[OpenAFS] ubik_Call returns 363546 suddenly

Benjeman Meekhof bmeekhof@umich.edu
Mon, 7 Mar 2016 09:52:19 -0500


Thanks everyone for the information, and thanks again to Jeffrey for
more details off-list about some issues with the amanda-afs code.

I was able to get the util to work by changing a call to
vsu_ClientInit to use authentication and running with admin tokens.

regards,
Ben


On Sat, Mar 5, 2016 at 6:56 PM, Jeffrey Altman <jaltman@auristor.com> wrote:
> On 3/5/2016 3:00 PM, Benjeman Meekhof wrote:
>> I tracked this down to the following snippet of code.  In this code
>> ubik_Call returns a code of '363546', nentries is 0, and since we get
>> no volumes returned that's the end of any further action.  volname is
>> a wildcard string like "home..*".  I've tried pointing the command at
>> volume sets on any of our 3 file servers.
>
> The error is VL_PERM == Permission denied.
>
>> Can anyone on the list offer any further hints to tracking this down?
>> It appears that the beginning of this problem correlates to our
>> vlserver machines receiving a package update that moved from afs
>> 1.6.10 to 1.6.14.  We're not experiencing any other issues with AFS,
>> and until this point have not had any issue with this utility.
>
> Reading the Amanda "volset" source code the connection to the VL service
> is made using the "rxnull" security class. As such the connection is
> "anonymous" and the VL_ListAttributesN2 query is denied.
>
> The change in behavior is due to
>
>   http://www.openafs.org/pages/security/#OPENAFS-SA-2015-006
>
> Jeffrey Altman
>
>
>