Update and revise chapter two (Issues in Cell Configuration and
Administration) of the Administration Guide for current AFS and current
computing concepts.
Remove references to an AFS-provided login utility and discuss local login
configuration for Kerberos more generically. Further clarify the role of
ssh in ensuring the user has access to files in AFS during remote login.
Improve the inode and namei discussion slightly. Update the setuid
discussion for the new default of disabling setuid for cells and for the
known security flaws in enabling setuid. Modernize terminology for DNS
around cell naming and remove the descriptions of TLDs. We can now assume
our target audience knows this stuff.
Move index terms into the appropriate section for what's being indexed in
a few more cases.
Lots of other, more minor wording changes and updates.
Change-Id: Id8b1ace5afca6b8b7b2082a9a0779a4b91c89dcd
Reviewed-on: http://gerrit.openafs.org/2065
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
this code makes us work in the face of a sub1500 mtu network.
a subsequent commit is needed to make it more effective: attempts
to grow the mtu must be scheduled so we aren't forced to heavily
brute-force on failure to discover the exact mtu immediately;
for performance, we do want to grow to the real mtu.
Change-Id: If876c134efd4b0952035193ef00a6e780f7adc64
Reviewed-on: http://gerrit.openafs.org/2069
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
If LITECLIENT is defined when invoking the WiX based MSI installer
build, we will build a light-weight client installer MSI. This
minimizes the size of the installer for users who only need client
functionality from OpenAFS.
The light-weight client excludes:
- Server components
- Control center components
- Administration utilities
- Debug symbols
Lite-client installer can also be built by invoking target wix-lite
from the root NTMakefile.
Change-Id: I544cdb7170d17358eb235f3c476c468dbae62776
Reviewed-on: http://gerrit.openafs.org/2034
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Many pioctl calls pass as soon as the afs_resourceinit_flag is set,
which happens relatively early, alas before the cell name is set.
PCheckServers and others need the latter and dereference NULL.
Easiest: set the cell name as soon as it is known and the dynroot initialisation
piggy-backed to it can be done.
Change-Id: I9985f2c4a0afddfed04b85338108b3d6e97b64e6
Reviewed-on: http://gerrit.openafs.org/2072
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Document that salvager creates separate logs per partition when doing
a full server salvage and then appends them all to SalvageLog when it
completes.
Change-Id: I2ffa8c79ef83b590f90bb014fc318559deae7113
Reviewed-on: http://gerrit.openafs.org/2035
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
cm_FreeServerList will set the input variable to NULL if the
contents of the list could in fact be freed. If they could not
be freed, the individual entries are marked for deletion and will
not be subsequently used. Do not set the list variable to NULL
after calling cm_FreeServerList otherwise memory can be leaked.
LICENSE MIT
Change-Id: Ia3cacd760d7395a2dd6b063643a8aa86f9e468b9
Reviewed-on: http://gerrit.openafs.org/2078
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Instruct rx library to only perform NAT pings on file server
connections that are actively in use and which are anonymous.
LICENSE MIT
Change-Id: I6b74e8070f2c522ed13e0c06ea7a304cce525ab9
Reviewed-on: http://gerrit.openafs.org/2077
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
When cm_IoctlSkipQueryOptions advances the input buffer
pointer it must also reduce the available input length.
LICENSE MIT
Change-Id: I4e0d673e3ff5d8621e715d33d73616a22211a8a9
Reviewed-on: http://gerrit.openafs.org/2076
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
When querying the registry cellservdb info the KEY_WRITE privilege
is not required, therefore do not request it.
LICENSE MIT
Change-Id: I050717be3afb5df979897ffbef65987160a65149
Reviewed-on: http://gerrit.openafs.org/2075
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
cast away size_t larger than afs_uint32 warnings
use variables with the proper signed vs unsigned state in order
to avoid signed vs unsigned comparison warnings
disable deprecated string function warnings
LICENSE MIT
Change-Id: I78a3786a0766979c8d83cc5dbd06f91e70b0ee47
Reviewed-on: http://gerrit.openafs.org/2074
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
afs_vop_access->afs_VerifyVCache2->afs_GetVCache->afs_FetchStatus->
afs_Analyze->afs_NotifyUser can recurse and try to notify us. Don't
worry about it; we're best-effort.
we lack a lock primitive to see if we own this lock.
Change-Id: Ibc0c8a8164a95f0d268e5f1f42a62c3a28c4ab9d
Reviewed-on: http://gerrit.openafs.org/2081
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The 'up' command currently silently accepts and discards extra
characters when specifying arguments. This can produce rather
confusing behavior such as mistyping '-v -1' as '-v-1' resulting in
the '-v' switch being honored, but the '-1' being ignored. The same
thing occurs for specifying '-v1', even though the usage message
implies that you can combine arguments.
So instead, report an error message for any arguments specified that
are longer than 2 characters, since they are never valid.
Change-Id: I64846b53248ea1d06d03b6ac1fdb4317ba04b03b
Reviewed-on: http://gerrit.openafs.org/2073
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
MIDL is used to generate server stub code for implementing SMB RPC.
Fix the invocation of MIDL so that MIDL can locate include files and
respect AFSDEV_AUXMIDLFLAGS.
Change-Id: I31e90897c8f0d8db6746dbc94a3fe4de53aab060
Reviewed-on: http://gerrit.openafs.org/2033
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
modify setpeermtu to work when a peer is passed in. modify existing
callers. note solaris caches a whole host's pmtu, so use that
on all peers at the host.
Change-Id: Iba05fffd47a7c7b63742d6c539be4fe248336fb7
Reviewed-on: http://gerrit.openafs.org/2068
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
right now, when no port is passed, we don't correctly tweak
the mtu for all peers on a host. do that here.
Change-Id: Ia07f592bf001415d8a76bd3326f2dc6aa0641809
Reviewed-on: http://gerrit.openafs.org/2067
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
if you're disabling krb524, these variables are unused. make them
not be part of such a compile
Change-Id: Ib10e8fc82614b7a821daa7c77540ce246551cb0a
Reviewed-on: http://gerrit.openafs.org/2066
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
For each command only useful with the Authentication Server, add
warnings that the Authentication Server is obsolete and will be
removed in a future version of OpenAFS. Encourage people who care
to update uss to work with a modern Kerberos KDC, recommend kinit
and aklog or klog.krb5 over klog, and warn that klog will be of
limited use without an Authentication Server.
Change-Id: Idc78ba548134b83ac1eea0fb81a5bc38a431bb38
Reviewed-on: http://gerrit.openafs.org/2052
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
if it had tokens before, again, still not worth a nat ping.
nor for the vlserver.
Change-Id: I30281801b604b67b418b8a54a1889c54c8f6e4db
Reviewed-on: http://gerrit.openafs.org/2058
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
vldb_check -fix was very 'topical' in nature. It showed signs that
each sucessive corruption had been treated as a one off needing a
specific fix. This made the code difficult to understand and
incomplete: for instance a single volume on the wrong hash only was
not corrected. Further there was some rather unfortunately code which
would under certain circumstances stamp the last volume at various
places across the file.
This checkin removes all the old code and replaces it with a
'systematic' fix. During the last scan across all the volumes, all
four of the hash chains are rebuild from the ground up. We can then
get rid of the outer 'Mung Until Now Good' iteration and further we
benefit from a linear run time.
Tested by building several different forms of broken-ness in all three
chains and then fixing it.
Now with improved logging and correct non insertion of nonexistant elements
and clean compiled with extra warning.
Change-Id: Id39d806c9c90f67c6967bd99460ba9842a043158
Reviewed-on: http://gerrit.openafs.org/1991
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
vldb_check would just read where it was sent. This means that if a
hash entry was beyond the end of file the read would fail and halt the
program dead.
This change adds checks for that so we can go limping on.
There is no code to fix this sort of corruption. I have another
(preexisting) checkin to do that which will happen once I can get a
clean test run.
This checkin also removes a some pointless debugging printfs.
Change-Id: Ib285e113c8db024de41ffaf6c11ceb2979d07041
Reviewed-on: http://gerrit.openafs.org/1990
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Purely reformatting to make the document more maintainable. There are
no content changes.
Change-Id: I349c8e86de925cbed6e09be529a22e0a08b227f6
Reviewed-on: http://gerrit.openafs.org/2059
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Add a modified version of src/util/test_ktime to the new test suite
as an example of how to write a test program with the new harness.
Change-Id: Ifbceff1905f9f0dd686c2a2d2edc2f8796e7918f
Reviewed-on: http://gerrit.openafs.org/2063
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Creates a new top-level tests directory that will be used for all
future automated test code eventually. Import runtests and the
basic TAP library from C TAP Harness 1.2. Add top-level check and
test targets that build the full source tree and then the new tests
directory, and then runs runtests on the test list.
Change-Id: I896f8ae488cd1dfa8529a10b4b479e45e7c67afe
Reviewed-on: http://gerrit.openafs.org/2062
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Build repair.o with strict aliasing disabled because it addresses the
same data structure via two different structs at the same time. Fix
various other, more minor warnings.
Several fixes here require more Autoconf glue to work properly, but
that's deferred to future work (such as some HAVE_* defines that we
don't probe for and the handling of non-native 64-bit integers in
some of the code).
Change-Id: I721a9fb952d2cf485d2df8e5672e5e5f5d9d6159
Reviewed-on: http://gerrit.openafs.org/2060
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
In 2.6.35, the fsync file operations drops the dentry argument.
Add a configure test and cope.
Change-Id: Iaf660808d52688a4a8fd53a76d8d055602f746b9
Reviewed-on: http://gerrit.openafs.org/2064
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Tested-by: Derrick Brashear <shadow@dementia.org>
AC_CHECK_LINUX_STRUCT for the check for ctl_name in ctl_table instead
of AC_CHECK_LINUX_FUNC.
Change-Id: Ia0e0de5d62ce7f702a3f1d7a5cd4d19ef726095c
Reviewed-on: http://gerrit.openafs.org/2057
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
don't open /dev/console in the fileserver. if you want this,
let syslog do it.
Change-Id: I1d7c0fb4a8582b6c781acdb9ae0764b64dc1c301
Reviewed-on: http://gerrit.openafs.org/1986
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Update and revise chapter one (An Overview of OpenAFS Administration)
of the Administration Guide for current AFS and current computing
concepts.
Replace the Kerberos Server terminology with Kerberos KDC and add
additional details about the relationship between AFS and a Kerberos
KDC. Remove some remaining Authentication Server references. Add
some details about the Protection Server management of the mapping
from Kerberos principals to AFS IDs.
Remove some now-obsolete distinctions and concepts between mainframes
and workstations and recommendations for server systems.
Reorganize the order in which the servers are discussed to follow a
somewhat more natural order.
Be clear that the Backup Server is optional and that there are other
methods available to back up AFS. Mention backing up to disk as well
as tape in a few places.
Change-Id: I57ce083a84ca2a44f7a4383d80b05508e6448284
Reviewed-on: http://gerrit.openafs.org/2045
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Purely reformatting to make the document more maintainable. There are
no content changes.
Change-Id: Ic3fb32ef68c14418b3ac6bab92fda759db89b394
Reviewed-on: http://gerrit.openafs.org/2044
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Add the k_haspag function to libkopenafs, which returns true if the
current process is in a PAG and false otherwise.
The implementation currently duplicates code from the ktc_curpag
function since the latter calls the regular pioctl() interface and
hence introduces an Rx dependency that we're avoiding for libkopenafs.
This should be refactored to avoid the code duplication at some point,
but that will require building a utility library that can be reasonably
linked into libkopenafs and is therefore deferred for future work.
Change-Id: Ib97322ef24dc3a4e48cb45090c516c95b71e9fc7
Reviewed-on: http://gerrit.openafs.org/2041
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Recent libuafs changes changed the libuafs initialization API. Add a
uafs_Init wrapper for compatibility in case someone is using the old
way.
Change-Id: I30611479e0c281526dc52ac6a1969ae526886537
Reviewed-on: http://gerrit.openafs.org/2047
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Use the correct data structures for BOS timestamps. Use afs_int32 for
the expressed timestamps for executables since that's what the BOS RPC
says it's using for right now; we should change this, but when we do,
warnings will catch this use along with the others. Cast some const
char *'s that are passed into BOS functions that take char *'s.
Change-Id: Iff3a6c42241953ed086f8e739cdb344a41a44635
Reviewed-on: http://gerrit.openafs.org/2050
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Provide a more useful abstract and remove the (outdated) specific list
of supported platforms and the M.m version number placeholders. Update
the list of associated documents to match their current titles, and
provide a better description of the Reference Manual.
Reformat the parent document and preface for easier maintenance in the
future.
Change-Id: I42ce78274ed7c4ca7a2f0b9c5ec2e6f7a786adb8
Reviewed-on: http://gerrit.openafs.org/2043
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Remove the 'afsd' symlink in the build setup, along with the other
symlinks. Otherwise, we try to recreate it every time and fail, since
it already exists.
Change-Id: I8fd70d6c29695f92a5a800bea34630221d142370
Reviewed-on: http://gerrit.openafs.org/2046
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Add entries to NEWS for all development releases back to 1.5.36, which
is the point at which I got bored, taken from the release announcements
to openafs-announce. Try to use a relatively readable and consistent
formatting for all the entries and convert the old entries to the new
format (mostly).
Further history can be added from the release announcements when I or
someone else gets bored.
Change-Id: Iaf9171c82ca74cd98be3745d9c1965efc39d889a
Reviewed-on: http://gerrit.openafs.org/2036
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Include additional missing header files for proper function prototypes,
define TRUE and FALSE, and declare krb5_clear_error_message as unused
so that the config_file.c will compile and pass --enable-checking.
Make the build depend on krb5_locl.h.
Change-Id: I25a35098aa81c9d2a0efea48257dcb958602c785
Reviewed-on: http://gerrit.openafs.org/2040
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The width variable was declared twice, for the whole function
and also within the for loop, leaving the first one unused
and triggering a warning and a failed build with enable-checking.
Change-Id: Idd061aa0e9eff1f158bfdbd67a20fe5876570089
Reviewed-on: http://gerrit.openafs.org/2039
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Currently, ubik application cached data could be updated and read by
different threads simultaneously. Add a mechanism in ubik for
protecting accessing and updating the cached data. This adds the
function ubik_CheckCache to do this, and removes ubik_CacheUpdate as
an exported function (since it's not safe).
Update all callers to use the new mechanism. In ptserver, remove the
'initd' variable; just rely on cachedVersion and ubik_CheckCache to
tell us when to re-read the database. Remove db.lock in buserver and
cheader_lock in kaserver, which served similar (though not completely
threadsafe) protection as ubik_CheckCache. Add the ubik database lock
cache_lock to protect the application cache.
Change-Id: I857a67d410e2c539197c5212c3b114c3fd0403c2
Reviewed-on: http://gerrit.openafs.org/1546
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Russ Allbery <rra@stanford.edu>
Change references to the documentation sets that we still ship to
reference the OpenAFS manuals instead of the IBM AFS manuals. Remove
references to the IBM AFS/DFS Migration documentation, since that
doesn't appear to be available anywhere any more, replacing them where
relevant to more generic references to the DFS documentation. Add
links to docs.openafs.org for mentions of the manuals in SEE ALSO, and
standardize on one link format. Replace a few references to the IBM
AFS Release Notes with the actual information in those notes, or drop
the reference if it doesn't seem particularly useful.
Change-Id: Ie9666842f1315891c6a9c37c0424200f4b78bff7
Reviewed-on: http://gerrit.openafs.org/2031
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
this is a cheap way to ensure one nat ping per server. basically,
only do it for the one unauth connection we have.
Change-Id: I4583112d7b4a10a0e8f524795527d99a5b2adf51
Reviewed-on: http://gerrit.openafs.org/2010
Reviewed-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
salvager and salvageserver's documentation of -oktozap says to not use
without consultation with AFS Development or Product Support, left over
from the IBM product. Remove those references and add a caution more
in line with open source.
Change-Id: I136dc145caf3e8e3a992c239e1a46d86f96580ed
Reviewed-on: http://gerrit.openafs.org/2030
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
The -rebuildDB flag was documented to rebuild the Protection Database at
startup, but it was accepted and ignored in the ptserver source, doing
nothing. Remove the documentation and the option recognition in ptserver.
Change-Id: I36f30f38464b602cb4739a958663a6feb5fe27bf
Reviewed-on: http://gerrit.openafs.org/2029
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
-fastKeys wasn't accepted by the kaserver binary, but was still
mentioned in the usage message and the kaserver man page. Remove
the remnants of the flag.
Change-Id: Ifb3ae49ea0cab80c325a77b0eb1062944697b53d
Reviewed-on: http://gerrit.openafs.org/2028
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>