Prefer KeyFileExt to KeyFile ~everywhere. Make the main documentation
assume a modern cell with KeyFileExt and rxkad-k5, moving the old
rxkad and KeyFile documentation to a new section,
HISTORICAL COMPATIBILITY.
Note that kaserver is deprecated.
Do not mention the Update Server, which is also disrecommended for
new installations.
Add a copyright statement for the new content.
Change-Id: Idcb4940615a00189b655538a9a190cc35153cc89
Reviewed-on: http://gerrit.openafs.org/11769
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a client side check to vos changeaddr -oldaddr -newaddr
to refuse to change multihomed server entries, unless -force
is given.
Change-Id: I1428e94f0c2fc19bb6ba3b2c53468f4587283bbc
Reviewed-on: http://gerrit.openafs.org/11638
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
roll back -stayonline support for volume releases for now.
Change-Id: I5b4de15892f975514ea699994cb7c1da17ac83c2
Reviewed-on: http://gerrit.openafs.org/11787
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Introduce the vos remaddrs sub-command for removing multi-homed server
entries from the vldb. The remaddrs sub-command completes the listaddrs
and setaddrs command suite and allows vos changeaddr to be deprecated
completely.
Change-Id: I98e92e776a153591a617a5b04037c3b6139d4732
Reviewed-on: http://gerrit.openafs.org/11606
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
While reviewing gerrit 11678 I noticed the -n flag was
duplicated. Remove the duplicate flag.
Change-Id: I4a63a50199e1564a0b0394445e9dc1569bb08a0c
Reviewed-on: http://gerrit.openafs.org/11688
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Remove sunrpc compatibility from rxgen. It's not tested, and
rpcgen is available from other sources. This will allow changes to be
made to rxgen without worrying about their impact on rpcgen compatibility.
Removals consist of the -l, -m, and -s switches, the source files
rpc_clntout.c and rpc_svcout.c, and the scan tokens 'program' and
'version'. The -R switch ('R compatibility') is also removed, as it's
a noop.
Change-Id: I960fac14faf072d221b8cb166e9388ab4accfa26
Reviewed-on: http://gerrit.openafs.org/10258
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
We have previously documented that volumes over 2TB can result in
inaccuracies, but this documentation does not say how the 'partition'
field in "fs listquota" can be inaccurate. It is confusing to see a
usage of 0% for a partition that you know is being used, so try to
briefly explain in what way this field is inaccurate.
The reason we _under_-report the partition usage is that the
fileserver actually gives back PartBlocksAvail and PartMaxBlocks (not
"blocks used" and "blocks total"). So 1TB used and 4TB total is
truncated to 2TB and given back as 2TB free and 2TB total. One we hit
3TB used we'll report it as 1TB free 2TB total (50%) when the actual
usage is 75%.
Change-Id: I0b3de04ef2bd6cd32fdcb1a82cbac58d5d621e5b
Reviewed-on: http://gerrit.openafs.org/11245
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
It can result only in sadness.
Document this restriction alongside UID 0 as a reserved number.
Change-Id: Ibea2d98bc15a730bc85e84477791ca45a40f2d92
Reviewed-on: http://gerrit.openafs.org/10950
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The krb5_524_conv_principal() function should fail whenever the Kerberos
v5 principal cannot safely be mapped onto a Kerberos v4 principal, and
does fail on some Kerberos v5 principals used in real-world AFS
deployments.
Prior to this patchset a failure was treated as a fatal error that
in turn prevents an AFS token from being generated or set into the
cache manager.
Prior to b1f9b4cb5d the
krb5_524_conv_principal() function wasn't used and a local client
mapping was created. b1f9b4cb5d
replaced the local mapping with the krb5 function because the local
mapping could be wrong and confusing.
The krb5_524_conv_principal() function as applied to AFS tokens is
just a local guess. How the username in the token is interpreted by
the AFS server is up to the server.
krb5_524_conv_principal() is only used for Krb5 native tokens. For Krb4
tokens the krb5_524_convert_creds() function is used to obtain both the
Kerberos v4 ticket and the converted names from the KDC. Many
organizations used the krb524d service to perform name translation. When
the krb524d service is used, the name translation is performed by the KDC,
so there is no local call to krb5_524_conf_principal() which might fail.
As a result, disallowing the use of a native Krb5 token due to a failed
local name translation is a needless loss of functionality; the local name
translation is not an essential part of obtaining a token.
This patchset modifies the behavior such that krb5_524_conv_principal()
errors are non-fatal.
1. If -noprdb is not specified the error message is generated
and a NULL username is used.
2. If the username is NULL the prdb lookup is disabled.
3. If the username is NULL the informational messages do not
include a username.
4. If the username is NULL the username info provided to the
cache manager in the token description is the nul string.
Credit to Ben Kaduk for assistance with the wording of this
commit message.
Change-Id: Ib07131fc0ff4bf5319815213198c3f0adac17b10
Reviewed-on: http://gerrit.openafs.org/11542
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Commit 5afe7a882b added a configure
option to disable the installation of the kauth suite, but did not
add any logic to disable the installation of the corresponding man
pages, so those man pages were always installed regardless of the
options to configure.
Add logic to doc/man-pages/Makefile.in to create .noinstall files
for man pages which should not be installed in the current configuration.
Depend on the Makefile (which will be regenerated by configure) in
this target so as to attempt to behave properly if configure is re-run
with different arguments in the same working tree.
Change-Id: I19b77a9f20fe27c49db14f3e800d8c77cda1bb3a
Reviewed-on: http://gerrit.openafs.org/10993
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
This tool was removed in 2006 in commit
b405868ca0. Also remove mention of
wsadmin, removed at the same time.
Change-Id: I8475b951f576f10ddd2f4b72565354b9fba41d94
Reviewed-on: http://gerrit.openafs.org/11554
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
It has been unused since the LWP fileserver was removed.
It was used to set the LWP stack size.
Change-Id: I2ffd3a2f02049a307b668a46b62b31dc9bc128a8
Reviewed-on: http://gerrit.openafs.org/11527
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
These are new files and new content; fix the copyright notice and
license to reflect.
Change-Id: I8d5f00fb7edaf2e3855e2dc2a1af07bba471c0d6
Reviewed-on: http://gerrit.openafs.org/11362
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Add a new vos release option called -force-reclone to force the
reclone of the release clone and a release to all of the remote
sites, regardless of the state of the VLDB flags on the remote
sites, but does not force full volume dumps when distributing the
volume.
Provide an alias -f for -force for compatibility with the original
IBM vos, in case scripts were written to use the old '-f' option,
and for users with muscle memory.
Change-Id: I0ebebc5e8099299781e8da57579d91848bb2ad19
Reviewed-on: http://gerrit.openafs.org/9020
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Make vlserver and volserver suppport a new command line parameter,
"-restricted_query admin". When this is on, the query RPCs that
are not needed for normal cache manager operations are restricted
to administrators listed in UserList. This is off by default.
Change-Id: I2a23a4e99cabd46b19ed491a6520773731a5994e
Reviewed-on: http://gerrit.openafs.org/10927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
It is not always clear to users whether BosConfig.new is noticed
during an automatic restart, or if it requires stopping and starting
the bosserver. Slightly reword the relevant text and add a small note
that a "general restart" does cause BosConfig.new to be noticed, so
this is explicitly clear.
Change-Id: Iab3eaff176305b0b2991a6636e70204b5072b1b0
Reviewed-on: http://gerrit.openafs.org/11076
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
vos convertROtoRW leaves the older RW copy on the original fileserver,
although it is no longer in the VLDB. Provide the user with some hints
regarding clean up.
Change-Id: I5f6fcf7d5a516b59438d84e60f163a567d3a64fd
Reviewed-on: http://gerrit.openafs.org/9408
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Gergely Risko <gergely@risko.hu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Commit 070230ab76 added documentation of
the mode parameter to bos setrestricted, claiming that the value 0 is
useless, and commit eee0bf5871 added
documentation of the restrictmode entry in BosConfig, claiming that it
can only be set back to 0 with an editor. Both claims are wrong, since
bos setrestricted -mode 0 will do exactly that (if it succeeds, which
it only can if the server is running in unrestricted mode, which can
be achieved by sending it the FPE signal). Fix the man pages
accordingly.
Change-Id: I07b75f7d0cea2e247fa4f346121de258e35119f5
Reviewed-on: http://gerrit.openafs.org/10885
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Provide a man page for the volscan utility
Change-Id: Ibaecb2b9030ee71d81f13b897694c4cf3b4b9516
Reviewed-on: http://gerrit.openafs.org/10905
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: D Brashear <shadow@your-file-system.com>
Mention the restrictmode entry and the commands for setting and
querying it in the BosConfig man page, and add/fix cross references
between the BosConfig, bos, bos_getrestricted and bos_setrestricted
ones.
Change-Id: I938ef4c43c1a248335f09975c454b36f7570782c
Reviewed-on: http://gerrit.openafs.org/10874
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Add the -emit option to the compile_et command to support parallel make.
The -emit option allows make to generate the header and the source files
independently, instead of building two files at the some time. This
avoids the issue where one command creates two separate files, which is
difficult to handle correctly for parallel makes.
Change-Id: Ib44a8e358643cf19b4834b3bd4d5b88db6cd0ccf
Reviewed-on: http://gerrit.openafs.org/7921
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
The man page documented the prefix option as -prefix; compile_et
supported only the short form -p.
Document and support both the long and short forms for the prefix
option; -p and -prefix.
Change-Id: Ide5551b06ae888748600677ed09ba674506a584f
Reviewed-on: http://gerrit.openafs.org/10721
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Document the -lang short form for -language.
Change-Id: I4a57bdb23ca5fab4e1565d7e930cdc10097a7414
Reviewed-on: http://gerrit.openafs.org/10720
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix two pod formatting errors and remove one trailing
whitespace characters.
Change-Id: I2ba4fd56afb8c26591d2770301c3edfdd1a898fb
Reviewed-on: http://gerrit.openafs.org/10719
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix typo in the dropbox section where 'l' was referred
to as 'read', not 'lookup'.
Change-Id: I6429c125f0561a1b5d4e7816930988ac1b347be7
Reviewed-on: http://gerrit.openafs.org/10750
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
- Consistently specify -dryrun and -n across various subcommands.
Many did not list -n, some listed -n but no -dryrun, and some
listed -noexecute instead.
- backup_volrestore: Add missing option -usedump
- backup_deletedump: Add missing options -groupid, -dbonly, -force,
and -portoffset
Change-Id: Iec1c36cba0ad0e61d7e6215c9cba81228b95a81f
Reviewed-on: http://gerrit.openafs.org/10441
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Add the 'checkman' script, which compares a command's "-help" output
to the options actually documented in its manpage. This command is
certainly not perfect, and may contain false negatives and false
positives. It is not (currently) intended to be run as an automated
check, but is meant to assist a human manually checking the
correctness of man pages. An error reported by 'checkman' does not
necessarily indicate something that should actually be changed.
Change-Id: Iae1965c441279dd3f93c1a7283ea0a0140d5ebe3
Reviewed-on: http://gerrit.openafs.org/10442
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
This option is completely useless since the LWP volserver was removed.
Remove the code for it.
Change-Id: I2257ba2ecd2ffeb9c47d21cbb516d6a0abb19b94
Reviewed-on: http://gerrit.openafs.org/10424
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
For every fssync-debug subcommand, provide a symlink for the
associated dafssync-debug subcommand. This way, running e.g.
"man dafssync-debug_attach" will actually give you a manpage, instead
of needing to specifically run "man fssync-debug_attach".
Change-Id: I83d71dc14f9f838d9a9900fcc62817677898dd27
Reviewed-on: http://gerrit.openafs.org/10412
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
If we indent text here, the formatting codes are not interpreted, and
the text is output "raw". So currently, we actually see
"I<system_type>" in this section, which is a bit confusing.
Saying the actual output with string substitutions and stuff here
doesn't seem very helpful when the output doesn't have any constant
text in it. Just describe what the output is instead; an example
immediately follows if this is unclear.
Change-Id: Ib3e0f0c5143afa2dd41a655ff3908c791026a426
Reviewed-on: http://gerrit.openafs.org/10411
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
We now have a -checkout option, but no -online option. Document
-checkout and remove -online.
Change-Id: Ie8d6e35c6e09abf994b8417b3bb20ee379095a25
Reviewed-on: http://gerrit.openafs.org/10407
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
- Add missing option -fix
- Don't use brackets in the option list; we don't do this in most
other manpages.
Change-Id: Ifd87dd749aaab2987b2f9c3224b8e931b7bc221c
Reviewed-on: http://gerrit.openafs.org/10403
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Many manpages for "vos" subcommands were not using the "common" vos
fragments, and instead were just repeating the information directly in
their manpage. Make them all use the "common" vos fragment to avoid
duplication.
Change-Id: I62d84a1164b4ba46082e33a6d27fd24e3722014c
Reviewed-on: http://gerrit.openafs.org/10398
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
- Add missing -config option to 'common' vos options, and to the
synopsis for all commands
- Remove brackets in the options descriptions for vos_shadow,
vos_create, and vos_clone. We don't do this in other manpages.
- vos_create: Add missing -id, -roid to synopsis
- vos_clone: Add missing -readwrite option
- vos_shadow: Add missing -toid option
Change-Id: I41fd56509e78116698c82a2f3f4fd07f26cdc95f
Reviewed-on: http://gerrit.openafs.org/10397
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
- fs_whichcell: Fix formatting typo
- fs_setcbaddr: Change -host to -addr
- Add missing -help to fs_setcbaddr and fs_rxstatproc
- fs_getfid: Add missing -literal to synopsis
- fs_exportafs: List on/off options in single =item. Doing this in
two separate consecutive =items confuses the manpage generator.
- fs_exportafs: Add missing -clipags and -pagcb
Change-Id: I4e986543292f1000fc00456fde486d7da573c9c3
Reviewed-on: http://gerrit.openafs.org/10396
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
