CVE-2015-7762:
The CMU/Transarc/IBM definition of rx_AckDataSize(nAcks) was mistakenly
computed from sizeof(struct rx_ackPacket) and inadvertently added three
octets to the computed ack data size due to C language alignment rules.
When constructing ack packets these three octets are not assigned a
value before writing them to the network.
Beginning with AFS 3.3, IBM extended the ACK packet with the "maxMTU" ack
trailer value which was appended to the packet according to the
rx_AckDataSize() computation. As a result the three unassigned octets
were unintentionally cemented into the ACK packet format.
In OpenAFS commit 4916d4b422 Nickolai
Zeldovich <kolya@mit.edu> noticed that the size produced by the
rx_AckDataSize(nAcks) macro was dependent upon the compiler and processor
architecture. The rx_AckDataSize() macro was altered to explicitly
expose the three octets that are included in the computation.
Unfortunately, the failure to initialize the three octets went unnoticed.
The Rx implementation maintains a pool of packet buffers that are reused
during the lifetime of the process. When an ACK packet is constructed
three octets from a previously received or transmitted packets will be
leaked onto the network. These octets can include data from a
received packet that was encrypted on the wire and then decrypted.
If the received encrypted packet is a duplicate or if it is outside the
valid window, the decrypted packet will be used immediately to construct
an ACK packet.
CVE-2015-7763:
In OpenAFS commit c7f9307c35 the ACK packet
was further extended in an attempt to detect the path MTU between two
peers. When the ACK reason is RX_ACK_PING a variable number of octets is
appended to the ACK following the ACK trailers.
The implementation failed to initialize all of the padding region.
A variable amount of data from previous packets can be leaked onto the
network. The padding region can include data from a received packet
that was encrypted on the wire and then decrypted.
OpenAFS 1.5.75 through 1.5.78 and all 1.6.x releases (including release
candidates) are vulnerable.
Credits:
Thanks to John Stumpo for identifying both vulnerabilities.
Thanks to Simon Wilkinson for patch development.
Thanks to Ben Kaduk for managing the security release cycle.
Change-Id: I29e47610e497c0ea94033450f434da11c367027c
cm_BPlusDirLookup() and cm_Lookup() can return CM_ERROR_INEXACT_MATCH
which is not a fatal error. Instead it is an indication that the returned
cm_scache object was not a case sensitive match. Do not fail the request
and do not leak the cm_scache reference.
Reviewed-on: http://gerrit.openafs.org/12057
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit c372bc92a3)
Change-Id: I0d533b828d8e42d88163987772672c300277e10d
Reviewed-on: http://gerrit.openafs.org/12067
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
cm_Lookup() must not mask a CM_ERROR_AMBIGUOUS_FILENAME error by
converting it to CM_ERROR_BPLUS_NOMATCH. Doing so results in the
redirector believing that the object does not exist instead of
there being a STATUS_OBJECT_NAME_COLLISION.
Reviewed-on: http://gerrit.openafs.org/11930
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 7e3289891d)
Change-Id: Icb8e1f77feec94bc5013c7c6ba10df3b1e368e9e
Reviewed-on: http://gerrit.openafs.org/12066
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The redirector is supposed to reject access to file objects if there
is no case exact match and multiple entries match in a case insensitive
comparison. The check was only present in the AFSLocateNameEntry()
function and not elsewhere.
Fix the AFSLocateNameEntry() call and addd the missing checks.
Reviewed-on: http://gerrit.openafs.org/11929
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit dffaab441d)
Change-Id: Ie84a4026bb73bfdf72a3849f9d607d158ea7ac53
Reviewed-on: http://gerrit.openafs.org/12065
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Although pioctl operations are delivered through the redirector the
contents of the operations are opaque to the redirector. Therefore,
the cm_req must not be initialized as a redirector operation. If they
are the necessary invalidation notifications for symlink and mount point
operations will not be delivered.
Reviewed-on: http://gerrit.openafs.org/12062
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit be603388ef)
Change-Id: If5bcc7423554a8c8f9ab344547ce0fada62bacac
Reviewed-on: http://gerrit.openafs.org/12064
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
clientServiceProviderKeyExists() must use AFSREG_CLT_SVC_PROVIDER_SUBKEY
since it is a relative path from HKEY_LOCAL_MACHINE.
Reviewed-on: http://gerrit.openafs.org/12059
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 8b530d52a5)
Change-Id: Icb0b899fbea0b35a5869872814a3ac1a13bfd119
Reviewed-on: http://gerrit.openafs.org/12061
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
If cm_noIPAddrs == 0, then no servers will be probed. If
syscfg_GetIFInfo() fails then cm_noIPAddrs is set to 0. Therefore,
also set cm_LanAdapterChangeDetected to non-zero if syscfg_GetIFInfo()
fails so that the interface info can be queried again prior to a server
probe attempt.
Reviewed-on: http://gerrit.openafs.org/12055
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 4f20b7305e)
Change-Id: Iba740de83e360e2184262d98ae11bf2ae19948fe
Reviewed-on: http://gerrit.openafs.org/12060
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Do not blindly install a network provider for the service since at
least one end user organization does not install the service's network
provider.
Reviewed-on: http://gerrit.openafs.org/12051
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit c615a712bf)
Change-Id: Ie8a2da0bf6541f7e4e974f887af6735907f0d626
Reviewed-on: http://gerrit.openafs.org/12054
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
If we open a handle, close it.
Reviewed-on: http://gerrit.openafs.org/12050
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit cda7556b85)
Change-Id: I0aa34f5bb52bec97accb0665c98b54bc4b54c7df
Reviewed-on: http://gerrit.openafs.org/12053
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
In cm_CheckServersMulti() if cm_ConnByServer() fails or if cm_noIPAddr is
zero then a cm_server.pingCount will be leaked. This can result in
servers being marked down and never restored to an up state.
This change adds the necessary pingCount decrement and moves the
assignment of the cm_server_t pointer to serversp[] to make it clear
that the cm_server_t will not be in the array if a failure occurs.
Only objects in the array will have the pingCount decremented after
the RPCs are issued.
Reviewed-on: http://gerrit.openafs.org/12048
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 3957abea2a)
Change-Id: I4904d280b3a36ad3793fc0aa9728731fc9ac258b
Reviewed-on: http://gerrit.openafs.org/12052
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
In 0a0927497c an extra "pingCount"
format parameter was added in cm_DumpServers(). Remove it.
Reviewed-on: http://gerrit.openafs.org/12046
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 518807cae8)
Change-Id: I67652c729aa431172d28c087183a32e023086a77
Reviewed-on: http://gerrit.openafs.org/12047
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Instead of replying upon a server flag use a pingCount interlocked
variable to track whether active ping operations are being performed
and whether or not to wait sleeping threads.
Reviewed-on: http://gerrit.openafs.org/12022
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 0a0927497c)
Change-Id: I73726fd707b5a7fd3ebbe5b4e2b1e57ec889bbbf
Reviewed-on: http://gerrit.openafs.org/12045
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Update all remaining copies of CellServDB in the tree, and make the
Red Hat packaging use it by default too.
Reviewed-on: http://gerrit.openafs.org/11764
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 8cb4a42496)
Change-Id: Iff44108fc1335a47d93e97d08f3582bcb2922dfe
Reviewed-on: http://gerrit.openafs.org/12044
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
This should be all the locations we keep it in-tree.
Reviewed-on: http://gerrit.openafs.org/11607
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit ce0cad182c)
Change-Id: Icb851e46933a54f6ccd76b5a2e4869986fa536ce
Reviewed-on: http://gerrit.openafs.org/12043
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The cm_GetCell_Gen() function permits cells to be searched for by
prefix. The idea is to permit "cs.cmu.edu" to be abbreviated "cs"
when at CMU. There are two problems with the current behavior:
1. the existing match rules will accept "cs.c" and "cs.cmu.ed" as
valid prefix matches. By not restricting the prefix matching
to full components the Freelance symlink list can become
cluttered.
2. the existing match rules will accept the first cell that
matches even if there are more than one cells that would match.
this can result in unpredictable behavior since the ordering
of the cells is not guaranteed.
Instead, fail requests for cell prefixes that are not full component
matches or that would be ambiguous.
Reviewed-on: http://gerrit.openafs.org/11886
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit e314167f11)
Change-Id: I8de6f9972f15cf12ae13b157e26ee181eeec220b
Reviewed-on: http://gerrit.openafs.org/12042
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows 8, 8.1 and pre-releases of 10 have a horrible bug as part
of the upgrade process. All non-Microsoft network provider services
are removed from the NetworkProvider "Order" registry value. For
OpenAFS this has the side effect of breaking integrated logon and
all drive letter mappings to \\AFS.
During service start add code to:
1. Add "AFSRedirector" before "LanmanWorkstation" if not present
2. Add "TransarcAFSDaemon" to the end of the list if not present
If the service is running in SMB mode
3. Remove "AFSRedirector" if present
Reviewed-on: http://gerrit.openafs.org/12024
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 946d2c1699)
Change-Id: I39fcc8b604deaf6779167c775b11ac0b4ad0ed26
Reviewed-on: http://gerrit.openafs.org/12041
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
In cm_Analyze() replace the token error retry logic for miscellaneous
rx errors and simply mark the server down. The most common error
that will be seen in this category is RX_INVALID_OPERATION which would
be received if the Rx service id or security class is not recognized
by the peer. This could happen if an AuriStor server is replaced by
an AFS3 server or if a packet is reflected.
A side effect of this change is that V* and CM_ERROR_* errors will
once again be retried. This will permit proper failover to occur.
Reviewed-on: http://gerrit.openafs.org/11920
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 6baaa39333)
Change-Id: I0445a0532842f73c01e33171679f0e7225d8d9ca
Reviewed-on: http://gerrit.openafs.org/12040
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
If a VLDB query attempt occurs when there is no current cell db server
list then the VLDB query won't actually occur but the last query time
would be set. This prevents a query from taking place again on the volume
for 60 seconds. If the volume in question is the root.cell volume then
the redirector will be forced to return device not ready for the share
(aka \\afs\cell).
Check for a failure of cm_UpdateCell() and only set the last update time
for the volume if there was success or if the VLDB responded with volume
unknown.
Reviewed-on: http://gerrit.openafs.org/11919
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 653647e861)
Change-Id: I082d2c86a93274906d2048f6cd2fe640392ae514
Reviewed-on: http://gerrit.openafs.org/12039
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
cm_CheckNTDelete() forgot to call cm_SyncDone() in one of the error
paths. Fixup the call pattern and do not forget to call cm_SyncDone().
Reviewed-on: http://gerrit.openafs.org/11917
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 1409bf8e00)
Change-Id: I03de1593122b1762967043f9f749521a983cb758
Reviewed-on: http://gerrit.openafs.org/12037
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
When adding a connection verify that the server name and the share name
are valid. If not return ERROR_BAD_NETWORK_NAME.
When getting connection information, if a pre-existing connection does
not exist and either the server name or the share name do not verify
return ERROR_BAD_NETWORK_NAME and not ERROR_INVALID_PARAMETER.
Reviewed-on: http://gerrit.openafs.org/11916
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit dfc8db6e3d)
Change-Id: Ibf6069ab7b7a3d496710bb15304ba9dd5790166a
Reviewed-on: http://gerrit.openafs.org/12036
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
When the redirector ioctl fails in NPGetResourceInformation() return the
actual error to the caller. Do not hide all errors as WN_BAD_NETNAME.
Reviewed-on: http://gerrit.openafs.org/11915
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 2f072b2fe6)
Change-Id: If69250198d31b4ebd4a854c07e87bed96ef99aa2
Reviewed-on: http://gerrit.openafs.org/12035
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Ensure that RemoteName paths have at least two characters before
attempting to access character [1].
Reviewed-on: http://gerrit.openafs.org/11914
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit d977906371)
Change-Id: Id5bef3820a67b15a05074aebc379da51f37d9d9f
Reviewed-on: http://gerrit.openafs.org/12034
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The uniFullName.MaximumLength in AFSParseName() is not properly
modified and can end up being extended beyond the actual memory
allocation due to a missing decrement.
Reviewed-on: http://gerrit.openafs.org/11913
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 69bc77c538)
Change-Id: Iaef47fb7607aa889c08d23b66890c449eeff0b47
Reviewed-on: http://gerrit.openafs.org/12033
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The authentication id for the process will always be obtained in kernel
so no longer try to fetch it in userland.
Reviewed-on: http://gerrit.openafs.org/11911
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 6405e0584a)
Change-Id: Iafac2e88c7d46901df975bab3fbad0082c7b81fa
Reviewed-on: http://gerrit.openafs.org/12032
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
When processing network provider requests in afsredirlib.sys always
obtain the auth id using the SYSTEM worker thread. Do not trust
the values provided by userland.
Reviewed-on: http://gerrit.openafs.org/11910
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 967c5dbef3)
Change-Id: I8af1a396ac60f2782b5b5d49923c0685b93feac5
Reviewed-on: http://gerrit.openafs.org/12031
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
When PsReferenceImpersonationToken(), PsReferencePrimaryToken(), and
SeQueryInformationToken() are called in the kernel from a user process
thread the restrictions on the userland process still apply. Since we do
not want to be restricted we must obtain the token and query the token
information from a SYSTEM thread.
This change restructures the AFSGetAuthenticationId() process to queue a
synchronous task to the worker thread.
This should address the problem that has been seen during system boot when
the Group Policy Service attempts to query, remove or create a drive
letter mapping.
Reviewed-on: http://gerrit.openafs.org/11909
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit d35164370a)
Change-Id: I327f68570631f7bb435c2651f1567b071f3de802
Reviewed-on: http://gerrit.openafs.org/12030
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Modify AFSRetrieveFileAttributes() to handle the case of a ParentPathName
with a Length == 0. In such a case the introduction of a path separator
would result in the construction of an absolute path when a relative path
is required.
Reviewed-on: http://gerrit.openafs.org/11889
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 4233e4d661)
Change-Id: I24685f3d93b4b15b0a2bf1c8d4cb58331eef94e8
Reviewed-on: http://gerrit.openafs.org/12029
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
AFSRetrieveParentPath() when presented with a relative path that has no
parent will walk off the front of the FullFileName buffer. Add checks to
ensure that Length never becomes less than zero.
Reviewed-on: http://gerrit.openafs.org/11888
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 456b68ccb6)
Change-Id: Ifa28a7986455f0aa5b11db10280a9584617cc83d
Reviewed-on: http://gerrit.openafs.org/12028
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
AFSGetConnectionInfo() is called to respond to NPGetResourceInformation
and NPGetConnectionPerformance WNet API requests. The former permits
the requestor to provide a path containing components that are not
processed by the file system represented by the called network provider.
As such partial matches are permitted BUT they must consist of full
components. In other words, \\afs\sh is not a valid partial match for
\\afs\share but \\afs\share is a valid partial match for \\afs\share\dir.
This change adds validation checks to enforce full component comparisons.
It also cleans up some of the associated comparisons and trace output.
Reviewed-on: http://gerrit.openafs.org/11887
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit af7f7da0aa)
Change-Id: Ifcf5e652f0b882f40ada996f0894dcf3235864e8
Reviewed-on: http://gerrit.openafs.org/12027
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
In NetrShareGetInfo() when registry api calls fail do not leak the
error codes to the caller. Instead, set the error to CM_ERROR_NOSUCHPATH
so that NERR_NetNameNotFound can be returned.
Reviewed-on: http://gerrit.openafs.org/11924
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 99894f0a70)
Change-Id: If18090738c4412a58c9e9d0c5d5cde9117bb4619
Reviewed-on: http://gerrit.openafs.org/12026
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
When processing the NetrShareGetInfo() pipe service rpc do not
allocate memory for the return buffer is the path cannot be found.
Reviewed-on: http://gerrit.openafs.org/11923
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit a640e76d0f)
Change-Id: If9636d5341e9bf7371ff4107af392c2876563f1e
Reviewed-on: http://gerrit.openafs.org/12025
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
When enumerating a directory if status info for an entry cannot be
obtained, fake it. Do not return STATUS_ACCESS_DENIED to the redirector
as that will be interpreted as the directory not being listable.
Reviewed-on: http://gerrit.openafs.org/11736
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 1f2818192f)
Change-Id: I19cecacac9a8dc39bdcf377f2a1831fa1c62330b
Reviewed-on: http://gerrit.openafs.org/11737
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
In the case where an explicit mount point to a .backup volume is
resolved from a .backup volume the cache manager refuses to evaluate
the mount point target. This is meant to address unwanted recursion
in the directory tree searches.
Change the error code to ERROR_TOO_MANY_SYMLINKS and propagate that
error to the AFS redirector. That will result in the application
receiving STATUS_ACCESS_DENIED instead of
STATUS_REPARSE_POINT_NOT_RESOLVED.
The STATUS_REPARSE_POINT_NOT_RESOLVED error causes cmd.exe and
powershell.exe to terminate recursive directory searches.
Reviewed-on: http://gerrit.openafs.org/11693
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 0008ca80a8)
Change-Id: Idb2046e7e1fa4d327e6af794f7803981f56f3763
Reviewed-on: http://gerrit.openafs.org/11735
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Should use || and not | as the operator when testing for
NULL pointers.
Reviewed-on: http://gerrit.openafs.org/11523
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit ba0b0986ec)
Change-Id: I02134a4bded6a38a14548b8117230d161093f2c9
Reviewed-on: http://gerrit.openafs.org/11614
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
When SetDispositionInfo is called to mark a file for pending
delete the link count should not be decrememented. The count is
decremented only when the file is actually deleted.
Reviewed-on: http://gerrit.openafs.org/11508
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit c90c5e97c6)
Change-Id: I365d0e0388f6cac23aca64b06e9c6e6a61e97d04
Reviewed-on: http://gerrit.openafs.org/11520
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Instead of returning 1 in all cases the ObjectInformation.Links
value should be returned to the caller.
Reviewed-on: http://gerrit.openafs.org/11507
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 8da84729c8)
Change-Id: Ic0714aaa119a9e930f84c606487b173306b1a3a9
Reviewed-on: http://gerrit.openafs.org/11519
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
During a file rename operation, check to see if the target file
has the DOS readonly attribute set or has a non-zero reference
count. If yes, the request must be failed. The error status
depends upon the state of the pending delete flag. Either
STATUS_PENDING_DELETE or STATUS_ACCESS_DENIED.
Reviewed-on: http://gerrit.openafs.org/11506
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 243537f707)
Change-Id: Idc2b64bf82f35a75ebd6d91eece9f213338f1c58
Reviewed-on: http://gerrit.openafs.org/11518
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The prior patchset modified the service AllocationSize return value
to count the number of 1KB units. Use the value from the service
without modification. This corrects an inconsistency in the
FileStandardInformation response.
Reviewed-on: http://gerrit.openafs.org/11491
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit cdfa21ad5e)
Change-Id: I86153deb2dcaea3433b9048b8fc0c458c7ddee30
Reviewed-on: http://gerrit.openafs.org/11505
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Windows expects storage to be allocated in increments of some
block size. The AFS servers allocate in 1K units so lets report
that to Windows.
Reviewed-on: http://gerrit.openafs.org/11490
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit d9ca3050c6)
Change-Id: I0e2ad4680b94224e05a598372cdeac3e65fe148e
Reviewed-on: http://gerrit.openafs.org/11504
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
For the FileNameInformation and FilePhysicalNameInformation queries
a trailing slash is required for the \\server\share\ path but is
not required for directories below the root.
Reviewed-on: http://gerrit.openafs.org/11489
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 3f1465f8da)
Change-Id: I4855614464c5f81a8ab98c22fa4ced519b01eb06
Reviewed-on: http://gerrit.openafs.org/11503
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
In response to the FilePhysicalNameInformation query the AFS redirector
failed to include the server name in the response. Since the constructed
name is the same as the FileNameInformation query create a helper function
AFSGetFullFileName() to populate the file name into the provided buffer
and use it to satisfy both queries.
Reviewed-on: http://gerrit.openafs.org/11488
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 70f67371e7)
Change-Id: I326eccff9d7329657238698f946becdd17f40499
Reviewed-on: http://gerrit.openafs.org/11502
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The FileAllInformation query is initially processed by the IO Manager
and when the IO Manager is passed a buffer that is too small to hold
the File Information structure it returns STATUS_INFO_LENGTH_MISMATCH.
Previously the afs redirector returned STATUS_BUFFER_TOO_SMALL in this
case. Instead follow IO Manager's lead.
Reviewed-on: http://gerrit.openafs.org/11487
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit af72e83832)
Change-Id: Ic41e8c3844f59dce499d5fedff0d03da031ba6d1
Reviewed-on: http://gerrit.openafs.org/11501
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
I/O Manager will populate the FILE_ACCESS_INFORMATION,
FILE_MODE_INFORMATION, and FILE_ALIGNMENT_INFORMATION portions of
a FILE_ALL_INFORMATION structure prior to forwarding a FileAllInformation
FileInfo query to the file system. There is no need for the file system
to duplicate the effort.
Reviewed-on: http://gerrit.openafs.org/11478
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 06995ceb4d)
Change-Id: Icf21e76f564a3df8c3808a36834f04b92dc30c46
Reviewed-on: http://gerrit.openafs.org/11500
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Do not destroy the existing vlserver list if the DNS resolver query
fails. Continue using the prior vlserver values until a DNS response
is obtained. This will result in repeated DNS queries and a delay
if there is continued failure, but it will permit VL RPCs to continue
to be issued in the face of a DNS failure or misconfiguration.
Reviewed-on: http://gerrit.openafs.org/11457
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 5ebe2437ef)
Change-Id: If2194871e97eb213ce2fc5da12aa7c759492564d
Reviewed-on: http://gerrit.openafs.org/11499
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
1. Call cm_UpdateIFInfo() for all power management events to force
an update of the valid network interface count.
2. Ensure that regardless of which Suspend and Resume events are
generated that the service only suspends once and resumes once.
Reviewed-on: http://gerrit.openafs.org/11447
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit f999113d33)
Change-Id: Ia2f39d01c053c4120e87ee70df6a9bf2b35bfad9
Reviewed-on: http://gerrit.openafs.org/11498
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
