It can result only in sadness.
Document this restriction alongside UID 0 as a reserved number.
Change-Id: Ibea2d98bc15a730bc85e84477791ca45a40f2d92
Reviewed-on: http://gerrit.openafs.org/10950
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The krb5_524_conv_principal() function should fail whenever the Kerberos
v5 principal cannot safely be mapped onto a Kerberos v4 principal, and
does fail on some Kerberos v5 principals used in real-world AFS
deployments.
Prior to this patchset a failure was treated as a fatal error that
in turn prevents an AFS token from being generated or set into the
cache manager.
Prior to b1f9b4cb5dd295162ae51704310e9d6058008f0a the
krb5_524_conv_principal() function wasn't used and a local client
mapping was created. b1f9b4cb5dd295162ae51704310e9d6058008f0a
replaced the local mapping with the krb5 function because the local
mapping could be wrong and confusing.
The krb5_524_conv_principal() function as applied to AFS tokens is
just a local guess. How the username in the token is interpreted by
the AFS server is up to the server.
krb5_524_conv_principal() is only used for Krb5 native tokens. For Krb4
tokens the krb5_524_convert_creds() function is used to obtain both the
Kerberos v4 ticket and the converted names from the KDC. Many
organizations used the krb524d service to perform name translation. When
the krb524d service is used, the name translation is performed by the KDC,
so there is no local call to krb5_524_conf_principal() which might fail.
As a result, disallowing the use of a native Krb5 token due to a failed
local name translation is a needless loss of functionality; the local name
translation is not an essential part of obtaining a token.
This patchset modifies the behavior such that krb5_524_conv_principal()
errors are non-fatal.
1. If -noprdb is not specified the error message is generated
and a NULL username is used.
2. If the username is NULL the prdb lookup is disabled.
3. If the username is NULL the informational messages do not
include a username.
4. If the username is NULL the username info provided to the
cache manager in the token description is the nul string.
Credit to Ben Kaduk for assistance with the wording of this
commit message.
Change-Id: Ib07131fc0ff4bf5319815213198c3f0adac17b10
Reviewed-on: http://gerrit.openafs.org/11542
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Commit 5afe7a882b0bb90a515e505d9ffce4f644633f06 added a configure
option to disable the installation of the kauth suite, but did not
add any logic to disable the installation of the corresponding man
pages, so those man pages were always installed regardless of the
options to configure.
Add logic to doc/man-pages/Makefile.in to create .noinstall files
for man pages which should not be installed in the current configuration.
Depend on the Makefile (which will be regenerated by configure) in
this target so as to attempt to behave properly if configure is re-run
with different arguments in the same working tree.
Change-Id: I19b77a9f20fe27c49db14f3e800d8c77cda1bb3a
Reviewed-on: http://gerrit.openafs.org/10993
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
This tool was removed in 2006 in commit
b405868ca02880207bda1ec6eb4e21c7b0ac250c. Also remove mention of
wsadmin, removed at the same time.
Change-Id: I8475b951f576f10ddd2f4b72565354b9fba41d94
Reviewed-on: http://gerrit.openafs.org/11554
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
It has been unused since the LWP fileserver was removed.
It was used to set the LWP stack size.
Change-Id: I2ffd3a2f02049a307b668a46b62b31dc9bc128a8
Reviewed-on: http://gerrit.openafs.org/11527
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
These are new files and new content; fix the copyright notice and
license to reflect.
Change-Id: I8d5f00fb7edaf2e3855e2dc2a1af07bba471c0d6
Reviewed-on: http://gerrit.openafs.org/11362
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Add a new vos release option called -force-reclone to force the
reclone of the release clone and a release to all of the remote
sites, regardless of the state of the VLDB flags on the remote
sites, but does not force full volume dumps when distributing the
volume.
Provide an alias -f for -force for compatibility with the original
IBM vos, in case scripts were written to use the old '-f' option,
and for users with muscle memory.
Change-Id: I0ebebc5e8099299781e8da57579d91848bb2ad19
Reviewed-on: http://gerrit.openafs.org/9020
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Make vlserver and volserver suppport a new command line parameter,
"-restricted_query admin". When this is on, the query RPCs that
are not needed for normal cache manager operations are restricted
to administrators listed in UserList. This is off by default.
Change-Id: I2a23a4e99cabd46b19ed491a6520773731a5994e
Reviewed-on: http://gerrit.openafs.org/10927
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
It is not always clear to users whether BosConfig.new is noticed
during an automatic restart, or if it requires stopping and starting
the bosserver. Slightly reword the relevant text and add a small note
that a "general restart" does cause BosConfig.new to be noticed, so
this is explicitly clear.
Change-Id: Iab3eaff176305b0b2991a6636e70204b5072b1b0
Reviewed-on: http://gerrit.openafs.org/11076
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
vos convertROtoRW leaves the older RW copy on the original fileserver,
although it is no longer in the VLDB. Provide the user with some hints
regarding clean up.
Change-Id: I5f6fcf7d5a516b59438d84e60f163a567d3a64fd
Reviewed-on: http://gerrit.openafs.org/9408
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Gergely Risko <gergely@risko.hu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Commit 070230ab76e1df338db3f2a7971111ca976a0c1a added documentation of
the mode parameter to bos setrestricted, claiming that the value 0 is
useless, and commit eee0bf5871944d919951cc8b7b4908ee909c3b62 added
documentation of the restrictmode entry in BosConfig, claiming that it
can only be set back to 0 with an editor. Both claims are wrong, since
bos setrestricted -mode 0 will do exactly that (if it succeeds, which
it only can if the server is running in unrestricted mode, which can
be achieved by sending it the FPE signal). Fix the man pages
accordingly.
Change-Id: I07b75f7d0cea2e247fa4f346121de258e35119f5
Reviewed-on: http://gerrit.openafs.org/10885
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Provide a man page for the volscan utility
Change-Id: Ibaecb2b9030ee71d81f13b897694c4cf3b4b9516
Reviewed-on: http://gerrit.openafs.org/10905
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: D Brashear <shadow@your-file-system.com>
Mention the restrictmode entry and the commands for setting and
querying it in the BosConfig man page, and add/fix cross references
between the BosConfig, bos, bos_getrestricted and bos_setrestricted
ones.
Change-Id: I938ef4c43c1a248335f09975c454b36f7570782c
Reviewed-on: http://gerrit.openafs.org/10874
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
Add the -emit option to the compile_et command to support parallel make.
The -emit option allows make to generate the header and the source files
independently, instead of building two files at the some time. This
avoids the issue where one command creates two separate files, which is
difficult to handle correctly for parallel makes.
Change-Id: Ib44a8e358643cf19b4834b3bd4d5b88db6cd0ccf
Reviewed-on: http://gerrit.openafs.org/7921
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
The man page documented the prefix option as -prefix; compile_et
supported only the short form -p.
Document and support both the long and short forms for the prefix
option; -p and -prefix.
Change-Id: Ide5551b06ae888748600677ed09ba674506a584f
Reviewed-on: http://gerrit.openafs.org/10721
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Document the -lang short form for -language.
Change-Id: I4a57bdb23ca5fab4e1565d7e930cdc10097a7414
Reviewed-on: http://gerrit.openafs.org/10720
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix two pod formatting errors and remove one trailing
whitespace characters.
Change-Id: I2ba4fd56afb8c26591d2770301c3edfdd1a898fb
Reviewed-on: http://gerrit.openafs.org/10719
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix typo in the dropbox section where 'l' was referred
to as 'read', not 'lookup'.
Change-Id: I6429c125f0561a1b5d4e7816930988ac1b347be7
Reviewed-on: http://gerrit.openafs.org/10750
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
- Consistently specify -dryrun and -n across various subcommands.
Many did not list -n, some listed -n but no -dryrun, and some
listed -noexecute instead.
- backup_volrestore: Add missing option -usedump
- backup_deletedump: Add missing options -groupid, -dbonly, -force,
and -portoffset
Change-Id: Iec1c36cba0ad0e61d7e6215c9cba81228b95a81f
Reviewed-on: http://gerrit.openafs.org/10441
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Add the 'checkman' script, which compares a command's "-help" output
to the options actually documented in its manpage. This command is
certainly not perfect, and may contain false negatives and false
positives. It is not (currently) intended to be run as an automated
check, but is meant to assist a human manually checking the
correctness of man pages. An error reported by 'checkman' does not
necessarily indicate something that should actually be changed.
Change-Id: Iae1965c441279dd3f93c1a7283ea0a0140d5ebe3
Reviewed-on: http://gerrit.openafs.org/10442
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
This option is completely useless since the LWP volserver was removed.
Remove the code for it.
Change-Id: I2257ba2ecd2ffeb9c47d21cbb516d6a0abb19b94
Reviewed-on: http://gerrit.openafs.org/10424
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
For every fssync-debug subcommand, provide a symlink for the
associated dafssync-debug subcommand. This way, running e.g.
"man dafssync-debug_attach" will actually give you a manpage, instead
of needing to specifically run "man fssync-debug_attach".
Change-Id: I83d71dc14f9f838d9a9900fcc62817677898dd27
Reviewed-on: http://gerrit.openafs.org/10412
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
If we indent text here, the formatting codes are not interpreted, and
the text is output "raw". So currently, we actually see
"I<system_type>" in this section, which is a bit confusing.
Saying the actual output with string substitutions and stuff here
doesn't seem very helpful when the output doesn't have any constant
text in it. Just describe what the output is instead; an example
immediately follows if this is unclear.
Change-Id: Ib3e0f0c5143afa2dd41a655ff3908c791026a426
Reviewed-on: http://gerrit.openafs.org/10411
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
We now have a -checkout option, but no -online option. Document
-checkout and remove -online.
Change-Id: Ie8d6e35c6e09abf994b8417b3bb20ee379095a25
Reviewed-on: http://gerrit.openafs.org/10407
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
- Add missing option -fix
- Don't use brackets in the option list; we don't do this in most
other manpages.
Change-Id: Ifd87dd749aaab2987b2f9c3224b8e931b7bc221c
Reviewed-on: http://gerrit.openafs.org/10403
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Many manpages for "vos" subcommands were not using the "common" vos
fragments, and instead were just repeating the information directly in
their manpage. Make them all use the "common" vos fragment to avoid
duplication.
Change-Id: I62d84a1164b4ba46082e33a6d27fd24e3722014c
Reviewed-on: http://gerrit.openafs.org/10398
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
- Add missing -config option to 'common' vos options, and to the
synopsis for all commands
- Remove brackets in the options descriptions for vos_shadow,
vos_create, and vos_clone. We don't do this in other manpages.
- vos_create: Add missing -id, -roid to synopsis
- vos_clone: Add missing -readwrite option
- vos_shadow: Add missing -toid option
Change-Id: I41fd56509e78116698c82a2f3f4fd07f26cdc95f
Reviewed-on: http://gerrit.openafs.org/10397
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
- fs_whichcell: Fix formatting typo
- fs_setcbaddr: Change -host to -addr
- Add missing -help to fs_setcbaddr and fs_rxstatproc
- fs_getfid: Add missing -literal to synopsis
- fs_exportafs: List on/off options in single =item. Doing this in
two separate consecutive =items confuses the manpage generator.
- fs_exportafs: Add missing -clipags and -pagcb
Change-Id: I4e986543292f1000fc00456fde486d7da573c9c3
Reviewed-on: http://gerrit.openafs.org/10396
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Fix -noauth documentation. The current documentation is referring to
the client-side -noauth option, but this is actually the server-side
-noauth option, which is very different.
Change-Id: I65154aef4734e69bb0f3ae485baacac11a718488
Reviewed-on: http://gerrit.openafs.org/10401
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
- Indent synopsis formatting
- Add missing options -trace, -noauth, -smallmem, -rxmaxmtu,
and -syslog
- Fix some formatting typos in the synopsis
- Document the -db alias by putting it next to the -database option,
separated by a pipe "|"
Change-Id: I4c84baf53d346cb47416cb2843e8b7de2437d147
vlserver: -database option
Change-Id: I7f5539aeebee71441a3901a183033fac05fa411f
Reviewed-on: http://gerrit.openafs.org/10400
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
- Indent synopsis formatting
- Document the -db and -depth aliases by putting them next
to -database and -groupdeth (respectively) separated by a pipe "|"
Change-Id: Ic40fa0001feee293afe6c22ade7b85dc46fde938
Reviewed-on: http://gerrit.openafs.org/10399
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
- Fix synopsis formatting, so option arguments are on the same line
as the option name
- Add missing options -rxmaxmtu, -rxbind, -syslog, and -sleep
Change-Id: I6e6f06d716e7f78be288bfebde97a3701f086924
Reviewed-on: http://gerrit.openafs.org/10394
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
- Add missing -rxbind
- Add missing -crossrealm
- Fix synopsis formatting, so option arguments are on the same line
as the option name
Change-Id: I8c73d0f14396aad83651c3037fde1137d83e6692
Reviewed-on: http://gerrit.openafs.org/10392
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
