OpenAFS Master Repository branch, openafs-devel-1_7_x, updated. openafs-devel-1_7_4-7-g4a7457d
Gerrit Code Review
gerrit@openafs.org
Thu, 22 Dec 2011 10:41:19 -0800 (PST)
The following commit has been merged in the openafs-devel-1_7_x branch:
commit 282173fc8b9a11f6931064feb110a27e3399f0ea
Author: Jeffrey Altman <jaltman@your-file-system.com>
Date: Wed Dec 21 21:17:33 2011 -0500
Windows: Use AuthGroups for extent request error reporting
The afs redirector current tracks the most recent extent error
in the File Control Block. Prior to this patchset the error
was returned to the requesting thread when the process Id matched
the most recent Process to issue a request. This approach resulted
in a couple of problems.
1. There are multiple threads that can issue an extent request
on the same file at the same time representing different processes.
Resetting the process Id with each new request could clear the
error prior to its receipt.
2. The failure may be due to inappropriate permissions. Permissions
are not associated with proceses but with Authentication Groups.
This patchset makes several changes:
1. It enables the afsd_service to track the active authgroup as
part of the cm_user_t structure and associates that object with
the BIOD object to ensure that the active authgroup can be
reported to the afs redirector.
2. It modifies the AFSExtentFailureCB structure to include the
AuthGroup GUID.
3. It tracks the AuthGroup GUID associated with the extent
failure in the non-paged file control block.
4. It converts all tests on Process Id to use AuthGroup instead.
5. It alters the behavior of error delivery such that reported
error is only cleared after it has been reported once to a
thread using the matching AuthGroup.
These changes make the situation better but not perfect as error
states can still be lost. However, it avoids the case most often
seen in production where two processes (a end user process and an
anti-malware process) are fighting over a file and the anti-malware
process has no permission to access the file under its own credentials.
Reviewed-on: http://gerrit.openafs.org/6396
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
(cherry picked from commit b9ca435dcb5433218ecbb37ab41b85dabe0a5912)
Change-Id: I3f32ffda5cc7091854488aba66a8549ea7470141
Reviewed-on: http://gerrit.openafs.org/6406
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
src/WINNT/afsd/cm_dcache.c | 4 +-
src/WINNT/afsd/cm_dcache.h | 1 +
src/WINNT/afsd/cm_user.h | 1 +
src/WINNT/afsrdr/common/AFSRedirCommonStructs.h | 2 +
src/WINNT/afsrdr/common/AFSUserPrototypes.h | 2 +-
src/WINNT/afsrdr/common/AFSUserStructs.h | 2 +
src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp | 85 +++++++++++++++------
src/WINNT/afsrdr/kernel/lib/AFSRead.cpp | 4 +-
src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp | 15 ++--
src/WINNT/afsrdr/kernel/lib/Include/AFSCommon.h | 3 +-
src/WINNT/afsrdr/user/RDRFunction.c | 14 ++--
src/WINNT/afsrdr/user/RDRInit.cpp | 46 +++++++++++-
12 files changed, 136 insertions(+), 43 deletions(-)
--
OpenAFS Master Repository