* Discard old token if any */ @@ -1945,6 +1952,8 @@ long cm_IoctlDelToken(struct smb_ioctl *ioctlp, struct cm_user *userp) return CM_ERROR_NOMORETOKENS; } + osi_Log1(smb_logp,"cm_IoctlDelToken ucellp %lx", ucellp); + if (ucellp->ticketp) { free(ucellp->ticketp); ucellp->ticketp = NULL; @@ -1965,7 +1974,8 @@ long cm_IoctlDelAllToken(struct smb_ioctl *ioctlp, struct cm_user *userp) lock_ObtainMutex(&userp->mx); - for (ucellp = userp->cellInfop; ucellp; ucellp = ucellp->nextp) { + for (ucellp = userp->cellInfop; ucellp; ucellp = ucellp->nextp) { + osi_Log1(smb_logp,"cm_IoctlDelAllToken ucellp %lx", ucellp); ucellp->flags &= ~CM_UCELLFLAG_RXKAD; ucellp->gen++; } diff --git a/src/WINNT/aklog/aklog.c b/src/WINNT/aklog/aklog.c index 35f60d317..e8409e92b 100644 --- a/src/WINNT/aklog/aklog.c +++ b/src/WINNT/aklog/aklog.c @@ -23,6 +23,7 @@ #include #include #include +#include #ifdef WIN32 #include @@ -172,16 +173,50 @@ void CloseConf(struct afsconf_dir **pconfigdir) (void) afsconf_Close(*pconfigdir); } -void ViceIDToUsername(char *username, int *status, -struct ktc_principal *aserver) +#define ALLOW_REGISTER 1 +void ViceIDToUsername(char *username, char *realm_of_user, char *realm_of_cell, + char * cell_to_use, CREDENTIALS *c, + int *status, + struct ktc_principal *aclient, struct ktc_principal *aserver, struct ktc_token *atoken) { -#ifndef WIN32 + static char lastcell[MAXCELLCHARS+1] = { 0 }; + static char confname[512] = { 0 }; long viceId; /* AFS uid of user */ +#ifdef ALLOW_REGISTER + afs_int32 id; +#endif /* ALLOW_REGISTER */ + + if (confname[0] == '\0') { + strncpy(confname, AFSDIR_CLIENT_ETC_DIRPATH, sizeof(confname)); + confname[sizeof(confname) - 2] = '\0'; + } if (dflag) printf("About to resolve name %s to id\n", username); - if (!pr_Initialize (0, AFSDIR_CLIENT_ETC_DIRPATH, aserver->cell)) + /* + * Talk about DUMB! It turns out that there is a bug in + * pr_Initialize -- even if you give a different cell name + * to it, it still uses a connection to a previous AFS server + * if one exists. The way to fix this is to change the + * _filename_ argument to pr_Initialize - that forces it to + * re-initialize the connection. We do this by adding and + * removing a "/" on the end of the configuration directory name. + */ + + if (lastcell[0] != '\0' && (strcmp(lastcell, aserver->cell) != 0)) { + int i = strlen(confname); + if (confname[i - 1] == '/') { + confname[i - 1] = '\0'; + } else { + confname[i] = '/'; + confname[i + 1] = '\0'; + } + } + + strcpy(lastcell, aserver->cell); + + if (!pr_Initialize (0, confname, aserver->cell)) *status = pr_SNameToId (username, &viceId); if (dflag) @@ -201,9 +236,58 @@ struct ktc_principal *aserver) * the code for tokens, this hack (AFS ID %d) will * not work if you change %d to something else. */ - if ((*status == 0) && (viceId != ANONYMOUSID)) - sprintf (username, "AFS ID %d", viceId); -#endif + + /* + * This code is taken from cklog -- it lets people + * automatically register with the ptserver in foreign cells + */ + +#ifdef ALLOW_REGISTER + if (*status == 0) { + if (viceId != ANONYMOUSID) { +#else /* ALLOW_REGISTER */ + if ((*status == 0) && (viceId != ANONYMOUSID)) +#endif /* ALLOW_REGISTER */ + sprintf (username, "AFS ID %d", (int) viceId); +#ifdef ALLOW_REGISTER + } else if (strcmp(realm_of_user, realm_of_cell) != 0) { + if (dflag) { + printf("doing first-time registration of %s " + "at %s\n", username, cell_to_use); + } + id = 0; + strncpy(aclient->name, username, MAXKTCNAMELEN - 1); + strcpy(aclient->instance, ""); + strncpy(aclient->cell, c->realm, MAXKTCREALMLEN - 1); + if ((*status = ktc_SetToken(aserver, atoken, aclient, 0))) { + printf("%s: unable to obtain tokens for cell %s " + "(status: %d).\n", progname, cell_to_use, status); + *status = AKLOG_TOKEN; + } + + /* + * In case you're wondering, we don't need to change the + * filename here because we're still connecting to the + * same cell -- we're just using a different authentication + * level + */ + + if ((*status = pr_Initialize(1L, confname, aserver->cell, 0))) { + printf("Error %d\n", status); + } + + if ((*status = pr_CreateUser(username, &id))) { + printf("%s: unable to create remote PTS " + "user %s in cell %s (status: %d).\n", progname, + username, cell_to_use, *status); + } else { + printf("created cross-cell entry for %s at %s\n", + username, cell_to_use); + sprintf(username, "AFS ID %d", (int) id); + } + } + } +#endif /* ALLOW_REGISTER */ } char *LastComponent(char *str) @@ -469,6 +553,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) struct ktc_principal aclient; struct ktc_token atoken, btoken; + /* try to avoid an expensive call to get_cellconfig */ if (cell && ll_string_check(&authedcells, cell)) { @@ -665,7 +750,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) strcat(username, realm_of_user); } - ViceIDToUsername(username, &status, &aserver); + ViceIDToUsername(username, realm_of_user, realm_of_cell, cell_to_use, &c, &status, &aclient, &aserver, &atoken); } if (dflag) diff --git a/src/WINNT/client_config/drivemap.cpp b/src/WINNT/client_config/drivemap.cpp index faa0feedf..350004bbe 100644 --- a/src/WINNT/client_config/drivemap.cpp +++ b/src/WINNT/client_config/drivemap.cpp @@ -306,14 +306,18 @@ BOOL IsValidSubmountName (LPTSTR pszSubmount) return FALSE; for ( ; *pszSubmount; ++pszSubmount) - { - if (!isprint(*pszSubmount)) - return FALSE; - if (*pszSubmount == TEXT(' ')) - return FALSE; - if (*pszSubmount == TEXT('\t')) - return FALSE; - } + { + if (!isprint(*pszSubmount)) + return FALSE; + if (*pszSubmount == TEXT(' ')) + return FALSE; + if (*pszSubmount == TEXT('/')) + return FALSE; + if (*pszSubmount == TEXT('\\')) + return FALSE; + if (*pszSubmount == TEXT('\t')) + return FALSE; + } return TRUE; } diff --git a/src/WINNT/client_creds/window.cpp b/src/WINNT/client_creds/window.cpp index 9a1a31d33..d788d9f0b 100644 --- a/src/WINNT/client_creds/window.cpp +++ b/src/WINNT/client_creds/window.cpp @@ -246,34 +246,35 @@ void Main_Show (BOOL fShow) void Main_OnInitDialog (HWND hDlg) { - if (!g.fIsWinNT) - { - TCHAR szTitle[256]; - GetString (szTitle, IDS_TITLE_95); - SetWindowText (hDlg, szTitle); - } + if (!g.fIsWinNT) + { + TCHAR szTitle[256]; + GetString (szTitle, IDS_TITLE_95); + SetWindowText (hDlg, szTitle); + } - TCHAR szVersion[256]; - DWORD dwPatch = 0; - TCHAR szUser[256]; - GetString (szVersion, IDS_UNKNOWN); - GetString (szUser, IDS_UNKNOWN); + TCHAR szVersion[256]; + DWORD dwPatch = 0; + TCHAR szUser[256]; + GetString (szVersion, IDS_UNKNOWN); + GetString (szUser, IDS_UNKNOWN); - HKEY hk; - if (RegOpenKey (HKEY_LOCAL_MACHINE, REGSTR_PATH_AFS, &hk) == 0) - { - DWORD dwSize = sizeof(szVersion); - DWORD dwType = REG_SZ; - RegQueryValueEx (hk, REGVAL_AFS_VERSION, NULL, &dwType, (PBYTE)szVersion, &dwSize); + HKEY hk; + if (RegOpenKey (HKEY_LOCAL_MACHINE, REGSTR_PATH_AFS, &hk) == 0) + { + DWORD dwSize = sizeof(szVersion); + DWORD dwType = REG_SZ; + RegQueryValueEx (hk, REGVAL_AFS_VERSION, NULL, &dwType, (PBYTE)szVersion, &dwSize); - dwSize = sizeof(dwPatch); - dwType = REG_DWORD; - RegQueryValueEx (hk, REGVAL_AFS_PATCH, NULL, &dwType, (PBYTE)&dwPatch, &dwSize); - RegCloseKey (hk); - } + dwSize = sizeof(dwPatch); + dwType = REG_DWORD; + RegQueryValueEx (hk, REGVAL_AFS_PATCH, NULL, &dwType, (PBYTE)&dwPatch, &dwSize); + RegCloseKey (hk); + } - BOOL fFoundUserName = FALSE; - if (RegOpenKey (HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Explorer"), &hk) == 0) + /* We should probably be using GetUserNameEx() for this */ + BOOL fFoundUserName = FALSE; + if (RegOpenKey (HKEY_CURRENT_USER, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"), &hk) == 0) { DWORD dwSize = sizeof(szUser); DWORD dwType = REG_SZ; @@ -282,6 +283,17 @@ void Main_OnInitDialog (HWND hDlg) RegCloseKey (hk); } if (!fFoundUserName ) + { + if (RegOpenKey (HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Explorer"), &hk) == 0) + { + DWORD dwSize = sizeof(szUser); + DWORD dwType = REG_SZ; + if (RegQueryValueEx (hk, TEXT("Logon User Name"), NULL, &dwType, (PBYTE)szUser, &dwSize) == 0) + fFoundUserName = TRUE; + RegCloseKey (hk); + } + } + if (!fFoundUserName ) { if (RegOpenKey (HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"), &hk) == 0) { @@ -291,29 +303,29 @@ void Main_OnInitDialog (HWND hDlg) fFoundUserName = TRUE; RegCloseKey (hk); } + } + if (!fFoundUserName) + { + if (RegOpenKey (HKEY_LOCAL_MACHINE, TEXT("Network\\Logon"), &hk) == 0) + { + DWORD dwSize = sizeof(szUser); + DWORD dwType = REG_SZ; + if (RegQueryValueEx (hk, TEXT("UserName"), NULL, &dwType, (PBYTE)szUser, &dwSize) == 0) + fFoundUserName = TRUE; + RegCloseKey (hk); + } } - if (!fFoundUserName) - { - if (RegOpenKey (HKEY_LOCAL_MACHINE, TEXT("Network\\Logon"), &hk) == 0) - { - DWORD dwSize = sizeof(szUser); - DWORD dwType = REG_SZ; - if (RegQueryValueEx (hk, TEXT("UserName"), NULL, &dwType, (PBYTE)szUser, &dwSize) == 0) - fFoundUserName = TRUE; - RegCloseKey (hk); - } - } - TCHAR szSource[ cchRESOURCE ]; - TCHAR szTarget[ cchRESOURCE ]; + TCHAR szSource[ cchRESOURCE ]; + TCHAR szTarget[ cchRESOURCE ]; - GetString (szSource, (dwPatch) ? IDS_TITLE_VERSION : IDS_TITLE_VERSION_NOPATCH); - wsprintf (szTarget, szSource, szVersion, dwPatch); - SetDlgItemText (hDlg, IDC_TITLE_VERSION, szTarget); + GetString (szSource, (dwPatch) ? IDS_TITLE_VERSION : IDS_TITLE_VERSION_NOPATCH); + wsprintf (szTarget, szSource, szVersion, dwPatch); + SetDlgItemText (hDlg, IDC_TITLE_VERSION, szTarget); - GetDlgItemText (hDlg, IDC_TITLE_NT, szSource, cchRESOURCE); - wsprintf (szTarget, szSource, szUser); - SetDlgItemText (hDlg, IDC_TITLE_NT, szTarget); + GetDlgItemText (hDlg, IDC_TITLE_NT, szSource, cchRESOURCE); + wsprintf (szTarget, szSource, szUser); + SetDlgItemText (hDlg, IDC_TITLE_NT, szTarget); } diff --git a/src/config/NTMakefile.i386_nt40 b/src/config/NTMakefile.i386_nt40 index 917097ed2..137058ca3 100644 --- a/src/config/NTMakefile.i386_nt40 +++ b/src/config/NTMakefile.i386_nt40 @@ -79,7 +79,7 @@ LIB = $(AFSDEV_LIB) #define used in WinNT/2000 installation and program version display AFSPRODUCT_VER_MAJOR=1 AFSPRODUCT_VER_MINOR=3 -AFSPRODUCT_VER_PATCH=6600 +AFSPRODUCT_VER_PATCH=6601 AFSPRODUCT_VER_BUILD=0 AFSPRODUCT_VERSION=$(AFSPRODUCT_VER_MAJOR).$(AFSPRODUCT_VER_MINOR).$(AFSPRODUCT_VER_PATCH) AFSPRODUCT_FILE_VERSION=$(AFSPRODUCT_VER_MAJOR),$(AFSPRODUCT_VER_MINOR),$(AFSPRODUCT_VER_PATCH),$(AFSPRODUCT_VER_BUILD) diff --git a/src/libafsauthent/afsauthent.def b/src/libafsauthent/afsauthent.def index 20fd1192d..a82298592 100644 --- a/src/libafsauthent/afsauthent.def +++ b/src/libafsauthent/afsauthent.def @@ -78,8 +78,8 @@ EXPORTS pioctl @77 rx_Init @78 ka_UserAuthenticateGeneral2 @79 - - + pr_CreateUser @80 + pr_SNameToId @81 DISK_function_names @83 DATA diff --git a/src/sys/pioctl_nt.c b/src/sys/pioctl_nt.c index a03117c53..756b8ef27 100644 --- a/src/sys/pioctl_nt.c +++ b/src/sys/pioctl_nt.c @@ -163,9 +163,11 @@ GetIoctlHandle(char *fileNamep, HANDLE * handlep) FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_WRITE_THROUGH, NULL); fflush(stdout); - if (fh == INVALID_HANDLE_VALUE) - return -1; - + if (fh == INVALID_HANDLE_VALUE) { + if (GetLastError() == ERROR_DOWNGRADE_DETECTED) + fprintf(stderr, "Unable to open \"%s\": Authentication Downgrade Detected\n", tbuffer); + return -1; + } /* return fh and success code */ *handlep = fh; return 0; -- 2.39.5