Fix two bugs reported via Windows Crash Reporting:
* Freelance initialization is somehow broken allowing the number of
locally defined mountpoints to become negative. Due to the use of
!= instead of < in loops, it is possible to read/write unallocated
memory.
* GetTextualSid() was not properly handling a NULL output buffer
pointer as an indication that the desired size should be returned.
(cherry picked from commit 77de32ed745d912e35990c5602b4a69a1b654973)
* AFS_Logoff_Event must destroy tokens even if integrated logon is not
being used unless LogoffPreserveTokens is non-zero
(cherry picked from commit 18e7ef272ab4efbd599c5d10174f0afd87c57c2e)
* fix LogoffPreserveTokens to work in the correct direction
* modify behavior to avoid domain controller queries when integrated
logon is disabled or the logon account is local
(cherry picked from commit f213588374ab92e27bb524cd747152270f9290ca)
* cell names must be treated as case insensitive
* smb logoff messages do not mean the user is logging off the machine.
do not use as an indication that tokens should be destroyed
* use the correct lock and avoid a deadlock when handling dead VCs
(cherry picked from commit 22b02189ecc70a94410fb1648da987d0964ddcaf)
* remove all references to 'dead_vcp'; cleanup smb_vc_t's as soon as
we know they are dead
* add mx holds across the cm_cell_t updates
* add cm_FindSCacheParent() and remove duplicate code elsewhere
* add mx holds across scp->flags updates
* add cm_CleanFile()
* clear CM_SCACHEFLAG_CALLBACK when discarding callbacks
* fix smb fid wrapping. wrap at 0xFFFF instead of 0 because 0xFFFF
is -1 which is INVALID_HANDLE
* add missing mx holds around vcp->flags updates
(cherry picked from commit 8b39114d5b36f60904e5a615a16b43b7e65c3017)
Fixup token deletion logic
Surround all references to smb_fid_t flags and other references
by obtaining and releasing the 'mx' lock.
(cherry picked from commit bceabce8498127c550bbe5a9a430c8589f76d162)
Further testing revealed that some smb_vc_t objects could not be freed
because the associated smb_fid_t objects never reached a zero refcount.
Additional auditing uncovered cases in which there were holds not being
released and others in which they were released to many times. This
patch fixes the problems and improves auditability by modifying the
behavior of the smb_IoctlXXX() functions to not release a reference
that was obtained by the caller. Now the caller releases the reference.
* re-enable LogoffTokenTransferTimeout and LogoffTokenTransfer.
Tokens are now destroyed at logoff based upon the values specified
here. Default is ON and 120 seconds. Setting this to OFF will
result in tokens never being destroyed. This will leak memory.
* protect global queues with mutexes and avoid a variety of race
conditions.
(cherry picked from commit 97304b84f76154d067717e3b34a3525abebc0cf7)
This patch:
(1) removes the rest of the dead logoff code that was originally
stripped of any meaning by DELTA
winnt-win2000-win98-afs-client-updates-20010623.
(2) gives new meaning to smb_TokenTransfer and smb_TokenTransferTimeout.
these variables now control how long a smb_username_t and its
associated cm_user_t and its cm_cellinfo_t (including tokens)
will be preserved after a logoff.
(3) adds logic to detect logoff conditions
(4) adds cm_CheckVCs(). This function probes the SMB client with a ECHO
response to determine if the associated SMB virtual circuit is still
valid. This is executed once every five minutes by smb_Daemon()
and whenever the machine's IP addresses change. This allows
abandoned VCs to be detected and the associated user credentials,
file handles, and locks to be cleaned up. This will also prevent
the exhaustion of the limited number of SMB sessions.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
and remember to mark the session dead so it can be re-used
====================
fix an error caused by patch conflict during pullup
(cherry picked from commit 7fde756a2c6f17e6a3b0db7659c6edcc2eaa0bd7)
The Integrated Logon hack of setting a token for a smb name different
than the one associated with the current smb session fails when smb
virtual circuits, sessions and username objects are properly reference
counted. When refcounts are not leaked the constructed smb_username_t
is destroyed immediately after the token is set since there are not
references to it from a current session.
The fix is to mark the smb_username_t object with a flag indicating that
it was created by the Network Provider. This flag prevents the destruction
when the refcount is zero so that it will be available at the time the
smb session is created (just a moment or two later.) During the binding
of the smb_username_t to the smb_vc_t the flag is cleared allowing the
tokens to be destroyed when the smb session is closed.
(cherry picked from commit 70b76b3a1cff1dabe9b10b8222cd84fc207b6704)
In smb_ReceiveNTCreateX the lock check, cm_CheckNTOpen(), must take place
before we allow the file to be truncated.
(cherry picked from commit d921ee381aa46e4385524f0c31ca5ad606aa920a)
This patch fixes several issues:
* the smb virtual circuits can be active and/or dead. this patch
improves the handling of vc's making the transition from active
to dead
* correct the refcounts on the smb_user_t and smb_vc_t objects
* replace the deprecated GetCurrentTime() with GetTickCounts() which
is the new name. This function needs to be replaced with something
else because its return value wraps after 49.7 days
* hold the correct locks when adjusting the scp->fileLocksH queue
(cherry picked from commit 880a6b66a5477e092d5bb74febbf24639d786c64)
the smb_username_t objects are reference counted but they were never
released on their own accord. Instead the smb_uid_t objects when
released were also cleaning up the smb_username_t. Since the smb_username_t
is reused, now that smb_user_t objects are being cleaned up, this was
a problem.
(cherry picked from commit a9df3ca715f483a31c14b72bae3f548a4c9291d4)
When SMB sessions are prematurely terminated as part of the tear down
of the virtual circuit we must clean up any remaining file handles,
tree connections, and user sessions.
(cherry picked from commit 78c40badbd8c65d82f6c384fdff8056c03100b67)
* Update architectural documentation
* Allow locks to be obtained as soon as it is possible instead of
enforcing a requirement that locks be granted in order.
* Fix other bugs
* Disable byte range lock processing
(cherry picked from commit f057d9515c72609e4ca9e51ff96f658689679497)
If osi_InitDebug() fails due to RPC_S_NO_PROTSEQS, log to the afsd_init.log
file a warning indicating that the registry should be examined for a
misconfiguration of Windows.
(cherry picked from commit 8204b5968c0181e094f8369b94c5a4cf1a9de04a)
prevent a panic condition if "fs setserverprefs -vlserver" is executed
more than once before the vlserver is associated with a cell.
(cherry picked from commit b99bd38da60f374a03382090fdaae906a00c8428)
correct the construction of the client name (with realm) when krb524
is being used.
(cherry picked from commit eeee5a9e14a693538a62565483db8f1b3d46cc99)
Initialize 'code' to non-zero at the top of each loop to avoid
setting the last updated timestamp on skipped locks
(cherry picked from commit 030ecf1af9773c0e058ded784dd096fc886fd6d8)
When afscreds.exe performs a drive map renewal it should not delete
all existing drive mappings. This undoes the efforts of the AFS
logon network provider and any persistent mappings created with the
explorer shell. This patch extends the interface to provide a mode
in which DoMapShareChange does not remove unknown drive mappings.
(cherry picked from commit 5ce322c9f13522cf96addaf09804021c6d78b22f)
add logic to process VNOVNODE in cm_Analyze. Force re-evaluation of symlink
strings and flush the stat cache entry.
force the use of new rx_connections when the server is marked down.
prevent server objects from being freed if user preferences are set.
remember to release all of the locks we obtained from the file server
at shutdown.
(cherry picked from commit 685ba16a0b9db8cf5df2e875ff9a6e5b72d6539c)
A windows specific file locking test app for exercising the byte range
locking code.
(cherry picked from commit 8cf272e5f16abfe6b90b01bc613bf7f47bc4336c)
the windows client was not treating Verror responses from the server
as indicating the server as up if they were positive
(cherry picked from commit eaa142645227b1af8a7d41f8b9c376ddf789c532)
the daemon up server check was set for 1 hour and not ten minutes.
turned all interval constants into variables so that they can be
set via registry entries at a future time.
(cherry picked from commit 288886618b347cdd2d4bfaa06a2df18b1a24229e)
If a request is received to create the root directory of a device,
return CM_ERROR_EXISTS instead of CM_ERROR_NOTFOUND for the nul-string
file name.
(cherry picked from commit 47cc7643e1b04bacd858a3893accab8c377b34ac)
The large integer support was applying a <<32 to a 32-bit value.
This is an undefined operation.
(cherry picked from commit 8b0b064f7ec60d8b5913248c97553ce3b7fdb775)
cm_Lock(), cm_RetryLock() should not interpret servers be unreachable as
a sharing violation.
(cherry picked from commit 9f0f50a2b165392fc0a62f82d8c54e35108ab429)
add a monitor to watch for IP Address changes. When a change is detected,
wait 2.5 seconds for things to settle down and then check to see if down
servers are reachable.
(cherry picked from commit a923af27265c8d0aa359d57c8c47b50eb0dbeee3)
Windows Firewall Policy cannot be accessed by a service unless from the
Service Manager thread nor until the service is in a RUNNING state.
Firewall configuration moved to cm_Daemon() thread.
(cherry picked from commit cd98a20f1c9e89eb44ef5c5349337292bd3ba243)
