openafs.git
8 years agoWindows: PopulateCurrentEntry Symlink Targets
Jeffrey Altman [Thu, 7 Mar 2013 05:59:01 +0000]
Windows: PopulateCurrentEntry Symlink Targets

Handle a broader range of symlink target formats and be more
precise regarding what is an afs symlink or a dfs link.

Change-Id: Ia37c1adf5d64ba44fffca976885a455e6900a047
Reviewed-on: http://gerrit.openafs.org/9428
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Claim success for Delete Reparse Tag
Jeffrey Altman [Thu, 7 Mar 2013 05:56:15 +0000]
Windows: Claim success for Delete Reparse Tag

The typical pattern for deleting a reparse point is

 1. open reparse point object
 2. delete reparse tag
 3. set delete on close
 4. close handle

Claim success when we receive delete reparse tag fsctl so that
the delete on close disposition can be set.

Change-Id: I8f4212dd6ba04be95455eaa210e632ca59cfa7c8
Reviewed-on: http://gerrit.openafs.org/9427
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Report actual volume creation time
Jeffrey Altman [Mon, 11 Mar 2013 04:03:38 +0000]
Windows: Report actual volume creation time

The cm_scache.volumeCreationDate is populated by any non-bulkstat
callback issuing operation.  If it is not set at the time the
redirector requests volume information, force an RXAFS_FetchStatus
and then use the resulting timestamp in the response.

Change-Id: I8ab471767dd6525efc71deff073d54ae38f1f462
Reviewed-on: http://gerrit.openafs.org/9554
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: RDR_UpdateFile dscp != scp
Jeffrey Altman [Sun, 10 Mar 2013 14:51:47 +0000]
Windows: RDR_UpdateFile dscp != scp

Do not set bScpLocked when obtaining scp->rw as scp != dscp.

Change-Id: I878166cd510a188a0e56cc92660e74b9625c3ab6
Reviewed-on: http://gerrit.openafs.org/9553
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Service processing for Symlink creation
Jeffrey Altman [Wed, 6 Mar 2013 14:53:41 +0000]
Windows: Service processing for Symlink creation

Initial support for symlink creation via the Win32 CreateSymbolicLink api.
Add support for AFS_REQUEST_TYPE_CREATE_SYMLINK redirector requests via
the new RDR_CreateSymlinkEntry() function.

Since CreateSymbolicLink api creates a new directory or file object and
then assigns the Microsoft reparse tag data to that object,
RDR_CreateSymlinkEntry must first delete the empty directory or file and
then create the new symlink object in its place.  If the empty object can
be removed but the symlink cannot be created, STATUS_FILE_DELETED is
returned to indicate to the redirector that a failure occurred that
changed the state of the directory without creating a new object.

If the empty object cannot be removed, a STATUS_ACCESS_DENIED error will
be returned and the empty object will unfortunately remain in the AFS
directory.

Target path translation is performed.  Absolute AFS paths are stored in
UNIX notation.  Absolute non-AFS UNC and device paths are prefaced with
"msdfs:".

Change-Id: If8b4729dd5fffddc71221750852b8be731c83cab
Reviewed-on: http://gerrit.openafs.org/9425
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoauth: Don't overflow lower case cell string
Simon Wilkinson [Sun, 3 Mar 2013 17:47:49 +0000]
auth: Don't overflow lower case cell string

When building tcell_l in kerberosSuperUser, make sure that we
don't overflow the string that we're constructing.

Use the opr_lcstring function to do the lower case conversion,
rather than rolling our own.

Caught by coverity (#985772)

Change-Id: I6e28cfc54883aac7e3a3eb2f4e2b2bf7ebc0bc63
Reviewed-on: http://gerrit.openafs.org/9544
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoauth: Don't overflow buffer in CompFindUser
Simon Wilkinson [Sat, 2 Mar 2013 13:01:14 +0000]
auth: Don't overflow buffer in CompFindUser

The fullname buffer in CompFindUser is theoretically big enough
to take the data usually supplied to it. However, play it safe by
using strlcat and strlcpy to catch buffer overflows.

Caught by coverity (#985771)

Change-Id: Icc80d012b61ae90e1a62a814f7a6d552bb264294
Reviewed-on: http://gerrit.openafs.org/9543
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoauth: Catch long cells in backwards compat code
Simon Wilkinson [Sat, 2 Mar 2013 12:55:18 +0000]
auth: Catch long cells in backwards compat code

ktc_SetTokenEx can fall back to calling the SetToken pioctl when
the kernel module doesn't support the newer call. When we do this,
we have to transform the token structure into the older format.

Catch tokens whose cells are too long to be represented in the
older format, and bail with KTC_INVAL, rather than overflowing the
array.

Caught by coverity (#985770)

Change-Id: Ibaa1cc92c494cc6f4e56ebe7b16109d4558db131
Reviewed-on: http://gerrit.openafs.org/9449
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoaudit: Fix overflow in file backend
Simon Wilkinson [Sat, 2 Mar 2013 12:38:49 +0000]
audit: Fix overflow in file backend

If the filename passed to open_file was larger than MAXPATHLEN-5,
then we'd overflow the oldName buffer when creating the backup
filename. Fix the overflow by using a malloc'd buffer instead.

Caught by coverity (#985767)

Change-Id: Ie364aae0749b3658ab11a354844878d10c6970ab
Reviewed-on: http://gerrit.openafs.org/9448
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoWindows: IsSpaceAvail lock order violation
Jeffrey Altman [Sun, 10 Mar 2013 14:49:42 +0000]
Windows: IsSpaceAvail lock order violation

cm_IsSpaceAvailable() obtains the cm_scache.rw lock of the volume
root directory.  Therefore it is a lock order violation to call the
function while any other cm_scache.rw lock is held belonging to an
object in the same volume.   vnode 1 is always less than any other
vnode value.

Change-Id: Id34591b6ccec8d7e8e0fe48e3357c991cd99acfb
Reviewed-on: http://gerrit.openafs.org/9552
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Fix directory to service null mask lookups
Jeffrey Altman [Sat, 9 Mar 2013 20:43:14 +0000]
Windows: Fix directory to service null mask lookups

The direct to service for non-wildcard lookups, commit
b7ba97ad537bd0e9a241f052ddd1c3a50c74745b, introduced a bug when the search
mask is left unspecified.   Do not set bNonWildcardMatch to TRUE
when the mask is NULL.

Change-Id: I6c4846b443acc7e5e42d4e83e75ef383fc400db9
Reviewed-on: http://gerrit.openafs.org/9542
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Permit deletion of reparse points
Jeffrey Altman [Fri, 8 Mar 2013 03:05:20 +0000]
Windows: Permit deletion of reparse points

AFSSetDispositionInfo did not set the AFS_DIR_ENTRY_PENDING_DELETE
flag if the DirectoryCB type was mountpoint, symlink, dfslink or invalid.
This patchset permits the flag to be set so reparse point objects can be
deleted without using the AFS "symlink.exe remove" command.

Change-Id: I03e1cb7b08989950a4307e59073e5fb712d1a901
Reviewed-on: http://gerrit.openafs.org/9475
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: AFSLocateNameEntry Backup Volume Change
Jeffrey Altman [Thu, 7 Mar 2013 22:39:05 +0000]
Windows: AFSLocateNameEntry Backup Volume Change

When AFSLocateNameEntry() calls AFSBackupEntry() in the name array it is
possible that the DirectoryCB returned belongs to a different VolumeCB.
If so, pCurrentVolume must be updated and reference counts must be
adjusted.

Change-Id: I9fcd30374b20f2e1c214a019feeab55c30ce9666
Reviewed-on: http://gerrit.openafs.org/9465
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: AFSLocateNameEntry OutVolumeCB can be NULL
Jeffrey Altman [Thu, 7 Mar 2013 22:28:36 +0000]
Windows: AFSLocateNameEntry OutVolumeCB can be NULL

It is possible for the AFSLocateNameEntry OutVolumeCB parameter
to be assigned a NULL value upon return.   Handle it in the callers.

Change-Id: I15e4581d4655dbaca7c4ca4b9e9af758e97c5c95
Reviewed-on: http://gerrit.openafs.org/9464
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: RDR SymbolicLink create support
pete scott [Tue, 5 Mar 2013 20:21:41 +0000]
Windows: RDR SymbolicLink create support

Permit the redirector to handle Microsoft's IO_REPARSE_TAG_MOUNT_POINT
and IO_REPARSE_TAG_SYMLINK requests.   The IO_REPARSE_TAG_SYMLINK request
is issued as a result of a CreateSymbolicLink Win32 API.

Creating a symlink in Windows is not equivalent to the way a symlink is
created in AFS or UNIX.  Instead of creating a symlink object whose data
string represents the target and mode bits indicate that the stream should
be treated as a link, on Windows it is a two step process.

To create a symlink to a directory, create an empty directory and then
assign the reparse tag data to the directory object.  To create a symlink
to anything else, create an empty file and assign the reparse tag data to
the file.  Deleting a reparse point simply removes the reparse tag data
and not the underlying directory or file.

The way this will work for AFS is that assigning reparse data to an
existing directory or file will require that the object be deleted from
the directory and a new symlink object be created in its place.  This is
why upon successful completion of the upcall to the service the directory
object information has the AFS_OBJECT_FLAGS_DIRECTORY_ENUMERATED flag
cleared.

This patchset permits symlink creation but does not do anything to support
symlink removal.

Symlink target data is not validated.

Change-Id: Ie7019445a7c307dcb2cd47beee47d02e1a82145f
Reviewed-on: http://gerrit.openafs.org/9424
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Avoid race during cm_FreeServerList
Jeffrey Altman [Tue, 5 Mar 2013 12:52:37 +0000]
Windows: Avoid race during cm_FreeServerList

cm_FreeServerList obtains cm_serverLock exclusively and in some
circumstances will call cm_FreeServer().   cm_FreeServer() will
drop the cm_serverLock if the cm_server_t.refCount is zero in order to
avoid a lock order violation when calling cm_GCConnections() since
cm_connLock is higher in the lock hierarchy.

The call to cm_FreeServer is performed after the cm_serverRef_t
to be deleted is identified but before it is removed from the list.
There is the potential for two threads calling cm_FreeServerList()
to race and for more than one thread to attempt to delete the same
cm_serverRef_t twice.

Fix this by:

1. maintain a private copy of the cm_server_t pointer, delete the
cm_serverRef_t and update the list pointers before calling cm_FreeServer().

2. obtain and release a refcnt on the next cm_serverRef_t to ensure
that it is not deleted out from underneath the thread in case the
cm_serverLock is dropped.

Change-Id: Ia7b6eed66e9ba306c07d47027262e1a8ad1e52ac
Reviewed-on: http://gerrit.openafs.org/9391
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoaklog: Fix buffer overflows in next_path
Simon Wilkinson [Sat, 2 Mar 2013 12:21:06 +0000]
aklog: Fix buffer overflows in next_path

Use strlcpy and strlcat

Caught by coverity (#985765)

Change-Id: I2fc3d04a762f6872c31fe728e1ab0247ac16e6de
Reviewed-on: http://gerrit.openafs.org/9447
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoaklog: Protect against overflows from cmdline
Simon Wilkinson [Sat, 2 Mar 2013 12:15:22 +0000]
aklog: Protect against overflows from cmdline

The cell, realm and path arrays are populated based on the user's
command line, and xlog_path is populated from their passwd map
entry. Protect against all of these overflowing, by making suitable
use of strlcpy and strlcat.

Caught by coverity (#985764, #985904)

Change-Id: Ia8f1816b010eb2b85b537e156de2b7983e4626ba
Reviewed-on: http://gerrit.openafs.org/9446
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoaklog: Avoid overflows in get_afs_mountpoint
Simon Wilkinson [Sat, 2 Mar 2013 12:09:42 +0000]
aklog: Avoid overflows in get_afs_mountpoint

When working with the fixed length cellname buffer, use
strlcat and strlcpy rather than strcat and strcpy.

Caught by coverity (#985763)

Change-Id: Idfb3a0562d4028f5d1aa134b7ab0b5fa2dd60edb
Reviewed-on: http://gerrit.openafs.org/9445
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoaklog: Fix overflows in auth_to_path
Simon Wilkinson [Sat, 2 Mar 2013 12:04:46 +0000]
aklog: Fix overflows in auth_to_path

In the auth_to_path routine, don't use strcpy and strcat when
working with the fixed length pathtocheck buffer. Instead, use
strlcpy and strlcat to ensure that all string operations fit within
the buffer limits.

Caught by coverity (#985762)

Change-Id: I66ae11e1f49c66574d457fd79e97dd647ac98a73
Reviewed-on: http://gerrit.openafs.org/9444
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafsmonitor: Fix theoretical overflow of handler string
Simon Wilkinson [Sat, 2 Mar 2013 12:00:47 +0000]
afsmonitor: Fix theoretical overflow of handler string

Don't do an unbounded copy into the thresh structure's handler
string, in case the caller has passed us a string which is too
long.

Instead, switch to strlcpy for all string copies.

Caught by coverity (#985761)

Change-Id: I80e3d35d7a9a4b57e8efc0cb0c7b2dc12f021063
Reviewed-on: http://gerrit.openafs.org/9443
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafsmonitor: Use roken
Simon Wilkinson [Thu, 7 Mar 2013 22:28:12 +0000]
afsmonitor: Use roken

Include the roken.h header, and remove the redundant system
includes from afsmonitor.c

Change-Id: Ia3eb8a7a0bb1e77d928d26cdfc87f818e6791e16
Reviewed-on: http://gerrit.openafs.org/9463
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoutil: Avoid overflow in GetNameByINet
Simon Wilkinson [Sat, 2 Mar 2013 10:27:47 +0000]
util: Avoid overflow in GetNameByINet

We copy the results of gethostbyaddr into a fixed length buffer
without checking whether they fit. Add a length check, and use
strlcpy to do the copy to make sure we can't overflow.

Caught by coverity (#985912, #985872)

Change-Id: I1e8f0fbb2577199c25201940f54646a4acdbbd37
Reviewed-on: http://gerrit.openafs.org/9393
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agokauth: Don't overflow stack when building username
Simon Wilkinson [Sat, 2 Mar 2013 09:35:01 +0000]
kauth: Don't overflow stack when building username

knfs constructs the userName by combining the clientName.name
and clientName.instance arrays, along with a dot separator. Make
sure that the userName array is big enough to hold these, and
use strlcpy and strlcat just to make sure.

Caught by coverity (#985829)

Change-Id: I75431212c8464861a26546c9e47d13acbff08967
Reviewed-on: http://gerrit.openafs.org/9351
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agofs: Fix improper use of readlink
Simon Wilkinson [Fri, 1 Mar 2013 12:08:46 +0000]
fs: Fix improper use of readlink

readlink returns a non-NUL terminated buffer. If we are going to
terminate its response, we need to make sure that there's space to
do so. So the length passed to readlink should be one less than the
real length of the buffer.

Caught by coverity (#985596)

Change-Id: I47081877a54a7b3d99ab8e6ec52d4663acd2eeb6
Reviewed-on: http://gerrit.openafs.org/9328
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agofstrace: Don't read uninitialised data
Simon Wilkinson [Sat, 2 Mar 2013 11:49:13 +0000]
fstrace: Don't read uninitialised data

The pftix variable points to the next free element in the
printfTypes array, so when we iterate through that array to
read that data back, we should stop when our iterator equals
pftix, not when it is greater than it.

Caught by coverity (#986013)

Change-Id: Ie08ebdd28cdde6647e91da5c5f67512096ecb34c
Reviewed-on: http://gerrit.openafs.org/9442
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoreadpwd: Make sure user supplies a passwdfile
Simon Wilkinson [Sat, 2 Mar 2013 11:44:02 +0000]
readpwd: Make sure user supplies a passwdfile

If the user supplies enough command line arguments, but doesn't
provide a passwdfile, then we can end up trying to open whatever
garbage is on the stack.

Once we've finished parsing the command line arguments, make sure
that a filename was supplied.

Caught by coverity (#986009)

Change-Id: Ice2fca16458a90d73ae6b5fadb0efa22ed0b185a
Reviewed-on: http://gerrit.openafs.org/9441
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoreadgroup: Make sure user supplies a groupfile
Simon Wilkinson [Sat, 2 Mar 2013 11:44:02 +0000]
readgroup: Make sure user supplies a groupfile

If the user supplies enough command line arguments, but doesn't
provide a groupfile, then we can end up trying to open whatever
garbage is on the stack.

Once we've finished parsing the command line arguments, make sure
that a filename was supplied.

Caught by coverity (#986008)

Change-Id: Iaea60027cf4bd81f9af04e995ce5c395275be833
Reviewed-on: http://gerrit.openafs.org/9440
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibadmin: Don't pass garbage to pts_UserCreate
Simon Wilkinson [Sat, 2 Mar 2013 11:36:31 +0000]
libadmin: Don't pass garbage to pts_UserCreate

The libadmin pts_UserCreate function uses the value passed to
it in newUserId to control whether the user is being created
with a user supplied ID or not.

Initialise this value in the caller, so we don't end up creating
users with corrupt ids.

Caught by clang (#985979)

Change-Id: I89492a02db9f981a4d2040ea913a7e75f5f0b272
Reviewed-on: http://gerrit.openafs.org/9401
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibadmin: Don't pass garbage to pts_GroupCreate
Simon Wilkinson [Sat, 2 Mar 2013 11:36:31 +0000]
libadmin: Don't pass garbage to pts_GroupCreate

The libadmin pts_GroupCreate function uses the value passed to
it in newGroupId to control whether the group is being created
with a user supplied ID or not.

Initialise this value in the caller, so we don't end up creating
groups with corrupt ids.

Caught by clang (#985978)

Change-Id: I5c3e2cec5b39b8eecbea316e351480863d3d7761
Reviewed-on: http://gerrit.openafs.org/9400
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibadmin: Don't double check for required param
Simon Wilkinson [Sat, 2 Mar 2013 11:09:08 +0000]
libadmin: Don't double check for required param

The server, process and stat_type parameters are declared as
required when the command syntax is set up - so they must be
present when the command handler is called. So, don't bother
checking for them.

Caught by coverity (#985963, #985964, #985965, #985966, #985967,
    #985968, #985969, #985970, #985971, #985972,
    #985973, #985974, #985975, #985976, #985977)

Change-Id: Ic0565aa50c5a998b327efe60d460a182a93c7552
Reviewed-on: http://gerrit.openafs.org/9399
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibadmin: Don't free garbage pointer
Simon Wilkinson [Sat, 2 Mar 2013 11:02:09 +0000]
libadmin: Don't free garbage pointer

If we jump to the error handler early on in pts_GroupOwnerChange,
idlist may not have been used, and so we will end up trying to
free stack garbage.

Initialise the structure to 0 at the start of the function, so it
is always safe to enter the error handler.

Caught by coverity (#985962)

Change-Id: If70102e3da07135a9ec695f13caebe6298eff8ca
Reviewed-on: http://gerrit.openafs.org/9398
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agokauth: Use strl* functions in ka_log
Simon Wilkinson [Sat, 2 Mar 2013 10:54:16 +0000]
kauth: Use strl* functions in ka_log

Switch to using the strlcat and strlcpy functions in ka_log, to
avoid potential buffer overflows.

Caught by coverity (#985824)

Change-Id: Icb537567f8ae67ecb42332cda4413274edeaa681
Reviewed-on: http://gerrit.openafs.org/9397
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agokauth: Handle calls to ka_log with no principal
Simon Wilkinson [Sat, 2 Mar 2013 10:48:50 +0000]
kauth: Handle calls to ka_log with no principal

If ka_log is called without a principal string, then the resulting
buffer will be garbage, as we don't start with a string for strlcat
to append to.

Caught by coverity (#985959)

Change-Id: I928b2807c093ac3f71a28150a117fd7b7eb29b05
Reviewed-on: http://gerrit.openafs.org/9396
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agovsys: Avoid uninitialised variable warning
Simon Wilkinson [Sat, 2 Mar 2013 10:42:27 +0000]
vsys: Avoid uninitialised variable warning

Initialise the parms array to 0 so that we don't get warnings from
the compiler when we call syscall() using it.

Caught by coverity (#985949)

Change-Id: I134841bcb334d06146386e55ebfa38c7be993311
Reviewed-on: http://gerrit.openafs.org/9395
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agormtsys: Don't overflow pathname buffer
Simon Wilkinson [Sat, 2 Mar 2013 10:15:10 +0000]
rmtsys: Don't overflow pathname buffer

When we're constructing a homedirectory path to look for the
.AFSSERVER file in, we copy the HOME environment variable into a
static buffer, with a risk of overflowing that buffer.

Instead of using a static buffer, just allocate one with asprintf.

Caught by coverity (#985910)

Change-Id: I2daa5613609f2c09712b12a7ce7e59b1c0028ef2
Reviewed-on: http://gerrit.openafs.org/9392
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agofsprobe: Get rid of unused hostname buffer
Simon Wilkinson [Sat, 2 Mar 2013 10:35:42 +0000]
fsprobe: Get rid of unused hostname buffer

When we copy the user supplied hostname into the fixed length
hnamebuf array, we might overflow it. As we never use this buffer,
just get rid of it.

Caught by coverity (#985913)

Change-Id: I4cda6279cd667343856deeb425dceaf00f7904b6
Reviewed-on: http://gerrit.openafs.org/9394
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoauth: Don't overflow hostName array
Simon Wilkinson [Sat, 2 Mar 2013 09:59:20 +0000]
auth: Don't overflow hostName array

afsconf_cell's hostName structure is a fixed length. Don't overflow
it by writing whatever comes back from gethostbyaddr into it. Use
strlcpy to catch an overflow, and if one occurs, just use
"UNKNOWNHOST", rather than a truncated host name.

Caught by coverity (#985906)

Change-Id: Iaa927f3e4860d99166789e8dc4950a03ea2237e4
Reviewed-on: http://gerrit.openafs.org/9354
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibadmin: Don't overflow volume name
Simon Wilkinson [Sat, 2 Mar 2013 09:47:53 +0000]
libadmin: Don't overflow volume name

The maximum volume name length in the VLDB RPCs is VL_MAXNAMELEN
(65), not 64 as used as a hardcoded value in vsprocs. Switch to
using the defined value, and also use strlcat to check that we
don't overflow this.

Caught by coverity (#985849)

Change-Id: Idde2cf8362bbd48538fafcd8c8d98e1f71cc15e1
Reviewed-on: http://gerrit.openafs.org/9353
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agovolser: Don't overflow volume name
Simon Wilkinson [Sat, 2 Mar 2013 09:47:53 +0000]
volser: Don't overflow volume name

The maximum volume name length in the VLDB RPCs is VL_MAXNAMELEN
(65), not 64 as used as a hardcoded value in vsprocs. Switch to
using the defined value, and also use strlcat to check that we
don't overflow this.

Caught by coverity (#985849)

Change-Id: I860d4bd4ed9a22185f4a83408d163ce20d21e751
Reviewed-on: http://gerrit.openafs.org/9352
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agokauth: Don't overflow cell string
Simon Wilkinson [Sat, 2 Mar 2013 09:33:12 +0000]
kauth: Don't overflow cell string

The cell string within a ktc_principal is only 64 characters long.
Be careful not to overflow it.

Caught by coverity (#985829)

Change-Id: I761dfcf5eebf1bd4ef31aa5982a2593e5317257b
Reviewed-on: http://gerrit.openafs.org/9350
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoauth: Don't overflow cell string
Simon Wilkinson [Sat, 2 Mar 2013 09:26:05 +0000]
auth: Don't overflow cell string

If the kernel gives us bogus data back from the VIOCGETTOK pioctl,
we might overflow the cell string when copying in to it. Use
strlcpy to avoid this (unlikely) occurrence.

Caught by coverity (#985768, #985769)

Change-Id: I2583b017e7a366f4271f356216bdd60f3a7b7911
Reviewed-on: http://gerrit.openafs.org/9349
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoaklog: Fix improper use of readlink
Simon Wilkinson [Sat, 2 Mar 2013 09:16:10 +0000]
aklog: Fix improper use of readlink

readlink doesn't NUL terminate its return string, so it is up to
us to do so.

Caught by coverity (#985739)

Change-Id: Ifb858d628845bd963928e25834e540bbb3a187c8
Reviewed-on: http://gerrit.openafs.org/9347
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agovlserver: Use correct literal in bounds check
Simon Wilkinson [Sat, 2 Mar 2013 09:01:59 +0000]
vlserver: Use correct literal in bounds check

The base array has VL_MAX_ADDREXTBLKS elements. Use this when
checking for an array overflow, rather than VL_ADDREXTBLK_SIZE.

Caught by coverity (#985600)

Change-Id: Ie60ad5cc79c41245028887871759776549694426
Reviewed-on: http://gerrit.openafs.org/9346
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoviced: Improve CallPreamble error messages
Andrew Deason [Sat, 23 Feb 2013 04:46:12 +0000]
viced: Improve CallPreamble error messages

These messages are not very useful right now. At least try to say what
host we sent an error to, so we know which host may be experiencing
some troubles as a result.

Change-Id: I8b41b46511ebd4760d5021ea2fe2011842450998
Reviewed-on: http://gerrit.openafs.org/9381
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

8 years agoihandle: Remove ih_sync_thread
Andrew Deason [Wed, 19 Dec 2012 23:11:40 +0000]
ihandle: Remove ih_sync_thread

ih_sync_thread currently syncs files flagged as needing
synchronization in the background every 10 seconds. This practice has
caused severe data corruption on more than one occasion over the past
few years (124359, 131530). It has also been argued repeatedly that it
provides no meaningful additional on-disk consistency, so there is no
reason for it to exist even if it were error-free.

Syncing files in the background provides no guarantee on the
consistency of the file contents, since the files are not synced in
any order with respect to each other, or with respect to what
filesystem operations may be occurring in the application.
Additionally, journalling filesystems common on fileserver backends
will typically ensure some consistency after a certain amount of time
(by default, 5 seconds on ZFS and ext3+), so doing this sync ourselves
is often redundant or even counterproductive.

So, to avoid current and future issues with ih_sync_thread interacting
with other ihandle users, just get rid of it. Files flagged as needing
sync are still synced (not in the background) during IH_REALLYCLOSE.

FIXES 131530

Change-Id: I29571c82c5b7454cd834b339fd48baeb9963a87b
Reviewed-on: http://gerrit.openafs.org/8797
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoWindows: AFSPopulateNameArrayFromRelatedArray change
Jeffrey Altman [Mon, 4 Mar 2013 03:54:53 +0000]
Windows: AFSPopulateNameArrayFromRelatedArray change

Modify AFSPopulateNameArrayFromRelatedArray so that the DirectoryCB
parameter can safely be NULL.   A NULL DirectoryCB input is required
to copy the entire NameArray.

Change-Id: Id125bb22df89c93e60d485e178bc7be0ab3c313e
Reviewed-on: http://gerrit.openafs.org/9340
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: AFS_NAME_ARRAY_TAG value
Jeffrey Altman [Mon, 4 Mar 2013 03:10:39 +0000]
Windows: AFS_NAME_ARRAY_TAG value

The AFS_NAME_ARRAY_TAG value collided with AFS_NAME_BUFFER_TEN_TAG.
Change its definition.

Change-Id: I29ff2d4cb7f5d1afebea91cbb5c294ecedbe50a2
Reviewed-on: http://gerrit.openafs.org/9339
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Add AFSCreateSymlinkCB data strctures
Jeffrey Altman [Sun, 3 Mar 2013 19:16:35 +0000]
Windows: Add AFSCreateSymlinkCB data strctures

AFSCreateSymlinkCB and AFSCreateSymlinkResultCB
Used for creating a symlink to either a file or a directory.

Change-Id: Ic7dc49d48fc7ba3863752b3732c932f57d674d99
Reviewed-on: http://gerrit.openafs.org/9338
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agosrc/rxosd/Makefile.in: avoid infinite recursion in CC variable
Nickolai Zeldovich [Mon, 4 Mar 2013 03:03:41 +0000]
src/rxosd/Makefile.in: avoid infinite recursion in CC variable

src/rxosd/Makefile sets CC=$(MT_CC).
src/config/Makefile.config sets MT_CC=$(CC).
Since both are recursive-expansion variables, this causes an infinite
loop, and make complains about it:

Makefile:25: *** Recursive variable `CC' references itself (eventually).  Stop.

This patch avoids setting CC in src/rxosd/Makefile.in altogether, since
it does not appear to be necessary, as suggested by Jeffrey and Derrick.

Change-Id: Ieaa5c5ed21d83629ea713a745e76d17ac7f76ec1
Reviewed-on: http://gerrit.openafs.org/9336
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoafscp: Fix check for bare root.cell dirs in dynroot mode
Nickolai Zeldovich [Mon, 4 Mar 2013 02:14:22 +0000]
afscp: Fix check for bare root.cell dirs in dynroot mode

A previous fix (git commit fb1d7491fbe2e90300b23284f213cac2bdcd56ac)
added a check for '!p' in gettoproot(), but p is always a non-NULL pointer
(in part since it's dereferenced just above in the code), so the check
is always false.

Instead, I suspect the original author intended to check for '!*p',
which this patch does.

Change-Id: I1c0a2dd1d582a6b5e82275db18474343efa679a2
Reviewed-on: http://gerrit.openafs.org/9337
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

8 years agoup: Fix improper use of readlink
Simon Wilkinson [Fri, 1 Mar 2013 12:12:07 +0000]
up: Fix improper use of readlink

readlink returns a non-NUL terminated string. If the string must be
terminated, we need to have space in the buffer for it. So, the
buffer passed to readlink must be 1 less than the real length of
the buffer.

Caught by coverity (#985597, #985610)

Change-Id: Id9a6f8227d756140960ac295330aaf17dca2ec03
Reviewed-on: http://gerrit.openafs.org/9329
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoutil: Fix overflows in address parsing
Simon Wilkinson [Fri, 1 Mar 2013 12:01:19 +0000]
util: Fix overflows in address parsing

The extractAddr function (which turns a dotted quad into an IP
address), has a number of overflows when one or more elements of
the quad are more than 31 characters in length.

The array allocated for each portion is 32 bytes long, but we only
stop writing into the array when the indexing pointer reaches 32,
which doesn't leave us with space for the trailing NULL.

Rework this so we always allow space for the NULL, and use a #define
for the array length to make it more clear whats going on.

Caught by coverity (#985591, #985592, #985593, #985594)

Change-Id: I33ecc78ba6c90e44c3a4f2df171abba1d58562b3
Reviewed-on: http://gerrit.openafs.org/9327
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoubik: Don't overflow server's addr array
Simon Wilkinson [Fri, 1 Mar 2013 11:47:03 +0000]
ubik: Don't overflow server's addr array

We're checking to see if we've overflowed the array _after_ we've
looked up an element within it - so on the final iteration, we
always read past the end of the array.

Fix this by swapping the order of the tests in the for statemen

Caught by coverity (#985590)

Change-Id: Ibbf0eb88083166f0a23316edf0612e94593c07ce
Reviewed-on: http://gerrit.openafs.org/9326
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agorxgen: Don't overflow PackageIndex
Simon Wilkinson [Fri, 1 Mar 2013 11:35:05 +0000]
rxgen: Don't overflow PackageIndex

PackageIndex++ returns the pre-index value of PackageIndex, so the
error statement isn't run when PackageIndex == MAX_PACKAGES. This
means we go on to overflow all of the arrays that are MAX_PACKAGES
in size.

Caught by coverity (#985583, #985584, #985585, #985586,
                    #985587, #985588, #985589)

Change-Id: If81f9ff89edc4cfd56677ff51cea71281ebe1e3b
Reviewed-on: http://gerrit.openafs.org/9325
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agounlog: Don't overflow cells array
Simon Wilkinson [Fri, 1 Mar 2013 11:31:31 +0000]
unlog: Don't overflow cells array

cells has a maximum size of MAXCELLS. Doing cells[MAXCELLS] overflows
that array. Clamp our maximum number of cells at one below this to
avoid the overflow.

Caught by coverity (#98551)

Change-Id: I45fd8a55e31ad7ea86a996b593359536c7078891
Reviewed-on: http://gerrit.openafs.org/9324
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agokauth: Don't overflow cellinfo hostAddrs array
Simon Wilkinson [Fri, 1 Mar 2013 11:22:26 +0000]
kauth: Don't overflow cellinfo hostAddrs array

The hostaddrs array has MAXHOSTSPERCELL (8) available elements.
The ubik connections list has MAXSERVERS (20) elements - when copying
from the ubik list into the cellinfo hostaddrs list, be careful not
to overflow it.

Caught by coverity (#985577)

Change-Id: Ie51cb939a6e3381a285787ad125342ca7a9e7cbb
Reviewed-on: http://gerrit.openafs.org/9323
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agobucoord: Remove theoretical overflow of ubik array
Simon Wilkinson [Fri, 1 Mar 2013 11:09:04 +0000]
bucoord: Remove theoretical overflow of ubik array

The ubik connections array is NULL terminated, so we have to
ensure that there is enough space for the trailing NULL. As the
array is MAXSERVERS elements long, this means that we can only
store MAXSERVERS-1 connections in it.

This problem will never be encountered by the correct code, as
the number of hosts returned from afsconf_Open is capped at
MAXHOSTSPERCELL (currently 8). MAXSERVERS is currently 20. However,
fix the bug in case we increase MAXHOSTSPERCELL at some point in
the future.

Caught by coverity (#985576)

Change-Id: Icd3f4afe929cbf05522e44132f055a3955c4d23c
Reviewed-on: http://gerrit.openafs.org/9322
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoUnix CM: Fix stray semicolon
Simon Wilkinson [Fri, 1 Mar 2013 10:54:07 +0000]
Unix CM: Fix stray semicolon

Commit d2437d02a6f59d972dd0690f7eb1c46cf7cc4b85 introduced a
stray semicolon in the osidnlc code. Fix it.

Caught by coverity (#989030)

Change-Id: I1f68b6149bb4325995c96d8599c45565c4979f16
Reviewed-on: http://gerrit.openafs.org/9321
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoxstat: Add the residency RPC to the list of fs ops
Simon Wilkinson [Fri, 1 Mar 2013 10:52:32 +0000]
xstat: Add the residency RPC to the list of fs ops

Include the ResidencyRpc in the list of fs operation numbers that
can be display by xstat_cm_test.

Caught by coverity (#989029)

Change-Id: Ib8059fe53e5254d212722db59c05a0f0822883e2
Reviewed-on: http://gerrit.openafs.org/9320
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agocrypto: make krb5_enomem a static inline function
Marc Dionne [Sat, 2 Mar 2013 15:06:47 +0000]
crypto: make krb5_enomem a static inline function

With the recent update to the imported heimdal code, krb5_enomem
is used in a few places as a simple statement that doesn't make
use of the value.  With the current definition, this triggers
compiler warnings because the statement has no effect.

Replace the definition with a static inline function that returns
the expected value.

Change-Id: I799022b69a43ab635560a1a5ea8f67f0a8f7230a
Reviewed-on: http://gerrit.openafs.org/9335
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoWindows: afslogon !KA_USERAUTH_AUTHENT_LOGON
Jeffrey Altman [Thu, 28 Feb 2013 22:11:57 +0000]
Windows: afslogon !KA_USERAUTH_AUTHENT_LOGON

Patchset 305133cde60fec7fb1050caf60a4319cdcf88a27 halted the practice
of calling ka_UserAuthenticateGeneral2() with the alternate smbName.
It should have halted the practice of passing flag
KA_USERAUTH_AUTHENT_LOGON which indicates that the smbName parameter
has been provided.   Passing KA_USERAUTH_AUTHENT_LOGON without the smbName
field results in a KTC_INVAL error.

This error only impacts sites that still use kaserver or Kerberos v4 for
authentication.

Change-Id: I9eb7adc4fdb7b3ffa0aedca377e2f91bc01b30ea
Reviewed-on: http://gerrit.openafs.org/9318
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibadmin: Don't free garbage
Simon Wilkinson [Thu, 28 Feb 2013 22:07:12 +0000]
libadmin: Don't free garbage

Make sure that we initialise the nbulkentries structure to 0 before
we start work, so that if the failure handler is called, it doesn't
try to free garbage.

Caught by coverity (#985980)

Change-Id: If55faadd44f7bbc80abbdcd7842603d586db7581
Reviewed-on: http://gerrit.openafs.org/9317
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafsmonitor: Fix multiple NUM_CM_STAT_ENTRIES overflows
Simon Wilkinson [Thu, 28 Feb 2013 17:14:20 +0000]
afsmonitor: Fix multiple NUM_CM_STAT_ENTRIES overflows

If an array is n elements long, accessing element array[n] is an
overflow. Fix various places where we apply loop bounds incorrectly
using the NUM_CM_STAT_ENTRIES constant.

Caught by coverity (#985571, #985573)

Change-Id: I24a53e8044d3d5d39d070909400329a82f22b6b9
Reviewed-on: http://gerrit.openafs.org/9316
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafsmonitor: Fix multiple NUM_FS_STAT_ENTRIES overflows
Simon Wilkinson [Thu, 28 Feb 2013 17:14:20 +0000]
afsmonitor: Fix multiple NUM_FS_STAT_ENTRIES overflows

If an array is n elements long, accessing element array[n] is an
overflow. Fix various places where we apply loop bounds incorrectly
using the NUM_FS_STAT_ENTRIES constant.

Caught by coverity (#985570, #985571, #985572)

Change-Id: I8a28f06059771f91415ebc989714929cfd09f296
Reviewed-on: http://gerrit.openafs.org/9315
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafsmonitor: Add missing items to fsOpNames array
Simon Wilkinson [Thu, 28 Feb 2013 17:07:31 +0000]
afsmonitor: Add missing items to fsOpNames array

The Lookup and Residency fs stats counters were missing from the
fsOpNames array. Add them in - Lookup has been missing since the
IBM release, Residency was missed when the MR-AFS code was merged.

This is still rather fragile, as there's no guarantee that
AFS_STATS_NUM_FS_RPC_OPS matches the number of elements in this
array. However, this is now correct until someone breaks it again...

Caught by coverity (#985569)

Change-Id: I22496050d5e786276a6646aa763d036449a3660d
Reviewed-on: http://gerrit.openafs.org/9314
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoUnix CM: Update AFS_STATS_NUM_FS_RPC_OPS
Simon Wilkinson [Thu, 28 Feb 2013 17:05:29 +0000]
Unix CM: Update AFS_STATS_NUM_FS_RPC_OPS

There are actually 30 elements in the AFS_STATS_FS array. When the
ResidencyRpcs counter was added, the total number of operations
wasn't updated.

Fix this so that it is correct, although this still remains rather
fragile.

Change-Id: I92a0d2bf3741bc7aaeae837d6dcbcd30616e17ae
Reviewed-on: http://gerrit.openafs.org/9313
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoUnix CM: Fix hash table overflow in dnlc code
Simon Wilkinson [Thu, 28 Feb 2013 15:26:15 +0000]
Unix CM: Fix hash table overflow in dnlc code

In GetMeAnEntry, we can end up overflowing the nameHash array by one
element if the stars are particularly badly aligned.

nameptr is a static across function calls, so nameptr and j are not
equal. If nameptr is increment to NHSIZE in the same loop iteration
as j reaches NHSIZE + 2, the loop will terminate. We'll then
lookup nameHash[NHSIZE], which is 1 element passed the end of the
array.

Add an if statement which loops nameptr outside the loop (in the
same way as the if statement in the loop)

Caught by coverity (#985568)

Change-Id: I47075f363fad10e8c19276359699566755779cca
Reviewed-on: http://gerrit.openafs.org/9312
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoUnix CM: Don't overflow ICL logs array
Simon Wilkinson [Thu, 28 Feb 2013 13:45:00 +0000]
Unix CM: Don't overflow ICL logs array

When checking whether a user supplied index into the ICL logs array
is out of bounds, we need to check whether it is greater or equal
to the maxmimum number of elements. Otherwise we can access one
more than the number of elements in the array.

Caught by coverity (#985567)

Change-Id: Id90f02eae1d5689b9b2c9a82bce0e503941387da
Reviewed-on: http://gerrit.openafs.org/9311
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agodumptool: Remove newlines safely
Simon Wilkinson [Thu, 28 Feb 2013 12:15:29 +0000]
dumptool: Remove newlines safely

The code currently does

   fgets(cmdbuf, ... );
   cmdbuf[strlen(cmdbuf - 1)] = '\0';

in order to remove new lines from cmdbuf. Coverity thinks there's
a danger of strlen(cmdbuf) being 0, and thus the strlen being negative.
That shouldn't happen, but if fgets hits EOF midway through a line, we
might get a string that doesn't have a trailing '\n', and end up
removing the wrong character. Tidy this up by checking that the string
isn't 0 length, and that the character we're zapping is a newline.

Caught by coverity (#985430)

Change-Id: I8dae925debdc2473a6a51db021ce843e957a1557
Reviewed-on: http://gerrit.openafs.org/9310
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoptuser: Clear return value from pr_ListMembers
Simon Wilkinson [Thu, 28 Feb 2013 10:22:43 +0000]
ptuser: Clear return value from pr_ListMembers

Make sure that lnames is zero'd on entry to pr_ListMembers, so that
an early error return doesn't also return garbage.

Change-Id: I78c35f0c18d9c7ec3f638c8e80609ac28d362925
Reviewed-on: http://gerrit.openafs.org/9309
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoreadgroup: Don't use results if error occurs
Simon Wilkinson [Thu, 28 Feb 2013 10:20:22 +0000]
readgroup: Don't use results if error occurs

If pr_ListMembers returns an error, don't try and use the results
it provides, as they could be garbage.

Caught by coverity (#92119)

Change-Id: Idcfb464953dcdec68cba988d3fb1ab6ddad08340
Reviewed-on: http://gerrit.openafs.org/9308
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoRedHat: fix makesrpm.pl version discovery
Ken Dreyer [Fri, 11 Jan 2013 18:38:58 +0000]
RedHat: fix makesrpm.pl version discovery

We stopped defining the OpenAFS version in AM_INIT_AUTOMAKE a while
back. Use git-version script instead.

Change-Id: I56ef9792cf653921161e177a7c6f143a4b41ace2
Reviewed-on: http://gerrit.openafs.org/8908
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agoWindows: Build libafsauthent.dll against mtafsubik.lib
Jeffrey Altman [Wed, 27 Feb 2013 20:21:56 +0000]
Windows: Build libafsauthent.dll against mtafsubik.lib

Instead of building a private copy of the ubik objects, link
against mtafsubik.lib.

Change-Id: Ic72e0ea963ddb870d082f7a3746f978ba785bbbc
Reviewed-on: http://gerrit.openafs.org/9302
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: afsio reduce library link list
Jeffrey Altman [Wed, 27 Feb 2013 20:19:41 +0000]
Windows: afsio reduce library link list

When linking afsio many of the libraries specified in the EXELIB3
list were unnecessary.  The only lib in the list that is required
is libcmd.lib.  Rename EXELIB3 to LIBCMD and prune the rest.

Change-Id: I87bf0583f312d7b3dadc5581c08fedaa6b754c77
Reviewed-on: http://gerrit.openafs.org/9301
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Remove RXAFS* from afsrpc.dll
Jeffrey Altman [Wed, 27 Feb 2013 20:07:57 +0000]
Windows: Remove RXAFS* from afsrpc.dll

afsrpc.dll is supposed to be the multi-threaded dynamic loadable
version of the RX package.  It has also included the RXAFS and
RXAFSCB client functions from src/fsint.  Including the RXAFS* is
nice in theory but in practice the afsd_service.exe must link to
afsint.lib anyway in order to obtain access to RXAFSCB_ExecuteRequest()
which is part of the server portion.  Linking to both results in
multiple instances of the same symbols in which case afsint.lib
must be linked to first and the dynamic version of the functions
are ignored.

The only other module that used RXAFS* functions from afsrpc.dll
is the adminutil library from the libadmin package.  adminutil
doesn't implement the server functions but it can just as easily
link against afsint.lib.

Removing RXAFS* from afsrpc.dll results in a library that only
contains RX, RXSTATS, core xdr and rxkad.

This patchset also fixes some minor bugs:

 1. $(UTILOBJS) were not being linked to the library due to
    a typo.

 2. Always use multi-thread safe versions of afsutil.lib

Change-Id: I5cc6d485a763d5a17735abd35d193fb7b0d280e5
Reviewed-on: http://gerrit.openafs.org/9300
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoWindows: Move grmutex, etc. to afspthread.dll
Jeffrey Altman [Thu, 28 Feb 2013 03:16:33 +0000]
Windows: Move grmutex, etc. to afspthread.dll

afsauthent.dll exported:

  pthread_recursive_mutex_lock
  pthread_recursive_mutex_unlock
  grmutex (DATA)

even though a dedicated afspthread.dll existed and all pthreaded
modules must link to afspthread.dll and not all link to
afsauthent.dll.  Move these functions and the global mutex variable
to afspthread.dll to ensure that only one instance of the variable
is present in any binary.

Also remove from src/libafsauthent/NTMakefile the local building
of src/util object files and link to mtafsutil.lib.

Change-Id: I9f8e76165f9c1b1be7ed1a90cdaac03b629d9591
Reviewed-on: http://gerrit.openafs.org/9303
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoubik: Avoid unlinking garbage
Simon Wilkinson [Wed, 27 Feb 2013 10:34:59 +0000]
ubik: Avoid unlinking garbage

If SDISK_SendFail fails before the pathname to the temporary file
has been constructed, then the failure handler will unlink stack
garbage, with variable results.

Initialise the string, and check to see if it has contents before
calling unlink

Change-Id: I1de898d5f0f0dc608e9c9c62dc66e6b4b9fdc5bf
Reviewed-on: http://gerrit.openafs.org/9299
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoUnix CM: Don't free cell, then release lock on it
Simon Wilkinson [Wed, 27 Feb 2013 10:28:05 +0000]
Unix CM: Don't free cell, then release lock on it

If afs_NewCell fails, then we can end up releasing a lock on a
section of memory that we have already freed. As this only happens
if the memory we're operating on is newly allocated and not yet
visible to anyone else, it is safe to release the lock before
starting to tidy things up.

Caught by coverity (#986054)

Change-Id: Ie8651c61790d57a9fd7bbbafcaf78e37b8222bae
Reviewed-on: http://gerrit.openafs.org/9298
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibafscp: Can't unlock something we've freed
Simon Wilkinson [Wed, 27 Feb 2013 10:11:21 +0000]
libafscp: Can't unlock something we've freed

When we call _StatCleanup on a stored statent structure, it
deletes the mutex, and frees the structure itself. This means it
can't be called with a locked structure as the mutex deletion
will fail, and then we'll try to reference freed memory when we
later unlock that mutex.

Fix this by unlocking the mutex before calling _StatCleanup. This
is safe because the only reference to the structure visible to other
threads must have been deleted by the time we reach this point.

Caught by coverity (#986058, #986059)

Change-Id: I346d4c8a7cd478db044af919662c1cf1c093e205
Reviewed-on: http://gerrit.openafs.org/9297
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agopt_util: Protect against corrupt input files
Simon Wilkinson [Wed, 27 Feb 2013 09:23:07 +0000]
pt_util: Protect against corrupt input files

If we have an input file which contains a group membership line
(with a leading space) before any group definitions occur, pt_util
would use stack garbage as the group to create these members in.

Avoid this by requiring the presence of a group line before any
membership lines.

Caught by coverity (#92180, #986000, #92248)

Change-Id: I536f089d67041dbf90f35b6dfeed5ba3303318a8
Reviewed-on: http://gerrit.openafs.org/9296
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agopt_util: Catch sscanf failures
Simon Wilkinson [Wed, 27 Feb 2013 09:21:30 +0000]
pt_util: Catch sscanf failures

If there isn't sufficient data in the input line to satisfy sscanf,
fail with an error, rather than continuing with potentially corrupt
data.

Change-Id: I5f963b5623176ac7631693b093d23cf9f0405edc
Reviewed-on: http://gerrit.openafs.org/9295
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agokauth: Fix overflow when writing ticket file
Simon Wilkinson [Tue, 26 Feb 2013 22:40:04 +0000]
kauth: Fix overflow when writing ticket file

krb_write_ticket_file uses a fixed length buffer to store the name
of the ticket file, but copies into this from an environment variable.

Remove the fixed length buffer, and use a mixture of the variable
itself, and dynamically allocated strings.

Caught by coverity (#985909)

Change-Id: I997fd1812c45e730db39497a27a5e168f102fee5
Reviewed-on: http://gerrit.openafs.org/9294
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoauth: Refactor afsconf_Open failure handler
Simon Wilkinson [Tue, 26 Feb 2013 22:31:49 +0000]
auth: Refactor afsconf_Open failure handler

Refactor the code which returns a failure from afsconf_Open into
a single section, rather than having multiple copies through out
the routine.

Change-Id: I70b3fec98321bf89e6d59055545d5d4193026d28
Reviewed-on: http://gerrit.openafs.org/9293
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoauth: Fix buffer overflow in afsconf_Open
Simon Wilkinson [Tue, 26 Feb 2013 22:27:25 +0000]
auth: Fix buffer overflow in afsconf_Open

If we fallback to the .AFSCONF file in the user's homedirectory,
the results of getenv("HOME") are copied into a fixed length string,
without checking for overflows.

Instead of risking this, just use asprintf to dynamically construct
a string, and free it when we are done.

Caught by coverity (#985905)

Change-Id: Id8769ede841165d3ff3104143e55767d550d6f87
Reviewed-on: http://gerrit.openafs.org/9292
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agobos_util: Fix buffer overflow
Simon Wilkinson [Tue, 26 Feb 2013 21:30:20 +0000]
bos_util: Fix buffer overflow

Get rid of a buffer overflow in the bos_util utility, by just
printing the key from the 'tbuffer' string, rather than copying
it into 'x' which is too small for it.

Change-Id: Ia364fb63edb9e40a887e77aad833689a99b4ea7c
Reviewed-on: http://gerrit.openafs.org/9291
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agovolser: Fix bad readlink usage
Simon Wilkinson [Tue, 26 Feb 2013 21:28:52 +0000]
volser: Fix bad readlink usage

readlink fills the buffer passed to it with a non-terminated string.
It can legitimately fill the whole of this buffer. So, if we require
a string to be NUL terminated, we must give readlink one less than
the string length so that the termination character can be safely
appended.

Caught by coverity (#985611)

Change-Id: Ie6c651a9c0fd94d83bd05395204341d71e353146
Reviewed-on: http://gerrit.openafs.org/9290
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafsmonitor: Use NULL, rather than (struct foo *)0
Simon Wilkinson [Tue, 26 Feb 2013 20:52:47 +0000]
afsmonitor: Use NULL, rather than (struct foo *)0

Change-Id: Ib011da471465dae056d47f5bbaad5a27b5c85966
Reviewed-on: http://gerrit.openafs.org/9285
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafsmonitor: Check correct variable is non-NULL
Simon Wilkinson [Tue, 26 Feb 2013 20:51:34 +0000]
afsmonitor: Check correct variable is non-NULL

Before freeing curr_fsData, check that it is non-NULL, rather than
checking prev_fsData in error.

Caught by coverity (#985289)

Change-Id: I8fb74ce0c4e447de65924f2afb6075213d839760
Reviewed-on: http://gerrit.openafs.org/9284
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agobosserver: Return error if key is bad
Simon Wilkinson [Tue, 26 Feb 2013 12:10:17 +0000]
bosserver: Return error if key is bad

If a key is bad, have SBOZO_ListKeys return an error, rather than
silently ignoring the result from ka_KeyCheckSum.

Caught by coverity (#988413)

Change-Id: Ifacc9bac654d2632bd31731995795b786d485327
Reviewed-on: http://gerrit.openafs.org/9270
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoptserver/testpt.c: remove dead code in ListUsedIds
Nickolai Zeldovich [Wed, 27 Feb 2013 10:08:40 +0000]
ptserver/testpt.c: remove dead code in ListUsedIds

A part of the current ListUsedIds code is:

    range = abs(startId - maxId);
    if (range < 0)
       range = -range;

The only way abs() could return a negative value would be if its
argument was INT_MIN (-2147483648) to begin with, because -INT_MIN
cannot be represented in two's complement.  However, calling
abs(INT_MIN) is undefined behavior in C [see C99 7.20.6.1], and for
that matter, so would be computing -range (-INT_MIN) in that case,
so we could still be left with a negative range value.

Luckily, (startId - maxId) can never be INT_MIN.  If startId < 0,
then maxId <= startId, so in the worst case, when maxId = INT_MIN
and startId = -1, (startId-maxId)=INT_MAX.  If startId >= 0, then
maxId >= startId, so in the worst case, when maxId = INT_MAX and
startId = 0, (startId-maxId)=-INT_MAX=INT_MIN+1.

This patch removes the useless if statement.

Change-Id: Ia754fcf3e59354afb40dbbbb95623e27285a5f82
Reviewed-on: http://gerrit.openafs.org/9289
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

8 years agovolser: Catch EOFs when reading dumps
Simon Wilkinson [Tue, 26 Feb 2013 12:38:59 +0000]
volser: Catch EOFs when reading dumps

When reading a standard tag, make sure and catch an EOF error
from iod_getc. Otherwise we'll end up trying to parse 0xFF as a
tag length.

Caught by coverity (#985603)

Change-Id: Iae0b1bf71ed495b4f454975a1bfe3aef8fca3e9e
Reviewed-on: http://gerrit.openafs.org/9275
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

8 years agoptserver: Zero ubik header before writing to it
Simon Wilkinson [Tue, 26 Feb 2013 12:30:00 +0000]
ptserver: Zero ubik header before writing to it

When using pt_util's ubik shim, if we're creating a new ubik label
make sure to zero the whole structure before writing it out to disk.
Otherwise we get a shorts worth of stack garbage in the resulting
file.

Caught by coverity (#986010)

Change-Id: I0abb8b7968d4f25c97dc0927d63dd01099b829b7
Reviewed-on: http://gerrit.openafs.org/9274
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

8 years agovos: Unrecognized or ambiguous switch '-c'
Mark Vitale [Tue, 26 Feb 2013 14:31:43 +0000]
vos: Unrecognized or ambiguous switch '-c'

The documented abbreviation '-c' for '-cell' no longer works since
the -config option was added.  Add a parm alias '-c' to restore
compatibility with previous syntax.

Change-Id: Ie98e470d204ea2186a95668bba2581cf3e88f729
Reviewed-on: http://gerrit.openafs.org/9276
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoptserver: Rename ubik.c as ptubik.c
Simon Wilkinson [Tue, 26 Feb 2013 12:26:36 +0000]
ptserver: Rename ubik.c as ptubik.c

Coverity gets confused between ubik/ubik.c and ptserver/ubik.c,
and produces a load of false positives. Rename the ptserver ubik
shim (which is only used by pt_util) in order to reduce this
confusion.

Change-Id: Ida606fccebcb4edfed706405424ff3ee4858020f
Reviewed-on: http://gerrit.openafs.org/9273
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agobosserver: Catch failures to create daemon thread
Simon Wilkinson [Tue, 26 Feb 2013 12:06:15 +0000]
bosserver: Catch failures to create daemon thread

If we can't create the bozo daemon thread, then don't keep going
regardless. Just warn the user and exit.

Caught by coverity (#988414)

Change-Id: I46445b1744f7c3c944e917b33a6fc6fb669df002
Reviewed-on: http://gerrit.openafs.org/9269
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agolibadmin: Catch VL_GetNewVolumeId failures
Simon Wilkinson [Tue, 26 Feb 2013 11:59:56 +0000]
libadmin: Catch VL_GetNewVolumeId failures

If ubik_VL_GetVolumeId fails in the vos ProcessEntries routine,
report the failure and give up, rather than continuing with a
0 maxVolid

Caught by coverity (#988417)

Change-Id: I281e1c518813f9d7fab46e4f87a091fac6b3a754
Reviewed-on: http://gerrit.openafs.org/9268
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

8 years agoafs: removing trailing semicolons
Chas Williams (CONTRACTOR) [Mon, 11 Feb 2013 22:05:34 +0000]
afs: removing trailing semicolons

Remove spurious trailing semicolons from macros.

Change-Id: I26550a4ca8e8fe5232dad4cdb2c42a5f44a28f32
Reviewed-on: http://gerrit.openafs.org/9092
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

8 years agoubik: Zero header before writing to disk
Simon Wilkinson [Tue, 26 Feb 2013 12:21:59 +0000]
ubik: Zero header before writing to disk

The ubik disk header contains a padding field, which is never
zeroed before being written out to disk. This means that there is
a shorts worth of stack garbage in every ubik label!

Just zero the whole structure with memset before we populate it.

Caught by coverity (#986011)

Change-Id: Ib9f8b45111a83178372409c717c30ccb6a1044f4
Reviewed-on: http://gerrit.openafs.org/9272
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

8 years agoviced: Don't write out garbage when extending file
Simon Wilkinson [Tue, 26 Feb 2013 12:17:29 +0000]
viced: Don't write out garbage when extending file

When we extend a file, we write a single byte of data to it - tlen
is used as a source for this single byte. However, in the current
code, tlen is used uninitialised. Set it to 0, so we don't write a
byte of stack garbage.

Caught by coverity (#986015)

Change-Id: I11480a5ba0a5544437e18a6b314ff98ba6256df0
Reviewed-on: http://gerrit.openafs.org/9271
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>