don't try so hard to give up all callbacks. If the server doesn't
respond in 10 seconds, too bad!
cleanup the server probe code a bit. reorganize the code so that we
can avoid unnecessary pointer evaluation. add a missing include file.
* Do not give back callbacks to down servers
* Output more cm_scache_t data in afsd_alloc.log
* call VolStatus_Service_Stopped after the service has stopped
This delta adds an interface to an optional volume status handler.
The handler (if provided) receives status updates when volumes
change state between online, offline, busy, and alldown.
enable afsdb records for get cellinfo lookup outside of afsd_service.exe
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
do not perform afsdb lookup for Freelance.Local.Root cell
The UNIX client does not follow mount points or symlinks when evaluating
ioctl paths during commands such as "fs examine". The Windows client did
which was annoying when you wanted to know the FID of a mount point that
was not properly being evaluated.
Since the library creates its own background thread, the library must
load its own reference to itself to prevent the library from being
unloaded behind its back.
remove the conditionalized code used to give up callbacks in response
to stat cache recycling due to performance impacts described in the
commit for DELTA windows-give-up-callbacks-20070627
This large patch adds support for giving up callbacks in response to three
events:
1. power management suspend
2. power management shutdown
3. stat cache object recycling
The third item is submitted as a condition compilation if GIVE_UP_CALLBACKS
is defined. Properly handing callback give ups and the associated race
conditions with revokes and fetch status requests requires a great deal of
over head. The first attempt used one GiveUpCallBacks RPC for each callback
that was being dropped as the stat cache object was recycled. This resulted
in a 27% performance drop in the MIT stress test. The code that is being
committed maintains a callback give up list on each server object. The
callback is added to the list as the callbacks are dropped and then they
are sent to the server in bulk by the background daemon thread if the
server is known to be UP after a ping. Logic is added to the
EndCallbackRequest and CallbackRevoke operations to ensure that race
conditions are addressed. With all of this, there is a 17% performance drop
in the MIT stress test.
As a result, it is my conclusion that the client side costs associated with
optimizing the load on the server are simply too high. I am committing this
code to ensure that it is not lost. I will remove this support in the next
patch while leaving the support for giving up all callbacks in response
to suspend and shutdown events.
FIXES 63763
probe for something else for 2.4 and older
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
i'll spare you
return an error when the cm_fid_t * is NULL since we can't look up
the volume to obtain a server list without knowing which volume we
should be looking up
if the fidp is known to be NULL, don't call cm_GetServerList()
Add name and ID hash tables for cell lookups. cell lookups occur on
every request. sometimes multiple times. removing the walking of the
cell list when there are dozens of cells decreases cpu utilization and
increases throughput.
there were two sets of registry values that could be used to configure
the daemon thread check intervals. keep the one that was documented
in the release notes and discard the other.
Add a registry value "daemonCheckOfflineVolInterval" to configure the
offline volume check interval.
Ensure that the cm_GetConn... functions initialized the output variables
to NULL on error.
When we are faking the status data we can use the vnode value to determine
if the object should be treated as a directory or file. even is a directory
and odd is a file. This works even when we have never successfully
obtained status data for the object.
If the we can match up the host address from which the revoke was received
with one of our cm_server_t objects, then we know which cell the revoke
has been received from. With that information we can ensure that we only
revoke the status of cm_scache_t objects belonging to that cell.
Reverse the order of the allCellsp list. Append new cells onto the end
of the list. This ensures that the workstation cell will always be the
first in the list. Adding additional cells will not degrade the performance
to the workstation cell.
No longer permit cm_GetCell() or cm_FindCellByID() to return NULL simply
because cm_UpdateCell() failed. The cm_cell_t object still exists and
is valid even if the vlServersp list is empty.
Modify the lock management in cm_GetCell_Gen() to ensure we drop all the
locks.
In cm_Analyze() update the volume status when one of the servers reports
VBUSY or VRESTARTING.
fix deadlock on cm_volumeLock introduced by last week's work
in cm_Analyze, make sure we get a cm_cell_t reference otherwise we
won't find the cm_volume_t we are searching for when ALLOFFLINE or
ALLBUSY.
VMWare adapters have proven unreliable replacements for the Microsoft
loopback adapter. Registering AFS often results in a name space collision.
Add cm_DumpCells() function and dump the cells as part of "fs memdump"
Dump all cm_scache_t and cm_volume_t regardless of reference counts
Fix cm_GetCell_Gen() to not allocate a new cm_cell_t when evaluating
mount points to aliases. Instead, after looking up the alias successfully
search the allCellsp list for the fullname of the cell. If found, use
the existing entry and cleanup the one we were about to allocate.
Use read locks whenever possible instead of write locks when searching
the allCellsp list.
Don't assume that WM_DESTROY is the final message received by a
window. Verify dialog data structures when handling messages and
reset the window data field when freeing the data structure.
Zero should be considered a valid credentials type identifier in
Network Identity Manager.
When checking if an identity is configured to obtain a token for a
specific cell, don't go through the list of cells if AFS tokens
are disabled for the identity.
Similarly, when removing a token for a specific cell from all
identities, don't bother modifying identities for whom AFS tokens
are disabled.
Keep track of whether a specific cell was added to the list of
cells to authenticate for an identity because it was listed in the
configuration or because a token for the cell already existed.
Correct an off-by-one error when calculating buffer sizes for
multi strings which failed to account for a double NULL
terminator.
Don't update the cell->identity mapping if a token for that cell
could not be obtained.
If the list of cell to authenticate for an identity is empty, we
still need to write the empty string to the configuration.
Otherwise, removing all the tokens from an identity will not
result in a configuration change reflecting that.
fix cm_IoctlPathAvailability to return the current volume state.
0, CM_ERROR_ALLBUSY, CM_ERROR_ALLDOWN, CM_ERROR_ALLOFFLINE
modify fs.c to generate messages when the errors are received.
When the system's IP address list changes we invalidate the existing
RX connections and probe all of the servers. A better algorithm is
to probe all vldb servers, invalidate the rx connections, and then
probe all file servers.
update the lwp version of rxi_sendmsg to return the same error, -1,
returned by the pthread version.
replace errno with WSAGetLastError() in the Windows blocks so that
the correct error value is checked.
FIXES 61906
2.6.21.1 introduces an additional .parent pointer in the middle of
the structure. As the OpenAFS code just initialises the structure
with a list, this causes it to assign the value intended
for .proc_handler to .parent
* re-write cm_Analyze to make better use of the known volume
status. VL_Server queries cannot result in CM_ERROR_ALLOFFLINE
messages.
* renamed cm_CheckBusyVolumes to cm_CheckOfflineVolumes.
busy volumes will be reset to srv_non_busy by the function
but there is no mechanism for querying the busy state other
than by attempting to access the resource.
* cm_Analyze will query the state of an offline volume before
deciding whether or not to retry when all volume instances
are offline.
FIXES 61767
1 - task_struct loses thread_info, which is now accessible through the
task_thread_info() macro. A configure test is added to deal with this.
2 - the SLAB_CTOR_VERIFY flag is gone
* changed the enum values for cm_serverRef_t state info to use a
private name space to avoid collisions (srv_)
* added a srv_deleted state for cm_serverRef_t objects. This
state is set when cm_FreeServerList() is called with the
CM_FREESERVERLIST_DELETE flag set. cm_FreeServerList() may
not always delete the cm_serverRef_t from the list if it is
still in use by another thread. the srv_deleted state means
the object's contents are no longer valid and it must be
skipped. It will be deleted the next time the object is
freed and the refcount hits zero.
* the srv_deleted state is also used when a file server reports
either VNOVOL or VMOVED instead of marking the cm_serverRef_t
as offline. This is done to prevent additional usage of the
stale vldb data while waiting for the update volume request
to complete.
* added a state field to the cm_volume_t object (enum volstate
vl_ name space) that maintains the state of the volume based
upon the states of all of the cm_serverRef_t and cm_server_t
objects.
* modified cm_UpdateVolume() to set the state of the cm_volume_t
RW, RO, and BK to either vl_alldown or vl_online. There can't
be any other states because cm_UpdateVolume() destroys any
previous knowledge we might have had regarding busy or offline
volume status
* modified cm_UpdateVolume() to update the volume name in the
cm_volume_t to the volume base name if the previous value was
a volume ID.
* modified cm_FollowMountPoint() to check to see if the volume
name is a volume ID and if so call cm_GetVolumeByID instead
of cm_GetVolumeByName. This ensures that volume IDs are always
looked up as numeric values. There is no longer a need to
maintain a separate cm_volume_t containing the string representation
of the ID value.
* Added a flags parameter to cm_GetVolumeByName() and cm_GetVolumeByID().
The first flag is a "CREATE" flag which is set by all existing
calls. The flag is not set by calls to cm_GetVolumeByID() from
the server probe code when volume status is being updated. We
do not want the server probe operation to result in additional
turnover in the cached volume data. The second flag is NO_LRU_UPDATE
which is set when the server probe code updates the volume status.
This flag will be used to prevent the server probe operation from
changing the order of the least recently used queue.
* Modified cm_GetVolumeByName to ensure that only one cm_volume_t is
allocated for a given set of normal, readonly, and backup volumes
regardless of whether or not the volume is accessed via name or
ID number. The cm_volume_t namep field is always the base name
of the volume.
* Added a new volume state, vl_unknown. This state is used as
the initial state for all cm_volume_t when the cache manager starts,
for each cm_volume_t at creation, and for each cm_volume_t when
recycling. The cache manager does not know the state of all
volumes in the world, only those that are in the cache and for
which it has queried the VLDB and hosting file servers.
* modified cm_GetVolumeByName() to initialize the state of a
volume to vl_unknown. The actual state will be set when a
cm_VolumeUpdate() call completes successfully.
* changed name of scache hash table variables to avoid ambiguity
when adding hash tables for volumes
* fix a buffer overrun in sys\pioctl_nt.c pioctl().
(thanks Asanka)
* modified cm_UpdateVolume() to handle the case in which there is
no RW volume but there is are RO volumes for a given base name.
This is done by querying for the ".readonly" volume name if the
base name does not exist in the VLDB. We never query for the
.backup name because under the current usage model a .backup
volume may only exist on the server that the read-write volume
is located. If there is no RW volume, there can be no .backup.
* Added four hash tables for cm_volume_t objects to improve the
search time of cm_GetVolumeByID(), cm_GetVolumeByName() and
cm_ForceUpdateVolume(). One each for Name, RWID, ROID, and
BKID. Three ID hash tables are necessary as long as it is
desireable to maintain a single cm_volume_t containing all
of the related RW, RO, and BK volume data. Having the RW and
RO volume data in the same object is necessary for the
implementation of cm_GetROVolumeID() which returns either the
RO or RW ID depending upon the existence of RO volume instances.
* Added a volume LRU queue so that volume reuse becomes fairer.
This does not replace the all Volumes list which is used when
it is desireable to walk a list of all the volumes whose order
is not going to change out from underneath you which makes it
safe to drop the cm_volumeLock.
* handles volume hash table updates where volume name to
volume ID number changes. The volume name remains
constant in the cm_volume_t. if a vos rename is performed,
the name of the volume will change and the volume IDs will be
updated. Subsequent access to the old volume ID will create a
new cm_volume_t with the new name.
* Added a daemon thread operation to query the state of volumes
listed as busy or offline. cm_CheckBusyVolumes() calls
RXAFS_GetVolumeStatus() for each volume ID that is marked vl_busy
or vl_offline. If the volume is now online, the status on the
volume is updated. The default period is 600 seconds. This can
be configured with the BusyVolumeCheckInterval registry value.
* Added prototype for smb_IoctlPrepareRead() which was missing a
return type in the function definition.
* Added volume id lists to the cm_server_t. These lists are
allocated in blocks of ~32 IDs. When a cm_PingServer()
detects a change in server state, the state of the cm_volume_t
is updated.
* Added volID to the cm_serverRef_t object. volID is used
to identify the volume for which the object is a referral.
cm_FreeServerList() uses the volID to remove the volume
from the cm_server_t.
* In cm_Analyze, when VNOVOL or VMOVED are received,
call cm_ForceVolumeUpdate() to force a refresh of the volume
location data.
* Added cm_VolumeStatusNotification() which is used at the moment
to log volume status changes to the trace log. It will also
be used as the access point to the File System Filter driver
notification engine.
* Added an all cm_scache_t list to cm_data. This replaces the use
of the stat cache LRU queue when we need to enumerate all
entries. The LRU list order is not static and when using it to
enumerate all entries it can result in items being missed or
items being processed more than once.
* Modified cm_Analyze(). Instead of reseting the busy or offline
state of a volume and forcing a retry of the operation
cm_Analyze will defer to the background daemon thread that will
update the state once every 600 seconds.
* Added the automatic generation of a Freelance ".root" read-write
mountpoint that refers to the root.afs volume of the workstation
cellname at the time the mountpoint is created.
In rxkad_CheckResponse, when checking the return value from tkt_CheckTimes,
the order is == 0, == -1, < -1, <= 0. The <= 0 case is extraneous so
remove it. Both < -1 and <= 0 returned RXKADBADTICKET.
same deal as purge. a transaction on the volume outstanding holds it. we don't need to preclude all access
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
same deal as purge. a transaction on the volume outstanding holds it. we don't n
eed to preclude all access
====================
same deal as purge. a transaction on the volume outstanding holds it. we don't n
eed to preclude all access
FIXES 60809
Problems fixed with this patch:
/1/ supergroup bug: when updating an entry in prdb, the logic in
pt_mywrite is supposed to unset flagged & found bitmap entries.
This failed on little-endian architecture machines.
/2/ warnings; a few fixes to eliminate some compiler noise.
FIXES 60258
Do not return access denied when applying directory patches if the
user does not have read permission. This is the case we want to
fake the directory entries for. Also, make sure we set the directory
attribute on non-files so that the path can be accessed via the
Explorer Shell.
FIXES 60258
When the ACL on a directory is list only, attempts to read the status
of items in the directory will fail. Therefore, it is pointless to try.
Instead, when we know the user ACL does not have read permission, we
should immediately lie about the status info. That way we don't pound
the file server with requests that will produce an abort which in turn
will trigger force the file server to delay responses to the client.
This change has the added benefit that cached status info is no longer
leaked to callers that do not have appropriate permissions.
With this change the Explorer Shell is much more responsive.
don't enforce slowpass restriction on dynroot vcaches (and don't do unneeded work)
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
oops, another change slipped in
ka-forwarder is under a different copyright not previously covered, so
embed the actual licensing in the source rather than referring to a file
that doesn't exist and add the relevant information to the LICENSE files.
When installing on 64-bit Windows we need to install the 32-bit and 64-bit
shell extensions under different HKCR keys. Otherwise, only one of the
explorer versions will get an extension handler.
This change is not as important for OpenAFS as it was for KFW as
OpenAFS does not issue betas with the same build numbers as final
releases. However, for users of daily builds when build numbers
are not being incremented it will provide benefit.
We modify the upgrade rules to include the current version number
and then block the uninstall if the currently installed package
is the one that is being installed.
The change applies to both the regular installer and the 32-bit
tools for WOW64 environments.
FIXES 60161
A dropbox is a directory with ACLs 'li' that permits a user to create
a new file but not be able to read other files within the same directory.
The 1.5 Windows clients have not been able to write to dropboxes since
the addition of the locking code. The lock acquisition test assumed
that if the user did not have PRSFS_LOCK or PRSFS_WRITE that it would
be unable to obtain a lock. It did not take into account the special
treatment of PRSFS_INSERT by the file server and so never bothered to
ask.
As it turns out though, the locking situation is more complex than one
might think. If the server is 1.4.1 or earlier, it will not grant
any locks for users with INSERT. The PRSFS_LOCK privilege is required.
For 1.4.2 through 1.4.4, write locks will be granted if the user has
PRSFS_INSERT but a read lock will not be granted unless the user has
PRSFS_LOCK. Therefore, if the server advertises the WRITELOCKACL
capability bit if the read lock is not granted a write lock can be
attempted.
For 1.4.5 and 1.5.20 and above, the file server will grant read locks
if the user has PRSFS_WRITE or PRSFS_INSERT. (Insert only applies if
the user is the creator of the file).
This patch handles all of the above possibilities. In the pre-1.4.2
case a read-lock request will be faked locally.
the permission to obtain a write-lock is granted either by having the
"w" permission or the "i" when owning the file. The permission to obtain
a read-lock has been granted by having the "k" permission. However it
makes no sense that someone can obtain a write-lock but not a read-lock.
This patch grants permission to obtain read-locks to those who can obtain
write-locks.
Background: OpenAFS is vulnerable to crashing in the linux kernel symlink
code when running on kernel versions between 2.6.10 to 2.6.12. This also
includes all RHEL4 kernels, because RHEL4 includes the code from 2.6.10. The
problem is that the symlink text caching API, page_follow_link() et al, is
unsuitable for network filesystems where the page cache may be invalidated
in parallel with a path lookup.
This crash can be triggered easily by doing a bunch of path lookups
involving symlinks (e.g., stat() on various files pointed to through links),
while simultaneously running 'fs flushvol' on the volume containing the
symlinks.
The simplest way to fix this problem is to disable the use of symlink text
caching when the kernel does not provide a usable symlink API.
Based on Chris Wing's analysis which stated in part:
GFP_NOFS tells the allocator not to recurse back into the filesystem if it's
necessary to free up memory. However, vmalloc() does not have such an
option. Therefore, calling osi_Alloc() to request more than a page of
memory may end up recursing back into AFS to try to free unused inodes or
dentries.
In this case, what happened was that osi_Alloc() is called within an
AFS_GLOCK(); osi_Alloc() calls vmalloc() which tries to free dentry objects,
which then calls back into the AFS module. Unfortunately, AFS_GLOCK() is
already held and we deadlock.
The afskfw library contains an unprotected call to krb5_free_context
which can result in krb5_free_context being called with a NULL pointer.
MIT's Kerberos libraries do not check that the pointer is non-NULL and
will attempt to use it as a valid pointer which will in turn result
in an invalid memory access error.
This library is used by afslogon.dll which is loaded by winlogon.exe.
If the krb5 profile is invalid, the krb5_init_context call will fail
to allocate a krb5_context structure which can then result in
krb5_free_context being called with a NULL pointer.
An unhandled exception within winlogon.exe will cause a blue screen event
on Windows 2000, XP and 2003.
add a new Windows only pioctl VIOC_PATH_AVAILABILITY that is used
to query the server status for a specified path. Return values
include:
online
offline
all busy
all down
not afs
Fix eventlog reporting. Do not attempt to log an event if the event
source registration fails. Use DebugEvent0 instead of DebugEvent
when there are no parameters.
Modify the LOOKUPKEYCHAIN macro to recognize ERROR_MORE_DATA errors.
Fix the reading of Domain specific configuration for LogonScript and
TheseCells. Previously the dwSize value was being overwritten so that
subsequent RegQueryValueEx call would fail.
Fix a memory leak in the TheseCells reading code.
Add support for Domain specific "Realm" specification. The realm is
the realm to be appended to the username. When logging in as a domain
or to the local machine, the specified "Domain" name is not going to be
a valid realm name.
Construct a proper principal name based upon the domain specified realm
for use in obtaining tokens with KFW.
If the domain specified "TheseCells" list includes the default cell,
do not obtain tokens twice.
There are two serious problems with integrated logon:
(1) openafs afslogon.dll obtains Kerberos v5 tickets and then forwards them
into the logon session. This was done because MIT KFW did not have
such functionality. As of KFW 3.1, KFW does, so we are removing it.
the functionality worked by copying the credentials to a FILE ccache
and then using the Logon Event Handler to move the credentials into
an API ccache and delete the temporary file. For non-interactive
logons the Logon Event handlers do not get triggered. Neither do
LogonScripts get executed. As a side effect, for each logon a
credential cache file was left behind.
(2) when combined with non-interactive logons, there are some very bad
side effects if a network provider performs Kerberos v5 operations.
Each logon occurs in a new logon session and will spawn a private
copy of krbcc32s.exe.
As a result, integrated logon is being disabled for non-interactive
logons.
Improve cache manager performance behind NATs:
* drop cm_daemonCheckUpInterval from 10 minutes to 4 minutes to bring
it under the minimum recommended default port mapping idle timeout
value for NATs
* when a timeout on an rx connection occurs, retry the request once
after forcing a new rx connection. If there was a NAT and the port
mapping changed, the server would respond to the original addr:port
associated with the rx connection. Forcing a new connection will
allow the request to be responded to if the server is accessible.
This should eliminate the UP-DOWN-UP-DOWN bouncing that user's have
seen when working from behind a NAT.
move the AFS Server Manager and AFS Account Manager data cache from
the TransarcCorporation key to the OpenAFS key. The data formats are
not compatible between the two versions and we don't want to be forced
to erase data if users switch back and forth between the two products
during OpenAFS evaluation.
Move the detection of which LAN adapter to use from smb_Init to
smb_NetbiosInit so that it is executed after the service is resumed
via a power management event. Otherwise, when the network comes back
up the service attempts to bind to all LAN adapters instead of just
the loopback or the configured one.
find lana by name is used by the afs control panel to populate the
lana list box. don't use the function to find by name. just use
it to generate the list of all lana names.
Remove the find lana by name functionality. It is crucial that the
name computed by the afs service can also be computed by the pioctl
function executed by generic end users without privilege. Unfortunately,
the undocumented functions used to implement find lana by name require
access to registry keys that a generic user cannot read.
In preparation for KFW 3.2, add conditional help registration.
When used with a version of NetIdMgr that supports the functionality
the OpenAFS plug-in will register its HtmlHelp on the NetIdMgr Help
menu.
FIXES 53441
based on suggested change from cg2v@andrew.cmu.edu
tasklist_lock not being exported makes this useless otherwise
S: ----------------------------------------------------------------------
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 53441
based on suggested change from cg2v@andrew.cmu.edu
tasklist_lock not being exported makes this useless otherwise
FIXES 53878
When parsing a path containing a symlink to ".", do not short circuit
the evaluation. Allow cm_Lookup to do its job. Its slower but correct.
MIT Kerberos version 5 release 1.6 adds support for referrals in the
client. As a result krb5_get_host_realm() returns the nul-string for
the realm whenever there is no local domain-realm mapping in the
profile.
aklog must now manually perform the fallback to using the domain of
the vlserver as basis for the realm name if referrals fail.
When processing exclusive locks for files that were opened read-only,
obtain a read-lock instead of a write-lock.
In NTCreateX, if the file is being opened as OPEN_ALWAYS and the file
already exists, do not require write permission
MIT Kerberos version 5 release 1.6 adds support for referrals in the
client. As a result krb5_get_host_realm() returns the nul-string for
the realm whenever there is no local domain-realm mapping in the
profile.
aklog must now manually perform the fallback to using the domain of
the vlserver as basis for the realm name if referrals fail.
This will be required for KFW 3.2 support.
MIT Kerberos version 5 release 1.6 adds support for referrals in the
client. As a result krb5_get_host_realm() returns the nul-string for
the realm whenever there is no local domain-realm mapping in the
profile.
aklog must now manually perform the fallback to using the domain of
the vlserver as basis for the realm name if referrals fail.
This will be required for KFW 3.2 support.
FIXES 53212
clean up ktc code, prototyping et al
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 53212
restore ktc_GetToken prototype
