Commit f5f8b933 (viced: add opt to allow admin writes on RO servers)
introduced an extra "the" in the description for the -admin-write
option in fileserver/dafileserver manpage. Remove it.
Change-Id: I98d7073f850a222969f373697ae263b6cef63c38
Reviewed-on: https://gerrit.openafs.org/14051
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
There exist in the wild AFS3 clients that improperly construct access
control lists which are then stored to directories via RXAFS_StoreACL
(opcode 134). These clients add negative access control entries (if any)
to the normal rights list.
As there is no method by which a fileserver can determine that the
ACL is improperly constructed, the only method to defend the storage of
broken ACLs is to identify clients that are known to properly construct
ACLs by introducing a new RXAFS_StoreACL opcode (164).
This change:
* Renames RXAFS opcode 134 to RXAFS_OldStoreACL
* Introduces RXAFS opcode 164 as RXAFS_StoreACL
* Implements SRXAFS_OldStoreACL and SRXAFS_StoreACL in the fileserver
via a common_StoreACL() function that accepts the executed opcode
as input.
* To avoid breaking changes in stable release branches,
SRXAFS_OldStoreACL will still be allowed by default, with an option
to cause it to be failed by default with error EPERM/UAEPERM.
A follow-up commit will cause SRXAFS_OldStoreACL to fail by default
on the master branch.
* When opcode 134 is called, the a FileLog entry will be generated
at log level 0 instead of 1 and the entry will contain the string
"CVE-2018-7168".
* Modifies the format of the ACL logged to the FileLog and the audit
stream. Previously the AFSOpaque format was used directly. The
problem with this format is that it uses newlines as the ACE
separator. Since the FileLog and file audit log is intended to
be one line per log entry, the newlines break the file formats.
This change replaces the newlines with spaces for display purposes
unless the process is unable to allocate the additional memory.
* Introduces a new fileserver command line switch -cve-2018-7168-enforce
which when specified causes SRXAFS_OldStoreACL RPCs to be failed.
[kaduk@mit.edu: switch en/disable-by-default behavior and fix argument parsing]
Change-Id: Ic92ef45314d75fbc2b8ff574223fab2d398a1d60
FIXES: 134485
Reviewed-on: https://gerrit.openafs.org/12942
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Gerrits #13774 (audit: Support multiple audit interfaces and interface
options) and #13775 (audit: Add cmd helper for processing audit options)
added support in the audit facility for multiple audit logs.
Add command line support to use multiple audit logs for daemons that use
libcmd for command line processing: bosserver, buserver, butc,
fileserver, volserver, ptserver, and vlserver.
Update the daemons to add a call to audit_open, and where possible add a
call to audit_close when shutting down the daemon.
Update help message and manpage entries for -auditlog and
-audit-interface
Change-Id: I4356e1aa84f580897a0e788e2a2829685be891aa
Reviewed-on: https://gerrit.openafs.org/13776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add the new option -admin-write to allow write requests from superusers
on file servers running in readonly mode (-readonly). This lets sites
run fileservers in readonly mode for normal users, but allows members of
the system:administrators group to modify content.
Change-Id: Id8ed3513a748815c07cb98e426c1d21ac300b416
Reviewed-on: https://gerrit.openafs.org/13707
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit dfceff1d3a added the
-preserve-vol-stats flag to the volume server. This enabled a change in
the volume server to preserve volume usage statistics during reclone and
restore operations. Otherwise, volume usage counters of read-only
volumes are cleared when volumes are released, making it difficult to
track usage with the volume stats.
Make this feature the default behavior of the volume server and provide
the option -clear-vol-stats to use the old behavior if so desired. This
change makes the -preserve-vol-stats the default, and keeps it as a
hidden flag for sites which may already have that flag set in the
BosConfig.
Since this changes a default behavior of the volume server, this change
is only appropriate on a major or minor release boundary, not in the
middle of a stable series.
Change-Id: I3706ede64b7b18a80b39ebd55f2e1824bb7dbc57
Reviewed-on: https://gerrit.openafs.org/12674
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Don't mention it in the man pages.
Change-Id: I8a6d706f055545642116af5a98fa8c04f533b990
Reviewed-on: https://gerrit.openafs.org/11529
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The ability to set the size of the volume hash table was added
at the same time that DAFS was introduced, and got caught up
in the same preprocessor conditional. However, -vhashsize can
be useful for the traditional fileserver as well (even though
we recommend DAFS over the traditional fileserver), so let it
be used in that case.
Update the man pages accordingly and fix some grammar while here.
Noted by Mark Vitale.
Change-Id: Ic3282c9d661d60cf36f9ffb197e723a3f71da167
Reviewed-on: https://gerrit.openafs.org/12287
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a -s2scrypt option to the volume server, with possible options:
* never -- the existing behavior
* always -- switch to using afsconf_ClientAuthSecure, which uses
rxkad_crypt, for ForwardVolume calls.
* inherit -- encrypt inter-server traffic if the causal client
connection is encrypted. This has the effect of "inheriting" the
"-encrypt" flag given to "vos release", for example.
Thanks to Jeffrey Altman for pointers and to Andrew Deason for noting
the existence of rxkad_GetServerInfo.
[mmeffie@sinenomine.net fix assertion and style update.]
Change-Id: Ia295ba3f29a8494c8250a480fb26594468d2116a
Reviewed-on: https://gerrit.openafs.org/11349
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Thomas Keiser <tkeiser@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Do not create new server log files when servers are restarted by
default. External log rotation tools may be used to rotate the logs by
renaming log files and then signaling server processes to reopen
log files.
Add the -transarc-logs option to each server to provide backward
compatibility with the traditional Transarc-style logging. When
-transarc-logs is given, log files are renamed to an ".old" file
(overwriting the existing ".old" file) and the previous the log file is
truncated.
Change-Id: I2eeb67e3db32b2f75fe685b68dab1159e62061e9
Reviewed-on: https://gerrit.openafs.org/11731
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
It has been unused since the LWP fileserver was removed.
It was used to set the LWP stack size.
Change-Id: I2ffd3a2f02049a307b668a46b62b31dc9bc128a8
Reviewed-on: http://gerrit.openafs.org/11527
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Make vlserver and volserver suppport a new command line parameter,
"-restricted_query admin". When this is on, the query RPCs that
are not needed for normal cache manager operations are restricted
to administrators listed in UserList. This is off by default.
Change-Id: I2a23a4e99cabd46b19ed491a6520773731a5994e
Reviewed-on: http://gerrit.openafs.org/10927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
This option is completely useless since the LWP volserver was removed.
Remove the code for it.
Change-Id: I2257ba2ecd2ffeb9c47d21cbb516d6a0abb19b94
Reviewed-on: http://gerrit.openafs.org/10424
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
- Fix synopsis formatting, so option arguments are on the same line
as the option name
- Add missing options -rxmaxmtu, -rxbind, -syslog, and -sleep
Change-Id: I6e6f06d716e7f78be288bfebde97a3701f086924
Reviewed-on: http://gerrit.openafs.org/10394
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Add options to the fileserver to specify alternate locations for
the log file and the config. This will be useful for testing
purposes.
Change-Id: I3550bd993fe5fd2cd9b90425962c95cb1c7d98ea
Reviewed-on: http://gerrit.openafs.org/9830
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Add options to specify alternate locations for the configuration
files and the log file. This will be helpful for testing.
Change-Id: I4169bc1944719773155931860c6a6dd2fd672f53
Reviewed-on: http://gerrit.openafs.org/9828
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The actual behavior of FDH_SYNC has changed a bit over the years, and
some people want one behavior, and some want another. Make it possible
to make this choice at runtime with the new -sync option, instead of
making this decision by running with different patches.
Note that FDH_SYNC is not a macro anymore, nor is it an inline
function. While it could be a macro, it would look a bit complex, and
there are some oddities with trying to use vol_io_params inside the
FDH_SYNC expansion (vol_io_params is not declared for LWP, for
example). And having it be an inline function causes problems with
some odd linking dependencies. For example, vlib.a contains volume.o,
but does not contain a definition for DFlushVolume (dir/buffer.c),
which is referenced in volume.o. 'vos' uses vlib.a, but does not
bring in anything that defines DFlushVolume. Currently this appears to
not cause a problem because 'vos' uses nothing from volume.o, so the
dependencies of volume.o don't matter. Adding an inline FDH_SYNC for
platforms that don't support 'static inline' would add a dependency to
volume.o (via vol_io_params), which causes an error for the lack of a
DFlushVolume.
Those are possibly just some problems, and may not be all. So instead,
make it so we don't have to deal with that and just have a normal
function. While FDH_SYNC may be called in a performance-critical
section, the overhead of a real function call is nowhere near the
delay of an actual fsync(), so presumably any overhead doesn't matter.
Change-Id: I23620bd8ac31b9019e9d55cb46ec9f3a75f5675c
Reviewed-on: http://gerrit.openafs.org/9694
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
2 terabytes is 2^41 bytes, not 2^31 bytes. Also clarify that volumes
can be much larger than this.
FIXES 130188
Change-Id: Id667b2827900dbe447828d773c7b90e9611288a2
Reviewed-on: http://gerrit.openafs.org/7598
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Several small fixes for spelling and grammar.
Change-Id: I5c1cbc933cd683f997b8bb649408d57d84a110f2
Reviewed-on: http://gerrit.openafs.org/3890
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Add the -offline-timeout and -offline-shutdown-timeout options to the
fileserver, to implement interrupting clients accessing volumes we are
trying to take the volume offline. Document the new options.
Currently this is only implemented for read operations. Implementing
this for write operations and callback breaks will require more work.
This also removes the VGetVolumeTimed interface from the volume
package, since the fileserver was the only user and with this change
the fileserver now uses the VGetVolumeWithCall interface.
Change-Id: I2c6246d522d37dfd2fa0ecf69d6f71803b2acc03
Reviewed-on: http://gerrit.openafs.org/2984
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The fileserver synopsis was missing the leading 'fileserver' before
the options list. This causes the options list to not be interpreted
as POD, and so you get a lot of ugly unprocessed POD markup in the man
page. Fix that.
Change-Id: I8e2faf6d46a81185967d30b1669d3f48cbf269dd
Reviewed-on: http://gerrit.openafs.org/3301
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
