Initialize Irp->IoStatus.Information to zero immediately upon
beginning processing of the IRP in the write path.
Change-Id: I8d5a717ae8cd3bc44c2a9a65b34fd0549862d293
Reviewed-on: http://gerrit.openafs.org/9128
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
If we are about to write into the cache and we do not have enough
memory we call CcDeferWrite and return STATUS_PENDING. This allows
the cache to call us back when there is memory.
The write is performed on the IO queue which is shared wth paging
writes. However this does not cause paging writes to block in a
memory shortage situation since the request will either be deferred
again (releasing a thread to service a paging write) or will complete
quickly. Further we allocate all our resources upfront so we fail
fast and in the appropriate place.
Change-Id: I4efbc14a97d3b34236643973f1f8f85c7ea194a6
Reviewed-on: http://gerrit.openafs.org/9127
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
If the library pends a request pending memory becoming available
then the FS must ensure that the library stays loaded until the
IRP is completed.
Change-Id: Idbfdd84ecd364c99d3ad9cd8dd7e000f47be4b58
Reviewed-on: http://gerrit.openafs.org/9126
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
We never get non cached and yet paging IO. Even if we did it would
be inappropriate to call CcCanIWrite. Therefore, collapse two if
statements into one.
Change-Id: I95c9030836e4f7dc4f7867a8b8b09b97bf57b429
Reviewed-on: http://gerrit.openafs.org/9125
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
We don't do anything with the return values from afscp_SetDefaultCell
or afscp_SetDefaultRealm, so just ignore them.
Caught by clang-analyzer
Change-Id: Ib7d9e637e5d08df28ad0085302811b243fb21768
Reviewed-on: http://gerrit.openafs.org/9188
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
The GetVenusFid functions all allocate the fid structure immediately
upon entry to the function. When we return with an error, that structure
is never freed.
Update the call sites so that we don't leak this memory.
Caught by clang-analyzer
Change-Id: Iec62316d0fd542e70634f384c8319f90ba6b2649
Reviewed-on: http://gerrit.openafs.org/9187
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix FindCallback so that it actually returns the callback that it
found. This requires changing the function prototype so that the
third parameter is passed by reference, and updating the single
call site.
Caught by clang-analyzer
Change-Id: I420647e9cfd119cf1a26456a91d595b8154ddd85
Reviewed-on: http://gerrit.openafs.org/9198
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
We only use the results of the server lookup when AFSCP_DEBUG
is defined, so only bother actually doing the lookup when that
is set.
Caught by clang-analyzer
Change-Id: If79177e9d06817592b0630db7050cf3d40f3ee5f
Reviewed-on: http://gerrit.openafs.org/9197
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
afscp_ResolvPathFromVol makes a copy of the path passed to it using
strdup. It then iterates across that, removing initial '/' characters.
However, this iteration means that 'p' no longer points to the start
of the allocated memory - when we free 'p', we may actually be freeing
an offset into the block, which will make malloc unhappy.
Make a copy of the result from strdup, and use that to free the block.
Caught by clang-analyzer
Change-Id: I0e7d8c7cf3b70baa4868c65fb4c3a32474557628
Reviewed-on: http://gerrit.openafs.org/9196
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
If afscp_DefaultCell fails, then afscp_ResolvPath returns without
freeing the memory allocated to 'p' by strdup.
Fix this by adding a free() in the appropriate place.
Caught by clang-analyzer
Change-Id: Ic2691d209c913cd600d9a9a1ebb4614dff35aa3b
Reviewed-on: http://gerrit.openafs.org/9195
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
If we can't write to the ubik database, then that's a bad thing.
Don't ignore it.
Caught by clang-analyzer
Change-Id: I08b57a74405cc563c6141251fd3d433b2904ea0e
Reviewed-on: http://gerrit.openafs.org/9176
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tidy up the malloc handling in readpwd, so that we don't leak memory
if the user specifies multiple -c arguments. Also avoid assuming that
free(NULL) will always work.
Change-Id: I95f3fe908572cb5be2d30345ccae0a2858622bd5
Reviewed-on: http://gerrit.openafs.org/9178
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Remove some assignments where we do nothing with the results
Caught by clang-analyzer
Change-Id: I6990a6b21ced10500275176af3f85b7f1cabd334
Reviewed-on: http://gerrit.openafs.org/9177
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Don't assign i to j, when we never use j again in the function
Caught by clang-analyzer
Change-Id: I9dd2d929019ac3cc84cde4e44c4883806bd5964a
Reviewed-on: http://gerrit.openafs.org/9175
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
If we're not going to make use of the return from signal() don't
bother assigning it to a variable
Change-Id: I03cae7ab91d49e90f150a9dc4358c173920adc28
Reviewed-on: http://gerrit.openafs.org/9173
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
We never use the character pointer once we've advanced it past the
slash, so don't bother doing the work of advancing it.
Caught by clang-analyzer
Change-Id: I8ea561d6756685a13892f0635fa2e19b3f1233ab
Reviewed-on: http://gerrit.openafs.org/9171
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
klog assigns into, but never references, the lclpw structure. Just
remove it.
Caught by clang-analyzer
Change-Id: I8e94f97ee3ee6cb15193ad80dd9aef39e6f8490b
Reviewed-on: http://gerrit.openafs.org/9170
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Remove a number of places where we initialise a variable to NULL
immediately before we assign a real value to it.
Caught by clang-analyzer
Change-Id: I74ece8f3a82a5c768d769b74b4ccce12195fc216
Reviewed-on: http://gerrit.openafs.org/9169
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The declaration (and assignment) to size at the outermost scope
in the copyVnodes function is masked by a later declaration at a
inner scope.
Just remove the outer declaration to clarify what's happening.
Caught by clang-analyzer
Change-Id: If23bdcf8a4c2d23d6224762fecce35be9cf15873
Reviewed-on: http://gerrit.openafs.org/9168
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The server specified on the command line is used directly to
initialise the attributes structure. Move the variable so it's
local to the block which uses it, and remove the function-wide
initialiser.
Caught by clang-analyzer
Change-Id: Ia636fae2ed505f6958cefbfbaa72ef7e37edec98
Reviewed-on: http://gerrit.openafs.org/9165
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
There was an error path whilst reading an extended key file which could
result in a key being freed using free(key), and then freed again
through the afsconf_typedKey_put() mechanism. Remove this double free.
Caught by clang-analyzer
Change-Id: I40bff56eddf4cb499ae5b7effdaf82f22379109d
Reviewed-on: http://gerrit.openafs.org/9147
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
prentries is a list of 'struct prlistentries' objects, not a list of
'struct prentry'. Use the correct type in our call to malloc.
Caught by clang analyzer
Change-Id: I6c36e4b875eafb8aff6506cf800d47b45a79825d
Reviewed-on: http://gerrit.openafs.org/9150
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
We don't need to zero the result code two lines before we assign
a new value to it - just remove the pointless assignment
Caught by clang-analyzer
Change-Id: I8fefdc839ef9980d7f7703add3b11b089d524d38
Reviewed-on: http://gerrit.openafs.org/9167
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
ni is unused on the true side of the if expression in nuke() - so
just don't bother populating it.
Caught by clang-analyzer
Change-Id: Idfd088f999f4c4bcdabc03b8b86636aa02541343
Reviewed-on: http://gerrit.openafs.org/9166
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
The value we assign to defp is never used (it's almost immediately
overwritten), and it is guaranteed to be the same as the existing
value. So, just remove the assignment.
Caught by clang-analyzer
Change-Id: I362fe08c623b5046f2c8b0b16c42dcfa12009981
Reviewed-on: http://gerrit.openafs.org/9162
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Don't leak the definition structure when we hit the end of the file
Change-Id: Ief44bb3bdff274167760fda5bcc16903ef8c11ce
Reviewed-on: http://gerrit.openafs.org/9159
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Avoid a NULL pointer dereference if strchr doesn't find any occurence
of '*' in the string. Whilst we handle the not found case when inserting
a mid string terminator, we don't handle it when restoring the string to
its previous value.
Change-Id: Ie0b3e18d89073a1694bba2749111c73f59150bdb
Reviewed-on: http://gerrit.openafs.org/9158
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
In a number of places we have
struct X *val;
val = malloc(sizeof(struct Y));
If sizeof(struct Y) < sizeof(struct X) this is obviously dangerous,
but it is incorrect regardless of the relative sizes of the
structures. Fix all of the occurences of this that clang points out
to us.
Caught by clang-analyzer
Change-Id: Iad32b4ae460d3f40a45cf33624973bf52fd167d4
Reviewed-on: http://gerrit.openafs.org/9156
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Fix assorted places in the code where we might have asked malloc to
allocate a block of zero length.
Caught by clang-analyzer
Change-Id: I6e1226ad83a52984ee7c53cbed8c867f38e4f866
Reviewed-on: http://gerrit.openafs.org/9155
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Because deletion is implemented using a for loop, the step of the
loop that moves us to the next node references freed memory when
we've deleted an element. Fix this by just shortcircuiting the
return from the function so we immediately exit.
Change-Id: Ia820b20ce5937ac86d849cb746b3bc21f46550fa
Reviewed-on: http://gerrit.openafs.org/9161
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
In SendFile we break at the same time as setting the done flag,
so its value is never checked. Just remove it as it is redundant
with the current loop logic.
Caught by clang-analyzer
Change-Id: Ibf8f756b06fd26cb2013ece97eb9196c71ad88bd
Reviewed-on: http://gerrit.openafs.org/9164
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
In bos_ServerOpen, initalise the contents of bos_server structure
to 0 using calloc, so that if we jump to the error handling stuff
before they are assigned real values we don't end up trying to
release garbage.
Change-Id: I687d0b637833a08425e75391eb92a2dd4a150301
Reviewed-on: http://gerrit.openafs.org/9163
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
If the user tries to create a key which is not rxkad, error out
rather than attempt to add a random blob of memory to the KeyFile.
Caught by clang-analyzer
Change-Id: Id2803fe29153f01ab352747caed31b0d0cb4f573
Reviewed-on: http://gerrit.openafs.org/9160
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
There's a couple of places in afs_daemons.c where we do:
if (code != 0)
return;
code = 0;
The final line is obviously redundant, and makes clang sulk at us.
So, remove it.
Caught by clang-analyzer
Change-Id: Ic55edf1b05f3f45eb1f0cecdb3c2318e6f7bd0ec
Reviewed-on: http://gerrit.openafs.org/9154
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
It doesn't make sense to call usd_FileStandard{Input,Output} with
a NULL usd_handle_t (and doing so would crash later in the
function), so don't check for attempts to do so.
Caught by clang-analyzer
Change-Id: I03c0b627056108fe0d6f78d8028323cc4ed74758
Reviewed-on: http://gerrit.openafs.org/9151
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
bulkaddrs_val is a pointer to an array of unsigned ints, not to
an array of ints. Fix the sizeof() used in the call to malloc to silence
a clang warning.
Change-Id: If39f34756984200fed1cd3f3de5833012b86af21
Reviewed-on: http://gerrit.openafs.org/9149
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Using a temporary variable of type (char *) to store the results
of malloc and realloc, and then casting the tmp variable to the
real type causes clang-analyzer to complain. Just simplify this
code by always using the real type in order to shut it up.
Change-Id: I607bb36d1899dc617fdbd9e09e18ff10c9fa9ce9
Reviewed-on: http://gerrit.openafs.org/9148
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Return an IO error if we run out of memory whilst parsing a key file
Caught by clang-analyzer
Change-Id: I783a193fe9315f08d76d1be9b1c77089df25fd64
Reviewed-on: http://gerrit.openafs.org/9146
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
When we're counting the number of keys available, we don't need to
actually extract each key entry - remove the unused assignment.
Caught by clang-analyzer.
Change-Id: I98a30afccaf9a455ea0a7e77e7ca0d648abe4e70
Reviewed-on: http://gerrit.openafs.org/9145
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
'y' is an unsigned int, and therefore can never be less than 0, so
don't bother checking if it is.
Caught by clang-analyzer
Change-Id: I65e9e6e2a6f72a4a1a861234c5db89cc9d99ef15
Reviewed-on: http://gerrit.openafs.org/9138
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
The type that an enum is promoted to for arithmetic is compiler
dependent. We can't assume that it's an int, or a short.
Explicitly cast the volume state enum where clang gets upset.
Change-Id: Iab285d3a04dac698797ab0df2337aee75e3876b2
Reviewed-on: http://gerrit.openafs.org/9137
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The modeBits element of the VnodeDiskObject structure is defined as
a 12 bit wide bitfield. This causes clang some problems when doing
integer arithmetic, as it appears to the compiler that the field is
being overflowed. For example...
targetptr->disk.modeBits &= ~04000;
Produces the error:
implicit truncation from 'int' to bitfield changes value
from -2049 to 2047
Marc Dionne suggested changing this to
targetptr->disk.modeBits = targetptr->disk.modeBits & ~04000;
in order to suppress the clang error.
Change-Id: Iadb53a3db911f5771d3ab2437ccd43abce2a8ecb
Reviewed-on: http://gerrit.openafs.org/9136
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
It seems like some versions of clang have a problem with using
pragmas to stop particular warnings being converted to errors with
-Werror. These compilers require that the warning be ignored completely
in order to suppress it.
Make the necessary changes to afsd and bozo, and update README.WARNINGS
to note the problem.
Change-Id: I66038130695d2ad27c289f29bcd8f6f2eddf1ded
Reviewed-on: http://gerrit.openafs.org/9135
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
clang now complains about statements of the form
if (blah)
;
There's one of these in hcrypto. Until we can get this fixed upstream,
just mark the file as no-error.
Change-Id: I86d1362552ca9ee7b2c47a7c92bd8d6484ab7dbd
Reviewed-on: http://gerrit.openafs.org/9134
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
The butc only ever handles connections over rxnull anyway, so just
specify an array of security objects of length one.
Change-Id: Ia073157488ac6b887f972448074ad1615422e26e
Reviewed-on: http://gerrit.openafs.org/9140
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
If we've received an error from the underlying security class, we must
not try to send the given packet, or we risk security issues. We
currently achieve this by setting an error on the connection. It is
slightly indirect in how this yields an error on this specific call,
and so it may not be immediately clear, but doing so is critical. If
somehow the call does not have an error by the end of this, we cannot
proceed as this is an error condition we do not handle. So, assert.
Change-Id: Ie0106ab170ecb77bb102c5afa3ec44ba2b704283
Reviewed-on: http://gerrit.openafs.org/9122
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
rxi_PrepareSendPacket calls RXS_PreparePacket to allow the security
class to modify the given packet appropriately (to be undone by
CheckPacket on the other endpoint). However, currently
rxi_PrepareSendPacket ignores all errors generated by
RXS_PreparePacket, and processing continues as if there was no error.
For rxkad, an error often results in the given packet being untouched.
This means that the security checksum is not calculated, and thus not
populated in the packet, and for encrypted connections means that the
packet contents are not encrypted.
This occurs for any error generated by the security class
PreparePacket routine. For rxkad, the most common error is probably
RXKADEXPIRED, though some other internal errors are possible as well.
This behavior has a few effects for rxkad:
1. When any error is generated by PreparePacket, the other endpoint
generally bails out with the error RXKADSEALEDINCON, since the
security checksum of the packet is 0, which does not match what the
checksum should be. This results in error messages like 'rxk: sealed
data inconsistent'. This can be very confusing if the actual error
is, say, just that the given credentials have expired.
2. For connections requiring encryption (rxkad_crypt), an error from
PreparePacket means that the packet payload is sent in the clear.
This can happen for about a window size's worth of packets.
3. If a client ignores errors/inconsistencies with the checksum and
encryption, etc, they can keep reading data for the call forever,
even after their credentials have expired.
To fix this, make an error from RXS_PreparePacket cause a connection
error for the given connection, and immediately send a connection
abort. No further error checking should be necessary for the callers
of rxi_PrepareSendPacket, since they already check for call/conn
errors before sending any actual packets.
Change-Id: I87de833730424881dcd3d659870f71191eabafe4
Reviewed-on: http://gerrit.openafs.org/8909
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
