Browse Source

openafs package creation

Signed-off-by: fpdpbuilder_pel7x64builder0 <fpdpbuilder@powerel.org>
master
fpdpbuilder_pel7x64builder0 5 years ago
parent
commit
8a16f9dc37
  1. 665
      SOURCES/CellServDB.2018-05-14
  2. 626
      SOURCES/ChangeLog
  3. 34
      SOURCES/RELNOTES-1.8.2
  4. 75
      SOURCES/butc-butb-errors.patch
  5. 24
      SOURCES/openafs-client.service
  6. 1047
      SPECS/openafs.spec

665
SOURCES/CellServDB.2018-05-14

@ -0,0 +1,665 @@ @@ -0,0 +1,665 @@
>grand.central.org #GCO Public CellServDB 14 May 2018
18.9.48.14 #grand.mit.edu
128.2.13.219 #grand-old-opry.central.org
>wu-wien.ac.at #University of Economics, Vienna, Austria
137.208.3.33 #goya.wu-wien.ac.at
137.208.7.57 #caravaggio.wu-wien.ac.at
137.208.8.14 #vermeer.wu-wien.ac.at
>hephy.at #hephy-vienna
193.170.243.10 #afs01.hephy.oeaw.ac.at
193.170.243.12 #afs02.hephy.oeaw.ac.at
193.170.243.14 #afs03.hephy.oeaw.ac.at
>cgv.tugraz.at #CGV cell
129.27.218.30 #phobos.cgv.tugraz.at
129.27.218.31 #deimos.cgv.tugraz.at
129.27.218.32 #trinculo.cgv.tugraz.at
>itp.tugraz.at #Institute of Theoretical and Computational Physics, TU Graz, Aus
129.27.161.7 #faepafs1.tu-graz.ac.at
129.27.161.15 #faepafs2.tu-graz.ac.at
129.27.161.114 #faepafs3.tu-graz.ac.at
>sums.math.mcgill.ca #Society of Undergraduate Mathematics Students of McGill Universi
132.216.24.122 #germain.sums.math.mcgill.ca
132.216.24.125 #turing.sums.math.mcgill.ca
>ualberta.ca #University of Alberta
129.128.1.131 #file13.ucs.ualberta.ca
129.128.98.17 #mystery.ucs.ualberta.ca
129.128.125.40 #drake.ucs.ualberta.ca
>cern.ch #European Laboratory for Particle Physics, Geneva
137.138.128.148 #afsdb1.cern.ch
137.138.246.50 #afsdb3.cern.ch
137.138.246.51 #afsdb2.cern.ch
>ams.cern.ch #AMS Experiment
137.138.188.185 #ams.cern.ch
137.138.199.58 #pcamsf4.cern.ch
>epfl.ch #Swiss Federal Institute of Technology at Lausanne
128.178.109.111 #kd1.epfl.ch
128.178.109.112 #kd2.epfl.ch
128.178.109.113 #kd3.epfl.ch
>ethz.ch #Swiss Federal Inst. of Tech. - Zurich, Switzerland
82.130.118.32 #afs-db-1.ethz.ch
>psi.ch #Paul Scherrer Institut - Villigen, Switzerland
129.129.190.140 #afs00.psi.ch
129.129.190.141 #afs01.psi.ch
129.129.190.142 #afs02.psi.ch
>extundo.com #Simon Josefsson's cell
195.42.214.241 #slipsten.extundo.com
>freedaemon.com #Free Daemon Consulting, Oklahoma City, OK, USA
66.210.104.254 #afs0.freedaemon.com
>membrain.com #membrain.com
66.93.118.125 #stormy
130.85.24.11 #weasel
130.85.24.13 #straykitten
>nilcons.com #nilcons.com
5.9.14.177 #files.nilcons.com
>sodre.cx #Sodre.cx
128.8.140.165 #greed.sodre.cx
>ruk.cuni.cz #Charles University Computer Centre, Prague, CR
195.113.0.36 #asterix.ruk.cuni.cz
195.113.0.37 #obelix.ruk.cuni.cz
195.113.0.40 #sal.ruk.cuni.cz
>ics.muni.cz #Masaryk university
147.228.240.30 #afs-plzen.meta.zcu.cz
147.251.9.9 #smaug2.ics.muni.cz
195.113.214.4 #tarkil-xen.cesnet.cz
>zcu.cz #University of West Bohemia, Czech Republic
147.228.10.18 #sauron.zcu.cz
147.228.52.10 #oknos.zcu.cz
147.228.52.17 #nic.zcu.cz
>desy.de #Deutsches Elektronen-Synchrotron
131.169.2.19 #afsdb2.desy.de
131.169.2.20 #afsdb3.desy.de
131.169.244.60 #solar00.desy.de
>naf.desy.de #National Analysis Facility at DESY
141.34.220.32 #tcsh1-vm1.naf.desy.de
141.34.230.33 #tcsh2-vm1.naf.desy.de
141.34.230.34 #tcsh3-vm1.naf.desy.de
>gppc.de #GPP Chemnitz mbH
213.187.92.33 #gpp1.gppc.de
213.187.92.34 #paulchen.gppc.de
213.187.92.35 #lotus.gppc.de
>cms.hu-berlin.de #Humboldt University Berlin
141.20.1.65 #commodus.cms.hu-berlin.de
141.20.1.66 #faustinus.cms.hu-berlin.de
141.20.1.67 #marcellus.cms.hu-berlin.de
>ifh.de #DESY Zeuthen
141.34.22.10 #romulus.ifh.de
141.34.22.11 #remus.ifh.de
141.34.22.29 #hekate.ifh.de
>integra-ev.de #INTEGRA e.V.
134.155.48.8 #afsdb2.integra-ev.de
134.155.48.63 #afsdb1.integra-ev.de
>lrz-muenchen.de #Leibniz Computing Centre, Germany
129.187.10.36 #afs1.lrz-muenchen.de
129.187.10.56 #afs3.lrz-muenchen.de
129.187.10.57 #afs2.lrz-muenchen.de
>ipp-garching.mpg.de #Institut fuer Plasmaphysik
130.183.9.5 #afs-db1.rzg.mpg.de
130.183.14.14 #afs-db3.bc.rzg.mpg.de
130.183.100.10 #afs-db2.aug.ipp-garching.mpg.de
>mpe.mpg.de #MPE cell
130.183.130.7 #irafs1.mpe-garching.mpg.de
130.183.134.20 #irafs2.mpe-garching.mpg.de
>nicsys.de #NICsys GbR
213.187.80.3 #attila.nicsys.de
>i1.informatik.rwth-aachen.de #Informatik I, RWTH Aachen
137.226.244.79 #remus.informatik.rwth-aachen.de
>combi.tfh-wildau.de #Philips Research Lab
194.95.50.106 #joda13.combi.tfh-wildau.de
>tu-berlin.de #TU Berlin
130.149.204.10 #afsc-pr-1.tubit.tu-berlin.de
130.149.204.11 #afsc-pr-2.tubit.tu-berlin.de
130.149.204.70 #afsc-ba-1.tubit.tu-berlin.de
>tu-bs.de #Technical University of Braunschweig, Germany
134.169.1.1 #rzafs1.rz.tu-bs.de
134.169.1.5 #rzafs2.rz.tu-bs.de
134.169.1.6 #rzafs3.rz.tu-bs.de
>tu-chemnitz.de #Technische Universitaet Chemnitz, Germany
134.109.2.1 #zuse.hrz.tu-chemnitz.de
134.109.2.2 #andrew.hrz.tu-chemnitz.de
134.109.2.15 #phoenix.hrz.tu-chemnitz.de
>e18.ph.tum.de #Experimental Physics, TU Munich, Germany
129.187.154.165 #dionysos.e18.physik.tu-muenchen.de
129.187.154.223 #hamlet.e18.physik.tu-muenchen.de
>physik.uni-bonn.de #Institute of Physics, University of Bonn, Germany
131.220.166.33 #afsdb1.physik.uni-bonn.de
131.220.166.34 #afsdb2.physik.uni-bonn.de
131.220.166.35 #afsdb3.physik.uni-bonn.de
>atlass01.physik.uni-bonn.de #Bonn ATLAS
131.220.165.43 #atlass01.physik.uni-bonn.de
>uni-freiburg.de #Albert-Ludwigs-Universitat Freiburg
132.230.6.237 #sv8.ruf.uni-freiburg.de
132.230.6.239 #sv10.ruf.uni-freiburg.de
>physik.uni-freiburg.de #Institute of Physics, University Freiburg, Germany
132.230.6.234 #afs1.ruf.uni-freiburg.de
132.230.6.235 #afs2.ruf.uni-freiburg.de
132.230.77.12 #sherlock.physik.uni-freiburg.de
>math.uni-hamburg.de #Department of Mathematics Uni Hamburg
134.100.223.3 #afs-core.math.uni-hamburg.de
134.100.223.6 #afs-core2.math.uni-hamburg.de
134.100.223.9 #afs-core3.math.uni-hamburg.de
>physnet.uni-hamburg.de #PHYSnet-Rechenzentrum university of hamburg
134.100.106.44 #afs-core.physnet.uni-hamburg.de
134.100.106.45 #afs-core2.physnet.uni-hamburg.de
134.100.106.47 #afs-core3.physnet.uni-hamburg.de
>iqo.uni-hannover.de #Institut fuer Quantenoptik Hannover
130.75.103.221 #afs1.iqo.uni-hannover.de
130.75.103.223 #afs2.iqo.uni-hannover.de
>mathi.uni-heidelberg.de #Uni Heidelberg (Mathematisches Institut)
129.206.26.241 #hactar.mathi.uni-heidelberg.de
>urz.uni-heidelberg.de #Uni Heidelberg (Rechenzentrum)
129.206.119.10 #afsdb.urz.uni-heidelberg.de
129.206.119.16 #afsdb1.urz.uni-heidelberg.de
129.206.119.17 #afsdb2.urz.uni-heidelberg.de
>ziti.uni-heidelberg.de #Institute of Computer Science at the University of Heidelberg
147.142.42.246 #mp-sun.ziti.uni-heidelberg.de
147.142.42.252 #mp-pizza.ziti.uni-heidelberg.de
>uni-hohenheim.de #University of Hohenheim
144.41.2.2 #rs13.serv.uni-hohenheim.de
144.41.2.3 #rs14.serv.uni-hohenheim.de
144.41.2.4 #rs15.serv.uni-hohenheim.de
>rz.uni-jena.de #Rechenzentrum University of Jena, Germany
141.35.2.180 #afs00.rz.uni-jena.de
141.35.2.181 #afs01.rz.uni-jena.de
141.35.2.182 #afs02.rz.uni-jena.de
>meteo.uni-koeln.de #Univ. of Cologne - Inst. for Geophysics & Meteorology
134.95.144.22 #afs1.meteo.uni-koeln.de
134.95.144.24 #afs2.meteo.uni-koeln.de
>rrz.uni-koeln.de #University of Cologne - Reg Comp Center
134.95.19.3 #afsdb1.rrz.uni-koeln.de
134.95.19.4 #afsdb2.rrz.uni-koeln.de
134.95.19.10 #lyra.rrz.uni-koeln.de
134.95.67.97 #afs.thp.uni-koeln.de
134.95.112.8 #ladon.rrz.uni-koeln.de
>urz.uni-magdeburg.de #Otto-von-Guericke-Universitaet, Magdeburg
141.44.7.6 #lem.urz.uni-magdeburg.de
141.44.8.14 #bowles.urz.uni-magdeburg.de
141.44.13.5 #strugazki.urz.uni-magdeburg.de
>physik.uni-mainz.de #institute of physics, university Mainz, Germany
134.93.130.93 #hardy.physik.uni-mainz.de
>uni-mannheim.de #Uni Mannheim (Rechenzentrum)
134.155.97.204 #afsdb1.uni-mannheim.de
134.155.97.205 #afsdb2.uni-mannheim.de
134.155.97.206 #afsdb3.uni-mannheim.de
>mathematik.uni-stuttgart.de #University of Stuttgart, Math Dept.
129.69.61.1 #fbm01.mathematik.uni-stuttgart.de
129.69.61.2 #fbm02.mathematik.uni-stuttgart.de
129.69.61.3 #fbm03.mathematik.uni-stuttgart.de
>stud.mathematik.uni-stuttgart.de #CIP-Pool of Math. Dept, University of Stuttgart
129.69.61.28 #omni.mathematik.uni-stuttgart.de
129.69.116.201 #stud01.mathematik.uni-stuttgart.de
129.69.116.202 #stud02.mathematik.uni-stuttgart.de
129.69.116.203 #stud03.mathematik.uni-stuttgart.de
>physik.uni-wuppertal.de #Physics department of Bergische Universität Wuppertal
132.195.104.3 #afs1.physik.uni-wuppertal.de
132.195.104.230 #afs2.physik.uni-wuppertal.de
>s-et.aau.dk #Aalborg Univ., The Student Society, Denmark
130.225.196.22 #afs.s-et.aau.dk
>ies.auc.dk #Aalborg Univ., Inst. of Electronic Systems, Denmark
130.225.51.73 #afsdb1.kom.auc.dk
130.225.51.74 #afsdb2.kom.auc.dk
130.225.51.85 #afsdb3.kom.auc.dk
>asu.edu #Arizona State University
129.219.10.69 #authen2.asu.edu
129.219.10.70 #authen1.asu.edu
129.219.10.72 #authen3.asu.edu
>hep.caltech.edu #Caltech High Energy Physics
131.215.116.20 #afs.hep.caltech.edu
>ugcs.caltech.edu #Caltech UGCS lab
131.215.176.65 #afs-c.ugcs.caltech.edu
131.215.176.67 #afs-a.ugcs.caltech.edu
131.215.176.68 #afs-b.ugcs.caltech.edu
>andrew.cmu.edu #Carnegie Mellon University - Computing Services Cell
128.2.10.2 #afsdb-01.andrew.cmu.edu
128.2.10.7 #afsdb-02.andrew.cmu.edu
128.2.10.11 #afsdb-03.andrew.cmu.edu
>mw.andrew.cmu.edu #Carnegie Mellon University - Middleware Test Cell
128.2.234.24 #null.andrew.cmu.edu
128.2.234.170 #mw-mgr.andrew.cmu.edu
>club.cc.cmu.edu #Carnegie Mellon University Computer Club
128.2.204.149 #barium.club.cc.cmu.edu
128.237.157.11 #sodium.club.cc.cmu.edu
128.237.157.13 #potassium.club.cc.cmu.edu
>chem.cmu.edu #Carnegie Mellon University - Chemistry Dept.
128.2.40.134 #afs.chem.cmu.edu
128.2.40.140 #afs2.chem.cmu.edu
>cs.cmu.edu #Carnegie Mellon University - School of Comp. Sci.
128.2.172.58 #date.srv.cs.cmu.edu
128.2.172.60 #fig.srv.cs.cmu.edu
128.2.200.97 #watermelon.srv.cs.cmu.edu
>ece.cmu.edu #Carnegie Mellon University - Elec. Comp. Eng. Dept.
128.2.129.7 #porok.ece.cmu.edu
128.2.129.8 #vicio.ece.cmu.edu
128.2.129.9 #e-xing.ece.cmu.edu
>scotch.ece.cmu.edu #CMU ECE CALCM research group
128.2.134.82 #lagavulin.ece.cmu.edu
>qatar.cmu.edu #Carnegie Mellon University - Qatar
86.36.46.6 #afs1.qatar.cmu.edu
86.36.46.7 #afs2.qatar.cmu.edu
>sbp.ri.cmu.edu #Carnegie Mellon University - Sensor Based Planning Lab
128.2.179.12 #nihao.sbp.ri.cmu.edu
128.2.179.113 #youtheman.sbp.ri.cmu.edu
>cnf.cornell.edu #CNF
128.253.198.9 #hole.cnf.cornell.edu
128.253.198.27 #smoke.cnf.cornell.edu
128.253.198.231 #mist.cnf.cornell.edu
>math.cornell.edu #Cornell Math Dept
128.84.234.12 #pooh.math.cornell.edu
128.84.234.16 #bernoulli.math.cornell.edu
128.84.234.162 #dyno.math.cornell.edu
>msc.cornell.edu #Cornell University Materials Science Center
128.84.231.242 #miranda.ccmr.cornell.edu
128.84.241.35 #co.ccmr.cornell.edu
128.84.249.78 #dax.ccmr.cornell.edu
>dbic.dartmouth.edu #Dartmouth Brain Imaging Center
129.170.30.143 #dbicafs1.dartmouth.edu
129.170.30.144 #dbicafs2.dartmouth.edu
129.170.30.145 #dbicafs3.dartmouth.edu
>northstar.dartmouth.edu #Dartmouth College Research Computing
129.170.16.22 #halley.dartmouth.edu
129.170.16.26 #andromeda.dartmouth.edu
129.170.199.250 #kuiper.dartmouth.edu
>cs.hm.edu #Department Computer Science Munich University Of Applied Science
129.187.208.31 #afs1.cs.hm.edu
>eecs.harvard.edu #Harvard - EECS
140.247.60.64 #lefkada.eecs.harvard.edu
140.247.60.83 #corfu.eecs.harvard.edu
>iastate.edu #Iowa State University
129.186.1.243 #afsdb-1.iastate.edu
129.186.6.243 #afsdb-2.iastate.edu
129.186.142.243 #afsdb-3.iastate.edu
>acm.jhu.edu #Johns Hopkins ACM chapter
128.220.35.191 #chicago.acm.jhu.edu
128.220.70.76 #typhon.acm.jhu.edu
>athena.mit.edu #MIT/Athena cell
18.7.45.11 #leda.mit.edu
18.9.48.11 #castor.mit.edu
18.9.48.12 #pollux.mit.edu
>csail.mit.edu #MIT Computer Science & Artificial Intelligence Lab
128.30.2.13 #titanic.csail.mit.edu
128.30.2.31 #vasa.csail.mit.edu
128.30.2.75 #maine.csail.mit.edu
>lns.mit.edu #MIT/LNS Cell
198.125.160.134 #afs2.lns.mit.edu.
198.125.160.217 #afsdbserv1.lns.mit.edu.
198.125.160.218 #afsdbserv2.lns.mit.edu.
>net.mit.edu #MIT/Network Group cell
18.7.62.60 #willy.mit.edu
18.9.48.15 #moby.mit.edu
18.9.48.16 #springer.mit.edu
>sipb.mit.edu #MIT/SIPB cell
18.4.60.19 #reynelda.mit.edu
18.4.60.22 #rosebud.mit.edu
18.4.60.23 #ronald-ann.mit.edu
>msu.edu #Michigan State University Main Cell
35.9.7.10 #afsdb0.cl.msu.edu
35.9.7.11 #afsdb1.cl.msu.edu
35.9.7.12 #afsdb2.cl.msu.edu
>nd.edu #University of Notre Dame
129.74.223.17 #john.helios.nd.edu
129.74.223.33 #lizardo.helios.nd.edu
129.74.223.65 #buckaroo.helios.nd.edu
>crc.nd.edu #University of Notre Dame - Center for Research Computing
129.74.85.34 #afsdb1.crc.nd.edu
129.74.85.35 #afsdb2.crc.nd.edu
129.74.85.36 #afsdb3.crc.nd.edu
>pitt.edu #University of Pittsburgh
136.142.8.15 #afs09.srv.cis.pitt.edu
136.142.8.20 #afs10.srv.cis.pitt.edu
136.142.8.21 #afs11.srv.cis.pitt.edu
>cs.pitt.edu #University of Pittsburgh - Computer Science
136.142.22.5 #afs01.cs.pitt.edu
136.142.22.6 #afs02.cs.pitt.edu
136.142.22.7 #afs03.cs.pitt.edu
>psc.edu #PSC (Pittsburgh Supercomputing Center)
128.182.59.182 #shaggy.psc.edu
128.182.66.184 #velma.psc.edu
128.182.66.185 #daphne.psc.edu
>scoobydoo.psc.edu #PSC Test Cell
128.182.59.181 #scooby.psc.edu
>cede.psu.edu #Penn State - Center for Engr. Design & Entrepeneurship
146.186.218.10 #greenly.cede.psu.edu
146.186.218.60 #b50.cede.psu.edu
146.186.218.246 #stalin.cede.psu.edu
>rose-hulman.edu #Rose-Hulman Institute of Technology
137.112.7.11 #afs1.rose-hulman.edu
137.112.7.12 #afs2.rose-hulman.edu
137.112.7.13 #afs3.rose-hulman.edu
>cs.rose-hulman.edu #Rose-Hulman CS Department
137.112.40.10 #galaxy.cs.rose-hulman.edu
>rpi.edu #Rensselaer Polytechnic Institute
128.113.22.11 #saul.server.rpi.edu
128.113.22.12 #joab.server.rpi.edu
128.113.22.13 #korah.server.rpi.edu
128.113.22.14 #achan.server.rpi.edu
>hep.sc.edu #University of South Carolina, Dept. of Physics
129.252.78.77 #cpeven.physics.sc.edu
>cs.stanford.edu #Stanford University Computer Science Department
171.64.64.10 #cs-afs-1.Stanford.EDU
171.64.64.66 #cs-afs-2.stanford.edu
171.64.64.69 #cs-afs-3.stanford.edu
>ir.stanford.edu #Stanford University
171.64.7.222 #afsdb1.stanford.edu
171.64.7.234 #afsdb2.stanford.edu
171.64.7.246 #afsdb3.stanford.edu
>slac.stanford.edu #Stanford Linear Accelerator Center
134.79.18.25 #afsdb1.slac.stanford.edu
134.79.18.26 #afsdb2.slac.stanford.edu
134.79.18.27 #afsdb3.slac.stanford.edu
>physics.ucsb.edu #UC Santa Barbara, Physics Dept
128.111.18.161 #ledzeppelin.physics.ucsb.edu
>cats.ucsc.edu #University of California, Santa Cruz
128.114.123.8 #afs-prod-front-1.ucsc.edu
128.114.123.9 #afs-prod-front-2.ucsc.edu
128.114.123.10 #afs-prod-front-3.ucsc.edu
>ncsa.uiuc.edu #National Center for Supercomputing Applications at Illinois
141.142.192.66 #nile-vm.ncsa.uiuc.edu
141.142.192.143 #congo-vm.ncsa.uiuc.edu
141.142.192.144 #kaskaskia-vm.ncsa.uiuc.edu
>umbc.edu #University of Maryland, Baltimore County
130.85.24.23 #db2.afs.umbc.edu
130.85.24.87 #db3.afs.umbc.edu
130.85.24.101 #db1.afs.umbc.edu
>glue.umd.edu #University of Maryland - Project Glue
128.8.70.11 #olmec.umd.edu
128.8.236.4 #egypt.umd.edu
128.8.236.230 #babylon.umd.edu
>wam.umd.edu #University of Maryland Network WAM Project
128.8.70.9 #csc-srv.wam.umd.edu
128.8.236.5 #avw-srv.wam.umd.edu
128.8.236.231 #ptx-srv.wam.umd.edu
>umich.edu #University of Michigan - Campus
141.211.1.32 #fear.ifs.umich.edu
141.211.1.33 #surprise.ifs.umich.edu
141.211.1.34 #ruthless.ifs.umich.edu
>atlas.umich.edu #ATLAS group cell in physics at University of Michigan
141.211.43.102 #linat02.grid.umich.edu
141.211.43.103 #linat03.grid.umich.edu
141.211.43.104 #linat04.grid.umich.edu
>citi.umich.edu #University of Michigan - Center for Information Technology Integ
141.212.112.5 #babylon.citi.umich.edu
>isis.unc.edu #Univ. of NC at Chapel Hill - ITS
152.2.1.5 #db0.isis.unc.edu
152.2.1.6 #db1.isis.unc.edu
152.2.1.7 #db2.isis.unc.edu
>eng.utah.edu #University of Utah - Engineering
155.98.111.9 #lenny.eng.utah.edu
155.98.111.10 #carl.eng.utah.edu
>cs.uwm.edu #University of Wisconsin--Milwaukee
129.89.38.124 #solomons.cs.uwm.edu
129.89.143.71 #filip.cs.uwm.edu
>cs.vassar.edu #Computer Science research network / Vassar College
143.229.6.73 #afsserv.cs.vassar.edu
>cs.wisc.edu #Univ. of Wisconsin-Madison, Computer Sciences Dept.
128.105.132.14 #timon.cs.wisc.edu
128.105.132.15 #pumbaa.cs.wisc.edu
128.105.132.16 #zazu.cs.wisc.edu
>engr.wisc.edu #University of Wisconsin-Madison, College of Engineering
144.92.13.14 #larry.cae.wisc.edu
144.92.13.15 #curly.cae.wisc.edu
144.92.13.16 #moe.cae.wisc.edu
>hep.wisc.edu #University of Wisconsin -- High Energy Physics
128.104.28.219 #anise.hep.wisc.edu
144.92.180.7 #rosemary.hep.wisc.edu
144.92.180.30 #fennel.hep.wisc.edu
>physics.wisc.edu #Univ. of Wisconsin-Madison, Physics Department
128.104.160.13 #kendra.physics.wisc.edu
128.104.160.14 #fray.physics.wisc.edu
128.104.160.15 #buffy.physics.wisc.edu
>ciemat.es #Ciemat, Madrid, Spain
192.101.165.10 #afsdb1.ciemat.es
192.101.165.11 #afsdb2.ciemat.es
>ifca.unican.es #Instituto de Fisica de Cantabria (IFCA), Santander, Spain
193.144.209.20 #gridwall.ifca.unican.es
>ific.uv.es #Instituto de Fisica Corpuscular, Valencia, Spain
147.156.163.11 #alpha.ific.uv.es
>alteholz.eu #alteholz.eu
78.47.192.125 #krb1eu.afs.alteholz.net
>in2p3.fr #IN2P3
134.158.104.11 #ccafsdb01.in2p3.fr
134.158.104.12 #ccafsdb02.in2p3.fr
134.158.104.13 #ccafsdb03.in2p3.fr
>mcc.ac.gb #University of Manchester
130.88.203.41 #nevis.mc.man.ac.uk
130.88.203.144 #eryri.mc.man.ac.uk
130.88.203.145 #scafell.mc.man.ac.uk
>anl.gov #Argonne National Laboratory
146.137.96.33 #arteus.it.anl.gov
146.137.162.88 #agamemnon.it.anl.gov
146.137.194.80 #antenor.it.anl.gov
>rhic.bnl.gov #Relativistic Heavy Ion Collider
130.199.6.51 #rafs03.rcf.bnl.gov
130.199.6.52 #rafs02.rcf.bnl.gov
130.199.6.69 #rafs01.rcf.bnl.gov
>usatlas.bnl.gov #US Atlas Tier 1 Facility at BNL
130.199.48.32 #aafs01.usatlas.bnl.gov
130.199.48.33 #aafs02.usatlas.bnl.gov
130.199.48.34 #aafs03.usatlas.bnl.gov
>jpl.nasa.gov #Jet Propulsion Laboratory
137.78.160.21 #afsdb08.jpl.nasa.gov
137.78.160.22 #afsdb09.jpl.nasa.gov
137.78.160.23 #afsdb10.jpl.nasa.gov
>doe.atomki.hu #Institute of Nuclear Research (MTA ATOMKI), Debrecen, Hungary
193.6.179.31 #afs.doe.atomki.hu
>bme.hu #Budapest University of Technology and Economics
152.66.241.6 #afs.iit.bme.hu
>kfki.hu #Wigner Research Centre for Physics - Budapest, Hungary
148.6.2.109 #afs0.kfki.hu
>rnd.ru.is #Reykjavik University Research and Development Network
130.208.242.66 #lithium.rnd.ru.is.
130.208.242.67 #beryllium.rnd.ru.is.
130.208.242.68 #boron.rnd.ru.is.
>caspur.it #CASPUR Inter-University Computing Consortium, Rome
193.204.5.45 #pomodoro.caspur.it
193.204.5.46 #banana.caspur.it
193.204.5.50 #maslo.caspur.it
>enea.it #ENEA New Tech. Energy & Environment Agency, Italy
192.107.54.5 #aixfs.frascati.enea.it
192.107.54.11 #rs2ced.frascati.enea.it
192.107.54.12 #43p.frascati.enea.it
>fusione.it #Assoz. FUSIONE/Euratom, ENEA, Frascati-Italy
192.107.90.2 #fusafs1.frascati.enea.it
192.107.90.3 #fusafs2.frascati.enea.it
192.107.90.4 #fusafs3.frascati.enea.it
>icemb.it #ICEMB, Universita' La Sapienza - Rome - Italy
193.204.6.130 #icembfs.caspur.it
>ictp.it #The Abdus Salam International Centre for Theoretical Physics (IC
140.105.34.7 #afsdb1.ictp.it
140.105.34.8 #afsdb2.ictp.it
>infn.it #Istituto Nazionale di Fisica Nucleare (INFN), Italia
131.154.1.7 #afscnaf.infn.it
141.108.26.75 #afsrm1.roma1.infn.it
192.84.134.75 #afsna.na.infn.it
>ba.infn.it #INFN, Sezione di Bari
193.206.185.235 #baafsserver.ba.infn.it
193.206.185.236 #debsrv.ba.infn.it
>kloe.infn.it #INFN, KLOE experiment at Laboratori di Frascati
192.135.25.111 #kloeafs1.lnf.infn.it
192.135.25.112 #kloeafs2.lnf.infn.it
>le.infn.it #INFN, Sezione di Lecce
192.84.152.40 #afs01.le.infn.it
192.84.152.148 #afs02.le.infn.it
>lnf.infn.it #INFN, Laboratori Nazionali di Frascati
193.206.84.121 #afs1.lnf.infn.it
193.206.84.122 #afs2.lnf.infn.it
193.206.84.123 #afs3.lnf.infn.it
>lngs.infn.it #INFN, Laboratori Nazionali del Gran Sasso
192.84.135.21 #afs1.lngs.infn.it
192.84.135.133 #afs2.lngs.infn.it
>pi.infn.it #INFN, Sezione di Pisa
192.84.133.50 #aix1.pi.infn.it
212.189.152.6 #afs1.pi.infn.it
212.189.152.7 #afs2.pi.infn.it
>roma3.infn.it #Istituto Nazionale di Fisica Nucleare (INFN), Italia
193.205.159.17 #afsrm3.roma3.infn.it
>psm.it #Progetto San Marco, Universita' di Roma-1
151.100.1.65 #atlante.psm.uniroma1.it
>tgrid.it #CASPUR-CILEA-CINECA Grid Cell
193.204.5.33 #cccgrid.caspur.it
>math.unifi.it #math.unifi.it
150.217.34.182 #xeno.math.unifi.it
>ing.uniroma1.it #Universita' La Sapienza, Fac. Ingeneria
151.100.85.253 #alfa.ing.uniroma1.it
>dia.uniroma3.it #University Roma Tre - DIA
193.204.161.67 #srv.dia.uniroma3.it
193.204.161.79 #aux.dia.uniroma3.it
193.204.161.118 #afs.dia.uniroma3.it
>vn.uniroma3.it #University Roma Tre, area Vasca Navale
193.205.219.59 #alfa2.dia.uniroma3.it
193.205.219.60 #beta2.dia.uniroma3.it
193.205.219.61 #gamma2.dia.uniroma3.it
>italia #Italian public AFS cell
193.204.5.9 #afs.caspur.it
>cmf.nrl.navy.mil #Naval Research Laboratory - Center for Computational Science
134.207.12.68 #picard.cmf.nrl.navy.mil
134.207.12.69 #riker.cmf.nrl.navy.mil
134.207.12.70 #kirk.cmf.nrl.navy.mil
>lcp.nrl.navy.mil #Naval Research Lab - Lab for Computational Physics
132.250.114.2 #afs1.lcp.nrl.navy.mil
132.250.114.4 #afs2.lcp.nrl.navy.mil
132.250.114.6 #afs3.lcp.nrl.navy.mil
>nucleares.unam.mx #Instituto de Ciencias Nucleares, UNAM, Mexico
132.248.29.50 #nahualli.nucleares.unam.mx
>crossproduct.net #crossproduct.net
207.114.88.173 #geodesic.crossproduct.net
>epitech.net #EPITECH, France
163.5.255.41 #afs-db-1.epitech.net
163.5.255.42 #afs-db-2.epitech.net
>es.net #Energy Sciences Net
198.128.3.21 #fs1.es.net
198.128.3.22 #fs2.es.net
198.128.3.23 #fs3.es.net
>gorlaeus.net #Gorlaeus Laboratories, Leiden University
132.229.170.27 #fwncisafs1.gorlaeus.net
>laroia.net #Laroia Networks
66.66.102.254 #supercore.laroia.net
>pallissard.net #pallissard.net
35.184.35.247 #files.pallissard.net
>sinenomine.net #Sine Nomine Associates
207.89.43.108 #afsdb3.sinenomine.net
207.89.43.109 #afsdb4.sinenomine.net
207.89.43.110 #afsdb5.sinenomine.net
>slackers.net #The Slackers' Network
199.4.150.159 #alexandria.slackers.net
>tproa.net #The People's Republic of Ames
204.11.35.83 #service-3.tproa.net
204.11.35.84 #service-4.tproa.net
204.11.35.85 #service-5.tproa.net
>interdose.net #Interdose Ltd. & Co. KG, Germany
80.190.171.42 #bfd9000.tow5.interdose.net
80.190.171.43 #bfd9001.tow5.interdose.net
>nikhef.nl #The Dutch National Institute for High Energy Physics
192.16.185.26 #afs1.nikhef.nl
192.16.185.27 #afs2.nikhef.nl
>acm-csuf.org #California State Univerisity Fullerton ACM
137.151.29.193 #afs1.acm-csuf.org
>adrake.org #adrake.org
128.2.98.241 #afs.adrake.org
>bazquux.org #Baz Quux Organization
66.207.142.196 #baxquux.org
>coed.org #Adam Pennington's Cell
66.93.61.184 #vice1.coed.org
128.237.157.35 #vice3.coed.org
>dementia.org #Dementia Unlimited (old)
128.2.13.209 #dedlock.dementix.org
128.2.234.204 #vorkana.dementix.org
128.2.235.26 #meredith.dementix.org
>dementix.org #Dementia Unlimited
128.2.13.209 #dedlock.dementix.org
128.2.234.204 #vorkana.dementix.org
128.2.235.26 #meredith.dementix.org
>idahofuturetruck.org #University of Idaho hybrid vehicle development
12.18.238.210 #dsle210.fsr.net
>afs.ietfng.org #ietfng.org
67.62.51.95 #a.afs.ietfng.org
>jeaton.org #jeaton.org (Jeffrey Eaton, jeaton@jeaton.org)
128.2.234.89 #jeaton-org-01.jeaton.org
128.2.234.92 #jeaton-org-02.jeaton.org
>mrph.org #Mrph
66.207.133.1 #sanber.mrph.org
128.2.99.209 #hernandarias.mrph.org
>mstacm.org #Missouri Science & Technology - ACM
131.151.249.193 #acm.mst.edu
>nomh.org #nomh.org
204.29.154.12 #iota.nomh.org
204.29.154.32 #adversity.xi.nomh.org
>oc7.org #The OC7 Project
128.2.122.140 #knife.oc7.org
207.22.77.170 #spoon.oc7.org
>pfriedma.org #pfriedma.org
72.95.215.18 #vice.pfriedma.org
>riscpkg.org #The RISC OS Packaging Project
83.104.175.10 #delenn.riscpkg.org
>kth.se #Royal Institute of Technology, Stockholm, Sweden
130.237.32.145 #sonen.e.kth.se
130.237.48.7 #anden.e.kth.se
130.237.48.244 #fadern.e.kth.se
>ict.kth.se #Royal Institute of Technology, Information and Communication tec
130.237.216.11 #afsdb1.ict.kth.se
130.237.216.12 #afsdb2.ict.kth.se
130.237.216.13 #afsdb3.ict.kth.se
>it.kth.se #Royal Institute of Technology, Teleinformatics, Kista
130.237.216.14 #afsdb1.it.kth.se
130.237.216.15 #afsdb2.it.kth.se
130.237.216.16 #afsdb3.it.kth.se
>md.kth.se #Royal Institute of Technology, MMK
130.237.32.63 #mdafs-1.sys.kth.se
>mech.kth.se #Royal Institute of Technology, MECH
130.237.233.142 #matterhorn.mech.kth.se
130.237.233.143 #castor.mech.kth.se
130.237.233.144 #pollux.mech.kth.se
>nada.kth.se #Royal Institute of Technology, NADA
130.237.223.12 #afsdb-2.csc.kth.se
130.237.224.78 #afsdb-3.csc.kth.se
130.237.227.23 #afsdb-4.csc.kth.se
>pdc.kth.se #Royal Institute of Technology, PDC
130.237.232.29 #crab.pdc.kth.se
130.237.232.112 #anna.pdc.kth.se
130.237.232.114 #hokkigai.pdc.kth.se
>stacken.kth.se #Stacken Computer Club
130.237.234.3 #milko.stacken.kth.se
130.237.234.43 #hot.stacken.kth.se
130.237.234.101 #fishburger.stacken.kth.se
>syd.kth.se #Royal Institute of Technology, KTH-Syd
130.237.83.23 #afs.haninge.kth.se
>sanchin.se #Sanchin Consulting AB, Sweden
192.195.148.10 #sesan.sanchin.se
>su.se #Stockholm University
130.237.162.81 #afsdb1.su.se
130.237.162.82 #afsdb2.su.se
130.237.162.230 #afsdb3.su.se
>fysik.su.se #Stockholm University, Physics Department
130.237.244.134 #srv01.fysik.su.se
130.237.244.135 #srv02.fysik.su.se
130.237.244.139 #srv05.fysik.su.se
>f9.ijs.si #F9, Jozef Stefan Institue
194.249.156.1 #brenta.ijs.si
>p-ng.si #University of Nova Gorica
193.2.120.2 #solkan.p-ng.si
193.2.120.9 #sabotin.p-ng.si
>ihep.su #Institute for High-Energy Physics
194.190.165.201 #fs0001.ihep.su
194.190.165.202 #fs0002.ihep.su
>motherfsck.tech #motherfsck.tech
>hep-ex.physics.metu.edu.tr #METU Department of Physics, Experimental HEP group, Ankara/Turke
144.122.31.131 #neutrino.physics.metu.edu.tr
>phy.bris.ac.uk #Bristol University - physics
137.222.74.18 #zen.phy.bris.ac.uk
>inf.ed.ac.uk #School of Informatics, University of Edinburgh
129.215.64.16 #afsdb0.inf.ed.ac.uk
129.215.64.17 #afsdb1.inf.ed.ac.uk
129.215.64.18 #afsdb2.inf.ed.ac.uk
>phas.gla.ac.uk #Univeristy of Glasgow Physics And Astronomy
194.36.1.19 #afsdb1.phas.gla.ac.uk
194.36.1.27 #afsdb3.phas.gla.ac.uk
194.36.1.33 #afsdb2.phas.gla.ac.uk
>ic.ac.uk #Imperial College London
155.198.63.148 #icafs2.cc.ic.ac.uk
155.198.63.149 #icafs1.cc.ic.ac.uk
>hep.man.ac.uk #Manchester HEP
194.36.2.3 #afs1.hep.man.ac.uk
194.36.2.4 #afs2.hep.man.ac.uk
194.36.2.5 #afs3.hep.man.ac.uk
>tlabs.ac.za #iThemba LABS Cell
196.24.232.1 #afs01.tlabs.ac.za
196.24.232.2 #afs02.tlabs.ac.za
196.24.232.3 #afs03.tlabs.ac.za

626
SOURCES/ChangeLog

@ -0,0 +1,626 @@ @@ -0,0 +1,626 @@
commit d77120341812164516e3d8e380c98f6be6dac9d7
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Mon Sep 10 20:36:31 2018 -0500

Make OpenAFS 1.6.23
Update version strings for the 1.6.23 release.
Change-Id: I4cbfcca4f986cd201ec3e45d61c7ad53990aede8

commit 213f5591a47e246d7964ef10d4e3adf5c0bab487
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Mon Sep 10 20:26:20 2018 -0500

Update NEWS for 1.6.23
Release notes for the OpenAFS 1.6.23 security release.
Change-Id: I7c3422ca50f1a6d4f91852d31b91673c65ac95d6

commit 885c02af3761c0f2bf3350dc4beef09a92770aa7
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Tue Sep 11 10:51:01 2018 -0500

Fix typos in audit format strings
Commit 9ebff4c6caa8b499d999cfd515d4d45eb3179769 introduced audit
framework support for several butc-related data types, but had
a typo ('$d' for '%d') in a couple of places, that was not reported
by compiler format-string checking. Fix the typo to properly print
all the auditable data.
(cherry picked from commit d5816fd6cd1876760a985a817dbbb3940cf3bddb)
(cherry picked from commit 90601818205aeefd1cf99b8766a7bfd03bf9b96a)
(cherry picked from commit 0cdb370f1813158a6dbd577e5c250bc26ac4590c)
Change-Id: I0d1cb15d02225a8557da09ed72efbc5103e1ec1b

commit 9067d543817f32deb334e20c67e071f124a42140
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Sun Sep 9 10:44:38 2018 -0500

OPENAFS-SA-2018-001 backup: use authenticated connection to butc
Use the standard routine to pick a client security object, instead of
always assuming rxnull. Respect -localauth as well as being able to
use the current user's tokens, but also provide a -nobutcauth argument
to fall back to the historical rxnull behavior (but only for the connections
to butc; vldb and budb connections are not affected).
(cherry picked from commit 345ee34236c08a0a2fb3fff016edfa18c7af4b0a)
(cherry picked from commit ed217df4b23e111d4b12e7236bdf6f8ab5575952)
(cherry picked from commit 3f06dd4f73f7fa1f6ecbd71e9ebe2ef5c67dfebd)

commit cb8b8300369cf12f1a4681010b71aa46659529bc
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Thu Sep 6 18:50:39 2018 -0500

OPENAFS-SA-2018-001 butc: require authenticated connections with -localauth
The butc -localauth option is available to use the cell-wide key to
authenticate to the vlserver and buserver, which in normal deployments
will require incoming connections to be authenticated as a superuser.
In such cases, the cell-wide key is also available for use in
authenticating incoming connections to the butc, which would otherwise
have been completely unauthenticated.
Because of the security hazards of allowing unauthenticaed inbound
RPCs, especially ones that manipulate backup information and are allowed
to initiate outboud RPCs authenticated as the superuser, default to
not allowing unauthenticated inbound RPCs at all. Provide an opt-out
command-line argument for deployments that require this functionality
and have configured their network environment (firewall/etc.) appropriately.
(cherry picked from commit 1b199eeafad6420982380ce5e858f00c528cfd13)
(cherry picked from commit fa04588907321e8b50b64f30dcc049e60268a05a)
Change-Id: Ib796fd4d61cc5d2e98f1b1e787f3267456b0ffe8

commit 78b5be7ddd9f8b9b416c7405074253770e8354d8
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Sun Sep 9 11:49:03 2018 -0500

OPENAFS-SA-2018-001 Add auditing to butc server RPC implementations
Make the actual implementations into helper functions, with the RPC
stubs calling the helpers and doing the auditing on the results, akin
to most other server programs in the tree. This relies on support for
some additional types having been added to the audit framework.
(cherry picked from commit c43169fd36348783b1a5a55c5bb05317e86eef82)
(cherry picked from commit 6f8c0c8134de1b5358ec56878e350aeab31aa3cd)
(cherry picked from commit 23f3f2e0d96e30a7bc9c355414db995df820e5ba)
Change-Id: Icb4a9ca3cce81b088268655a648823f3e8260f0a

commit ccd02a1bbb44d4c3a15d721a9d4fd8d84cd4e0ee
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Sat Sep 8 19:42:36 2018 -0500

OPENAFS-SA-2018-001 audit: support butc types
Add support for several complex butc types to enable butc auditing.
(cherry picked from commit 41d2dd569a365465ac47da3cd39eceba4beaeaf3)
(cherry picked from commit 049b7eafe125d12803e848f38f18680dff31ab80)
Change-Id: I6662f028e300afaa5e2586db1a590f9ea8ec3139

commit b18e8f4a8957c5022fa91168d73b2eb7fb28e93b
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Sat Sep 8 20:35:25 2018 -0500

OPENAFS-SA-2018-001 butc: remove dummy osi_audit() routine
This local stub was present in the original IBM import and is unused.
It will conflict with the real audit code once we start adding auditing
to the TC_ RPCs, so remove it now.
(cherry picked from commit 50216dbbc30ed94f89bdd0e964f4891e87f28c0b)
(cherry picked from commit 7eb650a6edd96e3c7e68f170945ddcdac8b67975)
(cherry picked from commit cf69365f0416c58462cbea75dc17cde01f343175)
Change-Id: Idf9d3dfa040cdd34437d1c97ce27a1225a356993

commit 187cf8717cb983eeabb919b2ac189fa5505c369c
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Fri Jul 6 03:14:19 2018 -0400

OPENAFS-SA-2018-003 rxgen: prevent unbounded input arrays
RPCs with unbounded arrays as inputs are susceptible to remote
denial-of-service (DOS) attacks. A malicious client may submit an RPC
request with an arbitrarily large array, forcing the server to expend
large amounts of network bandwidth, cpu cycles, and heap memory to
unmarshal the input.
Instead, issue an error message and stop rxgen when it detects an RPC
defined with an unbounded input array. Thus we will detect the problem
at build time and prevent any future unbounded input arrays.
(cherry picked from commit a4c1d5c48deca2ebf78b1c90310b6d56b3d48af6)
(cherry picked from commit 2cf5cfa8561047e855fed9ab35d1a041e309e39a)
(cherry picked from commit 289a5643e7af399b3e99eb33d50b6c602e442a02)
Change-Id: If5222aab9ce700ba8d9520e5e2e81e66e1b87fd1

commit 6cbb7d9d57e5f7e0090b538c92b3eafe9c2656b0
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Fri Jul 6 03:21:26 2018 -0400

OPENAFS-SA-2018-003 volser: prevent unbounded input to various AFSVol* RPCs
Several AFSVol* RPCs are defined with an unbounded XDR "string" as
input.
RPCs with unbounded arrays as inputs are susceptible to remote
denial-of-service (DOS) attacks. A malicious client may submit an
AFSVol* request with an arbitrarily large string, forcing the volserver
to expend large amounts of network bandwidth, cpu cycles, and heap
memory to unmarshal the input.
Instead, give each input "string" an appropriate size.
Volume names are inherently capped to 32 octets (including trailing NUL)
by the protocol, but there is less clearly a hard limit on partition names.
The Vol_PartitionInfo{,64} functions accept a partition name as input and
also return a partition name in the output structure; the output values
have wire-protocol limits, so larger values could not be retrieved by clients,
but for denial-of-service purposes, a more generic PATH_MAX-like value seems
appropriate. We have several varying sources of such a limit in the tree, but
pick 4k as the least-restrictive.
[kaduk@mit.edu: use a larger limit for pathnames and expand on PATH_MAX in
commit message]
(cherry picked from commit 8b92d015ccdfcb70c7acfc38e330a0475a1fbe28)
(cherry picked from commit fe41fa565be6e325da75f3e9b8fbdac2c521b027)
(cherry picked from commit 39b675e243be70237ba9460b49b461c128aedffd)
Change-Id: Idad0b0abf582b356042245398e1317a610ff321e

commit 35240e33317658a396cd3da994b5d20a71f4abc3
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Fri Jul 6 01:09:53 2018 -0400

OPENAFS-SA-2018-003 volser: prevent unbounded input to AFSVolForwardMultiple
AFSVolForwardMultiple is defined with an input parameter that is defined
to XDR as an unbounded array of replica structs:
typedef replica manyDests<>;
RPCs with unbounded arrays as inputs are susceptible to remote
denial-of-service (DOS) attacks. A malicious client may submit an
AFSVolForwardMultiple request with an arbitrarily large array, forcing
the volserver to expend large amounts of network bandwidth, cpu cycles,
and heap memory to unmarshal the input.
Even though AFSVolForwardMultiple requires superuser authorization, this
attack is exploitable by non-authorized actors because XDR unmarshalling
happens long before any authorization checks can occur.
Add a bounding constant (NMAXNSERVERS 13) to the manyDests input array.
This constant is derived from the current OpenAFS vldb implementation, which
is limited to 13 replica sites for a given volume by the layout (size) of the
serverNumber, serverPartition, and serverFlags fields.
[kaduk@mit.edu: explain why this constant is used]
(cherry picked from commit 97b0ee4d9c9d069e78af2e046c7987aa4d3f9844)
(cherry picked from commit fac3749f0d180e0ca229326c0e8568a60e17d3e9)
(cherry picked from commit ea30e64d1b2153f51a83069f3471356553a27a2b)
Change-Id: Ib2e5d4cc660e0a278b9dbd10ac2db656239e1302

commit b8142be4b4642a37500081ef459544cdb2091218
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Thu Jul 5 23:51:37 2018 -0400

OPENAFS-SA-2018-003 budb: prevent unbounded input to BUDB_SaveText
BUDB_SaveText is defined with an input parameter that is defined to XDR
as an unbounded array of chars:
typedef char charListT<>;
RPCs with unbounded arrays as inputs are susceptible to remote
denial-of-service (DOS) attacks. A malicious client may submit a
BUDB_SaveText request with an arbitrarily large array, forcing the budb
server to expend large amounts of network bandwidth, cpu cycles, and
heap memory to unmarshal the input.
Modify the XDR definition of charListT so it is bounded. This typedef
is shared (as an OUT parameter) by BUDB_GetText and BUDB_DumpDB, but
fortunately all in-tree callers of the client routines specify the same
maximum length of 1024.
Note: However, SBUDB_SaveText server implementation seems to allow for up to
BLOCK_DATA_SIZE (2040) = BLOCKSIZE (2048) - sizeof(struct blockHeader)
(8), and it's unknown if any out-of-tree callers exist. Since we do not need a
tight bound in order to avoid the DoS, use a somewhat higher maximum of
4096 bytes to leave a safety margin.
[kaduk@mit.edu: bump the margin to 4096; adjust commit message to match]
(cherry picked from commit 124445c0c47994f5e2efef30e86337c3c8ebc93f)
(cherry picked from commit 87f199c14199afa29f75bb336383564f0fb4548a)
(cherry picked from commit c5c3a858b21eaaabda46e1dffdea038fa234d657)
Change-Id: I6802e76a5f6e39e31ece66d1ff00ed11b47b6c36

commit e3840eb1a23b36aed395337b2fa774c079f3c092
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Thu Jul 5 21:11:30 2018 -0400

OPENAFS-SA-2018-003 vlserver: prevent unbounded input to VL_RegisterAddrs
VL_RegisterAddrs is defined with an input argument of type bulkaddrs,
which is defined to XDR as an unbounded array of afs_uint32 (IPv4 addresses):
typedef afs_uint32 bulkaddrs<>
The <> with no value instructs rxgen to build client and server stubs
that allow for a maximum size of "~0u" or 0xFFFFFFFF.
Ostensibly the bulkaddrs array is unbounded to allow it to be shared
among VL_RegisterAddrs, VL_GetAddrs, and VL_GetAddrsU. The VL_GetAddrs*
RPCs use bulkaddrs as an output array with a maximum size of MAXSERVERID
(254). VL_RegisterAddrss uses bulkaddrs as an input array, with a
nominal size of VL_MAXIPADDRS_PERMH (16).
However, RPCs with unbounded array inputs are susceptible to remote
denial-of-service attacks. That is, a malicious client may send a
VL_RegisterAddrs request with an arbitrarily long array, forcing the
vlserver to expend large amounts of network bandwidth, cpu cycles, and
heap memory to unmarshal the argument. Even though VL_RegisterAddrs
requires superuser authorization, this attack is exploitable by
non-authorized actors because XDR unmarshalling happens long before any
authorization checks can occur.
Because all uses of the type that our implementation support have fixed
bounds on valid data (whether input or output), apply an arbitrary
implementation limit (larger than any valid structure would be), to
prevent this class of attacks in the XDR decoder.
[kaduk@mit.edu: limit the bulkaddrs type instead of introducing a new type]
(cherry picked from commit 7629209219bbea3f127b33be06ac427ebc3a559e)
(cherry picked from commit 4218dc0a2db75c740d1d31966e672f85ad7999bd)
(cherry picked from commit 38f401ae7e0e88fb65b651125a2c8a723db1e071)
Change-Id: Ib0798af007af14a2a91ae280c0f28838f33d1a65

commit 4dd98168f0fc851716d30fc1e2839f11304a4d04
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Thu Aug 30 10:38:56 2018 -0500

OPENAFS-SA-2018-002 butc: Initialize OUT scalar value
In STC_ReadLabel, the interaction with the tape device is
synchronous, so there is no need to allocate a task ID for status
monitoring. However, we do need to initialize the output value,
to avoid writing stack garbage on the wire.
(cherry picked from commit f5a80115f8f7f9418287547f0fc7fdb13d936f00)
(cherry picked from commit 418b2ab56c60e44375df31a3a8f77461d577a5ff)
(cherry picked from commit babbb2824a5e3d6210b9079ab08f8771ac6ef892)
Change-Id: Ie18bbe7542a23d2ce952cfcd5288ee0aa43bb71f

commit ab8a6ab1230f5274630e0d0b9e35a778b6d9f79b
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 06:01:16 2018 -0400

OPENAFS-SA-2018-002 ubik: prevent VOTE_Debug, VOTE_XDebug information leak
VOTE_Debug and VOTE_XDebug (udebug) both leave a single field
uninitialized if there is no current transaction. This leaks the memory
contents of the ubik server over the wire.
struct ubik_debug
- 4 bytes in member writeTrans
In common code to both RPCs, ensure that writeTrans is always
initialized.
[kaduk@mit.edu: switch to memset]
(cherry picked from commit 7a7c1f751cdb06c0d95339c999b2c035c2d2168b)
(cherry picked from commit 0ee86cc3f986365df9de21ede5735cc1f40db7e5)
(cherry picked from commit 9db5fcf460988b605ba8ba7078b9c8d702aba370)
Change-Id: I1c9fc9a6a8bb8aed04f814e4da041af3f49a7401

commit 973bba24a6d2f419680873f4133dbad8cd37ce9f
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 05:26:21 2018 -0400

OPENAFS-SA-2018-002 kaserver: prevent KAM_ListEntry information leak
KAM_ListEntry (kas list) does not initialize its output correctly. It
leaks kaserver memory contents over the wire:
struct kaindex
- up to 64 bytes for member name
- up to 64 bytes for member instance
Initialize the buffer.
[kaduk@mit.edu: move initialization to top of server routine]
(cherry picked from commit b604ee7add7be416bf20973422a041e913d20761)
(cherry picked from commit c912830e9c82d91bccf85018ef1e6a75edc410c4)
(cherry picked from commit 04fb009f15b75aca8e62675972ce23526a62ba80)
Change-Id: I613b1f46b913d4208bac15eb92274127da14e9c9

commit e573d36b212192b04235dac24f709e7d5784f904
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 05:12:32 2018 -0400

OPENAFS-SA-2018-002 butc: prevent TC_DumpStatus, TC_ScanStatus information leaks
TC_ScanStatus (backup status) and TC_GetStatus (internal backup status
watcher) do not initialize their output buffers. They leak memory
contents over the wire:
struct tciStatusS
- up to 64 bytes in member taskName (TC_MAXNAMELEN 64)
- up to 64 bytes in member volumeName "
Initialize the buffers.
[kaduk@mit.edu: move initialization to top of server routines]
(cherry picked from commit be0142707ca54f3de99c4886530e7ac9f48dd61c)
(cherry picked from commit 43b3efd4f8cd3227b2b24ff673adeb834f6a3f0b)
(cherry picked from commit a41b75a13b9a96a929fa69db43fbc4ca071ee717)
Change-Id: Ibe35ca06eb663399f0b9e14d7487d91553cd67c8

commit bd86cbcfd95f30bc10dc703a96ed54f516bb4b99
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 05:00:25 2018 -0400

OPENAFS-SA-2018-002 butc: prevent TC_ReadLabel information leak
TC_ReadLabel (backup readlabel) does not initialize its output buffer
completely. It leaks butc memory contents over the wire:
struct tc_tapeLabel
- up to 32 bytes from member afsname (TC_MAXTAPELEN 32)
- up to 32 bytes from member pname (TC_MAXTAPELEN 32)
Initialize the buffer.
[kaduk@mit.edu: move initialization to the RPC stub]
(cherry picked from commit 52f4d63148323e7d605f9194ff8c1549756e654b)
(cherry picked from commit b7e53b9e9706d63215a1804ed9eca30d69461f03)
(cherry picked from commit 3e0294543d4f4ab58694e1aca393b961f05d7c8f)
Change-Id: I4e8ab1b94d36e9904a9505cd7f0e97cc6fb3a40f

commit 5c6589b395e35e54f8e7c583ea4d87826a854fba
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 04:39:44 2018 -0400

OPENAFS-SA-2018-002 budb: prevent BUDB_* information leaks
The following budb RPCs do not initialize their output correctly.
This leaks buserver memory contents over the wire:
BUDB_FindLatestDump (backup dump)
BUDB_FindDump (backup volrestore, diskrestore, volsetrestore)
BUDB_GetDumps (backup dumpinfo)
BUDB_FindLastTape (backup dump)
struct budb_dumpEntry
- up to 32 bytes in member volumeSetName
- up to 256 bytes in member dumpPath
- up to 32 bytes in member name
- up to 32 bytes in member tape.tapeServer
- up to 32 bytes in member tape.format
- up to 256 bytes in member dumper.name
- up to 128 bytes in member dumper.instance
- up to 256 bytes in member dumper.cell
Initialize the buffer in common routine FillDumpEntry.
(cherry picked from commit e96771471134102d3879a0ac8b2c4ef9d91a61b8)
(cherry picked from commit 6f26a945adeca87b669282eed0eaca3dca0a1423)
(cherry picked from commit b4543ae2331fae6d70c067d86d20bfbc8d509468)
Change-Id: I713f967eebc1286764b9658ff4ddccb65f456480

commit c72abcde2c6fcafc9ab940a74f2384a159eaee98
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 03:56:24 2018 -0400

OPENAFS-SA-2018-002 afs: prevent RXAFSCB_TellMeAboutYourself information leak
RXAFSCB_TellMeAboutYourself does not completely initialize its output
buffers. This leaks kernel memory over the wire:
struct interfaceAddr
Unix cache manager (libafs)
- up to 124 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 * 4) - 4))
- up to 124 bytes in array subnetmask "
- up to 124 bytes in array mtu "
Windows cache manager
- 64 bytes in array addr_in ((AFS_MAX_INTERFACE_ADDR 32 - CM_MAXINTERFACE_ADDR 16)* 4)
- 64 bytes in array subnetmask "
- 64 bytes in array mtu "
The following implementations of SRXAFSCB_TellMeAboutYourself are not susceptible:
- fsprobe
- libafscp
- xstat_fs_test
Initialize the buffer.
(cherry picked from commit 211b6d6a4307006da1467b3be46912a3a5d7b20b)
(cherry picked from commit a6557ffa64d8fab3526c4f89629dcbb965a27780)
(cherry picked from commit 0dbbcc9ac62425618a3a3a28ee05eba2507f6efd)
Change-Id: Ic977c8a473df12f64d2865cd68f1f42744b57d9e

commit 283b950ed53c3c248078c9aaab10227de539b06d
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 03:47:41 2018 -0400

OPENAFS-SA-2018-002 afs: prevent RXAFSCB_GetLock information leak
RXAFSCB_GetLock (cmdebug) does not correctly initialize its output.
This leaks kernel memory over the wire:
struct AFSDBLock
- up to 14 bytes for member name (16 - '<cellname>\0')
Initialize the buffer.
(cherry picked from commit b52eb11a08f2ad786238434141987da27b81e743)
(cherry picked from commit 3dea4adaa356b7eed40b6162c106c5e90690f5a1)
(cherry picked from commit f0c4f8d899214bf405e809be813be4d5be125ad8)
Change-Id: I3935968bacb8e063fd1fdd2fc52efd2258a5eb99

commit 6cdfce3c9a5712a6a3088c1f3693a6b782771375
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 03:37:37 2018 -0400

OPENAFS-SA-2018-002 ptserver: prevent PR_ListEntries information leak
PR_ListEntries (pts listentries) does not properly initialize its output
buffers. This leaks ptserver memory over the wire:
struct prlistentries
- up to 62 bytes for each entry name (PR_MAXNAMELEN 64 - 'a\0')
Initialize the buffer, and remove the now redundant memset for the
reserved fields.
(cherry picked from commit 9d1aeb5d761581a35bef2042e9116b96e9ae3bf5)
(cherry picked from commit e19ad4cdde463d2bbb4b815525da992bd5fc2648)
(cherry picked from commit 7ee25861685a4f56b304627ca2a0dbfed179646d)
Change-Id: I42d32876ddf8fa98744620fdf75b4e0783b93aba

commit c67fe473f7a8710c2cebbcc4d4b767ba152342f0
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 03:00:02 2018 -0400

OPENAFS-SA-2018-002 volser: prevent AFSVolMonitor information leak
AFSVolMonitor (vos status) does not properly initialize its output
buffers. This leaks information from volserver memory:
struct transDebugInfo
- up to 29 bytes in member lastProcName (30-'\0')
- 16 bytes in members readNext, tranmitNext, lastSendTime,
lastReceiveTime
Initialize the buffers. This must be done on a per-buffer basis inside
the loop, since realloc is used to expand the storage if needed,
and there is not a standard realloc API to zero the newly allocated storage.
[kaduk@mit.edu: update commit message]
(cherry picked from commit 26924fd508b21bb6145e77dc31b6cd0923193b72)
(cherry picked from commit 2d22756de7af2c72b8aca6969825f8e921f01d6c)
(cherry picked from commit 37cbe68577d39241a2d5a1fe75e8a0490516dfc4)
Change-Id: I1eab9e35207fed5d151c70962c00b6fa8ac7da58

commit 4279e1f18026c3e8a38461da612902829484acc5
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Tue Jun 26 02:33:05 2018 -0400

OPENAFS-SA-2018-002 volser: prevent AFSVolPartitionInfo(64) information leak
AFSVolPartitionInfo and AFSVolPartitionInfo64 (vos partinfo) do not
properly initialize their reply buffers. This leaks the contents of
volserver memory over the wire:
AFSVolPartitionInfo (struct diskPartition)
- up to 24 bytes in member name (32-'/vicepa\0'))
- up to 12 bytes in member devName (32-'/vicepa/Lock/vicepa\0'))
AFSVolPartitionInfo64 (struct diskPartition64)
- up to 248 bytes in member name (256-'/vicepa\0'))
- up to 236 bytes in member devName (256-'/vicepa/Lock/vicepa\0')
Initialize the output buffers.
[kaduk@mit.edu: move memset to top-level function scope of RPC handlers]
(cherry picked from commit 76e62c1de868c2b2e3cc56a35474e15dc4cc1551)
(cherry picked from commit 28edf734db08d3a8285e89d9d78aa21db726e4c7)
(cherry picked from commit f1c9c0160e364b4935fbb758890fcf5dc0edad4a)
Change-Id: I48348b326f0933a0fcb556425f085abad36d3bea

commit 50ba59fb4404af93c58e095b57f1d33de8b05899
Author: Mark Vitale <mvitale@sinenomine.net>
Date: Mon Jun 25 18:03:12 2018 -0400

OPENAFS-SA-2018-002 ptserver: prevent PR_IDToName information leak
SPR_IDToName does not completely initialize the return array of names,
and thus leaks information from ptserver memory:
- up to 62 bytes per requested id (PR_MAXNAMELEN 64 - 'a\0')
Use calloc to ensure that all memory sent on the wire is initialized,
preventing the information leak.
[kaduk@mit.edu: switch to calloc; update commit message]
(cherry picked from commit 70b0136d552a0077d3fae68f3aebacd985abd522)
(cherry picked from commit c8c8682bb0e84ee5289fac3063119ae524773f61)
(cherry picked from commit 40343287fbca6f4b1098f5b60ef9ff5416376b08)
Change-Id: I793ccc2f3595344e72e9b4ba948a2266f1c4c0a5

34
SOURCES/RELNOTES-1.8.2

@ -0,0 +1,34 @@ @@ -0,0 +1,34 @@
User-Visible OpenAFS Changes

OpenAFS 1.8.2

All platforms

* Fix OPENAFS-SA-2018-002: information leakage in RPC output variables
Various RPC routines did not always initialize all output fields,
exposing memory contents to network attackers. The relevant RPCs include
an AFSCB_ RPC, so cache managers are affected as well as servers.

All server platforms

* Fix OPENAFS-SA-2018-003: denial of service due to excess resource consumption
Various RPCs were defined as allowing unbounded arrays as input, allowing
an unauthenticated attacker to cause excess memory allocation and tie up
network bandwidth by sending (or claiming to send) large input arrays.

* Fix OPENAFS-SA-2018-001: unauthenticated volume operations via butc
On systems using the in-tree backup system, the butc process was running
with administrative credentials, but accepted incoming RPCs over
unauthenticated connections; these incoming RPCs in turn triggered
outgoing RPCs using the administrative credentials. Unauthenticated
attackers could construct volue dumps containing arbitrary contents
and cause these dumps to be restored and overwrite arbitrary volume
contents; afterward, the backup database could be restored to its
initial state, hiding evidence of the unauthorized changes.

Running butc with -localauth now requires authenticated incoming
connections, and the backup utility makes authenticated connections to
the butc. Audit capabilities have been added to the butc RPC handlers.
Command-line arguments are provided to retain the (insecure) historical
behavior until all systems have been upgraded.

75
SOURCES/butc-butb-errors.patch

@ -0,0 +1,75 @@ @@ -0,0 +1,75 @@
From 91bab84e7a3b7de2591c475ba4912b0db8899f05 Mon Sep 17 00:00:00 2001
From: Mark Vitale <mvitale@sinenomine.net>
Date: Tue, 11 Sep 2018 16:29:59 -0400
Subject: [PATCH 1/2] butc: repair build error

Commit c43169fd36348783b1a5a55c5bb05317e86eef82 introduced a build error
by invoking TLog with an extraneous set of internal parentheses.

Remove the offending parentheses.

Change-Id: Ibc52501b01ecbe9f86262566446d63e66486272f
Reviewed-on: https://gerrit.openafs.org/13311
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
---
src/butc/tcmain.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c
index c5399396e..cbd135b09 100644
--- a/src/butc/tcmain.c
+++ b/src/butc/tcmain.c
@@ -835,8 +835,8 @@ tc_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
if (code) {
- TLog(0, ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
- code, name, inst, cell));
+ TLog(0, "Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+ code, name, inst, cell);
}
return islocal;
}
--
2.17.1


From 2d8045d67686fbb80696b47b4a60e48e7e74fec9 Mon Sep 17 00:00:00 2001
From: Mark Vitale <mvitale@sinenomine.net>
Date: Tue, 11 Sep 2018 15:59:41 -0400
Subject: [PATCH 2/2] budb: SBUDB_FindLatestDump should check result of
FillDumpEntry

FillDumpEntry may return an error, but FindLatestDump doesn't check its
result. Therefore, SBUDB_FindLatestDump may return invalid results.

Instead, check the return code from FillDumpEntry and abort the call if
it fails.

Change-Id: If0b44ba2a12a76511129d77110ef669b00780ff0
Reviewed-on: https://gerrit.openafs.org/13312
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
---
src/budb/procs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/budb/procs.c b/src/budb/procs.c
index f976ff3aa..cf355762e 100644
--- a/src/budb/procs.c
+++ b/src/budb/procs.c
@@ -2230,7 +2230,9 @@ FindLatestDump(struct rx_call *call, char *vsname, char *dumpPath,
finished:
/* return the dump found */
- FillDumpEntry(ut, retdbaddr, dumpentry);
+ eval = FillDumpEntry(ut, retdbaddr, dumpentry);
+ if (eval)
+ ABORT(eval);
code = ubik_EndTrans(ut);
return (code);
--
2.17.1

24
SOURCES/openafs-client.service

@ -0,0 +1,24 @@ @@ -0,0 +1,24 @@
[Unit]
Description=OpenAFS Client Service
Wants=network-online.target
After=syslog.target network-online.target
Before=remote-fs.target

[Service]
Type=forking
RemainAfterExit=yes
EnvironmentFile=/etc/sysconfig/openafs
ExecStartPre=/bin/bash -c "fs sysname > /dev/null 2>/dev/null; test $? -ne 0 || (echo AFS client appears to be running -- not starting && exit 1)"
ExecStartPre=/bin/sed -n 'w/etc/openafs/CellServDB' /etc/openafs/CellServDB.local /etc/openafs/CellServDB.dist
ExecStartPre=/bin/chmod 0644 /etc/openafs/CellServDB
ExecStartPre=/sbin/modprobe openafs
ExecStart=/usr/sbin/afsd $AFSD_ARGS
ExecStop=/bin/umount -a -t afs
ExecStop=/bin/umount -af -t afs
ExecStop=/usr/sbin/afsd -shutdown
ExecStop=/sbin/rmmod openafs
GuessMainPID=no
KillMode=none

[Install]
WantedBy=multi-user.target remote-fs.target

1047
SPECS/openafs.spec

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save