Add output validation checks to the Explorer Shell and the
Client configuration control panel.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/458
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
When a file cannot be opened because the name of the file or
a directory in the path cannot be found, return "Name not found"
instead of "File not found". "File not found" is the error returned
by the smb redirector to the application when the file cannot be
located in the search path. "Name not found" indicates that the
entry is not present at the location requested.
The use of "File not found" prevented execution of applications
from the \\AFS name space on Windows 7.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/469
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Add new trace log entries in smb_ReceiveTran2QPathInfo to
help track down the reason for queries in which the path and
tidPath are both the empty string.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/467
Tested-by: Asanka Herath <asanka@secure-endpoints.com>
Reviewed-by: Asanka Herath <asanka@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
This commit includes several changes to improve compatibility
with Windows (in particular Windows 2000).
1. Specify a Lan Workgroup name. We use "AFS".
2. Ensure that the server name returned does not include
leading slash or backslash characters. The name provided
might include them but they are not part of the name and
cannot be returned.
3. The NetrWkstaGetInfo and NetrServerGetInfo responses must
be consistent. Otherwise, the Explorer Shell will get confused and
refuse to provide access to the server shares.
This commit also includes some minor comment changes.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/466
Tested-by: Asanka Herath <asanka@secure-endpoints.com>
Reviewed-by: Asanka Herath <asanka@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Add osi_Log statements identifying which RPCs are being called
from the wkssvc and srvsvc modules
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/465
Tested-by: Asanka Herath <asanka@secure-endpoints.com>
Reviewed-by: Asanka Herath <asanka@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Even if the rand_s() function is supported by the compiler
it is not supported on Windows 2000 because the kernel level
functionality it requires does not exist on that platform.
Calling rand_s() on Windows 2000 will throw an exception
and terminate the service.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/464
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Asanka Herath <asanka@secure-endpoints.com>
Reviewed-by: Asanka Herath <asanka@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
FSSYNC_VolOpRunningUnknown is a vol op state, not a pointer to a vol op
itself.
Reviewed-on: http://gerrit.openafs.org/468
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
With kernel 2.6.32 it is now possible for a process to copy its session
keyring to its parent through the use of the KEYCTL_SESSION_TO_PARENT
function of the keyctl syscall.
We can't use this easily from kernel space to cover all calls to
VIOCSETTOK with the setpag flag - we'd need to make a syscall
or have keyctl exported. Instead, a hook is added to ktc_SetToken to
make it honour the AFS_SETTOK_SETPAG flag, which was ineffective with recent
kernels.
This should cover the most common cases (ex: aklog) where this is needed.
The syscall is coded directly to avoid introducing a dependency on the
keyutils library or header files which may not be installed everywhere.
Reviewed-on: http://gerrit.openafs.org/463
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
AFSBackgrounder has been update to get notification for switch in/off in the "Fast User Switch" mode, and in switch in it try to get tokens.
Reviewed-on: http://gerrit.openafs.org/460
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
We already memset av to contain all 0s, therefore we don't need to
initialise individual elements to 0 as well.
Inspired by Rainer Toebbicke's patch for RT 125355 (which is 1.4.x only)
Reviewed-on: http://gerrit.openafs.org/456
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
An initial pass at adding indexing to the Windows release notes.
The next pass should refine the index terms and add appropriate
secondary index values.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/454
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reformat the Registry and Environment Values in Appendix A
so that they are easier to identify in the table of contents.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/453
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
if rxfs_fetchInit fails, ops will not be set; calling the destroy op
unconditionally thus leads to a panic.
Reviewed-on: http://gerrit.openafs.org/452
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
if the vlserver or prserver setup can't succeed, it doesn't indicate
a condition which salvaging is required to fix; instead, come up
and retry in the background.
Reviewed-on: http://gerrit.openafs.org/428
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
* get rid of register declarations
* remove unused local var InStatus
* comment prototypes properly (correct .c file)
* save some linebreaks in function headers
Reviewed-on: http://gerrit.openafs.org/135
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
* StoreProc: renamed alen to size.
* StoreProc: Make connection before do {}
* rename fP to tfile.
* Declare nchunks later in StoreProc.
* Fixed order of storeInit parameters.
* storeInit: renamed tlen to length.
Reviewed-on: http://gerrit.openafs.org/133
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
SYNC clients, when closing a channel, send a SYNC_COM_CHANNEL_CLOSE
command, and immediately disconnect before waiting for a response. So,
don't send a SYNC response, since by the time we send it, the other end
will most likely have already hung up, causing a lot of needless
'SYNC_putRes: write failed' messages whenever a SYNC channel is closed
(e.g. when a demand-salvage finishes).
Reviewed-on: http://gerrit.openafs.org/434
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
In MountGlobalDrivesThread(), if the "(Default)" registry value
is defined that should be interpreted as a drive mapping to a
device with no name. This is specified using NULL instead of the
nul-string.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/446
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
theoretically a user thread can race us during shutdown and end up
panicing us if the soclose happens at the wrong time. if we're shutting down
just return. using afs_shuttingdown would have the side effect that we'd lose
the ability to add any graceful behavior.
Reviewed-on: http://gerrit.openafs.org/443
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The returned value of rx_NewCall is important of course and must be taken
into account before trying to start RPCs. Do assign the length output
variable ASAP.
Also fixes an overlong line and the type of the pos local var to unsigned.
More style fixes:
* Moved length64 to use proper scope, initialized code.
* Generally make more tidy
Reviewed-on: http://gerrit.openafs.org/128
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
we test for them in configure; instead of hardcoding it in yet
another place, use the information we have
Reviewed-on: http://gerrit.openafs.org/442
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
pioctl data buffer output was not being validated to ensure that
buffers were not overwritten or accessed beyond their limits.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/441
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
restorevol moved from section 8 to section 1. The Windows build
system needed corresponding changes.
Reviewed-on: http://gerrit.openafs.org/440
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
acinclude.m4 was adding to afsconfig.h some code to define sig_t as the
type of a signal handler. This definition was in terms of RETSIGTYPE,
which is deprecated by Autoconf. It also adds an unnecessary abstraction
for only two places in the AFS source code where it was used. Remove it
and change those two spots to use the standard C declaration of the
function pointer.
Reviewed-on: http://gerrit.openafs.org/335
Tested-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
restorevol only requires access to a dump file and write access to the
directory in which the dump is being unpacked. It doesn't require being
a superuser, so it should be installed in bin instead of sbin. Also
move the man page to section 1 and update references accordingly.
Reviewed-on: http://gerrit.openafs.org/333
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
provide a debug module which is unstripped. this is necessary for debugging
problems.
Reviewed-on: http://gerrit.openafs.org/391
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
right now if a directory ends up in the small vnode index, the salvager
will never fix it. unlinking from the index (and recovering an orphan later)
beats crashing forever
Reviewed-on: http://gerrit.openafs.org/309
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
panic from 64 bit should be decodable in 32 bit mode. make it so. add
-k switch to allow a path to a kernel to be specified.
Reviewed-on: http://gerrit.openafs.org/438
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Only define __USE_XOPEN if not already defined.
This eliminates a few build warnings where __USE_XOPEN is already
defined in system header files.
Reviewed-on: http://gerrit.openafs.org/439
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Remove an unneeded extra + character at the end of line - probably
from a typing accident.
This generates a warning at compile time.
Reviewed-on: http://gerrit.openafs.org/437
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
* Replaced tsize by new local var llbytes in rxfs_storeInit.
* Make int32 lengths unsigned in rxfs_storeInit.
* Renamed lengthFound to length64.
* renamed abase to base.
Reviewed-on: http://gerrit.openafs.org/127
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
This is rxfs-specific, so move it out of CacheStoreProc.
It must be done before entering the do { } while (moredata) loop proper
now, as rxfs_fetchMore is never called during the first iteration
(moredata is always 0), but the length may need fixing (note that
this was done after what is now the fetchMore op originally). Thus
it appears in rxfs_fetchInit.
To prevent a bogus call during the first loop iteration, also check
for length!=0. Finally, don't bother with fetchMore at all unless
CForeign is set.
In rxfs_fetchInit, we added an additional check for length_hi being
zero.
uploade patchset 8.
Reviewed-on: http://gerrit.openafs.org/126
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Microsoft compilers version 1400 and above provide secure
versions of ctime and strncpy. Use them in afs_ctime.
Correction to sha1:359c64bb674ea0606e64b91fd8252297310a9862
Thanks to Andrew Deason for identifing the mistake.
Reviewed-on: http://gerrit.openafs.org/429
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
rand_s() is available on Visual Studio 2005 and above (aka 1400 and above)
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/430
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
The ktc_GetToken and ktc_ListTokens functions perform a pioctl
and then parse the response data. There is no validation that the
data required is not longer than the pioctl output or that the
data received fits into the data structures that are being written.
As a result, random crashes have occurred when the wrong data
has been received from the pioctl.
This commit adds data validation to at least ensure that these
functions cannot read beyond the data provided or write beyond
the allocated memory.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/405
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Asanka Herath <asanka@secure-endpoints.com>
Tested-by: Asanka Herath <asanka@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Fix a build failure - ubik_client is a struct and not a type
Reviewed-on: http://gerrit.openafs.org/431
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Microsoft compilers version 1500 and above provide secure
versions of ctime and strncpy. Use them in afs_ctime.
Reviewed-on: http://gerrit.openafs.org/408
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Asanka Herath <asanka@secure-endpoints.com>
Reviewed-by: Asanka Herath <asanka@secure-endpoints.com>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Rather than setting the compiler to cc on all platforms by default,
use the Autoconf default unless the specific compiler might matter.
Conservatively set the compiler to cc for all non-Linux, non-BSD
operating systems that previously didn't explicitly set it. Fix a
few places on Linux where the compiler was set to gcc explicitly
rather than using the Autoconf result.
Don't bother setting the Linux i386 compiler to gcc -pipe. The compile
performance difference isn't enough to bother with the special
exception, and we don't do this for other Linux systems.
With this change, setting CC at Autoconf time will correctly set the
compiler per the user's preferences unless they're on an operating
system where we care about having a particular compiler for kernel
purposes. This can be relaxed further in the future, particularly if
the kernel compiler is broken out to a separate setting.
Reviewed-on: http://gerrit.openafs.org/337
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
ka_UserAuthenticateGeneral had code disabled with #ifdef OLDCRUFT to
retry failed authentications by truncating the password to eight
characters, with a comment that the truncating behavior of kpasswd
was disabled in 1990. Nothing references this preprocessor define in
the source tree. Delete the dead code.
Reviewed-on: http://gerrit.openafs.org/336
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The SMB redirector will permit two processes to open the
pioctl file at the same time without giving SMB server an
opportunity to say 'no'. As a result multiple reads and writes
on the allocated smb_fid->ioctl can play havoc with the pioctl
state. Since afsd_service doesn't know the writes and reads
are coming from separate requests there is nothing it can do
to prevent incorrect data going to the wrong process. However,
it can (and should) protect itself when the state becomes invalid.
Two prevention methods are applied:
1. add an additional state flag that explicitly indicates
when the ioctl is in the dataout state
2. validate the length of data in the ioctl input or
output buffers before copying it. If the length
becomes negative, return a CM_ERROR_INVAL error.
In addition, when the invalid state results in a failure to
to find a matching pioctl function do not return CM_ERROR_BADOP.
CM_ERROR_BADOP can only be returned if the SMB operation is not
supported. Returning it in response to a ReadFile request will
cause the SMB client to drop the connection.
Finally, fix smb_FindFID to prevent the same 'fid' from being
used for more than one open file.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/407
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
