Cummulative update of changes including:
* Add code to block the issuance of AFS tokens by aklog.exe or
afscreds.exe when the Kerberos 5 principal name contains a dot.
* Modify the IsAdmin() function to always treat the local SYSTEM
account as an AFS client administrator. Affects fs.exe and
afs_config.exe.
* Modify the internal handling of Quota Exceeded errors
* Upgrade all reference count fields in the Windows cache manager
and the osi library to use unsigned long instead of signed short.
A similar fix has been applied to the afs rpc (rx) library.
* fix the Windows cache manager to prevent it from replacing the
rx_connection object associated with the cm_conn_t object on each
and every operation if "fs crypt" was set. This explains the
dramatic performance difference when crypt is used vs clear.
The problem: 'cryptall', a boolean flag indicating whether or not
"fs crypt" is set, was being compared to the rx_connection
cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
1 != 2 and therefore the rx_connection was always destroyed
and replaced on each and every operation.
Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
It is not safe for the cm_conn_t object to not be locked because
rx_DestroyConnection might be called from another thread if:
- the user's tokens have changed or expired
- the crypt mode has changed
This fix appears to have also taken care of the problems associated
with Overlapped Writes resulting in Delayed Write errors.
* fix NSIS installer's AdminGroup.exe to properly create and
remove groups when given -create or -remove. The string comparison
test was wrong.
* fs sysname now accepts a list of sysname values
* added a new registry value HKLM\SOFTWARE\OpenAFS\Client "IoctlDebug"
DWORD which when set to a non-zero value will cause error message
text to be output to stderr from the pioctl() routine. Useful in
debugging failures of fs.exe, tokens.exe, etc.
* added a test to the power management code to only perform a
flush operation if there is at least one network adapter which
is not a loopback adapter.
* Fix bug in loading of registry value HKLM\SOFTWARE\OpenAFS\Client
"EnableKFW". This value will not be read if the key
HKCU\SOFTWARE\OpenAFS\Client exists; even if the "EnableKFW"
value under that key does not.
* provide mechanisms to force the use of krb524d for Kerberos 5
ticket to AFS token conversion. For afslogon.dll and afscreds.exe
there is a new registry value "Use524" and for aklog.exe a new
command line parameter "-m".
* Fix the pattern matching algorithm to properly match patterns
ending with a '*'.
* smb_ReceiveCoreRename() was factored to produce smb_Rename()
which is used by both the original function and the new
smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
creation of HardLinks in addition to Renaming. smb_Link()
is a new function which creates HardLinks via cm_Link().
cm_Link() is a new vnodeops function which creates links
using RXAFS_Link().
smb_ReceiveNTRename() does not support the File Copy and
Move Cluster Information operations described in its interface.
ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
* When opening files via symlinks, we should follow the symlinks
until we reach the actual file stat cache entry. The stat cache
entry of the file should then be stored in the FID instead of
stat scache entry of the symlink.
* return bad operation errors for all unimplemented functions
even if we do not know the functions exist.
* Log bad packets and unknown operation packets to the trace log
* Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
0xC09820FF
* Update list of known CIFS operations to include all those listed
in CIFS-TR-1p00_FINAL.pdf.
* Modify the handling of HKLM\SOFTWARE\OpenAFS\Client\Submounts
to support the REG_EXPAND_SZ type.
* fix the Windows cache manager to prevent it from replacing the
rx_connection object associated with the cm_conn_t object on each
and every operation if "fs crypt" was set. This explains the
dramatic performance difference when crypt is used vs clear.
The problem: 'cryptall', a boolean flag indicating whether or not
"fs crypt" is set, was being compared to the rx_connection
cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
1 != 2 and therefore the rx_connection was always destroyed
and replaced on each and every operation.
Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
It is not safe for the cm_conn_t object to not be locked because
rx_DestroyConnection might be called from another thread if:
- the user's tokens have changed or expired
- the crypt mode has changed
* Modify cm_Lookup to evaluate a list of possible values for @sys
instead of just a single entry. Re-write cm_ExpandSysname and
add cm_LookupInternal.
* Reformat affected files
* Add cache file name to cache creation errors
(cherry picked from commit d8453a3f46)
Add a new registry value HKLM/SOFTWARE/OpenAFS/Client "IoctlDebug" DWORD
which when set to a non-zero value will output error messages to stderr.
This is to assist in debugging ioctl failures when fs.exe, tokens.exe,
etc. fail because of an inability to open the ioctl file name.
(cherry picked from commit e845efc442)
FIXES 15250
One more fix for the symlink problem. Access control checks cannot be
performed until after we have walked all of the symlinks. Otherwise,
we are checking access to the symlink itself and not to the file.
(cherry picked from commit fdaf6f7933)
The windows power management code responds to a request to suspend or
hibernate by performing a "fs flushvol" as the logged in user on each
of the SMB/CIFS mounted shares. This can be very time consuming if
the cell servers cannot be reached.
This patch adds a test to ensure that there is at least one network
adapter in the machine which is not a loopback adapter.
While developing this patch other areas of concern have been raised.
The power management code waits a fixed period of time based upon
the hard dead timeout before allowing the suspend/hibernate to continue.
This allows the machine to shutdown even if there are active flush
operations being performed. This defeats the benefit of performing
the flush at all.
A better mechanism could be developed if the functions called via
cm_IoctlFlushVolume returned and checked error codes. Then it might
be possible to abandon the flush operation if a Server Not Reachable
state was obtained.
The power management flush operations will also not work on Terminal
Server. This would be important in the case where a terminal server
is shutting down due to a switch over to a UPS. The reason it does
not work on Terminal Server is that there is that it is not possible
for afsd_service.exe to enumerate the SMB/CIFS shares and impersonate
the individual logged in users.
It would be preferred for there to be a new cm_FlushAll() function
implemented which was not dependent on the use of the ioctl mechanism
for the purpose of identifying a volume ID or a user ID.
(cherry picked from commit 2469663d0d)
Fix the registry query in afskfw.lib to read the HKLM machine value
even if the HKCU key is present.
Update text in the install notes to better describe the krb524
issues
(cherry picked from commit d69e6641e5)
Provide mechanisms to force the use of krb524 via afscreds, afslogon,
and aklog. afslogon and afscreds rely on a new "Use524" registry value
(see registry.txt) and aklog has a new "-m" command line option.
(cherry picked from commit b400902339)
FIXES 15365
The pattern matching algorithm was failing to match strings when the
pattern terminated in a '*'. The logic was also too complex because
it failed to simply the patterns prior to processing. Any combination
of '*' and '?' == '*' according to the Windows file name pattern
matching rules.
(cherry picked from commit a135e0d30c)
FIXES 915
FIXES 15250
* smb_ReceiveCoreRename() was factored to produce smb_Rename()
which is used by both the original function and the new
smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
creation of HardLinks in addition to Renaming. smb_Link()
is a new function which creates HardLinks via cm_Link().
cm_Link() is a new vnodeops function which creates links
using RXAFS_Link().
smb_ReceiveNTRename() does not support the File Copy and
Move Cluster Information operations described in its interface.
ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
* When opening files via symlinks, we should follow the symlinks
until we reach the actual file stat cache entry. The stat cache
entry of the file should then be stored in the FID instead of
stat scache entry of the symlink.
* return bad operation errors for all unimplemented functions
even if we do not know the functions exist.
* Log bad packets and unknown operation packets to the trace log
* Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
0xC09820FF
* Update list of known CIFS operations to include all those listed
in CIFS-TR-1p00_FINAL.pdf.
(cherry picked from commit e07406e551)
replace QWORD with DWORD
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
add expanded registry string support to Submounts
====================
Correct a 64-bit time_t error
(cherry picked from commit f31658317a)
netbsd's cc doesn't like multiple semicolons in variable declarations,
so move OSI_VC_CONVERT down to the last statement
(cherry picked from commit 4d906fec23)
FIXES 6355
- It resolves all IP addresses to names unless the "-numeric"
parameter is used.
This is the same behavior as "fs listcells [-numeric]"
- If the "-numeric" parameter is used, IP address will be printed
in dotted decimal form instead of a 8 digit hex string.
- A new parameter "-long" allows to print all information for all
entries in the log.
This is the same info you get for entry XYZ when called with
"-key XYZ" only you get this for _all_ keys.
The output is slow if not also called together with "-numeric
(cherry picked from commit e82bc52231)
Add trailing semicolons to _LOCK and _UNLOCK macros and re-indent.
This should've been in fix-indent-bug-with-lock-macros-20030729
but somehow it slipped by and I've only found it now.
(cherry picked from commit 788ca86bdc)
"Playing around with multi-address database servers on little-endian machines
I found out that there is one conversion of the ip-address too much"
(cherry picked from commit 6f1cd5a43e)
Noone seems to be using this code anyway, as it's been non-compilable
for 2 years now. But indent noticed that we have too many close-parens
in there, so might as well fix it...
(cherry picked from commit 3fa71885ae)
modern 2.6 kernels with i_security need this such that if the i_security field got garbage-collected out from under us we don't deref a null pointer.
(cherry picked from commit e6c7148abe)
Drive mappings are now per user and stored in the registry. Allow
them to continue to use environment variables in the paths.
(cherry picked from commit bca5ba20e6)
Update text files for 1.3.71 and describe the new Windows Authorization
Group "AFS Client Admins"
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Add support for "AFS Client Admins" windows authortization group
(cherry picked from commit 40d2f5f7c0)
- Move product code into NTMakefile.i386_nt40
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
- Support administrative installations ( 'msiexec /a openafs-en_US.msi')
- Register services as interactive
- Move product code into NTMakefile.i386_nt40
(cherry picked from commit 65884b7d94)
time values in the cache manager and smb engine which are passed to
the run time library must be of type time_t and not long or int or
unsigned long or unsigned int or ...
(cherry picked from commit f21740a0ac)
When the callback expires on an scache item, if there is an smb client
listening for updates send it is a notification of change. This will
force the smb client to refresh its listener which will in turn cause
a new callback to be registered.
Also, remove debugging statements from GetServer/PutServer
(cherry picked from commit 1ae8a71dfa)
