- Fix the formatting on afs_mount/afs_get_sb definitions
- Declare a couple of functions static that are not referenced outside
of this file
Change-Id: I4880c27dbe2acd296262d29f91736d0028a029c0
Reviewed-on: https://gerrit.openafs.org/13282
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
When AFS_NEW_BKG was added, the kernel module indicated to the
relevant afsd process that it's time to shutdown by returning -2. This
works on DARWIN, but it's difficult to make this work on all
platforms, because of the different way that platforms handle error
codes from our pioctls and other AFS syscalls.
Specifically, on LINUX, negative error codes are assumed to be
negative errno codes, and so returning -2 from the syscall handler
means we return -1 to userspace, with errno set to 2 (ENOENT).
Getting this to work consistently across platforms is probably more
trouble than its worth, so instead of relying on specific return codes
from the syscall, just add a new background daemon operation called
AFS_USPC_SHUTDOWN, which just tells the background daemon to exit.
Change-Id: I00b245c8f734dc9e49d6b4268cd0f6a4f1896894
Reviewed-on: https://gerrit.openafs.org/13281
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
GCC 9 with --enable-checking produces a new warning/error in
afs_utilAdmin.c associated with a strcpy with the potential of an
overlap. The index used is signed which triggers the new warning. The
source and target of the strcpy are contained within the same higher
level structure.
Change the variable 'index' from signed to unsigned to resolve the
warning/error. Change the variable 'total' in the same structure to
unsigned to be consistent with it's usage with 'index'.
Change-Id: Icaa99e278a5d8262caeaec0b2723e826a57554aa
Reviewed-on: https://gerrit.openafs.org/13660
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, if the dcache for a file has nonsensical length (due to
cache corruption or other bugs), we never notice, and we serve
obviously bad data to applications. For example, the vcache metadata
for a file may say the file is 2k bytes long, but the dcache for that
file only has 1k bytes in it (or more commonly, 0 bytes).
This situation is easily detectable, since the dcache and vcache refer
to the same version of the same file (when the DVs match), and so we
can check if the two lengths make sense together. So to avoid giving
bad data to userspace applications, perform a sanity check on the
lengths at the same time we check for DV matches (to see if the dcache
looks "fresh" and not stale). If the lengths do not make sense
together, we just pretend that the dcache is old, and so we'll ignore
it and fetch a new copy from the fileserver.
Also check the size of the data fetched from the fileserver for a
newly-fetched dcache in afs_GetDCache, to avoid returning a bad dcache
if the dcache isn't already present in the cache.
Change-Id: I338a4962322d8c0d06d1ea25fd7d252b5f83dc9f
Reviewed-on: https://gerrit.openafs.org/13436
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
When afs_linux_read_cache is called with a non-NULL task, it is
responsible for unlocking 'page' (unless it's unlocked in a background
task), even if we encounter an error. Currently we almost always do
unlock the given page for a non-NULL task, but if we manage to hit one
of the codepaths that 'goto out', we skip over the unlock_page() call
near the end of the function, and the page never gets unlocked.
As a result, the page stays locked forever. That generally means any
future access to the same file will block forever, and when we try to
flush the relevant vcache, we will block waiting for the page lock
while holding GLOCK. (This can happen via the background daemon via
e.g. afs_ShakeLooseVCaches -> osi_TryEvictVCache -> afs_FlushVCache ->
osi_VM_FlushVCache -> vmtruncate -> ... -> truncate_inode_pages_range
-> __lock_page on Linux 2.6.32-754.2.1.el6.) This quickly brings the
whole client to a halt until the machine can be forcibly rebooted.
To solve this, just move the 'out:' label to before the page unlock.
Add a few locking-related comments around the relevant code to help
explain some relevant details.
The relevant code has changed and been refactored over the years, but
this problem has probably existed ever since this code was originally
converted to using the readpage() of the underlying cache fs, in
commit 88a03758 (Use readpage, not read for fastpath access).
Change-Id: If7e882ed54ca93ad6b9fdda938c606b241236241
Reviewed-on: https://gerrit.openafs.org/13672
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Numerous places in libafs check the DV of a dcache against the DV of
the vcache for the same file, in order to check if the dcache is up to
date and can be used. Consolidate all of these checks into a new
function, afs_IsDCacheFresh, to make it easier for future commits to
alter this logic.
This commit should have no visible impact; it is just code
reorganization.
Change-Id: Iedc02b0f5d7d0542ab00ff1effdde03c2a851df4
Reviewed-on: https://gerrit.openafs.org/13435
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Add the -l option to afscp, to "loop" the given FetchData/StoreData
request over and over.
When using this mode, we alternate between using a couple of rx calls,
to avoid getting slowed down by rx BUSY packets when we start a new
call on the same channel too quickly.
Change-Id: I90ee8e9804a0bf59ff654398b1fe6e46a99a3062
Reviewed-on: https://gerrit.openafs.org/13657
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Andrew Deason <adeason@sinenomine.net>
PGetTokens2 accepts two different types of input:
- an integer 'iterator' to request the nth token set for a user
- a string cellname to request the user's token set for that cell
Unfortunately, it distinguishes between these by assuming if the input
length is sizeof(afs_int32) (4 bytes), it must be an integer. This
assumption is incorrect if the cellname is three (3) characters long
plus a nul terminator.
The result is that the cellname string is interpreted as a very large
"n"; the subsequent search for the user's "very-large-nth-token" fails,
making it appear that the user has no valid token for this cell.
Improve on this heuristic by double-checking any putative integer input.
If it is actually a 3-character string, then process the input as a
cellname instead.
Introduced by commit 5ec5ad5dcc 'New
GetToken pioctl'.
While here, add doxygen comments.
Change-Id: Ifa226fa1c35b95bc32642870f73359f97a9f1d61
Reviewed-on: https://gerrit.openafs.org/13599
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
ktc_ListTokensEx is an iterator to provide the names of each cell for
which a user has a token set. It does this by looking for the 1 through
nth token set for a given user. However, as currently implemented,
it always continues searching up to the 100x safety limit even when
there are no more token sets for the user.
Instead, return immediately when VIOC_GETTOK2 returns EDOM (no more
tokens for this user).
Introduced by commit a86ad262d2 'auth: Add
the ktc_ListTokensEx function'.
Change-Id: I880edc80fc6c5580e5919b74b0b561317a1455f0
Reviewed-on: https://gerrit.openafs.org/13598
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Link afscp against libopr, libroken, and libafshcrypto, so afscp can
be built again.
Change-Id: I43ac3a8e7ed1ff012f4ae48ed6b81f5d0cd1d590
Reviewed-on: https://gerrit.openafs.org/13656
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
clang's scan-build detected a "use of memory after it is freed"
condition.
The function OpenLogFile frees the variable ourName before creating a
duplicate of the name passed to it. However there is a call that uses
ourName as the parameter: OpenLogFile(ourName). This results in freeing
ourName then doing a strdup of the same memory location.
Test the passed parameter and if it's the same as ourName already skip
the free and strdup.
This bug was introduced in commit
340ec2f792
"util: allocate log filename buffers"
Change-Id: I770008b074e0003c7c1532128f8322da811d6fcc
Reviewed-on: https://gerrit.openafs.org/13659
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The Linux kernel module buildsystem supports running an external tool
(by default, the 'sparse' tool) during the build to run additional
static checks on the source code to flag various warnings.
Tell the kernel build to run such a tool, if 'sparse' is installed.
This causes various new warnings in the build, such as:
CHECK /.../src/libafs/MODLOAD-4.9.0-8-amd64-MP/afs_tokens.c
/.../src/libafs/MODLOAD-4.9.0-8-amd64-MP/afs_tokens.c:73:1: warning: symbol 'afs_FreeOneToken' was not declared. Should it be static?
/.../src/libafs/MODLOAD-4.9.0-8-amd64-MP/afs_tokens.c:160:1: warning: symbol 'afs_IsTokenExpired' was not declared. Should it be static?
/.../src/libafs/MODLOAD-4.9.0-8-amd64-MP/afs_tokens.c:187:1: warning: symbol 'afs_IsTokenUsable' was not declared. Should it be static?
None cause the build to fail currently, but are just printed for
potential further investigation.
To control detecting 'sparse', add the --with-sparse configure option
and SPARSE configure variable. Default to checking if sparse is
available, and enabling it if so.
Further information on using sparse in the Linux kernel is available
in Documentation/sparse.txt in the Linux tree.
Using 'sparse' during the build was suggested by yadayada@in.ibm.com.
Change-Id: I57944d792ba1c8093196a8b335a12dfa741b119b
Reviewed-on: https://gerrit.openafs.org/13665
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
While it is unexpected, it is possible for the two disconnected flags to
get out of sync resulting in a path to an undefined varible in use.
(via cppcheck)
Change-Id: I995b402e73c2c330485050dd2594a62fe67d1bca
Reviewed-on: https://gerrit.openafs.org/13207
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, there is no explicit relationship between OpenAFS and dkms.
If dkms needs to rebuild the kernel module, OpenAFS will fail to mount
because modprobe will not load the module. This change specifies that
OpenAFS should run after dkms if dkms is present.
Change-Id: I104cb3780bbc1196cf36852f094ca07c80279d01
Reviewed-on: https://gerrit.openafs.org/13654
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, if the AFSCELL environment variable is set, aklog (and
other libauth-using utilities) print out a message when
afsconf_GetLocalCell is called:
Note: Operation is performed on cell env.example.com
However, this message is also printed (with the AFSCELL cell) when
aklog is given the -cell command-line argument, even though aklog
actually uses the cell given on the command line. For example:
$ AFSCELL=env.example.com aklog -cell cli.example.com -d
Note: Operation is performed on cell env.example.com
Authenticating to cell cli.example.com (server srv1.example.com).
[...]
libauth will normally not print the "Operation" message if we're not
using the default cell, but it determines this by checking if someone
called afsconf_GetCellInfo before calling afsconf_GetLocalCell. And
currently, aklog calls afsconf_GetLocalCell before
afsconf_GetCellInfo, so the message gets printed because libauth has
no way of knowing that we're actually using a different cell.
klog gets around this by making an additional ignored call to
afsconf_GetCellInfo before afsconf_GetLocalCell, but we can fix this
in aklog by just changing the order of the calls. So, just call
afsconf_GetCellInfo first; if we're using the local cell, we can just
give a NULL cell parameter, instead of looking up the local cellname
first.
Change-Id: I53469ee93d6e88632a944a87a031e0ffa4ede584
Reviewed-on: https://gerrit.openafs.org/13371
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
When running under pthreads, set the name of the rx listener thread to
"rx_Listener". This can be handy when investigating rx performance
issues, since it makes it easier to identify which thread in the rx
listener.
Don't do this for "hot threads", since in that case we could return
and stop being a listener thread. We could restore the original thread
name, but doing so could have an impact on performance and "hot
threads" should always be disabled these days, so don't bother.
Change-Id: I24aebd4d7e4266cd06bb1a4314949d85835dfbaa
Reviewed-on: https://gerrit.openafs.org/13600
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Move the functionality in afs_pthread_setname_self from libutil to
opr, in a new function opr_threadname_set. This allows us to more
easily use the routine in more subsystems, since most code already
uses opr.
Change-Id: I79d49617a19cd292a3b09ccfd9c9f319355a184e
Reviewed-on: https://gerrit.openafs.org/13655
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
We rely on bsd.kmod.mk for our actual rules during 'make install', but
that tries to install our kernel module into $(DESTDIR)$(KMODDIR),
without creating it first. If the user tries to 'make install
DESTDIR=/some/path' and that path doesn't exist, we will fail with
something like:
make DESTDIR=/home/adeason/git/destdir single_instdir_libafs
/usr/bin/install -c -T release -o root -g wheel -m 555 libafs.ko /home/adeason/git/destdir/boot/modules/
install: /home/adeason/git/destdir/boot/modules/: No such file or directory
*** Error code 71
To avoid this, add a dependency on the 'install' target which causes
our target dir to be created.
Change-Id: Icacc507867420265383e411572006df47ef22815
Reviewed-on: https://gerrit.openafs.org/13653
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Tim Creech <tcreech@tcreech.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Go through our deref_key_length/deref_key_contents abstractions, so we
can compile with Heimdal krb5.
Also fix these macros to properly separate the 'key' macro argument,
so we can use the macros in these new places.
Change-Id: I3ee53bc70494a67ac5463819dc575c8ee37647c9
Reviewed-on: https://gerrit.openafs.org/13652
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Tim Creech <tcreech@tcreech.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Currently, BOP_MOVE communicates its error code to the requestor via
the 'retval' field in struct afs_uspc_param, and we assume ptr_parm[0]
of the given brequest is for a struct afs_uspc_param. But this is
unnecessary, since struct brequest already has fields for error codes;
namely, code_raw and code_checkcode.
To avoid afs_BackgroundDaemon needing to interpret ptr_parm[0] in this
way (and assuming the type of the pointer's target), change BOP_MOVE
to just use the code_raw field for error codes, instead of
interpreting ptr_parm[0]. This makes it easier to add more AFS_NEW_BKG
background operations that do not pass a struct afs_uspc_param in the
brequest parameters.
Change-Id: I90a564468862142777159fbb78234744840b59fb
Reviewed-on: https://gerrit.openafs.org/13280
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
This updates the rxkad code that we pull from heimdal to heimdal 7.7.0
(heimdal.git commit e1959605bd). This also updates the instructions in
README.v5 to accommodate changes in the heimdal tree, and converts
ticket5.c to use KRB5_ENCTYPE_* constants instead of ETYPE_*
constants (since heimdal has also similarly converted in krb5_asn1.h).
This removes a few -Werror=format-truncation warnings that were
present in the heimdal code before this commit.
README.v5 tweaked in collaboration with kaduk@mit.edu.
Change-Id: I5fdaab600b4a1b42658a60259fde3fc9f7dced04
Reviewed-on: https://gerrit.openafs.org/13287
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Remove an incorrect comment, introduced with commit
adf2e6e827 'Unix CM: Generalise token
storage'.
No functional change is incurred by this commit.
Change-Id: Ie56c4f22a06321c56f62fce9704419ce3c4e7bf2
Reviewed-on: https://gerrit.openafs.org/13640
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
This file doesn't currently do a great job of telling the reader what
it's used for. Let's give them a hint, especially for the expansion
of "DNLC".
Change-Id: Ie5d1f1162a4b59c479bc2961b33cd696e83bdc3a
Reviewed-on: https://gerrit.openafs.org/13557
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
In WhoIsThisWithName, if we don't understand the rx security class
being used (such as rxgk), we'll set the calling id to the anonymous
user and return an error. But for SYSADMINID specifically, we don't
really need to know any security-class-specific details; we just need
to know that the caller is the superuser.
So add a fallback case to check for that; if we don't understand the
calling rx security class, just check if the calling user is
RX_ID_SUPERUSER, and use SYSADMINID if so.
This allows the ptserver to handle rxgk localauth requests (and
theoretically, localauth requests for any future security classes),
and theoretically any localauth requests for future security classes.
Based on a commit from mvitale@sinenomine.net.
Change-Id: Ia9bc91fb5a0d9ebf16b32659c9068aa5a9da8401
Reviewed-on: https://gerrit.openafs.org/13508
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Allow ptclient to use rxgk, with the new -rxgk option. While we're
here, also allow the user to specify a security level of 3, to turn on
rxkad encryption for non-localauth conns.
Change-Id: I201154c1b5298f31912d8841f8310363e13afa08
Reviewed-on: https://gerrit.openafs.org/13501
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Add options to use rxgk for outgoing connections to vlserver, vos,
ptserver, and pts.
For vlserver and ptserver, name the new option -s2scrypt, similar to
the existing volserver option -s2scrypt. For vlserver and ptserver,
specify 'rxgk-crypt' to turn on rxgk crypt connections for our
server-to-server ubik communication.
For vos and pts, just name the new option '-rxgk', and allow the user
to specify the rxgk level to use ('clear', 'auth', or 'crypt'). The
pts code is currently somewhat ill-suited to changing what rx security
class and security level we use, but do the best we can without
refactoring the whole thing.
Change-Id: Iefae46291330d2b5e05b2a2bbaec1b9150b3c892
Reviewed-on: https://gerrit.openafs.org/11105
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
getNthCell searches the afs_users table for the nth token set belonging to a
given user. However, it is impossible for a user to have more than one
token set per cell. If the caller specifies a number greater than the
total number of cells this cache manager knows about, we know the search
will be fruitless.
Instead, return early in this case, avoiding both the lock and the
search.
Change-Id: I509408d9aaa8f511813c4d82c121e199121bb8f3
Reviewed-on: https://gerrit.openafs.org/13597
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add an option to lwptool, called --quiet, to suppress printing the
literal commands run. On error, we still print the exact failed
command to stderr.
For "pretty" V=0 builds, use this new option, to make our
lwptool-using compile rules look more like our other compile rules.
Change-Id: I3fed6db3205f8de5e275e9b70aba9e1995afd02f
Reviewed-on: https://gerrit.openafs.org/13594
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Commit 191e18eb (Open ppc64le_linux sysname space) added the
ppc64le_linux26 sysname, but it still must be manually specified when
running on ppc64le. Use the ppc64le_linux26 by default on ppc64le, so
we can compile without needing to specify an explicit sysname.
Change-Id: I5abbdde06622d5f2b067bfd003f9d4cd51c56f1a
Reviewed-on: https://gerrit.openafs.org/13593
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
AFS_SYSCALL is defined to the syscall number we can use for a certain
platform (for pioctls and other AFS-specific kernel calls). On many
modern platforms, such as Linux, we don't use direct syscalls anymore,
instead routing our AFS-specific syscalls through an ioctl, and
AFS_SYSCALL is just used as a fallback for compatibility for older
OpenAFS releases that might still be using the syscall.
For new platforms, we have no need for this compatibility code path,
since there is no existing code we might need to be compatible with.
We should avoid defining AFS_SYSCALL for those, so we can avoid
manually-issuing syscalls in more cases. The ppc64le_linux26 platform
is a very new platform (introduced in 191e18eb "Open ppc64le_linux
sysname space"), and so should not have AFS_SYSCALL defined.
So, remove AFS_SYSCALL from ppc64le_linux26's param.h.
Change-Id: I7811831b05a17c9428556aca49681cd544da4ff1
Reviewed-on: https://gerrit.openafs.org/13592
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
While here, add config/param.ppc64le_linux26.h; it's just like
ppc64_linux26.h, except not AFSBIG_ENDIAN.
Change-Id: I6671405f829f2bf50b6e8d3355ab9e8aed384c02
Reviewed-on: https://gerrit.openafs.org/13562
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The conditions in these if statements are always true (or always false).
Remove the check in cmdebug.c, as it is unnecessary, and fix the check
in vlclient.c to actually check for a valid voltype. (via cppcheck)
Change-Id: Ica7dfc9b81fe8bd0f156f6e4e616ed45e205985a
Reviewed-on: https://gerrit.openafs.org/13158
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Building the kernel modules under RHEL8 produces the following error
message:
Makefile:952: *** "Cannot generate ORC metadata for
CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or
elfutils-libelf-devel". Stop.
Add elfutils-devel to the BuildRequires in the rpm spec when building
rhel >= 8
Add elfutils-devel to the BuildRequires in the rpm spec that
openafs-kmodtool produces
FIXES 134900
Change-Id: Ie3e03336d9599caa6ceb7879199eab3b12eb971b
Reviewed-on: https://gerrit.openafs.org/13560
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a new command, 'add-random', to allow the creation of a new key
with random data. This is helpful for certain rxgk keys, which only
need to exist in KeyFileExt and not in any other database (like a krb5
KDC), and so aren't derived from a krb5 keytab.
Change-Id: I1f3b27e074b0931deb8645f7550e0b315d82e249
Reviewed-on: https://gerrit.openafs.org/12768
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The current 'delete' command from asetkey only lets the user delete
old-style rxkad keys. Add a couple of new variants to allow specifying
the key type and subtype, so the user can delete specific key types
and enctypes if they want.
Change-Id: If0dfaa70ea0b749dadd52a6b7d62fd3ad2b61d18
Reviewed-on: https://gerrit.openafs.org/12767
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
The currrent size of the osi DNLC is very small; only 300 entries.
Raise it to 4096 entries, to give it some chance of actually helping.
In the future, of course, this should be runtime configurable, and we
should also raise the hash table size. For now, just raise the number
of entries without changing anything else, to try to make sure nothing
breaks.
With the hash size of 256, this means our hash chains will be at least
16 items long. However, traversing even hundreds of hash items should
still be better than frequently hitting the disk cache to find
entries, and acquiring more locks, etc.
Change-Id: I48f496e8c25fa869ded83e97ff686ed028c923c5
Reviewed-on: https://gerrit.openafs.org/13531
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
This lock-free library toolkit is intriguing and may be the subject
of future work, but currently nothing uses this code, and these files
are just clutter.
Remove src/mcas and stop mentioning it in SOURCE-MAP; don't reference
it in the rpctests, either.
Reviewed-on: https://gerrit.openafs.org/12682
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit bfc5d1ada2)
Change-Id: I98bec6f0a91e4aad05846a6791719cac63050f02
Reviewed-on: https://gerrit.openafs.org/13538
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The afsmonitor may leak memory and do a double free on shutdown when it
was started with a non-zero -buffers parameter value. The deallocation
of the cm results circular buffer incorrectly frees the base of the
array of results instead of each result. The fs buffer clean up got
this right.
This fixes the clang scan-build warning:
afsmonitor.c:461:7: warning: Attempt to free released memory
free(tmp_cmlist);
^~~~~~~~~~~~~~~~
[mmeffie: update code and commit message]
Change-Id: Ifd4ea5b9b865f04e5cf88560dd8a9dfdbe7e32cb
Reviewed-on: https://gerrit.openafs.org/13161
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add rxgk support to asetkey. This just allows asetkey to display rxgk
keys more prettily, and allows the user to add literal rxgk key data
on the command line, or add keytab-derived keys.
Change-Id: Ic28fea628614be2b20276631bc7e7c2f85ccc154
Reviewed-on: https://gerrit.openafs.org/12766
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Add various afsconf_ClientAuthRXGK* variants, to use local printed
rxgk tokens with clear, auth, or crypt levels.
Also add the flag AFSCONF_SECOPTS_RXGK for afsconf_PickClientSecObj,
to let callers of afsconf_PickClientSecObj use rxgk connections. To
allow selecting of the "clear" level, add the flag
AFSCONF_SECOPTS_ALWAYSCLEAR. And to allow selecting the "auth" level
but letting "crypt" be the default for rxgk, add the new flag
AFSCONF_SECOPTS_NEVERENCRYPT.
Change-Id: Ib27f2799eb927ac5aa71eab94212171344dd93df
Reviewed-on: https://gerrit.openafs.org/11104
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Currently, several places in src/dir/dir.c assume that any error from
a lower-level function (e.g. FindItem) means that the item we're
looking for does not exist in that directory. But if we encountered
some other error, that may not be the case; the directory blob may be
corrupt, we may have encountered some I/O error, etc.
To detect cases like this, return the actual error code from FindItem
&c, instead of always reporting ENOENT. For the code paths that are
actually specifically looking for if the target exists (in
afs_dir_Create), change our checks to specifically check for ENOENT,
and return any other error.
Do the same thing for a few similar callers in viced/afsfileprocs.c,
as well.
FIXES 134904
Change-Id: I41073464b9ef20e4cbb45bcc61a43f70380eb930
Reviewed-on: https://gerrit.openafs.org/13431
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Various Linux kernel operations on various Linux kernel versions can
fail if the current process has a pending fatal signal (i.e. SIGKILL),
including reads and writes to our local disk cache. Depending on what
and when something fails because of this, some parts of libafs throw
an ENOENT error, which may propagate up to callers, and be returned
from afs_lookup(). Notably this can happen via some functions in
src/dir/dir.c, and previously was possible with some code paths before
they were fixed by commit 2aa4cb04 (afs: Stop abusing ENOENT).
For the most part, the exact error given to the userspace caller
doesn't matter, since the process will die as soon as we return to
userspace. However, for ENOENT errors specifically for lookups, we
interpret this to mean that the target filename is known to not exist,
and so we create a negative dentry for that name, which is cached.
Future lookups for that filename will then result in ENOENT before any
AFS functions are called.
The lingering abuses of the ENOENT error code should be removed from
libafs entirely, but as an extra layer of safety, we can just avoid
returning ENOENT from lookups if the current process has a pending
fatal signal. So to do that, change all afs_lookup() callers in
src/afs/LINUX to translate ENOENT to EINTR if we have a pending fatal
signal. If fatal_signal_pending() is not available, then we don't do
this translation.
FIXES 134904
Change-Id: I00f1516c2aa0f45f1129f5d5a44150b7539c31cc
Reviewed-on: https://gerrit.openafs.org/13530
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
In afsconf_BuildServerSecurityObjects, create a server security object
for rxgk. Currently, this will only accept printed rxgk tokens, not
tokens negotiated via GSSNegotiate. Future commits will add
functionality to handle user-negotiated tokens, fileserver-specific
creds, etc.
Change-Id: Ie2bbef0d591641e80bb85240316c4ee5f9f8ff05
Reviewed-on: https://gerrit.openafs.org/12941
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Also afsconf_GetLatestRXGKKey, as a side effect, since we want to have
a single getkey function both for getting encrypting and decrypting keys;
a kvno/enctype pair of 0/0 indicates that the "get latest" behavior is
desired.
Implement both functions in terms of an internal helper that takes
as an argument the type of key to look for in the KeyFileExt. We
can reuse these helpers wholesale for per-fileserver keys, later.
This also requires implementing an ordering on the quality of the
different RFC 3961 enctypes (which are stored as the subtype of keys
of type afsconf_rxgk). This is subject to debate on the actual
ordering, but since the IANA enctype registry changes rarely, just
assign a full ordering on the standardized (symmetric!) enctypes.
Implement this via a new function, rxgk_enctype_better, in
rxgk_crypto_rfc3961.c.
Introduce a new header file, rxgk_types.h, so we can avoid including
the entire rxgk.h header in cellconfig.p.h.
Change-Id: I81389b21238fd6588cc4381b026816005f81a30c
Reviewed-on: https://gerrit.openafs.org/11099
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add a dependency on the appropriate $(GSSAPI_LIBS) and link in the
librxgk_pic.la helper. Careful control of what functions are exposed
allows static linking to continue to work when rxgk is disabled,
though a stub is needed for the case of rxgk_GetServerInfo, so that
there is a symbol present to satisfy the export symbol list.
Consumers of libafsrpc.a need not be modified in accordance
with this change.
Change-Id: I76c0329ba842fb0d4d66534810b114a0813c90a0
Reviewed-on: https://gerrit.openafs.org/10591
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Provide a stub function that libafsrpc can export when rxgk support
is disabled. (It always returns failure, of course.)
Change-Id: Id9f816d25c1a8f56995ec185ae83db0924de0010
Reviewed-on: https://gerrit.openafs.org/12721
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
