2 * afsd_service.exe will now display a message box to the
3 desktop when it terminates due to an IP Address Change.
5 * installer no longer deletes AFS Server configuration data
8 * installer generates a warning dialog if the RPC service
9 is not properly configured
11 * installer compressed with lzma instead of bzip2
13 * afsd_service.exe shutdown crash solved once and for all
15 * reference counting of smb_vc_t data structures improved
17 * name space collision of smb_fid_t event objects corrected
19 * the output of "fs memdump" is now written to
20 %WINDIR%\TEMP\afsd_alloc.log
22 * the file TaAfsApp_1033.dll is now properly installed allowing
23 the User Manager to start
25 * a new algorithm is used for computing filename pattern matches
27 * afscreds.exe now accepts user names containing instance
30 * Fix the Directory Name Lookup Cache to be case-sensitive.
31 This is crucial in environments in which a Windows client
32 is accessing a directory with more than one filename that
33 differs only by case. If the directory contains "FOO"
34 and "Foo". You want "DEL Foo" to delete the correct one.
35 We still have a problem in that "DEL foo" will delete a
36 random filename. This will be addressed in a future release.
38 * Fix afscreds.exe -M option (renewMaps) to work when High
39 Security mode is off. Also, remember to disable the ActiveMap
40 flag in afsdsbmt.ini when a drive mapping is removed.
42 * Updates to NSIS installer script. AFS Server configuration
43 data will not be destroyed on un-install or re-install.
44 Use a better compression algorithm.
46 * afslogon.dll now uses KFW to obtain tokens when available
48 * afslogon.dll when given an all uppercase username will
49 attempt to authenticate with both the uppercase name
50 and an all lowercase variation
52 * DST modification removed. The fix appears to make things
53 worse after a reboot of the machine.
55 * fs.exe: added "cscpolicy" which is used to
56 change client side caching policy for AFS shares
58 Usage: fs cscpolicy [-share <AFS share>] [-manual] [-programs]
59 [-documents] [-disable] [-help]
61 * Several uninitialized variables have been initialized
63 * It is now possible to obtain tokens using cross realm
64 Kerberos within afscreds.exe:
66 user: jaltman@ATHENA.MIT.EDU
68 Will obtain a cross realm ticket for jaltman/DEMENTIA.ORG@ATHENA.MIT.EDU
69 will will in turn be used to obtain afs@DEMENTIA.ORG.
70 The resulting token will be stored with the display name
71 jaltman@ATHENA.MIT.EDU@dementia.org
73 * aklog.exe has been added to the client
75 Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]]
76 [[-p | -path] pathname]
80 -d gives debugging information.
81 krb_realm is the kerberos realm of a cell.
82 pathname is the name of a directory to which you wish to authenticate.
83 -noprdb means don't try to determine AFS ID.
84 -5 or -4 selects whether to use Kerberos V or Kerberos IV.
85 (default is Kerberos V)
86 No commandline arguments means authenticate to the local cell.
89 * All of the resource files have been restructured to adhere to
90 a set of rules IBM implemented for loading string resources.
91 These rules had either been forgotten or were not discovered
92 by folks working on the OpenAFS sources. The end result was
93 memory corruption. This is primary item which was preventing
94 the AFS Server from working.
96 * Increased the size of the maximum ticket size stored in a token
97 from 344 bytes to 12,000. Increased the buffers used to convey
98 messages between the pioctl() caller and the SMB Server from
99 1000 bytes to 12,512. The code appeared to have been writing
100 above the top of the stack by quite a few number of bytes.
101 (The increased ticket size is necessary for the next item.)
103 * When obtaining AFS Tokens via KFW, krb524 is no longer required.
104 Instead the raw Kerberos 5 ticket is used in its entirety. This
105 is extremely important as it allows us to use pure Kerberos 5 KDCs
106 as the source of the AFS authentication. The use of up to 12,000 byte
107 tickets will allow tickets produced by all versions of Microsoft
108 Active Directory to be used.
109 - create a user account.
110 - designate it DES only
112 - specify its UPN to be "afs@realm"
113 - assign a SPN of "afs/cellname" to the UPN with setspn.exe
115 * Do not enforce the funky 8dot3 pattern matching rule that the first "."
116 is special when using long file names. (you must use "*.*" and not "*")
117 Instead only enforce it when performing 8dot3 searches.
119 * Fixed the DST problem with creation times being set one hour ahead
121 * Fixed the problem when using \\afs\cell-alias. For example,
122 \\afs\uncc instead of \\afs\uncc.edu. Do not a new cell struct
123 for the alias name; instead simply expand the name. One of the
124 symptoms of this problem was a loss of acquired tokens.
126 * Fixed the AFS Shell Extension. The Symbolic Link menu was empty
127 of strings. (Only English strings provided.)
129 * Fixed the installer to properly replace in use files.
131 * Fixed the build system to cleanup generated component version files
133 * The release build compiled with MSVC 6.0 compiler to avoid the
134 afsd_service.exe shutdown crash. This does not solve the problem
135 but simply avoids it for the time being.
139 * fix afslogon.dll to not corrupt memory when High Security mode
142 * fix afsd_service.exe to not attempt to restore the stack when
143 an exception occurs. (not safe in multi-threaded programs)
145 * fix uninstaller to properly remove the CRT and MFC DLLs
147 * remove a Message Box from afscreds.exe when getcellconfig()
148 fails on a kerberos realm which is not a cell
150 The following is a list of changes to the OpenAFS for Window client
153 * "fs setserverprefs" will leave afsd service deadlocked
155 * "vos listaddrs" will core dump
157 * installer sets the appropriate keys to support Integrated Logon
159 * installer disables the "Find Lana by Name" functionality as it
160 was causing headaches for many users
162 * fix the intermittent crash of the power management thread when
163 shutting down the AFS Client Service
165 * optimizes the obtain drive mount list functionality which is
166 executed every time the mount tab in afscreds.exe and afs_config.exe
167 are refreshed. (this happens a lot)
169 * fix the service shutdown logic. add the STOP_PENDING state
170 and do not accept additional service events after we declare
173 The following is a list of changes to the OpenAFS for Window client
176 * flexelint was run against the source tree and hundreds (perhaps
177 thousands) of corrections were applied to ensure prototypes
178 were in use; types were used consistently; variables were
179 initialized; unused variables were removed; etc.
181 * A wide variety of instrumentation was added including the
182 ability to produce a stack trace from within afsd_service.exe
185 * Dynamic configuration of the RDRtimeout value based upon the
186 LanMan Workstation Session Timeout
188 * The mount root no longer needs to be called "/afs". This
189 is now set by a registry value "MountRoot" within the key
190 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
192 * The cell list is now only read out of afsdcell.ini when the
193 file changes instead of each time a cell is resolved.
195 * Thread synchronization was added to cm_server.c and ktc_nt.c
197 * All calls to GlobalAlloc()/GlobalFree() were replaced with
198 calloc()/free(). The Global functions were needed on Windows 3.x
199 but have caused a variety of problems on the Win32 platforms.
200 Avoiding them is highly recommended by several Microsoft
201 Knowledgebase articles
203 * Support for Symbolic Links added to the AFS Shell Extension
205 * Added a registry value "OverlayEnabled" to determine if
206 Shell Extension Overlays should be enabled.
207 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
209 * New Build system to support VC6, VC.NET, VC.NET2003 compilers and
210 separate trees for checked and free builds. Build system supports
211 a custom directory src\WINNT\extra which can be used as a grafting
212 location of organization specific additions to the build tree.
214 * New installer built using NSIS 2.0.
216 * Named all kernel objects in order to allow them to be monitored
217 with tools such as SysInternals' ProcExp.exe.
219 * Introduced new EventLog framework for AFSD
221 * Introduced Power Management interface to AFSD for Standby and
222 Hibernate modes to allow cache to be flushed prior to network
225 * Utilize Win32 DNSQuery API instead of internal routines. This
226 allows DNS SRV queries to be sent to all current domain name
227 servers. Not just one specified in an INI file. DNS is now
230 * "NetbiosName" registry value may be used to specify a fixed
231 Netbios Name such as "AFS" to be used instead of "HOSTNAME-AFS"
232 when the loopback adapter is in use. If you need to use the
233 old notation with a loopback adapter installed specify a registry
236 "NetbiosName" REG_EXPAND_SZ = "%COMPUTERNAME%-AFS"
238 * Refactor all modules which depend on LAN Adapter and NetbiosName
239 determination in a new library: lanahelper.lib. This allows for
240 consistent behavior throughout the product.
242 * Move the afsd.log and afsd_init.log files to the directory specified
243 by the "TEMP" environment variable. This is usually %WINDIR%\TEMP
244 for services. Added the Date to the log entries.
246 * New registry value "RxMaxMTU" used to limit the size of the RX
247 packets sent by the AFS Client Service to the Server. In order
248 to enable OpenAFS to work across the Cisco IPSec VPN the packet
249 size must be restricted to 1264 or smaller. The latest NSIS
250 installer sets a value of 1260 by default.
252 * New registry value "RxNoJumbo" to disable the use of Jumbo Rx
253 packets. This is not needed in order to work across the Cisco
254 VPN but might be needed for other network environments. This
255 value is not set by the NSIS installer.
257 * New registry value "HideDotFiles" is used to apply the Hidden
258 attribute to files whose names begin with a '.'. This value
259 is set by the NSIS installer.
261 * New registry value "MaxMpxRequests" allows the maximum number
262 of multiplexed sessions to be configured at run time. This
263 value is not set by the NSIS installer. The default value is
266 * New registry value "MaxVCPerServer" allows the maxmimum number
267 of VCs per server to be configured at run time. This value is
268 not set by the NSIS installer. The default value is 100.
270 * New registry value "AllSubmount" allows the "all" submount to
271 be disabled by setting its value to 0x00.
273 * Allow cells names to be valid mount points
274 \\<netbiosName>\<cellname>
276 * Store the active state of drive mappings in order for afscreds.exe
277 to restore them upon startup
279 * Add exception handling to generate a Stack Trace to the afsd_init.log
280 file if one happens to occur.
282 * Add lots of logging to help detect the cause of invalid SMB packets
284 * Enable Kerberos for Windows to be used to obtain AFS Tokens via
285 conversion of Kerberos 5 "afs" service tickets. Supports auto-
286 renewal of expiring tokens as long as afscreds.exe is running.
288 * New afscreds.exe command line options:
290 -M = renew drive maps
291 -N = ip address change detection
294 * New registry value "EnableKFW" in {HKCU,HKLM}SOFTWARE\OpenAFS\Client
295 determines whether or not MIT Kerberos for Windows should be used
296 to obtain tokens via Kerberos 5 tickets.
298 * New registry value "AfscredsShortcutParams" in
299 {HKCU,HKLM}SOFTWARE\OpenAFS\Client
300 determines the command line parameters to be specified when "fixing"
301 the AFS Shortcut in the user's startup folder.
303 * The "ShowTrayIcon" registry value has been moved from
304 HKLM\Software\TransarcCorporation\AFS Client\AfsCreds to
305 {HKCU,HKLM}SOFTWARE\OpenAFS\Client
307 * The <cell name> registry values used to store the token expiration
308 reminders have been moved from
309 HKLM\Software\TransarcCorporation\AFS Client\AfsCreds to
310 {HKCU,HKLM}SOFTWARE\OpenAFS\Client\Reminders
312 * Obtain the Logon User Name from the Explorer key when available
314 * new text document doc\txt\winnotes\registry.txt lists all registry
315 values used by OpenAFS (excluding the AFS Server)
317 * BUG: rx_securityClass objects were not properly reference
318 counted and were never freed.
320 * BUG: reduce the number of conditions under which CM_ERROR_TIMEOUT
321 would be generated. The existence of a server does not imply
322 that it is not down. If all of the servers for a cell are down
323 return CM_ERROR_NOSUCHVOLUME instead. This prevents the Explorer
326 * BUG: the directory name lookup cache failed to free the entries
327 in the cache when the name cache entries cycled. The entries
328 in the cache would become dereferenced without being freed.
330 * BUG: fs setserverprefs could be executed without Administrator
333 * BUG: the number of allocated NCB objects (100) exceeded the number
334 which could actually be waited upon by the kernel (64). Any objects
335 which were utilized above the limit could never have event completions
338 * BUG: smb_username_t objects were not being reference counted and
339 were not properly freed.
341 * BUG: smb_tid_t objects could under unusual circumstances be freed
342 before they were no longer referenced.
344 * BUG: smb_fid_t object pointer were frequently used even when
345 their value could be NULL. They were not properly released and
346 therefore they were never freed.
348 * BUG: smb_packet_t data structures were not completely initialized
351 * BUG: when Rx produces a CM_ERROR_NOIPC error do not return "Access
352 Denied" because that causes the Explorer Shell to try again until
353 access is obtained. Instead return "Remote Resources" which allows
354 the shell to move on and treat the error as transient.
356 * BUG: when initializing the NCBreturns structure, separate Event objects
357 were created for each NCB although a single Event object was supposed
360 * BUG: smb_dirSearch_t objects were not being properly referenced counted
363 * BUG: smb_tran2Packet_t objects were not being properly referenced
366 * BUG: directory path creation did not handle the case of multiple
367 directories requiring creation in one attempt
369 * BUG: SMB requests which required an Extended Response were ignored.
370 This prevented some files from being written to AFS volumes.
372 * BUG: character strings were being freed even after they were
373 inserted into in use data structures
375 * BUG: inconsistent usernames were used when High Security mode was
376 enabled. (there is still much to do in this area)
378 * BUG: pioctl() calls which require out of band RPC operations were
379 susceptible to race conditions when performed by multiple processes
381 * BUG: memory allocation and deallocation crossed instances of the
382 C Runtime Library producing memory leakage and corruption in
383 afscreds and the client configurator.