git.openafs.org Git - openafs.git/log

afs: incorrect comments for afs_ClearStatus

The brief description was identical to the one for afs_Analyze.

Update it to accurately describe afs_ClearStatus.

Change-Id: I70ceca41342c1b47950c35f567f8ae5a2566f925
Reviewed-on: https://gerrit.openafs.org/12005
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

ubik: Don't RECFOUNDDB if can't contact most sites

Currently, the ubik recovery code will always set UBIK_RECFOUNDDB
during recovery, after asking all other sites for their dbversions.
This happens regardless of how many sites we were actually able to
successfully contact, even if we couldn't contact any of them.

This can cause problems when we are unable to contact a majority of
sites with DISK_GetVersion. Since, if we haven't contacted a majority
of sites, we cannot say with confidence that we know what the best db
version available is (which is what UBIK_RECFOUNDDB represents; that
we've found which database is the one we should be using). This can
also result in UBIK_RECHAVEDB in a similar situation, indicating that
we have the best db version locally, even though we never actually
asked anyone else what their db version was.

For example, say site A is the sync site going through recovery, and
DISK_GetVersion fails for the only other sites B and C. Site A will
then set UBIK_RECFOUNDDB, and will claim that site A has the best db
version available (UBIK_RECHAVEDB). This allows site A to process ubik
write transactions (causing the db to be labelled with a new epoch),
or possibly to send the db to the other sites via DISK_SendFile, if
they quickly become available during recovery. Ubik write transactions
can succeed in this situation, because our ContactQuorum_* calls will
succeed if we never try to contact a remote site ('rcode' defaults to
0).

This situation should be rather rare, because normally a majority of
sites must be reachable by site A for site A to be voted the sync site
in the first place. However, it is possible for site A to lose
connectivity to all other sites immediately after sync site election.
It is also possible for site A to proceed far enough in the recovery
process to set UBIK_RECHAVEDB before it loses its sync site status.

As a result of all of this, if a site with an old database comes
online and there are network connectivity problems between the other
sites and a ubik write request comes in, it's possible for the "old"
database to overwrite the "new" database. This makes it look as if the
database has "rolled back" to an earlier version.

This should be possible with any ubik database, though how to actually
trigger this bug can change due to different ubik servers setting
different network timeouts. It is probably the most likely with the
VLDB, because the VLDB is typically the most frequently written
database.

If a VLDB reverts to an earlier version, it can result in existing
volumes to appear to not exist in the VLDB, and can result in new
volumes re-using volume IDs from existing volumes. This can result in
rather confusing errors.

To fix this, ensure that we have contacted a majority of sites with
DISK_GetVersion before indicating that we have located the best db
version. If we've contacted a majority of sites, then we are
guaranteed (under ubik assumptions) that we've found the best version,
since previous writes to the database should be guaranteed to hit a
majority of sites (otherwise they wouldn't be successful).

If we cannot reach a majority of sites, we just don't set
UBIK_RECFOUNDDB, and the recovery process restarts. Presumably on the
next iteration we'll be able to contact them, or we'll lose sync site
status if we can't reach the other sites for long enough.

Change-Id: I84f745b5e017bb62d93b538dbc9c7de845bee1bd
Reviewed-on: https://gerrit.openafs.org/12281
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

vlserver: rx_SetRxDeadTime before ubik init

Currently, vlserver calls rx_SetRxDeadTime to set the default rx
deadtime to 50 seconds, but it does so after calling
ubik_ServerInitByInfo. ubik_ServerInitByInfo creates several rx
connections before it returns, and so these connections get the
default rx deadtime (12 seconds), instead of the 50 seconds vlserver
tries to set.

When ubik detects that a remote site is down, ubik recreates the rx
connections for that site, and this new connection gets the new
deadtime of 50 seconds.

This means that ubik behavior can have different timings in the
vlserver, depending on if any remote sites have ever been detected as
being 'down' or not. This can result in seemingly-inconsistent or
confusing behavior, since some sequences of operations that appear
identical can produce different results, depending on if the 12-second
timeout or the 50-second timeout is being used.

This behavior is not directly to blame for any problems, but it can be
very confusing, especially when trying to diagnose or reproduce bugs.
So to make things more consistent, just call rx_SetRxDeadTime earlier,
so all conns always get the 50-second timeout.

In order to do this, though, we must also ensure that rx_Init is
called before rx_SetRxDeadTime (otherwise, rx_Init will overwrite our
configured deadtime). So also call rx_Init earlier; rx_Init is
idempotent, so it's okay that it may be called again after or before
this.

Note that vlserver is currently the only ubik server that sets a
deadtime of 50 seconds, and it's not clear why. Another way to solve
this is to just remove the call to rx_SetRxDeadTime, to make vlserver
behave more similar to ptserver. But this commit takes a conservative
approach to result in a deadtime that is probably the most common in
current use. Since, most long-running vlservers will probably
eventually lose contact with remote sites at one time or another, and
so will eventually use a deadtime of 50 seconds.

Change-Id: I49430144d9a62eb8cad1509c1aeafc9fcc927f8e
Reviewed-on: https://gerrit.openafs.org/12285
Tested-by: Andrew Deason <adeason@dson.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

macos: use pkgbuild to build the package on 10.10/10.11

PackageMaker is no longer part of OS X. As a result, it
is not possible to build the package on OS X 10.10 and
OS X 10.11 using the existing code.

To solve this problem, a new script, along with a couple
of new files, are provided.

- pkgbuild.sh

This script uses the command line tools pkgbuild and
productbuild to build the package on OS X 10.10 and
OS X 10.11. By default, the package built by this
script will not be signed. Optionally, the package
might be signed.

- Distribution.xml

This file is nothing more than an XML file used by
productbuild. It is mainly used to configure how the
installer will look and behave.

- conclusion.txt

Contains the text that is displayed by Installer at
the end of the installation process. Only used by
El Capitan and further.

- Uninstall.14.15

This script can be used by OS X 10.10/10.11 users
to uninstall OpenAFS.

Notes:

- This work is based on a patch made by Brandon Allbery
  <ballbery@sinenomine.net> with fixes and updates from
  Andrew Deason <adeason@dson.org>.

- El Capitan and further prevent us from touching
  /usr/bin directly. As a result, /opt is used.

- If the package is not signed, the user will have
  to disable the OS X security protections. Otherwise,
  the client will not work.

- Now we have two different scripts to build the
  package on OS X. For OS X 10.10 and newer versions,
  pkgbuild.sh will be used. For older versions,
  the existing buildpkg.sh will be used.

Change-Id: If8320666c553b82af450c0263f5e80a00c33e3b8
Reviewed-on: https://gerrit.openafs.org/12239
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

pam: avoid warning messages

In order to avoid some warning messages, do not
ignore the code returned by some functions.

Change-Id: Ie01fa98b54010d566fb5b980b001d58989ef9a67
Reviewed-on: https://gerrit.openafs.org/12298
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

ptuser: guarantee that all names are valid C strings

The prname type is represented in XDR as a vector[PR_MAXNAMELEN]
of char, not as a string, which means that the XDR (de)serializer
will not guarantee null-termination.  Guarantee that all buffers
used in the public protection server API are in fact valid strings
by disallowing any names that are exactly PR_MAXNAMELEN (64)
characters long.  DO NOT silently truncate names that are even
longer than this.  Consistently use the prname typedef in
declarations to reinforce the length limitation to those reading
the header file.  Introduces a new protection error code,
PRNAMETOOLONG, which will be returned if either IN or OUT parameters
would exceed the limit.

[kaduk@mit.edu convert macro to static_inline function and expand
at call sites; add string_ wrapper to add checking to viced and libadmin;
export the string_ wrapper from libafsauthent for the windows build]

Change-Id: I65f850afcfea2fd2bc0110ca7b7f6ecca247dd58
Reviewed-on: https://gerrit.openafs.org/7896
Reviewed-by: Chas Williams <3chas3@gmail.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Linux 4.6: rm PAGE_CACHE_* and page_cache_{get,release} macros

This is an automatic patch generated by Coccinelle (spatch) from the commit message of the linked commit:
https://github.com/torvalds/linux/commit/09cbfeaf1a5a67bfb3201e0c83c810cecb2efa5a

We will not add an autoconfig test because the PAGE_{...} macros should exist
where the PAGE_CACHE_{...} were previously.

The spatch used:
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E

@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E

@@
@@
- PAGE_CACHE_SHIFT
+ PAGE_SHIFT

@@
@@
- PAGE_CACHE_SIZE
+ PAGE_SIZE

@@
@@
- PAGE_CACHE_MASK
+ PAGE_MASK

@@
expression E;
@@
- PAGE_CACHE_ALIGN(E)
+ PAGE_ALIGN(E)

@@
expression E;
@@
- page_cache_get(E)
+ get_page(E)

@@
expression E;
@@
- page_cache_release(E)
+ put_page(E)

Change-Id: Iabe29b1349ab44282c66c86eced9e5b2056c9efb
Reviewed-on: https://gerrit.openafs.org/12297
Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

redhat: Use a secure URL to retrieve CellServDB

By default, makesrpm.pl will use wget to retrieve the CellServDB
as specified in the spec file. Even though the script need not and
thus should not be run by a privileged UID, make this a bit more
secure by specifying an https URL.

Change-Id: I0f14bbac35e7dc30a6e194f8706f7f3674d15a3f
Reviewed-on: https://gerrit.openafs.org/12329
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>

build-sys: do not capitalize value of HAVE_PAM

The value assigned to HAVE_PAM should not be capitalized.
If so, the PAM source files will not be compiled.

To fix this problem, convert to lowercase one of the values
assigned to HAVE_PAM.

Change-Id: I4973394f8d398bbea0f578fadb04aedee6fd1fc0
Reviewed-on: https://gerrit.openafs.org/12296
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

libafs: rename volume accessTime to setupTime

Since OpenAFS 1.0, the struct volume accessTime member has been the time
time the volume structure is setup, not the last time the volume was
used (as indicated by the comments). This time stamp is only used to
find the oldest available volume slot in the disked backed volume cache.
(Perhaps in pre-OpenAFS this was updated each time the volume was
referenced.)

Rename this structure member and update the comments for it.

Change-Id: I33a6371e8800b2d0f7b2700db0785fc365a8649e
Reviewed-on: https://gerrit.openafs.org/11896
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

vlserver: --enable-ubik-read-while-write configure option

Commit a0f416e3504929b304fefb5ca65e2d6a254ade2e unconditionally turned
on the new ubik_BeginTransReadAnyWrite functionality for the vlserver,
which allows us to read data from ubik during a conflicting ubik write
lock.

This feature is not ready for production use. Make it a build time
option, marked as experimental, until more testing can be done.

Change-Id: If64702e7a7ed2340066df5faf82ce8b0875fc610
Reviewed-on: https://gerrit.openafs.org/12240
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

LWP fileserver is no more

Don't mention it in the man pages.

Change-Id: I8a6d706f055545642116af5a98fa8c04f533b990
Reviewed-on: https://gerrit.openafs.org/11529
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

libafs: avoid resetting the dynroot volume every 10 minutes

The dynroot volumes are synthetic, so do not need to be reset every time
the background daemon checks the volumes.

The results of osi_Time() is a signed 32-bit integer, and the volume
expireTime is an signed 32-bit integer, so use signed 32-bit integers
for the expiry check.

Change-Id: Ib92157686c1d8b84a63d409cb148155705953b6d
Reviewed-on: https://gerrit.openafs.org/11895
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

afs: document missing afs_Analyze parm

rxconn was missing from the comments; add it.

Change-Id: I8c0cf212ca2952d3a23c3bb5db1857dfd9a8f41e
Reviewed-on: https://gerrit.openafs.org/12004
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Add sysname IDs for FreeBSD 10.2 and 10.3

While here, de-conflict the numbers for 10.0/10.1 and 7.2/7.3

Change-Id: I87697587359a26258298f4710c7232bea417f807
Reviewed-on: https://gerrit.openafs.org/12321
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

viced: make -vhashsize usable for non-DAFS

The ability to set the size of the volume hash table was added
at the same time that DAFS was introduced, and got caught up
in the same preprocessor conditional. However, -vhashsize can
be useful for the traditional fileserver as well (even though
we recommend DAFS over the traditional fileserver), so let it
be used in that case.

Update the man pages accordingly and fix some grammar while here.

Noted by Mark Vitale.

Change-Id: Ic3282c9d661d60cf36f9ffb197e723a3f71da167
Reviewed-on: https://gerrit.openafs.org/12287
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

venus: fix memory leak

The fs getserverprefs command displays preference
ranks for file / volume location server machine
interfaces. In order to get the complete set of
preference ranks, the VIOC_GETSPREFS system call
might have to be called several times. If so, the
memory previously allocated should be released.

Change-Id: I8491117ead626e70aac40343923d52284f274efd
Reviewed-on: https://gerrit.openafs.org/12315
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Linux 4.5: don't access i_mutex directly

Linux commit 5955102c, in preparation for future work, introduced
wrapper functions to lock/unlock inode mutexes. This is to
prepare for converting it to a read-write semaphore, so that
lookup can be done with only the shared lock held.

Adopt the afs_linux_*lock_inode() functions accordingly, and
convert afs_linux_fsync() to using those wrappers, since the
FOP_FSYNC_TAKES_RANGE case appears to be the current case.

Amusingly, afs_linux_*lock_inode() already have a branch to
handle the case when inode serialization is protected by a
semaphore; it seems that this is going to come full-circle.

Change-Id: Ia5a194acc559de21808655ef066151a0a3826364
Reviewed-on: https://gerrit.openafs.org/12268
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Joe Gorse <jhgorse@gmail.com>
Tested-by: Joe Gorse <jhgorse@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Linux 4.5: get_link instead of follow_link+put_link

In linux commit 6b255391, the follow_link inode operation was
replaced by the get_link operation, which is basically the same
but takes the inode and dentry separately, allowing for the
possibility of staying in RCU mode.

For now, only support this if page_get_link is available and we are
using the USABLE_KERNEL_PAGE_SYMLINK_CACHE

The previous test for USABLE_KERNEL_PAGE_SYMLINK_CACHE used a bogus,
undefined configure variable (ac_cv_linux_kernel_page_follow_link).
Remove it, as it was not needed

Change-Id: I2d7851d31dd4b1b944b16fad611addb804930eca
Reviewed-on: https://gerrit.openafs.org/12265
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Joe Gorse <jhgorse@gmail.com>
Tested-by: Joe Gorse <jhgorse@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Linux 4.5: no highmem in symlink ops

Symlink bodies in the pagecache should not be in highmem, as
upstream converted in commit 21fc61c73.

Change-Id: I1e4c3c51308df096cdfa4d5e7b16279e275e7f41
Reviewed-on: https://gerrit.openafs.org/12264
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Joe Gorse <jhgorse@gmail.com>
Tested-by: Joe Gorse <jhgorse@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Use rxkad_crypt for inter-volser traffic, if asked

Add a -s2scrypt option to the volume server, with possible options:

  * never -- the existing behavior

  * always -- switch to using afsconf_ClientAuthSecure, which uses
    rxkad_crypt, for ForwardVolume calls.

  * inherit -- encrypt inter-server traffic if the causal client
    connection is encrypted.  This has the effect of "inheriting" the
    "-encrypt" flag given to "vos release", for example.

Thanks to Jeffrey Altman for pointers and to Andrew Deason for noting
the existence of rxkad_GetServerInfo.

[mmeffie@sinenomine.net fix assertion and style update.]

Change-Id: Ia295ba3f29a8494c8250a480fb26594468d2116a
Reviewed-on: https://gerrit.openafs.org/11349
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Thomas Keiser <tkeiser@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Fix typo in kaserver appendix

Though it's very unlikely that someone would actually want to
set up a new kaserver installation, if we have documentation for
it, it ought to at least do what it claims to do.

Thus, change kinit to klog where it was intended.

Reported by Karl-Philipp Richter.

FIXES 133043

Change-Id: I478a42931fa863c11b4acca7624bcabc14e561b1
Reviewed-on: https://gerrit.openafs.org/12286
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

salvageserver: unable to write child log: out of memory

Changes to salvageserver logging in commit
24fed351fd13b38bfaf9f278c914a47782dbf670
introduced a new bug in SalvageLogCleanup; the test for calloc() failure
was inadvertently inverted.

Fix the sense of the test.

Change-Id: Id0ee4ac3e60d7285163a9ab0b32bd7d48e570ac0
Reviewed-on: https://gerrit.openafs.org/12284
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

salvageserver: segfault in DoSalvageVolume

A typo in the recent logging changes for salvageserver
ad455347bc99d1bd499535995958b5f77c2388ff
caused a bad address to be passed to memset.

Correctly memset the log options as intended.

Change-Id: Ifef46defcc6da56df4e58f8ed9029717a77c0b39
Reviewed-on: https://gerrit.openafs.org/12282
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

ubik: Don't clear ubik_lastYesTime on startup

In uvote_Init, we set ubik_lastYesTime to the current time just a few
lines before. It is important to set ubik_lastYesTime to the current
time, since that prevents us from voting for anyone in an ubik
election for at least BIGTIME seconds.

If we clear ubik_lastYesTime to 0, that means restarting a ubik server
could cause it to immediately start voting for a different site than
it was voting for before it started. This violates one of the ubik
invariants; as mentioned in the comments in SVOTE_Beacon, we cannot
promise sync site support to more than one site within BIGTIME
seconds. So initializing ubik_lastYesTime to 0 could cause two
different sites to be voted sync site simultaneously, if our restart
caused a premature change in vote.

Change-Id: I410fbefa8d699aac1c900d1fdd4e355b87917ad7
Reviewed-on: https://gerrit.openafs.org/12279
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Reviewed-by: Jeffrey Hutzelman <jhutz@cmu.edu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

auth: Allow subnet ranges in NetInfo and NetRestrict

Add the ability to specify a range of addresses in both NetInfo and
NetRestrict.

Change-Id: Iecdcca8587aa2e6e7cd56cbbebb63eb41b5d6f40
Reviewed-on: https://gerrit.openafs.org/11313
Reviewed-by: Daria Phoebe Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

export some kauth symbols for libadmin sample apps

These functions are used, so they should be in the library's
export list.

Even though no one should be using kauth anymore.

Change-Id: I3ad936c5b898f38194a461c7147792e2fe6f36b2
Reviewed-on: https://gerrit.openafs.org/11139
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: Michael Meffie <mmeffie@sinenomine.net>

afs: retire HAVE_LINUX_COMPLETION_H conditionals

Now that support for linux 2.4 has been sunset, as of commit
ccf353ede6ef5cce7c562993d1bea0d20844bdb7, it is no longer necessary to
put conditional compilation checks around the linux wait-for-completion
functions, which were introduced sometime during the linux 2.4 series
and have been available since.

Also, remove the remnant LINUX_COMPLETION_H_EXISTS autoconf macro, which
was removed from use in commit ef8bd5a29b937a1211540aa60398ee966470a712.

Change-Id: Iea974236f73eef8c567a897d6a473254edf95379
Reviewed-on: https://gerrit.openafs.org/12278
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

afs: remove commented out sleep in afs_call.c

The cell info setup was moved to the beginning of the startup sequence
and an unnecessary sleep commented out in the syscall in which the cell
info was set in commit 3fa5f389b2b7778cf0df5a506c91b427b147c4c2.

Clean up afs_call.c a bit by removing this commented out code.

Change-Id: I8ef0ddce4e1d327032b54ecebb48e9fdfe7767b4
Reviewed-on: https://gerrit.openafs.org/12277
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

afs: remove commented out AIX specific tweak

This AIX specific code block has been commented out since
openafs-ibm-1_0. The comments seem to indicate this was a networking
tweak specific to AIX, but the kernel variables involved were not
exported. Clean up afs_call.c by removing this dead code.

Change-Id: Ieb66573c410199d590bfcccf942dca28547ed1e0
Reviewed-on: https://gerrit.openafs.org/12276
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

afs: cleanup remnant afs_vfs_mount prototype in afs_call.c

The call to afs_vfs_mount() in afs_call.c was removed in commit
a5ab24af71efe6b80eb0f78d1979c5ab1d1e594d. Remove the remnant prototype
and the useless conditionals around it.

Change-Id: I032ab5971a6e18df203f799c3a6e4f683a66d726
Reviewed-on: https://gerrit.openafs.org/12275
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

rw: Properly cleanup LWP environment

Change-Id: I344d2081bdcfc2bd383e30bcf9a53f003356e9cb
Reviewed-on: https://gerrit.openafs.org/11663
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

lwp: fix bug in rw with assigning reader id

Change-Id: I101202a49f14142cf503a64b45f9168a907bbace
Reviewed-on: https://gerrit.openafs.org/11651
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

lwp: fix some warnings for rw.c

Change-Id: I5459353649e3896b3ade3300403d4b88c85d6084
Reviewed-on: https://gerrit.openafs.org/11650
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

lwp: remove preemption support

This feature of lwp is basically unused and inconsistently implemented.

Change-Id: Icf5c04b3bbd71af2c3d1b22dc4bfbe051952d80b
Reviewed-on: https://gerrit.openafs.org/11649
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

LINUX: dcache updates for mkdir and sillyrename

Commit d075b0549d62e4a81b7543b9c2f5dac242074909 introduced
parent_vcache_dv() to get the data version from fakestat mount points.
.mkdir (essentially .create for directories) should use this when
updating ->d_time.

In sillyrename, __dp is a negative dentry that should be forced to
revalidate since the new name in dentry now exists.

Change-Id: I5b112ce0437bfb061479024fee745b46821e599c
Reviewed-on: https://gerrit.openafs.org/12141
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Make setting of CFLAGS_NOSTRICT make sense

Previously, we would set -fno-strict-aliasing only when
--enable-checking was given to configure but not
--enable-checking=all.  The intent seems to have been to
only warn about strict aliasing violations when --enable-checking=all
is in use, but that there was no need to disable the strict-aliasing
diagnostics when -Werror was not enabled.

Unfortunately, -fno-strict-aliasing affects not only the diagnostics
emitted by the compiler, but also the code generation!  So we were
leaving the normal (no --enable-checking) case with the compiler
assuming C's strict aliasing rules.  The OpenAFS codebase has
historically not been strict-aliasing safe (for example,
commit 15e8678661ec49f5eac3954defad84c06b3e0164 refers to a
runtime crash using a certain compiler version, which is diagnosed
as the compiler using the C strict aliasing rules to make
optimizations that exposed the invalid program code.

To avoid futher surprises due to new compiler optimizations
that utilize the C strict aliasing rules, always disable
strict aliasing except when --enable-checking=all is used.

Change-Id: Ib5d3bbd7c88686bd9a878b6b2c5e7c2b4eeccc04
Reviewed-on: https://gerrit.openafs.org/11988
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

afs: fix memory leak

An error code is returned by afs_ProcessOpCreate if
this function can not allocate memory for ttargetName.

This function should release the memory previously
allocated for tname and decrement the reference count
of tdp as well.

Change-Id: Ic771b1d57080df6ee562a7327762030afdd5b08c
Reviewed-on: https://gerrit.openafs.org/12208
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

Partially unifdef afs_pag_call.c

This file is only built on linux, for afspag.ko. There is no
need to retain the artifiacts of its historical origin that include
conditionals for SUN5 or HPUX or the like.

Change-Id: Icbb2390d261f2f51766b392968fe332c4fb8aa6c
Reviewed-on: https://gerrit.openafs.org/12134
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

vos: Remove redundant " done" messages

In 1.4, a 'vos backup' command looked like this:

    $ vos backup root.cell -verbose
    Re-cloning backup volume 537351386 ... done
    Created backup volume for root.cell

As of 1.6.1, this output now looks like this:

    $ vos backup root.cell -verbose
    Re-cloning backup volume 537351386 ... done
     done
    Created backup volume for root.cell

Note the extra " done". This change can break scripts that parse "vos"
output, but mainly it just looks confusing and doesn't make any sense.

This extra " done" appeared in verbose output for 'vos backup', 'vos
backupsys', and 'vos clone'. It was introduced by commit 13a4f2b1,
which added a VDONE to DoVolClone. This new VDONE call does make
sense, as this does make DoVolClone more self-contained, but the old
VDONE messages were not removed, so an extra " done" got printed.

In addition, commit 13a4f2b1 introduced a new call to DoVolDelete
followed by a VDONE, even though DoVolDelete calls VDONE itself,
causing another redundant " done".

To get rid of all of these redundant " done" messages, remove some
extra VDONE calls in UV_BackupVolume and UV_CloneVolume.

Almost all other calls to VDONE in vsprocs.c are matched by a
preceding message that says what we are doing. The sole exception is
UV_ChangeLocation, which outputs a " done" without any preceding
message. However, this is the behavior that UV_ChangeLocation (and
thus 'vos changeloc') has always has since it was introduced in
0c03f860.

Thanks to Jakub Moscicki of CERN, who originally reported this issue
at EAKC 2014.

Change-Id: I6a13c85e73deb59b511086207a296f4017f799dc
Reviewed-on: https://gerrit.openafs.org/10980
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

redhat: remove leftover legacy kmod code from spec

Commit ec706b21530240d7fb66bad2f08513eff8f7c335 removed support
for Linux 2.4 and legacy kernel modules, but missed a few more
occurances of the latter. Remove those too.

Change-Id: I449f0303ec916d597f65790c6f6a564d2f58ce48
Reviewed-on: https://gerrit.openafs.org/11866
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>

doc: set use.id.as.filename for chunk.xsl

The deployed documentation on docs.openafs.org uses html file names
that match the id element for the XML elements in question. On
recent Debian systems, rebuilding these documents uses different
names for the files, based on their position within the document
hierarchy.

For consistency with past usage, and to avoid breaking direct links
when possible, set the xsl parameter use.id.as.filename to go back
to the old naming scheme.

Change-Id: I6d3fa2b74e319d1375891170817760d027e82f03
Reviewed-on: https://gerrit.openafs.org/12189
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>

Reconciliation of src/{afs,vol}/voldefs.h

Bring these two files back into synchronization. Fix
possible bug on very old SysV hosts where volume
header file extension could be handled inconsistently.
Overall differences reduced by about 50%. HPUX/AIX
differences now correctly managed in both versions.
Comment formats and whitespace in both modified to
remove differences and follow openafs standards.

Change-Id: I8fdf9941a0ee6ad7a091be38740bc2796f2b1d18
Reviewed-on: https://gerrit.openafs.org/5405
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Add extra parentheses to macro bodies

In order to avoid surprises due to operator precedence, the bodies
of macros that are intended to be used as values should always
be enclosed in an outer set of parentheses, if they contain more than
one term.

Change-Id: If175b1977b9452a7507c5906e4e611eccafb4d67
Reviewed-on: https://gerrit.openafs.org/12143
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

git ignore akeyconvert

Tell git to ignore the new akeyconvert binary added in commit
6f4bdc8cb3cd020cf4b499c352ec4c4811b5a267.

Change-Id: I4b9473e455319ac8ec378169a911c0619ab1fced
Reviewed-on: https://gerrit.openafs.org/12263
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

configure: check for some more krb5 functions

We will want to create a krb5_principal object that is used
as a sigil for comparison against, and need to do so in a portable
fashion. krb5_parse_name and krb5_unparse_name have been around
for a long time, but the counterpart krb5_free_unparsed_name is
not always available, so provide compatibility for it.

krb5_free_keytab_entry_contents is only a symbol in MIT krb5;
we will need a compat macro on Heimdal systems where it is not present.

Change-Id: I1cfe12910adac39216b8c7dd337b7e22d73555ed
Reviewed-on: https://gerrit.openafs.org/11785
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>

Add akeyconvert, for rxkad.keytab to KeyFileExt conversion

A simple utility to help with the 1.6-->1.8 upgrade by
bulk-converting keys, with some sanity checking.

Change-Id: Ibae9a1ea3b7c3bbad5ffbc02410fa7a4ff6c4d7f
Reviewed-on: https://gerrit.openafs.org/11786
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

roken: do not include the rk_rename() implementation on unix

libroken provides roken/rename.c for platforms where the native rename()
implementation does not replace the target if it already exists. As designed,
rk_rename() should be used instead of rename() everywhere and rk_rename()
is #defined to be rename() on platforms where this fix is not necessary.

Do not include the rk_rename() implementation on platforms which do not need
the rk_rename since it is not used on those platforms.

Note: This fix also avoids a recursive rename(). As currently implemented, the
rk_rename() function is redefined to rename() within the roken/rename.c module
when RENAME_DOES_NOT_UNLINK is not defined. This can mask the standard library
rename() and leads to a recursive call to rename().

Change-Id: I47a1fcd21939b161aaa7df7ffab26dc84e7b75ed
Reviewed-on: https://gerrit.openafs.org/12091
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

externalize log rotation

Do not create new server log files when servers are restarted by
default. External log rotation tools may be used to rotate the logs by
renaming log files and then signaling server processes to reopen
log files.

Add the -transarc-logs option to each server to provide backward
compatibility with the traditional Transarc-style logging. When
-transarc-logs is given, log files are renamed to an ".old" file
(overwriting the existing ".old" file) and the previous the log file is
truncated.

Change-Id: I2eeb67e3db32b2f75fe685b68dab1159e62061e9
Reviewed-on: https://gerrit.openafs.org/11731
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: reopen server logs on SIGUSR1 for external log rotation

Claim the SIGUSR1 signal for reopening server log files.  A server
process will reopen the log file when the SIGUSR1 signal is received.
If the log file does not exist, the server process will create a new,
empty log file.

This allows external log rotation programs to rotate log files by
renaming an existing log file then sending a SIGUSR1 signal to the
corresponding server process.  Any messages written to the log after the
log file was renamed but before the SIGUSR1 signal is received will
continue to be written to the renamed log file.  The server process will
write messages to the new log file after handling the SIGUSR1 signal.

The SIGUSR1 signal is used to reopen the log file instead of the more
commonly used SIGHUP signal, since SIGHUP is already used for resetting
the logging level.

The retirement of Linux 2.4 support, in particular the desupport of
LinuxThreads, in commit ccf353ede6ef5cce7c562993d1bea0d20844bdb7 allows
for the use of SIGUSR1 in OpenAFS.

Change-Id: Ie3ff52ae4986eae30c7420b5f05ff1eacdfe7596
Reviewed-on: https://gerrit.openafs.org/11727
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

util: doxygenate server logging functions

Provide doxygen style comment blocks for the server logging functions
and module variables.

Change-Id: Iacb49ce5d221f9219290e2479df8fa9a54a88fa7
Reviewed-on: https://gerrit.openafs.org/12221
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

Remove server logging globals

Remove the global variables used to setup server logging and replace
with an argument to OpenLog.

Keep the LogLevel variable as a global for use by the logging macros,
but provide an inline function for applications which check the log
level to dump more information when the log level is increased.

Provide consistency by adding syslog tags to processes that did not
previously set one (salvageserver, salvager, and volserver).

[kaduk@mit.edu: update commit message, use old-style log rotation for
kalog, minor commenting fixes]

Change-Id: I11cffbdd1418304d33f0be02dd7e600955c4a8bb
Reviewed-on: https://gerrit.openafs.org/12168
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

Add comment about serverlog locking

The lock protects global state such as the logging FD and the
syslog-related variables.

Change-Id: I5ea1b6945c10047da14d35b948a6a0ea53b55add
Reviewed-on: https://gerrit.openafs.org/12123
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

Reopen the correct filename when -logfile is given

The name of the log file passed to ReOpenLog() may not match the name
given in the initial OpenLog() call. This can happen when the -logfile
option is given to the fileserver or volume server.

Since the name given to ReOpenLog() must match the original name, change
ReOpenLog() to use the name previously given to OpenLog() and update all
callers.

Change-Id: Ie6fa4cb6e3c03f853efe0207bbec5d8412c6fe59
Reviewed-on: https://gerrit.openafs.org/11723
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: always reopen the log file

Reopen the log file even if the filename exists. This fixes the
situation where an external program moves or deletes the log
file, then creates a new file with the same log file name.

Change-Id: I3b98d6fc0d05c7ab231f84e9a271f925506ab51f
Reviewed-on: https://gerrit.openafs.org/11725
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: refactor OpenLog and ReOpenLog

Non-functional changes and cleanups in preparation for fixes and
enhancements.

Move the duplicated code to redirect the stdio/stderr streams to a common
static function. Add a helper function to check for named pipes. Move the
code to rename files when opening logs to a separate static function.

Change-Id: I5b56b80a7e799b6605cfad7b58ac8249ac93acc8
Reviewed-on: https://gerrit.openafs.org/11721
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

util: Remove undocumented magic of mrafs-style logs

The MR-AFS-style logs would always include the thread number in
log entries with the timestamp; now that we are trying to rebrand
this feature as "timestampped logs", having this bonus feature
is unexpected.

Thread ids are still used at higher log levels, as enabled by SIGTSTP.

Change-Id: Ie8c276e47a34d729ccce685ddf27bfa9e7a8f9f1
Reviewed-on: https://gerrit.openafs.org/12136
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: fix file descriptor leak in mrafs-style logging

When MR-AFS style logging is in effect, the SIGHUP signal handler will rename
then create a new, empty server log file to support log rotation.

Unfortunately, the old log file descriptor is not closed, so each SIGHUP
signal will leak one file descriptor.

Be sure to close the current log file descriptor before opening the log again.
The OpenLog() routine will move the current log file to a new file, with a
timestamp string appended to the log file, then open the server log file with
truncate flag to start a new log file.

Change-Id: Ic3f29607fa50ed868b9245865e375dedde438471
Reviewed-on: https://gerrit.openafs.org/11722
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: fix log file renaming of mrafs-style logs

Do not make timestamped log files with an invalid number of seconds when
renaming old mrsafs-style log files, i.e., more than 59 seconds in the
seconds field.

Replace the goto used in the mrafs-style make file name retries with a
regular, bounded loop.

Change-Id: I16d032197e4b1e227b1f005fbc395a013e099561
Reviewed-on: https://gerrit.openafs.org/12220
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: remove unused printLocks variable from mrafs-style logs

Remove the unused printLocks variable, which was added in commit,
86f1dc2117e6b6c8abb55ccbc8621743969b8996 "mrafs-server-log-handling-20010212"
but never used.

Change-Id: I64459cf93e86352ef16d9526e46847cbb4997f10
Reviewed-on: https://gerrit.openafs.org/11719
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: allocate log filename buffers

Allocate the ourName buffer to save the log filename during OpenLog(),
instead of trying to copy the log filename to a fixed size buffer.
Deallocate this buffer when the log is closed with CloseLog(). Save the
log file name even when MR-AFS style logging is not effect to allow
ReOpenLog() to use the saved filename in a later commit.

Dynamically allocate a buffer when formatting a file name for log
rotation instead of using a fixed size buffer on the stack. Allocate
the buffer for both traditional Transarc-style log file renaming
(appending ".old" to the log filename) and the MR-AFS style logging
(appending a timestamp to the log filename).

Change-Id: Ie217a93b271b48ccfc7b5244ad3a8c949d55ef54
Reviewed-on: https://gerrit.openafs.org/12219
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

util: open mrafs-style logs with O_APPEND too

Commit b71a041364d28d6a56905a770cd20d1497ee26ec added the O_APPEND flag when
opening the log file to allow sites to use logrotate's "copy and truncate"
feature.

Add the O_APPEND to MR-AFS style logs as well so MR-AFS style logs can also be
handled correctly with logrotate, we have consistent open flags, and can remove
a duplicate call to open the log file descriptor.

Change-Id: I8370838e1e2c7ddaa042508d6b9cbe1299339f68
Reviewed-on: https://gerrit.openafs.org/12218
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: remove obsolete SETVBUF_REVERSED

Commit 8af5762909714367c1cc764b3f491c06c2bcd5d0 "Clean up some
obsolete Autoconf code" removed the obsolete autoconf check
AC_FUNC_SETVBUF_REVERSED and one use of the results, but
overlooked another instance; remove it.

Change-Id: Id62a2a96b911c0d16d51d8cce0966ae3736bde87
Reviewed-on: https://gerrit.openafs.org/11718
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: always initialize the server log mutex

Be sure to always initialize the server log mutex. Use pthread_once to
ensure the mutex is initialized only once.

Before this change the server log mutex was not properly initialized
with pthread_mutex_init when logging to the syslog.

Change-Id: Ief2ee6b373f7309bc05061f7413b6ff623b86e31
Reviewed-on: https://gerrit.openafs.org/11717
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: fix server log fd validity checks

Do not assume the server log file descriptor cannot be zero.

Thanks to Chas Williams for spotting this bug.

Change-Id: I0d264828926bf8cd765b45db4e529233b8686404
Reviewed-on: https://gerrit.openafs.org/11797
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: remove util/softsig

Remove the old util/softsig implementation, which has been replaced by
opr/softsig.

Change-Id: Ie32f04129dd0b09a8baf9f6739abf53fbf1b98eb
Reviewed-on: https://gerrit.openafs.org/11998
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

ptserver: convert the ptserver to opr softsig

Convert the ptserver from regular signal handling to the opr soft
signal handling when built with pthreads. This makes it safe to call
pthread functions within signal handlers.

Change-Id: I43d345517c75e275d6896154a979a908181a1f39
Reviewed-on: https://gerrit.openafs.org/11997
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

vlserver: convert the vlserver to opr softsig

Convert the vlserver from regular signal handling to the opr soft
signal handling when built with pthreads. This makes it safe to call
pthread functions within signal handlers.

Change-Id: Ic9bd841c4796bd64b603505541da7e767afda83e
Reviewed-on: https://gerrit.openafs.org/11996
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

volser: convert the volume server to opr softsig

Convert the volume server from regular signal handling to the opr soft
signal handling when built with pthreads. This makes it safe to call
pthread functions within signal handlers.

Change-Id: I25b9a9184c526f4ce9b6e2abb25ae9135cc97ec6
Reviewed-on: https://gerrit.openafs.org/11995
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

viced: convert the fileserver to opr softsig

Convert the fileserver from the obsolete softsig routines to the modern opr
softsig routines for pthreaded programs.

Change-Id: I9e98e402f73ebca05fcaf0f852055b9a5ad93632
Reviewed-on: https://gerrit.openafs.org/11994
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

viced: remove old signal handler wrappers

Remove remnants of old lwp thread signal handler wrapper functions from
the fileserver. The lwp softsig handlers required a function which was
passed a void pointer argument and returned a void pointer. Tidy the
code by removing the unneeded wrappers and use the signal handler
functions directly.

Change-Id: I3d52efe659b03ee9a9484ec7a9d74404f1970278
Reviewed-on: https://gerrit.openafs.org/11921
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

util: softsig version of function to setup logging signal handlers

Provide a new routine to setup the server log signals which registers
soft signal handlers for the common log management signals (SIGTSTP and
SIGHUP). Keep the old SetupLogSignals() routine around while lwp still
exists.

Change-Id: Ic9151c7ad25528e8e4008a4567836e4196cbe8c3
Reviewed-on: https://gerrit.openafs.org/12238
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Windows: opr_softsig.h

Make the opr softsig header file available in the windows builds
so it can be included unconditionally in the code base.

Change-Id: I19a75ce060e20b525d83ec5bed42d3168362d852
Reviewed-on: https://gerrit.openafs.org/12237
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

procmgmt: wrappers for softsig handlers

Provide procmgmt wrappers for Windows environments which match the opr_softsig
functions. This allows builds of the windows servers continue to use the
existing process management signal handling functions, without introducing
additional conditional compilation in the server code.

Change-Id: I0ac287bde294996fb7f32c19370f2992a0af2a58
Reviewed-on: https://gerrit.openafs.org/12236
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

salvager: convert salvager and salvagerserver to libutil logging

Use the libutil logging facility in the salvager and DAFS salvageserver
in order to have consistent logging features and time stamp formats with
the other OpenAFS servers.

Change-Id: I8352d7e16b4a9f96b814a3b5c0b3b79a7c48e4bc
Reviewed-on: https://gerrit.openafs.org/12003
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Find Tivoli TSM headers in 64 bit location

When building with --enable-tivoli-tsm locate the Tivoli TSM headers
if they are installed in the path used by the 64 bit Tivoli TSM
installation.

Change-Id: I4f114a4ada1babcbe1e52f451f10e78d861b7fd0
Reviewed-on: https://gerrit.openafs.org/12258
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

afs: shake harder in shake-loose-vcaches

Linux based cache managers will allocate vcaches on demand and
deallocate batches of vcaches in the background. This feature is called
dynamic vcaches.

Vcaches to be deallocated are found by traversing the vcache LRU list
(VLRU) from the oldest vcache to the newest. Up to a target number of
vcaches are attempted to be evicted.  The afs_xvcache lock protecting
the VLRU may be dropped and re-acquired while attempting to evict a
vcache. When this happens, it is possible the VLRU may have changed, so
the traversal of the VLRU is restarted.  This restarting of the VLRU
transversal is limited to 100 iterations to avoid looping indefinitely.

Vcaches which are busy cannot be evicted and remain in the VLRU. When a
busy cache was not evicted and the afs_xvache lock was dropped, the VLRU
traversal is restarted from the end of the VLRU. When the busy vcache is
encountered on the retry, it will trigger additional retries until the
loop limit is reached, at which point the target number of vcaches will
not be deallocated.

This can leave a very large number of unbusy vcaches which are never
deallocated.  On a busy machine, tens of millions of unused vcaches can
remain in memory. When the busy vcache at the end of the VLRU is finally
evicted, the log jam is broken, and the background deamon will hold the
afs_xvcache lock for an excessively long time, hanging the system.

Fix this by moving busy vcaches to the head of the VLRU before
restarting the VLRU traversal. These busy vcaches will be skipped when
retrying the VLRU traversal, allowing the cache manager to make progress
deallocating vcaches down to the target level.

This was already done on the mac osx platform while attempting to evict
vcaches. Move the code to move busy vcaches to the head of the VLRU up
the the platform agnostic caller.

Thanks to Andrew Deason for the initial version of this patch.

Change-Id: I7768d00604e56d8d5369ac5215f7c2ab7996c4eb
Reviewed-on: https://gerrit.openafs.org/11654
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

LINUX: hold vcache while dropping dcache refs

Hold a reference on a vcache while attempting to evict the inode from
the dcache. Since the afs_xvcache lock is dropped, it could be possible
for the vcache to be flushed during this time, making it unsafe to use
the vcache after the eviction attempt.

Change-Id: I9d91db98387b7aaa986ed915420c6cafb4f12438
Reviewed-on: https://gerrit.openafs.org/12206
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Linux: Fix misleading indentation and other whitespace

Commit 7edc6694e7632c9736bd1516935604a638165313 introduced a
misleading indentation of a line in afs_linux_prefetch. Correct
it, and once here remove trailing whitespace throughout the file.

Change-Id: Idab888bb72c782bfd25c7fc81316eb1b65c0d128
Reviewed-on: https://gerrit.openafs.org/12253
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Fix typo in cm_dcache.c

Commit b85c5f9339e20d3de9b1316217dadbea41ad537e introduced a new
memset() but left out a prenthesis.

In the absence of a windows build machine, this error went unnoticed.

Reported by Mark Vitale.

Change-Id: Ie250163029132896cd70dc822c6170913e83dafe
Reviewed-on: https://gerrit.openafs.org/12241
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

doc: add missing angle bracket

The options -logfile and -config should be enclosed
by angle brackets.

Change-Id: I9e5767b7e43753b37dbc8d86c5346c778f8bab8d
Reviewed-on: https://gerrit.openafs.org/12233
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Linux 4.4: Do not use splice()

splice() may return -ERESTARTSYS if there are pending signals, and
it's not even clear how this should be dealt with. This potential
problem has been present for a long time, but as of Linux 4.4
(commit c725bfce7968009756ed2836a8cd7ba4dc163011) seems much more
likely to happen.

Until resources are available to fix the code to handle such errors,
avoid the riskier uses of splice().

If there is a default implementation of file_splice_{write,read},
use that; on somewhat older kernels where it is not available,
use the generic version instead.

[kaduk@mit.edu: add test for default_file_splice_write]

Change-Id: Ib4477cdfb2cd0f49f516da75edc3cb9d1a8817dc
Reviewed-on: https://gerrit.openafs.org/12217
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

Linux 4.4: Use locks_lock_file_wait

The locks API was changed in Linux 4.4, introducing locks_lock_file_wait
(e55c34a66f87e78fb1fc6b623b78c5ad74b475af) and removing
flock_lock_file_wait (616fb38fa7a9599293e05ae1fa9acfaf73922434).

locks_lock_file_wait can be used as a drop-in replacement so define
flock_lock_file_wait as an alias for it.

Change-Id: Iba89a43c651737c86cbf519a933289d97c25a467
Reviewed-on: https://gerrit.openafs.org/12170
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

Linux 4.4: key_payload has no member 'value'

In Linux 4.4 (146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc) type-specific and
payload data have been merged. The payload is now accessed directly and has
no 'value' member anymore.

FIXES 132677

Change-Id: Id26c40c80314a0087ecc0735029412787058ef07
Reviewed-on: https://gerrit.openafs.org/12169
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Remove automated casting in rxgen

We should let the compiler warn us when we attempt to convert types that
should not be converted.

Change-Id: Ie9f5f6ab5d5978bbe5e741b1a20bfb4d36fb314c
Reviewed-on: https://gerrit.openafs.org/12116
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

rxgen: Don't use size_t in struct rx_opaque with XDR

OpenAFS's XDR doesn't support size_t at this time. For now, use a
temporary stack variable to avoid 32/64-bit issues and copy back the
returned value upon success.

Change-Id: Ia3dd8abd665a19e04aa611f940728d088a8f87b7
Reviewed-on: https://gerrit.openafs.org/12115
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

Refactor printing arguments to the xdr routines

This makes some future changes a bit easier to read and implement.

Change-Id: I48eafa67659739865f43a0bcfe1f8a897a7a8940
Reviewed-on: https://gerrit.openafs.org/12114
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

doc: fs examine no longer requires read rights on the volume root vnode

Update the man page to reflect the current access rights required for fs
examine. Historically, fs examine required read access on the root
vnode of the volume housing the directory or file being examined. This
access check was relaxed in commit d2d591caf2c9b4cf2ebae708cc9b4c8b78ca5a5a,
since the information returned by the file server is already available
anonymously by other means.

Change-Id: If62b625bce8a260b98fb56a6feec49c674f2de53
Reviewed-on: https://gerrit.openafs.org/12223
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>

Add param files for FreeBSD 10.2, 10.3

FreeBSD 10.3 is in the beta stage now; better get ready for it.

Change-Id: I2a6b6144916f13768bfad27af5eb5340e039939b
Reviewed-on: https://gerrit.openafs.org/12222
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

OPENAFS-SA-2016-002 ListAddrByAttributes information leak

The ListAddrByAttributes structure is used as an input to the GetAddrsU
RPC; it contains a Mask field that controls which of the other fields
will actually be read by the server during the RPC processing.
Unfortunately, the client only wrote to the fields indicated by the
mask, leaving the other fields uninitialized for transmission on the
wire, leaking some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: I9ccf814ceff206ddb3a74da97dc50b7e1e3c2014

OPENAFS-SA-2016-002 VldbListByAttributes information leak

The VldbListByAttributes structure is used as an input to several
RPCs; it contains a Mask field that controls
which of the other fields will actually be read by the server
during the RPC processing. Unfortunately, the client only
wrote to the fields indicated by the mask, leaving the other
fields uninitialized for transmission on the wire, leaking
some contents of client memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: I14964e98a57ba6ef060c6e392497f1ebd3afe042

OPENAFS-SA-2016-002 AFSStoreVolumeStatus information leak

The AFSStoreVolumeStatus structure is used as an input to the
RXAFS_SetVolumeStatus RPC; it contains a Mask field that controls
which of the other fields will actually be read by the server
during the RPC processing. Unfortunately, the client only
wrote to the fields indicated by the mask, leaving the other
fields uninitialized for transmission on the wire, leaking
some contents of kernel memory.

Plug the information leak by zeroing the entire structure before use.

FIXES 132847

Change-Id: Ib309e6b00b95bc4178740352899d7f940f2eb1ea

OPENAFS-SA-2016-002 AFSStoreStatus information leak

Marc Dionne reported that portions of the AFSStoreStatus structure
were not written to before being sent over the network for
operations such as create, symlink, etc., leaking the contents
of the kernel stack to observers. Which fields in the request
are used are controlled by a flags field, and so if a field was
not going to be used by the server, it was sometimes left
uninitialized.

Fix the information leak by zeroing out the structure before use.

FIXES 132847

Change-Id: I84a5a10442732ebbcb5d5067ca22030fb795168b

OPENAFS-SA-2016-001 group creation by foreign users

CVE-2016-2860:

In AFS 3.3 as part of the addition of the cross-cell support for foreign
user auto-registration a bug was introduced that permits foreign users
to create arbitrary groups as if they were system administrators. This
permits the groups to be created without any group quota checks, and
using group names that non-administrators would not normally be able to
create, such as groups with the "system:" prefix or groups with no colon
(that is, in the namespace for users).

Additionally, all entries created using the auto-registration service
were marked as being created by system:administrators. This behavior
should not be changed on the stable release branch, but for the next
release the behavior will change to show these entries as being
self-created, to better reflect reality.

FIXES 132822

[kaduk@mit.edu: reword commit message, minor style adjustments]

Change-Id: I54ddca3e4e1339f76ed320f0d6c53d8820aed89c

ptserver: fix pt_util creation of groups

In commit 53ac98931adf9f04c150d9bc084cae31f3913476 the adjustment of
owner id was moved from CreateEntry() into CreateGroupName().  This was
done for two reasons:

1. to reuse the computation of "is administrator" within
    CreateGroupName() in order to permit the owner id to be set
    to the invalid values 0 and ANONYMOUSID.

2. to allow the owner id to be altered in ChangeEntry().

Unfortunately, CreateEntry() needs to be able to alter the owner id
when creating users not only groups.

This change moves the computation of "is administrator" and the
owner id assignment to CreateEntry() and ChangeEntry().

Change-Id: I0d37f5a43ea5919d1bbc3ba6d82b2924ab38befc

LINUX: ifconfig is deprecated

ifconfig is deprecated and is no longer installed by default on RHEL 7 and
Centos 7. Use the replacement ip command in the init script for linux.
Fallback to ifconfig in the event the ip command is not available.

Thanks to Ben Kaduk for pointing out the hash built-in command.

Change-Id: I7ffe272eb712cd83a70a7d880d239f72b40cb5df
Reviewed-on: http://gerrit.openafs.org/12192
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

DAFS: large volume support - fileserver crash after "addled bitmap"

Any DAFS fileserver operation that allocates a new vnode but fails
to update the vnode index will crash:

"Fatal Rx error: assertion failed: --vp->nWaiters >= 0,
file: ../vol/volume.c, line: nnnn"

Note: This crash was exposed by other bugs (to be addressed in future
commits) in OpenAFS large volume support.  However, there may
be other failure paths (unrelated to large volumes) that expose
this error as well.

When VAllocVnode() must allocate a new vnode but fails while
updating the vnode index file (e.g. an "addled bitmap" due to other
bugs in working with a vnode index larger than 2^31 bytes), it branches
to common recovery logic at label error_encountered:.

Part of this recovery is to call VFreeBitmapEntry_r().  Commit
08ffe3e81d875b58ae5fe4c5733845d5132913a0 added a VOL_FREE_BITMAP_WAIT
flag to VFreeBitmapEntry() in order to prevent races with VAllocBitmapEntry().
If the caller specifies VOL_FREE_BITMAP_WAIT, VFreeBitmapEntry_r will
call VCreateReservation_r() and VWaitExclusiveState_r().  However, the
exit from VFreeBitmapEntry_r() calls VCancelReservation_r() unconditionally.
This works correctly with the majority of callers to VFreeBitmapEntry_r,
which do specify the VOL_FREE_BITMAP_WAIT flag.

However, the VAllocVnode() error_encountered logic must specify 0 for
this flag because the thread is already in an exclusive state
(VOL_STATE_VNODE_ALLOC).  This correctly causes VFreeBitmapEntry_r() to
forgo both the reservation and wait-for-exclusive-state.  However, before
exit it erroneously calls VCancelReservation_r().  We now have unbalanced
reservations (nWaiters); this causes an assert when the VAllocVnode()
error_encountered recovery code later calls VCancelReservation_r()
for what it believes is its own prior reservation.

Modify VFreeBitmapEntry_r() to make its final VCancelReservation_r()
conditional on flag VOL_FREE_BITMAP_WAIT.

Change-Id: Id6cf6b1279b11e6dfc4704bba5739912f663beca
Reviewed-on: http://gerrit.openafs.org/11983
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

bozo: allow start of fs and dafs bnodes with options

fs_create() and dafs_create() issue stat() to verify
the existence of each executable specified in the bnode.
However, commit fda2bc874751ca479365dc6389c0eebb41a0bda1
inadvertently removed the code that stripped any command
arguments before the stat(). Therefore, any bnode that
specifies arguments (e.g. /usr/afs/bin/dafileserver -d 5),
causes the stat() to fail and the bnode will not start.

Rename function AppendExecutableExtension() to a less
"window-ish" name: PathToExecutable().

Modify the Windows version of PathToExecutable()
to properly strip arguments.

Reimplement the Unix macro as function PathToExecutable()
that properly strips arguments.

Change-Id: I04f7ce2afb8211bd12b9063db1335738bff1cc1e
Reviewed-on: http://gerrit.openafs.org/11934
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

viced: incorrect FID audit of BulkStatus and InlineBulkStatus

The audit code for object AUD_FIDS is off by one - we list the
first FID twice and skip the last FID.

Repair so all FIDs are properly audited.

Change-Id: I99f4687e25031eb26ccd7e07b732217b098005de
Reviewed-on: http://gerrit.openafs.org/12191
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

test: skip buserror test when SIGBUS is not defined in perl POSIX module

Older versions of the perl POSIX module do not define the SIGBUS symbol, which
causes the opr/softsig-t perl test to fail to compile. Instead of trying to
defined SIGBUS, which may be platform dependent, skip the buserror unit test on
these older platforms.

Change-Id: Ib8cfd77215ea43566e9d47b501d4989556b83734
Reviewed-on: http://gerrit.openafs.org/12186
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>