LICENSE IPL10
FIXES 124627
fix the mmap anti-recursion protection to set and mask CPageWrite appropriately
and with the correct lock protection. this leaves us with an issue to handle
when the mmap'd file is larger (possibly considerably larger) than the
cache
(cherry picked from commit 5e0e1ea254)
LICENSE IPL10
FIXES 124737
Newer Linux kernels differentiate between the real and effective
credentials of a process, and prevent a process's credentials from being
change when the effective credentials have been set to a different value.
When AFS notices a keyring PAG exists but no group-based PAG does, the
attempt to rectify this, if done in a VFS call (which changes effective creds)
triggers this issue. We defer the change to the groups to avoid it.
(cherry picked from commit 7d530b9080)
LICENSE IPL10
FIXES 124579
avoid potentially writing beyond allocated memory if a return is larger than expected
(cherry picked from commit 62bca1123f)
LICENSE IPL10
FIXES 124451
make cbd able to select whether time is 32 or 64 bit; when time size is
known, have a new magic number so it's obvious
(cherry picked from commit 79d362c77c)
LICENSE IPL10
FIXES 124507
Fix the old configure test for key_alloc for the task argument - we
can't just rely on the number of arguments anymore. Wish this could be
done without using -Werror.
Add an additional test for the struct cred argument
(cherry picked from commit bf9dc554b3)
This patch extends the krb.conf file allowing the specification of
multiple realms which should be treated as equivalents to the local
cell authentication domain. Additional realms are specified on the
first line of the krb.conf file and are separated by white space.
In addition, the patch adds a new file stored in the same directory
as the krb.conf file called krb.excl. This file contains a list of
principal names, one per line, that must not be treated as local
identities.
The purpose of this patch is to allow organizations that are supporting
multiple realms with synchronized user principal databases to allow
their users to login with any of the realms and treat the principal
names as equivalent to the local PTS identity. The exclusion is
to allow certain names, such as those for administrative IDs, to be
restricted to a subset of the realms.
Further optimization of the afs_krb_exclusion() should be performed to
remove the need to re-read the file. This patch should be considered
a temporary solution until a more permanent set of extensions to the
PT database and RPCs allow for the assignment of mechanism specific
aliases for PT IDs.
(cherry picked from commit 544dedb6ed)
LICENSE IPL10
FIXES 123604
The code has long contained a backing_dev_info structure, but it
was never attached to anything. Initialize its use properly with
bdi_init, and attach it to i_mapping for every newly filled inode.
bdi_init and bdi_destroy are needed for proper initialization of
some percpu counters, otherwise we get some oopses.
(cherry picked from commit 18e78d91e7)
LICENSE IPL10
1- make afs-newcell.pl remove KeyFile in unwind
2- correct missing space in volserver setup for DAFS
3- fix klog to not try to use a Kerberos realm name
4- fix minor POD bug in src/tests/OpenAFS/wrapper.pm
5- enhance src/tests/OpenAFS/vos.pm to support On-line/Off-line state
(cherry picked from commit 8aa03f1168)
LICENSE BSD
FIXES 124472
New man page for vos setfields. Also adds -noresolve documentation to the
vos(1) common flags.
(cherry picked from commit 85bb464bb4)
