afsio: readdir/fidreaddir commands Add the readdir/fidreaddir sub-commands to afsio dump AFS3 directory objects. This command dumps the raw directory object to stdout. Pipe the output to a program, such as the afsdump_dirlist program (from the CMU dumpscan tool kit), to parse the directory object. Example usage: afsio readdir -dir /afs/mycell/mypath/somedir | afsdump_dirlist Change-Id: Ief181b432cdea6a11bbe61e781686ade2795faad Reviewed-on: https://gerrit.openafs.org/12381 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Cheyenne Wills <cwills@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
OPENAFS-SA-2016-002 AFSStoreStatus information leak Marc Dionne reported that portions of the AFSStoreStatus structure were not written to before being sent over the network for operations such as create, symlink, etc., leaking the contents of the kernel stack to observers. Which fields in the request are used are controlled by a flags field, and so if a field was not going to be used by the server, it was sometimes left uninitialized. Fix the information leak by zeroing out the structure before use. FIXES 132847 Change-Id: I84a5a10442732ebbcb5d5067ca22030fb795168b
afsio: switch BreakUpPath to strdup The current version of BreakUpPath is slightly broken, since commit 4e68282e26b0c4569d25d076d54274f0da47a691 -- it has two output parameters but takes only one length parameter for the size of the output buffers passed in. The callers ended up using the shorter of the buffer lengths in question, so there is not a risk of a buffer overrun, but long paths would not be properly handled. There is not really any need to pass in a length at all, since what is going on is conceptually strdup, and there is no real need to use strlcpy at all. Make the change from strlcpy to str(n)dup, and adjust callers to free the outputs as appropriate. While here, convert writeFile() to use goto and a cleanup handler to avoid leaks. Change-Id: Ib742cb73a6d70aa863c8d30423416887b977677b Reviewed-on: http://gerrit.openafs.org/11874 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Daria Brashear <shadow@your-file-system.com>
cmd: add flags argument to create syntax function Add the flags argument to cmd_CreateSyntax() and update all callers. The flags argument will be used to set command options, such as CMD_HIDDEN. Change-Id: Ia51be9635f262516cb084d236a9e0756f608bf16 Reviewed-on: http://gerrit.openafs.org/11430 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
remove cmd-suite-option-for-hiding-admin-commands Remove the incomplete and non-functional cmd option for hiding admin commands, introduced in commit 36d02757fd6863a845163daf0d730bdcc0a28343. This patch removes the CMD_ADMIN flag, the non-functional help -admin parameter, and the non-functional cmd_IsAdministratorCommand() function. Thanks to Jeffrey Altman for pointing out this old commit and for suggestions on cleanup. Change-Id: I72c7d2ed7109b1238713fe0d6d177c5af6fc6b7d Reviewed-on: http://gerrit.openafs.org/11429 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Reviewed-by: Garrett Wollman <wollman@csail.mit.edu> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: D Brashear <shadow@your-file-system.com>
afsio: Remove redundant assignment tbuf is assigned to during the initialisation phase of all of the for loops that follow, so just remove this assignment Caught by clang-analyzer Change-Id: I3f2ffc8cee93768bd03e0abf3b391e1f6c45c70f Reviewed-on: http://gerrit.openafs.org/9189 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
afsio: Ignore return values from afscp_SetDefault* We don't do anything with the return values from afscp_SetDefaultCell or afscp_SetDefaultRealm, so just ignore them. Caught by clang-analyzer Change-Id: Ib7d9e637e5d08df28ad0085302811b243fb21768 Reviewed-on: http://gerrit.openafs.org/9188 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
afsio: Don't leak memory on GetVenusFidBy* failure The GetVenusFid functions all allocate the fid structure immediately upon entry to the function. When we return with an error, that structure is never freed. Update the call sites so that we don't leak this memory. Caught by clang-analyzer Change-Id: Iec62316d0fd542e70634f384c8319f90ba6b2649 Reviewed-on: http://gerrit.openafs.org/9187 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
afsio: process windows file paths consistently Windows file paths can use either '\' or '/' as a path separator. libafscp on the other hand requires '/' and argv[0] will always use '\'. Introduce a new function ConvertAFSPath() which converts the input path to '/' and converts \\afs to /afs. A future commit should access the registry and make use of the NetbiosName and MountRoot values to perform the conversion correctly. Change-Id: I14f5f45234ec4beab58751783a25206b3e7eff45 Reviewed-on: http://gerrit.openafs.org/8430 Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
afsio: add -clear and -crypt option Allow the user to optionally not use encryption (and also allow user to ensure that encryption is being used). Change-Id: I3ad590e21f5139654b22c8284ea2634ce902a1b5 Reviewed-on: http://gerrit.openafs.org/8138 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Further rationalise our usage of assert() This patch futher improves our usage of assert() and friends. The intention is to bring clarity to which forms of assert are used in which situations, and to solve the problem of assert(X), or osi_Assert(X) being used in a situation where X has side-effects. It introduces two new assertion macros opr_Assert() and opr_Verify(), and clarifies the usage of osi_Assert() and assert(). *) opr_Assert is a direct equivalent of assert(), with the exception that its output can be redirected to a log file when used in server code. It is the preferred version of assert for libraries, and server side code. Note that whilst opr_Assert doesn't currently become a no-op when NDEBUG is defined, the intention is that it will do so at some point in the future. *) opr_Verify(X) asserts if the value of X is false. Unlike assert() it will always run X, regardless of whether the value is checked or not. The eventual intention is that when NDEBUG is defined, opr_Verify(X) => X *) osi_Assert is an assertion macro intended for use in kernel code, or in mixed kernel/userland code. When code is built for userspace, osi_Assert(X) => opr_Assert(X) *) assert is the system's own assert macro. It should only be used in client code. Whilst a header (opr_assert.h) is provided to map assert() to opr_Assert(), its use is discouraged Change-Id: Ie6d61305686bdc7193cc8690e6f4fbe363211faf Reviewed-on: http://gerrit.openafs.org/5395 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
Use calloc, rather than malloc/memset Rather than doing a = malloc(sizeof(me)); memset(a, 0, sizeof(me)); Just use a = calloc(1, sizeof(me)); This is simpler, shorter, and removes the potential for the size of the memset not matching the size of the malloc (or the target of the memset being wrong!) Where the size is of the form (n * sizeof(me)), we also use calloc(n, sizeof(me)); Change-Id: Ia0f75665c1031fd2982eee0e1d8c8ebe23d7fbc0 Reviewed-on: http://gerrit.openafs.org/7454 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
Remove redundant header includes Remove includes of system headers where roken.h already takes care of including them. This simplifies the source tree, reduces the amount of work done by the compiler, and ensures that all of our headers are included with the correct guards The list of files to edit was generated with the following script: list=`grep include external/heimdal/roken/roken.h.in \ | sed -e's/#include//g' | sort | uniq`; \ for A in `find . -name *.c | xargs grep -l roken.h \ | grep -v external/ | grep -v WINNT/`; do \ found=0; \ for B in $list; do \ if grep "$B" $A > /dev/null; then \ echo "$A : $B"; \ found=1; \ fi; \ done; \ if [ $found == 1 ] ; then mvim -f $A; fi; \ done Change-Id: I2edbda550a129709b1dc6860b17d6a8a7509af58 Reviewed-on: http://gerrit.openafs.org/5815 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@dementix.org>
venus: Make clang happy with strlcpy use clang now expects that strlcpy will always be used to prevent overflow of the destination string, and gives a warning if the size parameter is based solely on the length of the source string. Modify the BreakUpPath function so that it takes the size of the destination string as an argument, and uses this to limit the amount of data pasted into it. Change-Id: I86f68dd2013ca8bc4c88ade78d27c4d416a9ae94 Reviewed-on: http://gerrit.openafs.org/7086 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
afsio: Remove unused 'code' value main always return 0, so don't bother getting an exit value back from cmd_Dispatch that we have no intention of doing anything with. Change-Id: I0085adbfdb886d89acc7f4203ddb6f7a10281dfc Reviewed-on: http://gerrit.openafs.org/4997 Tested-by: Derrick Brashear <shadow@dementia.org> Reviewed-by: Derrick Brashear <shadow@dementia.org>
afsio: remove unnecessary reference to malloc.h Fixes breakage on freebsd for missing malloc.h, reported by GAWollman, and, since roken.h already includes stdlib.h to pull in malloc, is no longer necessary Change-Id: Ie7785198124fe0dee394d7c15f032f0dadb6db8c Change-Id: I1d5947155ba33de61d8fd23197e11c51e4791935 Reviewed-on: http://gerrit.openafs.org/4578 Reviewed-by: Chaz Chandler <clc31@inbox.com> Tested-by: Chaz Chandler <clc31@inbox.com> Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk> Reviewed-by: Derrick Brashear <shadow@dementia.org>
libafscp: add lock support add support for locking as well as for tracking callbacks so a lock break can be detected Change-Id: Iff36c6528fc55cf250bc27d49af80123d7ecece3 Reviewed-on: http://gerrit.openafs.org/4476 Reviewed-by: Derrick Brashear <shadow@dementia.org> Tested-by: Derrick Brashear <shadow@dementia.org>
afsio: rewrite using libafscp afsio is a utility for file transfer to and from AFS file space without the help of the AFS client/cache manager. Using libafscp, this (partially rewritten) version of afsio is able to accomplish (1) authenticated access to an AFS path or FID (an existing KerberosV ticket is required), (2) fall back on unauthenticated ("anonymous") access if authentication (token acquisition) fails, and (3) work independtly of the AFS cache manager (afsd need not be running, though CellServDB and ThisCell are currently required). issues: 1) libvldbint and libafsint are not compiled pthreaded. we link in what we need. this should be changed when we are all-pthreaded. 2) venus is not a pthreaded-directory otherwise. same deal: in an all-pthreaded universe, undo the bodge that we do here. 3) venus is not an all-krb5 directory either. slight ick. Change-Id: I946e6eef58ac77c6fb97be256c4c564188201262 Reviewed-on: http://gerrit.openafs.org/4381 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tidy up gettimeofday usage The roken gettimeofday implementation doesn't return timezone information. Audit the whole code to make sure that we don't rely on this, and tidy up those places where we were passing an unused timezone structure to the gettimeofday call. Change-Id: Ia83f86483a9c7262fc0904236c0d039a912e3731 Reviewed-on: http://gerrit.openafs.org/4430 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementia.org>
venus: Tidy up header includes Remove headers which are provided by libroken, and reorder header includes so that they're a bit a more legible. Change-Id: I431cff2dbfa5ca57a9884d7d8eb1695d3f79affd Reviewed-on: http://gerrit.openafs.org/4415 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@openafs.org>