If you’ve ever administrated a sufficiently large and public AFS cell, you have probably at least once had a user assign rlidwka rights to system:anyuser on a directory. This can be a real security headache, particularly when web-accessible data is pulled directly from AFS. The only way currently to make sure that doesn’t happen is to revoke users’ admin rights, but then you lose the convenience and flexibility of users maintaining permissions themselves.Arguably, this problem can be solved by user education and performing audits of ACL rights, but that isn’t always enough.
Andrew File System
Two important fileserver fixes are available for OpenAFS 1.4.11, both of which address intermittent fileserver crashes. Source code patches are available in the OpenAFS git source code repository and are in the pipeline for the next release of OpenAFS.
The first patch fixes an error in the handling of multi-homed client hosts. An OpenAFS client host may have multiple interfaces, and hence multiple IP addresses. The fileserver attempts to associate these IP address to the host in memory. This multi-home tracking has been improved in recent releases of OpenAFS, however a subtle error was introduced around OpenAFS 1.4.8. When the last address associated with a host is removed, the callback connection for that host was also removed. In some cases that connection object was still in use by other threads, and the premature removal of the connection object will lead to a server crash when the fileserver attempts to access a null pointer.
The second fix is for an insidious and long standing bug in the host package of the fileserver. Several cases were found where the fileserver could be using a host object that had been freed. This bug could manifest in a number of terrible ways. Sometimes this bug lead to a situation where the internal list of client hosts was corrupted, in which case the fileserver could crash or even hang as it was trying to traverse a linked list that looped on itself. In other cases, the fileserver heap could be corrupted and the fileserver would crash when calling malloc, or the filerserver would crash when attempting to free an object which was already freed.
The fixes are available in the OpenAFS git repository, and are mirrored on bm1vsrv05.sinenomine.net,
- viced-null-callback-rxcon-20091022 eliminates the premature removal of the connection object
- viced-avoid-using-released-hosts-20091102 fixes the host package bug where the host list could be corrupted
Sine Nomine Associates has created a set of batch files called Winafsbld designed to help developers build OpenAFS on the Windows platform. A BETA version of the software is available online. The software development tool is designed to address the following issues:
At Sine Nomine Associates, we are committed to providing the best possible support for OpenAFS. Our solutions represent the standard of excellence and service that are hallmarks of a well-planned architecture and implementation, and the responses from our customers testify to our success.
An abnormal termination of a fileserver will cause a service outage. The bosserver will trigger a salvage and then restart the fileserver process.
OpenAFS 1.4.10 - 1.4.11 fileserver on all supported platforms
Sites running OpenAFS 1.4.10-1.4.11 are strongly encouraged to deploy the corrected fileserver. A source code patch for is available online
If you have any questions, please open a support ticket by sending email to support at sinenomine.net.
Sine Nomine Associates’ OpenAFS Consulting services provide organizations with assessment, analysis, design, planning, and implementation assistance.
Sine Nomine Associates offers professional training for OpenAFS.
Sine Nomine Associates offers development services for OpenAFS.
Sine Nomine Associates provides enterprise-quality support for OpenAFS.
The OpenAFS team of Sine Nomine Associates provides OpenAFS support and development services for customers of various industry sectors and sizes. Our OpenAFS engineers are in direct contact with our customers’ technical staff, and work together in a strongly team-oriented manner. Engineers take ownership of support and/or development tasks as assigned, and follow through from initiation to delivery.