Commit f5f8b933 (viced: add opt to allow admin writes on RO servers)
introduced an extra "the" in the description for the -admin-write
option in fileserver/dafileserver manpage. Remove it.
Change-Id: I98d7073f850a222969f373697ae263b6cef63c38
Reviewed-on: https://gerrit.openafs.org/14051
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Add an initialization retry in the bos, vos, and pts commands to
fallback to the server configuration directory when initialization fails
with the client configuration directory. This allows admins to run
unauthenticated bos, vos, and pts commands on servers without a client
configuration (including symlinks created by the bosserver) without
any extra command line options.
Perform the initialization retry only when the -localauth or -config
options are not given. The bos, vos, and pts commands already use the
server configuration path when the -localauth option is given, so there
is no point in retrying the same path. The vos and pts -config option
specifies the path to be used, so we do not fallback to a different
directory when the user specifies the configuration path to be used.
While here, change the scope of the confdir variable in vos.c from a
global to a local variable, since it is only used within the
MyBeforeProc() function.
This change does not add a vsu_ClientInit() retry in the bos salvage
command. That command always requires authorization, so when run without
-localauth requires a token (and therefore a cache manager and client
cell configuration).
Update the bos, vos, and pts man pages to describe this new fallback
method to lookup the configuration directory. (The AFSCONF environment
variable and .AFSCONF files are currently undocumented in the man pages.
They should be documented or removed from the code in a future change.)
Change-Id: I55c3109494db744e7bc2defcb54eaee3b4e30018
Reviewed-on: https://gerrit.openafs.org/15351
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
There exist in the wild AFS3 clients that improperly construct access
control lists which are then stored to directories via RXAFS_StoreACL
(opcode 134). These clients add negative access control entries (if any)
to the normal rights list.
As there is no method by which a fileserver can determine that the
ACL is improperly constructed, the only method to defend the storage of
broken ACLs is to identify clients that are known to properly construct
ACLs by introducing a new RXAFS_StoreACL opcode (164).
This change:
* Renames RXAFS opcode 134 to RXAFS_OldStoreACL
* Introduces RXAFS opcode 164 as RXAFS_StoreACL
* Implements SRXAFS_OldStoreACL and SRXAFS_StoreACL in the fileserver
via a common_StoreACL() function that accepts the executed opcode
as input.
* To avoid breaking changes in stable release branches,
SRXAFS_OldStoreACL will still be allowed by default, with an option
to cause it to be failed by default with error EPERM/UAEPERM.
A follow-up commit will cause SRXAFS_OldStoreACL to fail by default
on the master branch.
* When opcode 134 is called, the a FileLog entry will be generated
at log level 0 instead of 1 and the entry will contain the string
"CVE-2018-7168".
* Modifies the format of the ACL logged to the FileLog and the audit
stream. Previously the AFSOpaque format was used directly. The
problem with this format is that it uses newlines as the ACE
separator. Since the FileLog and file audit log is intended to
be one line per log entry, the newlines break the file formats.
This change replaces the newlines with spaces for display purposes
unless the process is unable to allocate the additional memory.
* Introduces a new fileserver command line switch -cve-2018-7168-enforce
which when specified causes SRXAFS_OldStoreACL RPCs to be failed.
[kaduk@mit.edu: switch en/disable-by-default behavior and fix argument parsing]
Change-Id: Ic92ef45314d75fbc2b8ff574223fab2d398a1d60
FIXES: 134485
Reviewed-on: https://gerrit.openafs.org/12942
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
As a debugging aid, add a -debug option to the dump subcommand to
display each trace record in raw hex format as well as the normal
decoded format.
Change-Id: I80dd675a07e048e25749a9afb584515effcbc08a
Reviewed-on: https://gerrit.openafs.org/14557
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
New functionality was added to the audit facility that allows multiple
audit logs. The updated audit interfaces require a specific calling
sequence even if multiple audit logs are not used.
Support for multiple auditlogs is not supported for kauth. Since kauth
does not use libcmd for processing the command line, and adding support
for multiple audit log instances requires additional effort, that is not
warranted.
Update kauth to follow the proper calling sequences for the audit
facility.
Update help message and manpage entries for -auditlog and
-audit-interface. Make note that multiple -auditlogs are not supported.
Change-Id: I98111b1e399e6687fde235bc2eadf0a28fa8acf4
Reviewed-on: https://gerrit.openafs.org/13782
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Gerrits #13774 (audit: Support multiple audit interfaces and interface
options) and #13775 (audit: Add cmd helper for processing audit options)
added support in the audit facility for multiple audit logs.
Add command line support to use multiple audit logs for daemons that use
libcmd for command line processing: bosserver, buserver, butc,
fileserver, volserver, ptserver, and vlserver.
Update the daemons to add a call to audit_open, and where possible add a
call to audit_close when shutting down the daemon.
Update help message and manpage entries for -auditlog and
-audit-interface
Change-Id: I4356e1aa84f580897a0e788e2a2829685be891aa
Reviewed-on: https://gerrit.openafs.org/13776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, the volserver SAFSVolDump RPC and the 'voldump' utility
handle short reads from pread() for vnode payloads by padding the
missing data with NUL bytes. That is, if we request 4k of data for our
pread() call, and we only get back 1k of data, we'll write 1k of data
to the volume dump stream followed by 3k of NUL bytes, and log
messages like this:
1 Volser: DumpFile: Error reading inode 1234 for vnode 5678
1 Volser: DumpFile: Null padding file: 3072 bytes at offset 40960
This can happen if we hit EOF on the underlying file sooner than
expected, or if the OS just responds with fewer bytes than requested
for any reason.
The same code path tries to do the same NUL-padding if pread() returns
an error (for example, EIO), padding the entire e.g. 4k block with
NULs. However, in this case, the "padding" code often doesn't work as
intended, because we compare 'n' (set to -1) with 'howMany' (set to 4k
in this example), like so:
if (n < howMany)
Here, 'n' is signed (ssize_t), and 'howMany' is unsigned (size_t), and
so compilers will promote 'n' to the unsigned type, causing this
conditional to fail when n is -1. As a result, all of the relevant log
messages are skipped, and the data in the dumpstream gets corrupted
(we skip a block of data, and our 'howFar' offset goes back by 1). So
this can result in rare silent data corruption in volume dumps, which
can occur during volume releases, moves, etc.
To fix all of this, remove this bizarre NUL-padding behavior in the
volserver. Instead:
- For actual errors from pread(), return an error, like we do for I/O
errors in most other code paths.
- For short reads, just write out the amount of data we actually read,
and keep going.
- For premature EOF, treat it like a pread() error, but log a slightly
different message.
For the 'voldump' utility, the padding behavior can make sense if a
user is trying to recover volume data offline in a disaster recovery
scenario. So for voldump, add a new switch (-pad-errors) to enable the
padding behavior, but change the default behavior to bail out on
errors.
Change-Id: Ibd6e76c5ea0dea95e3354d9b34536296f81b4f67
Reviewed-on: https://gerrit.openafs.org/14255
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit e5b1e6f1 (Add rxgk client options to vl and pt utilities) added
a couple of new command-line options related to rxgk, but didn't add
them to the relevant man pages.
Add a brief description of these new options to the manpages for pts,
vos, ptserver, and vlserver.
Change-Id: I2d9bfdeb0a31d396740ca2a4d42e14c025b6f79e
Reviewed-on: https://gerrit.openafs.org/13947
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add the new option -admin-write to allow write requests from superusers
on file servers running in readonly mode (-readonly). This lets sites
run fileservers in readonly mode for normal users, but allows members of
the system:administrators group to modify content.
Change-Id: Id8ed3513a748815c07cb98e426c1d21ac300b416
Reviewed-on: https://gerrit.openafs.org/13707
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a new command, 'add-random', to allow the creation of a new key
with random data. This is helpful for certain rxgk keys, which only
need to exist in KeyFileExt and not in any other database (like a krb5
KDC), and so aren't derived from a krb5 keytab.
Change-Id: I1f3b27e074b0931deb8645f7550e0b315d82e249
Reviewed-on: https://gerrit.openafs.org/12768
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The current 'delete' command from asetkey only lets the user delete
old-style rxkad keys. Add a couple of new variants to allow specifying
the key type and subtype, so the user can delete specific key types
and enctypes if they want.
Change-Id: If0dfaa70ea0b749dadd52a6b7d62fd3ad2b61d18
Reviewed-on: https://gerrit.openafs.org/12767
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The last valid partition name supported by OpenAFS is /vicepiu, not
/vicepiv. Update the docs and man pages to say so.
Change-Id: I6e1cce775d332d76f605a26f16502c651461994b
Reviewed-on: https://gerrit.openafs.org/13177
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Use the standard routine to pick a client security object, instead of
always assuming rxnull. Respect -localauth as well as being able to
use the current user's tokens, but also provide a -nobutcauth argument
to fall back to the historical rxnull behavior (but only for the connections
to butc; vldb and budb connections are not affected).
Change-Id: Ibf8ebe5521bee8d0f7162527e26bc5541d07910d
The butc -localauth option is available to use the cell-wide key to
authenticate to the vlserver and buserver, which in normal deployments
will require incoming connections to be authenticated as a superuser.
In such cases, the cell-wide key is also available for use in
authenticating incoming connections to the butc, which would otherwise
have been completely unauthenticated.
Because of the security hazards of allowing unauthenticaed inbound
RPCs, especially ones that manipulate backup information and are allowed
to initiate outboud RPCs authenticated as the superuser, default to
not allowing unauthenticated inbound RPCs at all. Provide an opt-out
command-line argument for deployments that require this functionality
and have configured their network environment (firewall/etc.) appropriately.
Change-Id: Ia6349757a4c6d59d1853df1a844e210d32c14feb
Make the actual implementations into helper functions, with the RPC
stubs calling the helpers and doing the auditing on the results, akin
to most other server programs in the tree. This relies on support for
some additional types having been added to the audit framework.
Change-Id: Ic872d6dfc7854fa28bd3dc2277e92c7919d0d0c0
Make a few misc changes to the text for the new -volume-ttl option:
- Minor grammatical/typo fixes
- Emphasize a little more that the default behavior allows for vldb
info to be cached _forever_
- Provide some info on the effects of changing this value
- Provide a suggested "typical" value, to give some clue as to what
should be set here, so a curious user doesn't just set this to the
first value they see (10 minutes)
Change-Id: Ib6b2871b111c392260ea80e26273201b09d4c402
Reviewed-on: https://gerrit.openafs.org/12909
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Commit dfceff1d3a added the
-preserve-vol-stats flag to the volume server. This enabled a change in
the volume server to preserve volume usage statistics during reclone and
restore operations. Otherwise, volume usage counters of read-only
volumes are cleared when volumes are released, making it difficult to
track usage with the volume stats.
Make this feature the default behavior of the volume server and provide
the option -clear-vol-stats to use the old behavior if so desired. This
change makes the -preserve-vol-stats the default, and keeps it as a
hidden flag for sites which may already have that flag set in the
BosConfig.
Since this changes a default behavior of the volume server, this change
is only appropriate on a major or minor release boundary, not in the
middle of a stable series.
Change-Id: I3706ede64b7b18a80b39ebd55f2e1824bb7dbc57
Reviewed-on: https://gerrit.openafs.org/12674
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The unix cache manager caches VLDB information for read-only volumes as
long as a volume callback is held for a read-only volume. The volume
callback may be held as long as files in the read-only volume are being
accessed. The cache manager caches VLDB information for read/write
volumes as long as volume level errors (such as VMOVED) are not returned
by a fileserver while accessing files within the volume.
Add a new option to set the maximum amount of time VLDB information will
be cached, even if a callback is still held for a read-only volume, or
no volume errors have been encounted while accessing files in read/write
volumes.
This avoids situations where the vldb information is cached indefinitely
for read-only and read/write volumes. Instead, the VL servers will be
periodically probed for volume information.
Change-Id: I5f2a57cdaf5cbe7b1bc0440ed6408226cc988fed
Reviewed-on: https://gerrit.openafs.org/11898
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Clone the VLLog man page to create a man page for ptserver log as well.
Fix the spelling of the PtLog file and add a link to the new PtLog man
page in the ptserver man page.
Add the missing PtLog log file name to the bos getlog man page.
Change-Id: I95ad4a2cf380077780160ec78fd1f9bdec132ba7
Reviewed-on: https://gerrit.openafs.org/12294
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit f085951d39 introduced an error in
the bos getlog helpfile.
Modify the helpfile to describe the actual restrictions imposed by
-restricted mode.
Change-Id: I8d8fedb558a1bdbd55d80046b2011f3aacc71b3f
Reviewed-on: https://gerrit.openafs.org/12454
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
This commit adds the afsd -inumcalc command line switch to specify the
inode number calculation method in a platform neutral way.
Inode numbers reported for files within the AFS filesystem are generated
by the cache manager using a calculation which derives a number from a
FID. Long ago, a new type of calculation was added which generates inode
numbers using a MD5 message digest of the FID. The MD5 inode number
calculation variant is computationally more expensive but greatly
reduces the chances for inode number collisions.
The MD5 calculation can be enabled on the Linux cache manager using the
Linux sysctl interface. Other than the sysctl method of selecting the
inode calculation type, the MD5 inode number calculation method is not
specific to Linux.
This change introduces a command-line option which accepts a value to
indicate the calculation method, instead of a simple flag to enable MD5
inode numbers. This should allow for new inode calculation methods
in the future without the need for additional afsd command-line flags.
Two values are currently accepted for -inumcalc. The value of 'compat'
specifies the legacy inode number calculation. The value 'md5' indicates
that the new MD5 calculation is to be used.
Change-Id: I0257c68ca1a32a7a4c55ca8174a4926ff78ddea4
Reviewed-on: https://gerrit.openafs.org/11855
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Don't mention it in the man pages.
Change-Id: I8a6d706f055545642116af5a98fa8c04f533b990
Reviewed-on: https://gerrit.openafs.org/11529
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The ability to set the size of the volume hash table was added
at the same time that DAFS was introduced, and got caught up
in the same preprocessor conditional. However, -vhashsize can
be useful for the traditional fileserver as well (even though
we recommend DAFS over the traditional fileserver), so let it
be used in that case.
Update the man pages accordingly and fix some grammar while here.
Noted by Mark Vitale.
Change-Id: Ic3282c9d661d60cf36f9ffb197e723a3f71da167
Reviewed-on: https://gerrit.openafs.org/12287
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a -s2scrypt option to the volume server, with possible options:
* never -- the existing behavior
* always -- switch to using afsconf_ClientAuthSecure, which uses
rxkad_crypt, for ForwardVolume calls.
* inherit -- encrypt inter-server traffic if the causal client
connection is encrypted. This has the effect of "inheriting" the
"-encrypt" flag given to "vos release", for example.
Thanks to Jeffrey Altman for pointers and to Andrew Deason for noting
the existence of rxkad_GetServerInfo.
[mmeffie@sinenomine.net fix assertion and style update.]
Change-Id: Ia295ba3f29a8494c8250a480fb26594468d2116a
Reviewed-on: https://gerrit.openafs.org/11349
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Thomas Keiser <tkeiser@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
A simple utility to help with the 1.6-->1.8 upgrade by
bulk-converting keys, with some sanity checking.
Change-Id: Ibae9a1ea3b7c3bbad5ffbc02410fa7a4ff6c4d7f
Reviewed-on: https://gerrit.openafs.org/11786
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Do not create new server log files when servers are restarted by
default. External log rotation tools may be used to rotate the logs by
renaming log files and then signaling server processes to reopen
log files.
Add the -transarc-logs option to each server to provide backward
compatibility with the traditional Transarc-style logging. When
-transarc-logs is given, log files are renamed to an ".old" file
(overwriting the existing ".old" file) and the previous the log file is
truncated.
Change-Id: I2eeb67e3db32b2f75fe685b68dab1159e62061e9
Reviewed-on: https://gerrit.openafs.org/11731
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The options -logfile and -config should be enclosed
by angle brackets.
Change-Id: I9e5767b7e43753b37dbc8d86c5346c778f8bab8d
Reviewed-on: https://gerrit.openafs.org/12233
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Update the afsd man page -settime and -nosettime options, which are obsolete
and no longer have any effect. Use the same wording as the other obsolete
options in the afsd man page. Keep the recommendations to use the time keeping
daemons provided by the operating system to maintain the system time.
Change-Id: I08a1bd5ae0b2d6618b3e212ebcbb98f470e33820
Reviewed-on: http://gerrit.openafs.org/12175
Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Remove the salvagerserver option to print log messages to stdout. This
was a carry over from the stand-alone salvager and is not appropriate for
a daemon.
Change-Id: I55b99112278cdabb3e9911948dbda6a628030951
Reviewed-on: http://gerrit.openafs.org/11815
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
These options were copied from the salvager man page and are not implemented by
the salvageserver.
Change-Id: Ib6c5b3fd494f1662b958442863e5fbfc0755a0c2
Reviewed-on: http://gerrit.openafs.org/11817
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Add the missing -syslog and -syslogfacility options to
the salvageserver man page.
Change-Id: I1cb057a8085c4aeda32bb003cc4cec5035d00407
Reviewed-on: http://gerrit.openafs.org/11816
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Document the built-in version sub-command which displays
the OpenAFS version string. This sub-command is provided
by the cmd library.
Document the switch style -version option provided by the cmd
library for the initcmd based commands: afsmonitor, scout,
xstat_fs_test, and xstat_cm_test.
Change-Id: Id421d2c68a5c49a2b1a5abb2f3e9ca64ea36cd3e
Reviewed-on: http://gerrit.openafs.org/11161
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Supergroup information is explicitly present in -members
Change-Id: I25527c093858bc0b029417cbf2bb07717c50bb32
Reviewed-on: http://gerrit.openafs.org/11681
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a manual page for the KeyFileExt file.
Add cross-references from all places which currently reference
KeyFile(5), and update their body text accordingly.
Change-Id: Iab56847fcb59dda0c8a344a626ddb0ff35b98b26
Reviewed-on: http://gerrit.openafs.org/11770
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Prefer KeyFileExt to KeyFile ~everywhere. Make the main documentation
assume a modern cell with KeyFileExt and rxkad-k5, moving the old
rxkad and KeyFile documentation to a new section,
HISTORICAL COMPATIBILITY.
Note that kaserver is deprecated.
Do not mention the Update Server, which is also disrecommended for
new installations.
Add a copyright statement for the new content.
Change-Id: Idcb4940615a00189b655538a9a190cc35153cc89
Reviewed-on: http://gerrit.openafs.org/11769
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
While reviewing gerrit 11678 I noticed the -n flag was
duplicated. Remove the duplicate flag.
Change-Id: I4a63a50199e1564a0b0394445e9dc1569bb08a0c
Reviewed-on: http://gerrit.openafs.org/11688
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
It has been unused since the LWP fileserver was removed.
It was used to set the LWP stack size.
Change-Id: I2ffd3a2f02049a307b668a46b62b31dc9bc128a8
Reviewed-on: http://gerrit.openafs.org/11527
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
These are new files and new content; fix the copyright notice and
license to reflect.
Change-Id: I8d5f00fb7edaf2e3855e2dc2a1af07bba471c0d6
Reviewed-on: http://gerrit.openafs.org/11362
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Make vlserver and volserver suppport a new command line parameter,
"-restricted_query admin". When this is on, the query RPCs that
are not needed for normal cache manager operations are restricted
to administrators listed in UserList. This is off by default.
Change-Id: I2a23a4e99cabd46b19ed491a6520773731a5994e
Reviewed-on: http://gerrit.openafs.org/10927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Gergely Risko <gergely@risko.hu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Commit 070230ab76 added documentation of
the mode parameter to bos setrestricted, claiming that the value 0 is
useless, and commit eee0bf5871 added
documentation of the restrictmode entry in BosConfig, claiming that it
can only be set back to 0 with an editor. Both claims are wrong, since
bos setrestricted -mode 0 will do exactly that (if it succeeds, which
it only can if the server is running in unrestricted mode, which can
be achieved by sending it the FPE signal). Fix the man pages
accordingly.
Change-Id: I07b75f7d0cea2e247fa4f346121de258e35119f5
Reviewed-on: http://gerrit.openafs.org/10885
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Provide a man page for the volscan utility
Change-Id: Ibaecb2b9030ee71d81f13b897694c4cf3b4b9516
Reviewed-on: http://gerrit.openafs.org/10905
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: D Brashear <shadow@your-file-system.com>
Mention the restrictmode entry and the commands for setting and
querying it in the BosConfig man page, and add/fix cross references
between the BosConfig, bos, bos_getrestricted and bos_setrestricted
ones.
Change-Id: I938ef4c43c1a248335f09975c454b36f7570782c
Reviewed-on: http://gerrit.openafs.org/10874
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
- Consistently specify -dryrun and -n across various subcommands.
Many did not list -n, some listed -n but no -dryrun, and some
listed -noexecute instead.
- backup_volrestore: Add missing option -usedump
- backup_deletedump: Add missing options -groupid, -dbonly, -force,
and -portoffset
Change-Id: Iec1c36cba0ad0e61d7e6215c9cba81228b95a81f
Reviewed-on: http://gerrit.openafs.org/10441
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
This option is completely useless since the LWP volserver was removed.
Remove the code for it.
Change-Id: I2257ba2ecd2ffeb9c47d21cbb516d6a0abb19b94
Reviewed-on: http://gerrit.openafs.org/10424
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
