[00:41:25] --- squinney has become available
[02:39:42] --- squinney has left
[04:50:37] --- Stephan Wiesand has become available
[05:18:34] --- Stephan Wiesand91743 has become available
[05:18:34] --- Stephan Wiesand91743 has left
[05:18:34] --- Stephan Wiesand52975 has become available
[05:18:34] --- Stephan Wiesand52975 is now known as Stephan Wiesand28577
[05:18:34] --- Stephan Wiesand28577 has left
[05:18:34] --- Stephan Wiesand28577 has become available
[05:18:57] --- Stephan Wiesand has left
[05:19:03] --- Stephan Wiesand has become available
[05:19:16] --- Stephan Wiesand28577 has left
[05:31:03] --- Stephan Wiesand has left
[05:31:08] --- Stephan Wiesand has become available
[05:38:38] --- Stephan Wiesand31206 has become available
[05:38:38] --- Stephan Wiesand31206 has left
[05:38:38] --- Stephan Wiesand31206 has become available
[05:38:38] --- Stephan Wiesand31206 has left
[05:38:38] --- Stephan Wiesand8061 has become available
[05:38:38] --- Stephan Wiesand8061 has left
[05:38:38] --- Stephan Wiesand85771 has become available
[05:39:01] --- Stephan Wiesand has left
[05:39:06] --- Stephan Wiesand has become available
[05:39:26] --- Stephan Wiesand85771 has left
[05:55:49] --- Stephan Wiesand42154 has become available
[05:55:49] --- Stephan Wiesand42154 has left
[05:55:49] --- Stephan Wiesand36442 has become available
[05:55:49] --- Stephan Wiesand36442 has left
[05:55:49] --- Stephan Wiesand28449 has become available
[05:56:12] --- Stephan Wiesand has left
[06:10:11] --- kula has left
[06:50:44] --- jaltman/FrogsLeap has become available
[07:13:13] --- gendalia has become available
[07:22:41] <gendalia> I have installed OpenAFS 1.6.1 on NetBSD 6.0.1, and I think I'm the first person to use dafs on NetBSD. Any sort of suggested tests to make sure everything is working fine before I put it in production?
[07:30:23] --- mvitale has become available
[07:40:26] <Ken Dreyer> gendalia: at my site we just did a couple hard power cycles to ensure that it re-attached volumes properly
[07:41:08] <gendalia> Ok, sounds easy enough. Thanks!
[08:14:42] --- deason has become available
[08:22:58] --- ballbery has become available
[08:45:36] --- Stephan Wiesand28449 has left
[09:00:06] <Simon Wilkinson> kaduk: You around?
[09:01:45] <kaduk@mit.edu/barnowl> Mostly
[09:03:36] <Simon Wilkinson> You're probably the only out of tree user, so I thought I should check
[09:03:51] <Simon Wilkinson> I'm going to do a merge of the Heimdal crypto and rfc3961 code into master ...
[09:04:07] <Simon Wilkinson> I want to fix some issues coverity has kindly shown me that are fixed upstream
[09:04:25] <kaduk@mit.edu/barnowl> A worthy goal.
[09:04:44] <Simon Wilkinson> Changes there won't affect you at present?
[09:04:52] <kaduk@mit.edu/barnowl> I have only a minimal exposure to our hcrypto at the moment.
[09:05:03] <Simon Wilkinson> Cool
[09:05:13] <kaduk@mit.edu/barnowl> And IIRC our "rfc3961" code is only used in kernelspace?
[09:05:36] <Simon Wilkinson> At present, yes
[09:06:51] <kaduk@mit.edu/barnowl> I think I'm only using RAND_bytes() at the moment and linking to MIT's
gssapi and krb5 libraries for the interesting-ish bits.
I probably should have looked more closely at our hcrypto pieces
before doing so, but the crypto stuff is pretty isolated from
everything else.
[09:07:57] <kaduk@mit.edu/barnowl> I assume you're not planning on importing any PRF stuff this time
around?
[09:11:19] <Simon Wilkinson> There's already PRF stuff there.
[09:12:11] <kaduk@mit.edu/barnowl> I only see AES_PRF, am I looking in the wrong place?
[09:12:20] <Simon Wilkinson> What are you looking for?
[09:14:08] <kaduk@mit.edu/barnowl> Well ... I don't have anything concrete in mind, really.
But the gssapi library from my OS X does not provide a gss_pseudo_random,
and we need that for the rxgk key negotiation, and that seems poor.
Not really a thing for hcrypto, though.
[09:14:43] <Simon Wilkinson> Yeah - fixing that is a bit more complicated.
[09:14:59] <Simon Wilkinson> It's an issue on a number of platforms, including Windows.
[09:15:31] <kaduk@mit.edu/barnowl> I have been mostly not thinking about windows, except for being
super-paranoid about ensuring that malloc/free is consistent for each
alloation.
[09:15:58] <kaduk@mit.edu/barnowl> Though, I should probably finish setting up an openafs build
environment on my windows vm.
[09:16:11] <Simon Wilkinson> Yeah - that's a colossal drag, especially when you end up having to needlessly copy buffers around so that the allocators are all in line
[09:16:35] <kaduk@mit.edu/barnowl> Yeah.
[09:18:19] <Simon Wilkinson> At the moment, we only pull in the stuff from Heimdal to give us a crypto library capable of doing AES. I suspect at some point that will be expanded to at least AES and RC4, at which point we'll gain an RC4 PRF.
[09:19:55] <jaltman/FrogsLeap> Window  allocation is no longer a concern on 'master' since all allocations are done using roken
[09:20:00] --- ballbery has left
[09:20:00] --- ballbery has become available
[09:21:12] <kaduk@mit.edu/barnowl> Oh, we provide our own gssapi lib on windows?
[09:21:42] <jaltman/FrogsLeap> gssapi is provided by the Kerberos package installed on the system
[09:21:57] <jaltman/FrogsLeap> All of the OpenAFS allocations are done using roken
[09:22:15] <kaduk@mit.edu/barnowl> Okay, that makes more sense.
[09:52:36] --- mvitale has left
[09:52:36] --- mvitale has become available
[10:05:35] --- mvitale has left
[10:05:35] --- mvitale has become available
[10:14:18] --- kula has become available
[10:14:31] --- kula has left
[10:29:13] --- mvitale has left
[10:29:13] --- mvitale has become available
[10:59:37] --- mvitale has left
[11:47:34] --- mvitale has become available
[13:26:36] --- mdionne has become available
[14:04:50] --- ballbery has left
[14:17:44] <kaduk@mit.edu/barnowl> Sigh, we don't check for errors from RXS_GetChallenge just as we
didn't used to check for errors from RXS_PreparePacket.
[14:20:27] <Simon Wilkinson> Challenge errors are less serious than PreparePacket errors, though. At least the connection will fail to establish without leaking any data :)
[14:20:34] <kaduk@mit.edu/barnowl> Right :)
[14:20:54] <kaduk@mit.edu/barnowl> I was just sitting here going, "why is my unconditional error not
causing the call to error out?"
[14:21:38] <Simon Wilkinson> A challenge error should probably error out the whole connection. But the locking here is fun, because you have to handle new calls joining the connection
[14:22:43] <kaduk@mit.edu/barnowl> I am going to not think about that now, I think.
[14:22:51] <deason> it doesn't cause garbage in existing packet structure to be sent out or anything, does it?
[14:23:40] <Simon Wilkinson> packet->length _should_ be 0. But that does depend on the security object implementation
[14:23:57] <kaduk@mit.edu/barnowl> Well, empirically I sent a half dozen such packets, so probably not.
Though I don't remember how OSX is on having nonzero stack garbage.
[14:24:41] <Simon Wilkinson> The issue isn't stack garbage, it's reused packets.
[14:26:53] <Simon Wilkinson> But I don't think that's an issue here. The packet comes directly from AllocPacket, which gets it from one of the free packet queues, which means that its data length should be set to 0. Providing the security object doesn't change the data length before returning an error, a 0 length packet will be sent.
[14:28:30] <Simon Wilkinson> And rxkad is fine for this.
[14:32:35] --- mvitale has left
[14:50:22] --- gendalia has left
[14:57:29] --- mvitale has become available
[15:02:20] --- mvitale has left
[15:09:09] <kaduk@mit.edu/barnowl> It's really tempting to violate some abstraction barriers when putting
an rxgk challenge into a packet.
[15:10:50] <shadow@gmail.com/barnowl5ABA57FD> rxkad does.
[15:11:29] <kaduk@mit.edu/barnowl> (It's also tempting to define the challenge as raw bytes and not using
XDR.)
[15:11:39] <shadow@gmail.com/barnowl5ABA57FD> i,i xdr_raw
[15:12:38] <kaduk@mit.edu/barnowl> Oh, Derrick, did you see my mail about bulkstat?  I haven't had time
to look at it, anyways.
[15:13:11] <shadow@gmail.com/barnowl5ABA57FD> i haven't done much email today.
[15:13:24] <kaduk@mit.edu/barnowl> Sure, not super-urgent.
[15:13:25] <shadow@gmail.com/barnowl5ABA57FD> oh. i see. it's old.
[15:13:44] <kaduk@mit.edu/barnowl> "It's asking about even older things"
[15:14:40] <shadow@gmail.com/barnowl5ABA57FD> did you git annotate and see where that check came from?
[15:14:55] <kaduk@mit.edu/barnowl> Yeah.
[15:15:19] <kaduk@mit.edu/barnowl> (I thought I listed a few commits which should be the relevant ones.)
[15:16:53] <shadow@gmail.com/barnowl5ABA57FD>  #ifdef AFS_DARWIN80_ENV            
-           int isdead = (tvcp->f.states & CDeadVnode);
+           int isdead = ((tvcp->f.states & CDeadVnode) ||
+                         (tvcp->f.states & CVInit));
 #endif
?
[15:17:43] <kaduk@mit.edu/barnowl> Well, the real question is why is either of those checks conditional
on darwin.
[15:17:47] <kaduk@mit.edu/barnowl> (To me.)
[15:18:19] <shadow@gmail.com/barnowl5ABA57FD> the reason this is macos-specific is everywhere else we are able to
retype a vnode; we have hoops on macos due to what the kpi lets us do.
so this is just an extra condition due to that, since we can need to
recycle a vnode.
[15:18:58] <shadow@gmail.com/barnowl5ABA57FD> everywhere else we just keep using gthe vnode and say "oh. turns out
you are a (file, directory, symlink)
[15:19:07] <kaduk@mit.edu/barnowl> Ah.
[15:19:36] <shadow@gmail.com/barnowl5ABA57FD> i have a plan to rewrite bulkstat to be more agnostic.
[15:58:54] --- deason has left
[18:11:20] --- jaltman/FrogsLeap has left: Disconnected
[19:54:12] --- jaltman/FrogsLeap has become available
[19:54:37] --- jaltman/FrogsLeap has left: Disconnected
[19:55:12] --- jaltman/FrogsLeap has become available
[19:55:17] --- jaltman/FrogsLeap has left: Disconnected
[21:20:29] --- jaltman/FrogsLeap has become available
[21:35:49] --- jaltman/FrogsLeap has left: Disconnected
[21:39:02] --- jaltman/FrogsLeap has become available
[23:30:13] --- kula has become available
[23:30:13] --- kula has left