+Since 1.3.74:
+ * Added a new registry value, "StoreAnsiFilenames", which can be used
+ to force the use of ANSI character sets instead of OEM Code Pages.
+ This feature is useful when users require the ability to create
+ filenames with 8-bit characters and need to access the files from
+ both Latin-1 based Unix systems as well as from Windows.
+
+ Activation of this feature will prevent access to files stored with
+ 8-bit OEM characters.
+
+ * Shutdown all SMB threads in a synchronized manner when stopping the
+ service.
+
+ * There is currently a maximum cache size of 1.3GB. The limit is imposed
+ by the largest contiguous block of unused memory within the 2GB process
+ space which can be assigned to the memory mapped file. Unfortunately,
+ when the executable digital signature verification code is activated
+ Windows sees fit to further segment the process memory which in turn
+ reduces the size of the maximum cache file to less then 800MB. If
+ larger cache sizes are desired, a new registry value should be set:
+
+ HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0
+
+ Setting this value will disable the runtime verification of digital
+ signatures on afsd_service.exe and the afs dlls which it loads. It
+ will not disable the the version number check on those same files.
+ The signature verification is not a security messure and is only meant
+ to enhance the ability to afsd_service.exe to detect potential
+ destablizing mixtures of DLLs from incompatible distributions.
+
+ Added code to auto-disable the signature verification check if
+ the desired cache size is greater then 700MB.
+
+ * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is
+ used to verify the validity of the afsd_service.exe binary
+ as well as each of the AFS DLLs loaded by the service. Not only
+ must the digital signature be valid but the signatures of the
+ DLL must be signed by the same entity as the service.
+
+ * Implement new functions: cm_freelanceMountPointExists and
+ cm_freelanceSymlinkExists. Use them along with other validity
+ checks in cm_freelanceAddMount and cm_freelanceAddSymlink to
+ ensure that name collisions do not occur and that empty strings
+ are not valid file names.
+
+ A symlink may not have a name which would resolve to a valid
+ cell name. Doing so would prevent access to the cell.
+
+ * Add missing cm_HoldSCacheNoLock call to Freelance mount point
+ re-initialization code. The reference counts of the fake root.afs
+ volume scache object(s) would become invalid when the mount point
+ or symlink lists were altered.
+
+ * Add registry entries to provide mappings from the afsdsbmt.ini
+ to the new locations for applications which count on the use
+ of the old Profile file APIs. These apps are likely to fail
+ if the user does not have administrator privileges and the
+ registry is locked down.
+
+ * The afs_config.exe submounts dialog had two errors.
+ First, attempts to remove entries failed because the registry
+ key was being opened without KEY_WRITE privileges.
+ Second, when editing a submount entry, changing the name
+ would add a new key and leave the original one in place.
+ Now the original submount will be removed if its name is
+ changed.
+
+ * In recent months there have been several incidents in which
+ users have experienced problems starting or accessing
+ afsd_service.exe and after significant effort has been spent
+ it has turned out that they have two versions of AFS on the
+ machine or an inconsistent set of DLLs.
+
+ Code has now been added to afsd_service.exe which will walk
+ the list of modules loaded by afsd_service.exe and validate
+ that the version of the AFS DLLs matches the version of the
+ afsd_service.exe executable. If they do not match the service
+ will not start.
+
+ * When Freelance mode is enabled and there is no registry
+ key HKLM\SOFTWARE\OpenAFS\Client\Freelance, afsd_service.exe
+ will attempt to import the afs_freelance.ini file contents.
+ If the file does not exist, it was creating a dummy file
+ with a r/o and r/w entry for the default cell and then
+ importing those values.
+
+ This process has been changed. The temporary file is no
+ longer created. Also, both the OpenAFS Client install
+ directory as well as %WINDIR% are checked for previous
+ afs_freelance.ini files.
+
+ * Added support for VL_GetEntryByNameN(). Still need to add
+ support for VL_GetEntryByNameU() for multi-homed support.
+
+ * Fix a deadlock situation in afscreds.exe when canceling an
+ auto-generated Obtain Tokens dialog
+
+Since 1.3.72/73:
+ * Fix the locking of objects during Directory Searches in the
+ SMB/CIFS server. The failure to properly lock the reference
+ counts was resulting in the premature freeing of smb_dirSearch_t
+ objects while they were still in use by the SMB/CIFS client.
+ This does not solve the "Invalid Handle" problem.
+
+ * Fix Find Cell By Name pioctl call to return a valid cell
+ name for the Freelance fake root.afs volume.
+ "Freelance.Local.Root".
+
+ * Fix the Explorer Shell Extension Symlinks->Add operation.
+ The dialog template was missing and the link destination
+ string was too short.
+
+ * Add support for symlinks to Freelance root.afs volume
+ Stored at HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks
+ <number> = "<linkname>:<relative-path>."
+ Use symlink.exe to create, list, or remove
+
+ * Remove the fallback to the use of KFW's KRB4 library when obtaining
+ tokens. We never obtain KRB4 tickets.
+
+ * Fix AFS Client Configuration Control Panel to support new SysName
+ protocol.
+ * Fix a bug in afsd_service.exe which could result in the SysName
+ not being read from the registry.
+
+Since 1.3.71:
+ * Add code to block the issuance of AFS tokens by aklog.exe or
+ afscreds.exe when the Kerberos 5 principal name contains a dot.
+
+ * Modify the IsAdmin() function to always treat the local SYSTEM
+ account as an AFS client administrator. Affects fs.exe and
+ afs_config.exe.
+
+ * Modify the internal handling of Quota Exceeded errors
+
+ * Upgrade all reference count fields in the Windows cache manager
+ and the osi library to use unsigned long instead of signed short.
+ A similar fix has been applied to the afs rpc (rx) library.
+
+ * fix the Windows cache manager to prevent it from replacing the
+ rx_connection object associated with the cm_conn_t object on each
+ and every operation if "fs crypt" was set. This explains the
+ dramatic performance difference when crypt is used vs clear.
+ The problem: 'cryptall', a boolean flag indicating whether or not
+ "fs crypt" is set, was being compared to the rx_connection
+ cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
+ 1 != 2 and therefore the rx_connection was always destroyed
+ and replaced on each and every operation.
+
+ Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
+ It is not safe for the cm_conn_t object to not be locked because
+ rx_DestroyConnection might be called from another thread if:
+ - the user's tokens have changed or expired
+ - the crypt mode has changed
+
+ This fix appears to have also taken care of the problems associated
+ with Overlapped Writes resulting in Delayed Write errors.
+
+ * fix NSIS installer's AdminGroup.exe to properly create and
+ remove groups when given -create or -remove. The string comparison
+ test was wrong.
+
+ * fs sysname now accepts a list of sysname values
+
+ * added a new registry value HKLM\SOFTWARE\OpenAFS\Client "IoctlDebug"
+ DWORD which when set to a non-zero value will cause error message
+ text to be output to stderr from the pioctl() routine. Useful in
+ debugging failures of fs.exe, tokens.exe, etc.
+
+ * added a test to the power management code to only perform a
+ flush operation if there is at least one network adapter which
+ is not a loopback adapter.
+
+ * Fix bug in loading of registry value HKLM\SOFTWARE\OpenAFS\Client
+ "EnableKFW". This value will not be read if the key
+ HKCU\SOFTWARE\OpenAFS\Client exists; even if the "EnableKFW"
+ value under that key does not.
+
+ * provide mechanisms to force the use of krb524d for Kerberos 5
+ ticket to AFS token conversion. For afslogon.dll and afscreds.exe
+ there is a new registry value "Use524" and for aklog.exe a new
+ command line parameter "-m".
+
+ * Fix the pattern matching algorithm to properly match patterns
+ ending with a '*'.
+
+ * smb_ReceiveCoreRename() was factored to produce smb_Rename()
+ which is used by both the original function and the new
+ smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
+ creation of HardLinks in addition to Renaming. smb_Link()
+ is a new function which creates HardLinks via cm_Link().
+ cm_Link() is a new vnodeops function which creates links
+ using RXAFS_Link().
+
+ smb_ReceiveNTRename() does not support the File Copy and
+ Move Cluster Information operations described in its interface.
+ ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
+
+ * When opening files via symlinks, we should follow the symlinks
+ until we reach the actual file stat cache entry. The stat cache
+ entry of the file should then be stored in the FID instead of
+ stat scache entry of the symlink.
+
+ * return bad operation errors for all unimplemented functions
+ even if we do not know the functions exist.
+
+ * Log bad packets and unknown operation packets to the trace log
+
+ * Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
+ 0xC09820FF
+
+ * Update list of known CIFS operations to include all those listed
+ in CIFS-TR-1p00_FINAL.pdf.
+
+ * Modify the handling of HKLM\SOFTWARE\OpenAFS\Client\Submounts
+ to support the REG_EXPAND_SZ type.
+
+Since 1.3.70:
+ * A new Windows authorization group "AFS Client Admins" is now
+ created and populated with the members of the "Administrators"
+ group. The group is used to determine which accounts on the
+ machine may be used to modify the AFS Client Configuration via
+ the UI and command line tools. afs_config.exe, fs.exe,
+
+ * Modify the WinLogon Logoff Event Handler to query NT4 domain
+ controllers for the remote profile path if Active Directory
+ services are not available.
+
+ * Fix aklog.exe to not add the AFS ID to the username
+
+ * PTS registration of new users to foreign cells has been added to
+ afscreds.exe
+
+ * The cm_Daemon thread is used to perform checks for
+ down servers, up servers, volumes, callback expirations,
+ lock maintenance and token expiration. Due to a gaff in
+ larger integer division the thread never performed any
+ work. Instead the current time computation would always
+ be less then the trigger times. This had an adverse affect
+ on the client's ability to maintain communication with servers,
+ keep volumes up to date, and flush user tokens and acls
+ when they have expired. This was broken when the 1.3 branch
+ was modified to support VC7 which no longer included
+ largeint.lib
+
+ * An initialization problem with the Freelance code was
+ detected while fixing the callbackRequest. The cm_rootSCachep
+ object is obtained during afsd_InitDaemons() but the callback
+ information is incomplete. The callback information will not
+ be obtained until cm_MergeStatus is called from within
+ cm_GetCallback. Unfortunately, cm_SyncOp did not properly
+ test for the conditions under which the callback information
+ must be obtained.
+
+ * Reports have been filed indicating that callbacks were
+ being lost. An examination of the code indicated that the
+ cm_server_t objects were not being properly reference
+ counted by the cm_scache_t and cm_callbackRequest_t objects.
+ In particular, the cm_server_t objects may have been freed
+ from beneath the cm_conn_t objects.
+
+ All of the reference counting is now done via the functions:
+ cm_GetServer
+ cm_GetServerNoLock
+ cm_PutServer
+ cm_PutServerNoLock
+ this improves the ability to track the referrals.
+
+ Each cm_BeginCallbackGranting Call now allocates a reference
+ to the cm_server_t. The cm_EndCallbackGrantingCall either
+ frees the reference or transfers it to the cm_scache_t
+ cbServerp field. These are then appropriately tracked
+ through the cm_Analyze call.
+
+ * Ensure that the dnlc hash table is the same size as the
+ dir name hash table (as per original author's note).
+ Increase the dnlc CM_AFSNCNAMESIZE to a multiple of 8
+ for compatibility with 64-bit systems.
+
+ * fix smb_ApplyV3DirListPatches to properly apply the hidden
+ attribute to dotfiles when the infoLevel < 0x101 and
+ cm_SyncOp has failed.
+
+ * Fix the Freelance registry initialization code. There
+ was a possibility that some systems could end up with
+ garbage in the registry during a clean install.
+
+Since 1.3.66:
+ * file and directory names beginning with "." will now be given the
+ hidden attribute when the volume access is anonymous. this matches
+ the behavior when the volume access is via an authenticated user.
+
+ * Added a change monitor to the HKLM\SOFTWARE\OpenAFS\Client\Freelance
+ key. When a change occurs mark the root.afs data as invalid and
+ for it to be reloaded on the next access. This allows administrators
+ to modify the mount point list without restarting the service.
+
+ The freelance client used to provide a fake modification time for
+ the root.afs volume data and its mount points of 7/09/2001 14:24 EDT.
+ Added code to extract the last modification time of the Freelance
+ registry key and use that instead. The time now represents the
+ most recent mount point change.
+
+ * PTS registration of new users to foreign cells has been added to
+ aklog.exe
+
+ * Additional Cache Control and Credential Manager options have been
+ added to the WiX installer. See deployment guide for details.
+
+ * The CachePath setting is now optionally a REG_EXPAND_SZ type
+
+ * The WiX installer has been upgraded. Version 2.0.1927.1 is now
+ required.
+
+ * The loopback installation code may have had a problem updating the
+ %ETC%\HOSTS file which could have resulted in a premature failure.
+ Work around code has been added for the case where the file cannot
+ be deleted.
+
+ * The default max chunksize was increased from 15 (32K) to 17 (128K)
+ because Windows sends 64K blocks when using overlapped writes.
+
+ * The default number of server threads was increased from 4 to 25 to
+ better handle overlapped writes.
+
+ * The "AfscredsShortcutParams" registry value was not being properly
+ loaded by afscreds.exe. Therefore, the default value was always being
+ used instead of the value set by the installer.
+
+ * Windows XP provides downgrade attack detection to prevent an attacker
+ from being able to force the use of NTLM simply by disrupting
+ communication with the KDC. This attack cannot exist between the
+ Windows CIFS client and the AFS Client Service. Therefore, when a
+ downgrade has been detected the afs pioctl library will force the
+ establishment of a new CIFS connection using NTLM.
+
+ * A locking error was discovered surrounding all references to volume
+ server lists within the cm_cell.c source file.
+
+ * The logged into Windows username was incorrect on Terminal Server
+ machines.
+
+ * A new registry value "NonPersistentCaching" was added to the service
+ parameters key. When set to a non-zero value, the afs cache is stored
+ in the Windows paging file. There are two limitations to choosing
+ this option:
+ 1. when persistent caching is implemented it won't work with
+ this flag set since there will be nothing to persist.
+ 2. with this flag set the initial paging allocation cannot be
+ changed while the service is running
+
+ * An initialization bug was discovered in aklog.exe which affected users
+ who have a domain name for their afs servers which could not be mapped
+ to a realm
+
Since 1.3.65:
+ * afs_config.exe now validates cell names against DNS in addition
+ to the CellServDB file.
+
+ * In order to allow the freelance client to connect to a volume with ID
+ equal to 1 on the default cell we changed the fake root.afs volume ID
+ once again. This time we choose 0xFFFFFFFF. In addition, we change
+ the cell ID of the fake root.afs volume from 1 to 0xFFFFFFFF as well.
+ It will now be impossible for a volume ID to match that of another
+ cell unless the client is connected to 0xFFFFFFFD cells. That should
+ be enough room for growth.
+
+ * Fix "fs mkmount" command to work with UNC paths and when
+ started from non-AFS drives. It is now possible to create a mount
+ point in the freelance fake root.afs volume with the command
+
+ fs mkmount \\AFS\all\<directory-name> <volume-name> <cellname>
+
+ For example,
+
+ fs mkmount \\AFS\all\openafs.org root.cell openafs.org
+ fs mkmount \\AFS\all\.openafs.org root.cell openafs.org -rw
+
+ * The algorithm used to re-attempt access to the servers associated with
+ a volume has been altered to properly address the case in which all
+ servers have been marked down. The previous algorithm did not reset
+ the server's down flags so the servers were never actually retried.
+ This caused a problem with active volumes if the network connectivity
+ was lost as could be the case with a network cable removal, wireless
+ drop, or laptop hibernation. With the fix volume access is restored
+ almost instantenously when network connectivity becomes available.
+
* Support for SMB/CIFS browsing has been added to the AFS Client Service
SMB server. It is now possible to use "NET VIEW \\AFS" to obtain a
listing of AFS submounts and freelance mount points. Support for
user's profile is not loaded from within AFS. If the profile
was loaded from AFS we can't release the tokens since the Logoff
event is triggered prior to the profile being written back to
- the its source location.
+ the its source location. This is now performed in an XP SP2
+ safe manner.
* Windows XP SP2 Internet Connection Firewall interoperability
has been added.
builds as well as CHECKED (aka DEBUG) builds
* Sites which have a volume ID of 0x20000001 assigned to their
- root.afs volumes have been experiencing problems with accessing
- the root.afs volume of their cell when Freelance mode has been
+ root.cell volumes have been experiencing problems with accessing
+ the root.cell volume of their cell when Freelance mode has been
active. This was because 0x20000001 was assigned to the fake
root.afs volume created by freelance. The fake volume id is
now set to 0x00000001 to prevent conflicts.
This should be the end of the "Server paused or restarting messages"
- * Fix "fs mkmount" command to work with UNC paths and when
- started from non-AFS drives
-
* Add support for arbitrary UNC paths to the pioctl() support.
This enables the fs commands as well as the AFS Shell Extension
to work correctly when UNC paths are being used.
git://git.openafs.org / openafs.git / blobdiff