+Since 1.3.71:
+ * fix the Windows cache manager to prevent it from replacing the
+ rx_connection object associated with the cm_conn_t object on each
+ and every operation if "fs crypt" was set. This explains the
+ dramatic performance difference when crypt is used vs clear.
+ The problem: 'cryptall', a boolean flag indicating whether or not
+ "fs crypt" is set, was being compared to the rx_connection
+ cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
+ 1 != 2 and therefore the rx_connection was always destroyed
+ and replaced on each and every operation.
+
+ Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
+ It is not safe for the cm_conn_t object to not be locked because
+ rx_DestroyConnection might be called from another thread if:
+ - the user's tokens have changed or expired
+ - the crypt mode has changed
+
+ * fix NSIS installer's AdminGroup.exe to properly create and
+ remove groups when given -create or -remove. The string comparison
+ test was wrong.
+
+ * fs sysname now accepts a list of sysname values
+
+ * added a new registry value HKLM\SOFTWARE\OpenAFS\Client "IoctlDebug"
+ DWORD which when set to a non-zero value will cause error message
+ text to be output to stderr from the pioctl() routine. Useful in
+ debugging failures of fs.exe, tokens.exe, etc.
+
+ * added a test to the power management code to only perform a
+ flush operation if there is at least one network adapter which
+ is not a loopback adapter.
+
+ * Fix bug in loading of registry value HKLM\SOFTWARE\OpenAFS\Client
+ "EnableKFW". This value will not be read if the key
+ HKCU\SOFTWARE\OpenAFS\Client exists; even if the "EnableKFW"
+ value under that key does not.
+
+ * provide mechanisms to force the use of krb524d for Kerberos 5
+ ticket to AFS token conversion. For afslogon.dll and afscreds.exe
+ there is a new registry value "Use524" and for aklog.exe a new
+ command line parameter "-m".
+
+ * Fix the pattern matching algorithm to properly match patterns
+ ending with a '*'.
+
+ * smb_ReceiveCoreRename() was factored to produce smb_Rename()
+ which is used by both the original function and the new
+ smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
+ creation of HardLinks in addition to Renaming. smb_Link()
+ is a new function which creates HardLinks via cm_Link().
+ cm_Link() is a new vnodeops function which creates links
+ using RXAFS_Link().
+
+ smb_ReceiveNTRename() does not support the File Copy and
+ Move Cluster Information operations described in its interface.
+ ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
+
+ * When opening files via symlinks, we should follow the symlinks
+ until we reach the actual file stat cache entry. The stat cache
+ entry of the file should then be stored in the FID instead of
+ stat scache entry of the symlink.
+
+ * return bad operation errors for all unimplemented functions
+ even if we do not know the functions exist.
+
+ * Log bad packets and unknown operation packets to the trace log
+
+ * Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
+ 0xC09820FF
+
+ * Update list of known CIFS operations to include all those listed
+ in CIFS-TR-1p00_FINAL.pdf.
+
+ * Modify the handling of HKLM\SOFTWARE\OpenAFS\Client\Submounts
+ to support the REG_EXPAND_SZ type.
+
+Since 1.3.70:
+ * A new Windows authorization group "AFS Client Admins" is now
+ created and populated with the members of the "Administrators"
+ group. The group is used to determine which accounts on the
+ machine may be used to modify the AFS Client Configuration via
+ the UI and command line tools. afs_config.exe, fs.exe,
+
+ * Modify the WinLogon Logoff Event Handler to query NT4 domain
+ controllers for the remote profile path if Active Directory
+ services are not available.
+
+ * Fix aklog.exe to not add the AFS ID to the username
+
+ * PTS registration of new users to foreign cells has been added to
+ afscreds.exe
+
+ * The cm_Daemon thread is used to perform checks for
+ down servers, up servers, volumes, callback expirations,
+ lock maintenance and token expiration. Due to a gaff in
+ larger integer division the thread never performed any
+ work. Instead the current time computation would always
+ be less then the trigger times. This had an adverse affect
+ on the client's ability to maintain communication with servers,
+ keep volumes up to date, and flush user tokens and acls
+ when they have expired. This was broken when the 1.3 branch
+ was modified to support VC7 which no longer included
+ largeint.lib
+
+ * An initialization problem with the Freelance code was
+ detected while fixing the callbackRequest. The cm_rootSCachep
+ object is obtained during afsd_InitDaemons() but the callback
+ information is incomplete. The callback information will not
+ be obtained until cm_MergeStatus is called from within
+ cm_GetCallback. Unfortunately, cm_SyncOp did not properly
+ test for the conditions under which the callback information
+ must be obtained.
+
+ * Reports have been filed indicating that callbacks were
+ being lost. An examination of the code indicated that the
+ cm_server_t objects were not being properly reference
+ counted by the cm_scache_t and cm_callbackRequest_t objects.
+ In particular, the cm_server_t objects may have been freed
+ from beneath the cm_conn_t objects.
+
+ All of the reference counting is now done via the functions:
+ cm_GetServer
+ cm_GetServerNoLock
+ cm_PutServer
+ cm_PutServerNoLock
+ this improves the ability to track the referrals.
+
+ Each cm_BeginCallbackGranting Call now allocates a reference
+ to the cm_server_t. The cm_EndCallbackGrantingCall either
+ frees the reference or transfers it to the cm_scache_t
+ cbServerp field. These are then appropriately tracked
+ through the cm_Analyze call.
+
+ * Ensure that the dnlc hash table is the same size as the
+ dir name hash table (as per original author's note).
+ Increase the dnlc CM_AFSNCNAMESIZE to a multiple of 8
+ for compatibility with 64-bit systems.
+
+ * fix smb_ApplyV3DirListPatches to properly apply the hidden
+ attribute to dotfiles when the infoLevel < 0x101 and
+ cm_SyncOp has failed.
+
+ * Fix the Freelance registry initialization code. There
+ was a possibility that some systems could end up with
+ garbage in the registry during a clean install.
+
+Since 1.3.66:
+ * file and directory names beginning with "." will now be given the
+ hidden attribute when the volume access is anonymous. this matches
+ the behavior when the volume access is via an authenticated user.
+
+ * Added a change monitor to the HKLM\SOFTWARE\OpenAFS\Client\Freelance
+ key. When a change occurs mark the root.afs data as invalid and
+ for it to be reloaded on the next access. This allows administrators
+ to modify the mount point list without restarting the service.
+
+ The freelance client used to provide a fake modification time for
+ the root.afs volume data and its mount points of 7/09/2001 14:24 EDT.
+ Added code to extract the last modification time of the Freelance
+ registry key and use that instead. The time now represents the
+ most recent mount point change.
+
+ * PTS registration of new users to foreign cells has been added to
+ aklog.exe
+
+ * Additional Cache Control and Credential Manager options have been
+ added to the WiX installer. See deployment guide for details.
+
+ * The CachePath setting is now optionally a REG_EXPAND_SZ type
+
+ * The WiX installer has been upgraded. Version 2.0.1927.1 is now
+ required.
+
+ * The loopback installation code may have had a problem updating the
+ %ETC%\HOSTS file which could have resulted in a premature failure.
+ Work around code has been added for the case where the file cannot
+ be deleted.
+
+ * The default max chunksize was increased from 15 (32K) to 17 (128K)
+ because Windows sends 64K blocks when using overlapped writes.
+
+ * The default number of server threads was increased from 4 to 25 to
+ better handle overlapped writes.
+
+ * The "AfscredsShortcutParams" registry value was not being properly
+ loaded by afscreds.exe. Therefore, the default value was always being
+ used instead of the value set by the installer.
+
+ * Windows XP provides downgrade attack detection to prevent an attacker
+ from being able to force the use of NTLM simply by disrupting
+ communication with the KDC. This attack cannot exist between the
+ Windows CIFS client and the AFS Client Service. Therefore, when a
+ downgrade has been detected the afs pioctl library will force the
+ establishment of a new CIFS connection using NTLM.
+
+ * A locking error was discovered surrounding all references to volume
+ server lists within the cm_cell.c source file.
+
+ * The logged into Windows username was incorrect on Terminal Server
+ machines.
+
+ * A new registry value "NonPersistentCaching" was added to the service
+ parameters key. When set to a non-zero value, the afs cache is stored
+ in the Windows paging file. There are two limitations to choosing
+ this option:
+ 1. when persistent caching is implemented it won't work with
+ this flag set since there will be nothing to persist.
+ 2. with this flag set the initial paging allocation cannot be
+ changed while the service is running
+
+ * An initialization bug was discovered in aklog.exe which affected users
+ who have a domain name for their afs servers which could not be mapped
+ to a realm
+
Since 1.3.65:
* afs_config.exe now validates cell names against DNS in addition
to the CellServDB file.
user's profile is not loaded from within AFS. If the profile
was loaded from AFS we can't release the tokens since the Logoff
event is triggered prior to the profile being written back to
- the its source location.
+ the its source location. This is now performed in an XP SP2
+ safe manner.
* Windows XP SP2 Internet Connection Firewall interoperability
has been added.
git://git.openafs.org / openafs.git / blobdiff