same deal as purge. a transaction on the volume outstanding holds it. we don't need to preclude all access
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
same deal as purge. a transaction on the volume outstanding holds it. we don't n
eed to preclude all access
====================
same deal as purge. a transaction on the volume outstanding holds it. we don't n
eed to preclude all access
(cherry picked from commit aa5d46b71b3700d6256f47237fadf0a4829daee6)
FIXES 60809
Problems fixed with this patch:
/1/ supergroup bug: when updating an entry in prdb, the logic in
pt_mywrite is supposed to unset flagged & found bitmap entries.
This failed on little-endian architecture machines.
/2/ warnings; a few fixes to eliminate some compiler noise.
(cherry picked from commit d608809c247c9b8105c95e230449f98705767476)
FIXES 60680
make sure bitmap code is correct else supergroups returns invalid answer
fix verify code to be correct on little endian hosts
(cherry picked from commit 62dc1975410ad0dbea12a0c7e3c11a37230e5971)
FIXES 60258
Do not return access denied when applying directory patches if the
user does not have read permission. This is the case we want to
fake the directory entries for. Also, make sure we set the directory
attribute on non-files so that the path can be accessed via the
Explorer Shell.
(cherry picked from commit 03e3b77553bed4d395393a53d81069c71d67dbea)
Do not use uninitialized variables in log messages
Do not dereference NULL pointers
(cherry picked from commit 82d2cc5b7fb638073e859e6a2b03b97722f518d9)
FIXES 60258
When the ACL on a directory is list only, attempts to read the status
of items in the directory will fail. Therefore, it is pointless to try.
Instead, when we know the user ACL does not have read permission, we
should immediately lie about the status info. That way we don't pound
the file server with requests that will produce an abort which in turn
will trigger force the file server to delay responses to the client.
This change has the added benefit that cached status info is no longer
leaked to callers that do not have appropriate permissions.
With this change the Explorer Shell is much more responsive.
(cherry picked from commit e02fa3e73b258938135244f7e3c09baa464e0c26)
don't enforce slowpass restriction on dynroot vcaches (and don't do unneeded work)
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
oops, another change slipped in
(cherry picked from commit 1b1c0eda5a3db6fe92d46d5f3d8529bf7c6378c2)
fixes bug reported by stephen joyce which i am too lazy to go get the RT number of
(cherry picked from commit f2761c416320a3ff2bb0af4298ca95b8ecb04211)
FIXES 34522
Set the mtime on newly created directories to match the original directory.
(cherry picked from commit 1d4d8f5c4f125707fc6af432024d99e2672cadab)
Only automatically add configuration for cell foo.com if the realm
of the cell matches the realm of the identity
(cherry picked from commit 958bbb77bfbfc100031850b6fd7836658c35912a)
When installing on 64-bit Windows we need to install the 32-bit and 64-bit
shell extensions under different HKCR keys. Otherwise, only one of the
explorer versions will get an extension handler.
(cherry picked from commit 2b442dbddb5d44f4b7e08eb04ae277c24a5e8964)
This change is not as important for OpenAFS as it was for KFW as
OpenAFS does not issue betas with the same build numbers as final
releases. However, for users of daily builds when build numbers
are not being incremented it will provide benefit.
We modify the upgrade rules to include the current version number
and then block the uninstall if the currently installed package
is the one that is being installed.
The change applies to both the regular installer and the 32-bit
tools for WOW64 environments.
(cherry picked from commit 9f508ce443f1ef2103fbb74c6a094aef3aa96e86)
When flushing volume location information also flush the mount point
data. This change results in behavior that matchs the Unix client.
(cherry picked from commit d9946ba827b7099848dfe659f0eaf10167e9413b)
FIXES 59827
The wix installer creates the wrong directory name for the IBM Quick Guide
Remember to specify the LongName.
(cherry picked from commit 113ccb9963be8ccd602520b4987f2cc0a5f52b51)
FIXES 60161
A dropbox is a directory with ACLs 'li' that permits a user to create
a new file but not be able to read other files within the same directory.
The 1.5 Windows clients have not been able to write to dropboxes since
the addition of the locking code. The lock acquisition test assumed
that if the user did not have PRSFS_LOCK or PRSFS_WRITE that it would
be unable to obtain a lock. It did not take into account the special
treatment of PRSFS_INSERT by the file server and so never bothered to
ask.
As it turns out though, the locking situation is more complex than one
might think. If the server is 1.4.1 or earlier, it will not grant
any locks for users with INSERT. The PRSFS_LOCK privilege is required.
For 1.4.2 through 1.4.4, write locks will be granted if the user has
PRSFS_INSERT but a read lock will not be granted unless the user has
PRSFS_LOCK. Therefore, if the server advertises the WRITELOCKACL
capability bit if the read lock is not granted a write lock can be
attempted.
For 1.4.5 and 1.5.20 and above, the file server will grant read locks
if the user has PRSFS_WRITE or PRSFS_INSERT. (Insert only applies if
the user is the creator of the file).
This patch handles all of the above possibilities. In the pre-1.4.2
case a read-lock request will be faked locally.
(cherry picked from commit bfed93d7fce113690c20e1cad102c8b23c0aa17f)
the permission to obtain a write-lock is granted either by having the
"w" permission or the "i" when owning the file. The permission to obtain
a read-lock has been granted by having the "k" permission. However it
makes no sense that someone can obtain a write-lock but not a read-lock.
This patch grants permission to obtain read-locks to those who can obtain
write-locks.
(cherry picked from commit bb61e1dc678ea28132c195438fc1f157fa580cd1)
FIXES 59827
The wix installer creates the wrong directory name for the IBM Quick Guide
(cherry picked from commit c5c23b7bc4544af2c1204622cd67b835b27bcdab)
Background: OpenAFS is vulnerable to crashing in the linux kernel symlink
code when running on kernel versions between 2.6.10 to 2.6.12. This also
includes all RHEL4 kernels, because RHEL4 includes the code from 2.6.10. The
problem is that the symlink text caching API, page_follow_link() et al, is
unsuitable for network filesystems where the page cache may be invalidated
in parallel with a path lookup.
This crash can be triggered easily by doing a bunch of path lookups
involving symlinks (e.g., stat() on various files pointed to through links),
while simultaneously running 'fs flushvol' on the volume containing the
symlinks.
The simplest way to fix this problem is to disable the use of symlink text
caching when the kernel does not provide a usable symlink API.
(cherry picked from commit 2d18bd1777b8d18a3b855685928dcdafcbe609b8)
Based on Chris Wing's analysis which stated in part:
GFP_NOFS tells the allocator not to recurse back into the filesystem if it's
necessary to free up memory. However, vmalloc() does not have such an
option. Therefore, calling osi_Alloc() to request more than a page of
memory may end up recursing back into AFS to try to free unused inodes or
dentries.
In this case, what happened was that osi_Alloc() is called within an
AFS_GLOCK(); osi_Alloc() calls vmalloc() which tries to free dentry objects,
which then calls back into the AFS module. Unfortunately, AFS_GLOCK() is
already held and we deadlock.
(cherry picked from commit 9943fe1fd71fc29331dcac7cd6a51bd37f307876)
The afskfw library contains an unprotected call to krb5_free_context
which can result in krb5_free_context being called with a NULL pointer.
MIT's Kerberos libraries do not check that the pointer is non-NULL and
will attempt to use it as a valid pointer which will in turn result
in an invalid memory access error.
This library is used by afslogon.dll which is loaded by winlogon.exe.
If the krb5 profile is invalid, the krb5_init_context call will fail
to allocate a krb5_context structure which can then result in
krb5_free_context being called with a NULL pointer.
An unhandled exception within winlogon.exe will cause a blue screen event
on Windows 2000, XP and 2003.
(cherry picked from commit 85a23a70c783364e039f2a1b402ba718c1fc34a5)
Use case insensitive comparisons for the station name. Otherwise, we
will fail to notice that the logon is interactive on Vista.
(cherry picked from commit a82252fcc80a70d900ab7446fe84a10a467d749d)
If krb5_init_context() fails make sure that no further krb5 calls
are performed.
krb5_init_context() will fail if the krb5.ini file is damaged.
(cherry picked from commit c810b46e9eda0cf626499a1a3c72bb53ce0d81d6)
add a new Windows only pioctl VIOC_PATH_AVAILABILITY that is used
to query the server status for a specified path. Return values
include:
online
offline
all busy
all down
not afs
(cherry picked from commit 5bc88af797eeb8db631e6ad8e9d56d39a687dd96)
do not use ellipsis for actions that do not need additional data to
complete.
"Help for OpenAFS plugin" -> "AFS" since its on the Help menu already
(cherry picked from commit fb5b0dcce6874464c1021842ac1b48f4578ac105)
when using krb524 with a cross-realm service ticket the resulting krb4
cred will not contain the user's realm as there is only one realm field.
(cherry picked from commit 5bcd5ab54d2e76dc9b253fda6ea6b6bb4dfe87f0)
