+Since 1.3.74:
+ * Added a new registry value, "StoreAnsiFilenames", which can be used
+ to force the use of ANSI character sets instead of OEM Code Pages.
+ This feature is useful when users require the ability to create
+ filenames with 8-bit characters and need to access the files from
+ both Latin-1 based Unix systems as well as from Windows.
+
+ Activation of this feature will prevent access to files stored with
+ 8-bit OEM characters.
+
+ * Shutdown all SMB threads in a synchronized manner when stopping the
+ service.
+
+ * There is currently a maximum cache size of 1.3GB. The limit is imposed
+ by the largest contiguous block of unused memory within the 2GB process
+ space which can be assigned to the memory mapped file. Unfortunately,
+ when the executable digital signature verification code is activated
+ Windows sees fit to further segment the process memory which in turn
+ reduces the size of the maximum cache file to less then 800MB. If
+ larger cache sizes are desired, a new registry value should be set:
+
+ HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0
+
+ Setting this value will disable the runtime verification of digital
+ signatures on afsd_service.exe and the afs dlls which it loads. It
+ will not disable the the version number check on those same files.
+ The signature verification is not a security messure and is only meant
+ to enhance the ability to afsd_service.exe to detect potential
+ destablizing mixtures of DLLs from incompatible distributions.
+
+ Added code to auto-disable the signature verification check if
+ the desired cache size is greater then 700MB.
+
+ * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is
+ used to verify the validity of the afsd_service.exe binary
+ as well as each of the AFS DLLs loaded by the service. Not only
+ must the digital signature be valid but the signatures of the
+ DLL must be signed by the same entity as the service.
+
+ * Implement new functions: cm_freelanceMountPointExists and
+ cm_freelanceSymlinkExists. Use them along with other validity
+ checks in cm_freelanceAddMount and cm_freelanceAddSymlink to
+ ensure that name collisions do not occur and that empty strings
+ are not valid file names.
+
+ A symlink may not have a name which would resolve to a valid
+ cell name. Doing so would prevent access to the cell.
+
+ * Add missing cm_HoldSCacheNoLock call to Freelance mount point
+ re-initialization code. The reference counts of the fake root.afs
+ volume scache object(s) would become invalid when the mount point
+ or symlink lists were altered.
+
+ * Add registry entries to provide mappings from the afsdsbmt.ini
+ to the new locations for applications which count on the use
+ of the old Profile file APIs. These apps are likely to fail
+ if the user does not have administrator privileges and the
+ registry is locked down.
+
+ * The afs_config.exe submounts dialog had two errors.
+ First, attempts to remove entries failed because the registry
+ key was being opened without KEY_WRITE privileges.
+ Second, when editing a submount entry, changing the name
+ would add a new key and leave the original one in place.
+ Now the original submount will be removed if its name is
+ changed.
+
+ * In recent months there have been several incidents in which
+ users have experienced problems starting or accessing
+ afsd_service.exe and after significant effort has been spent
+ it has turned out that they have two versions of AFS on the
+ machine or an inconsistent set of DLLs.
+
+ Code has now been added to afsd_service.exe which will walk
+ the list of modules loaded by afsd_service.exe and validate
+ that the version of the AFS DLLs matches the version of the
+ afsd_service.exe executable. If they do not match the service
+ will not start.
+
+ * When Freelance mode is enabled and there is no registry
+ key HKLM\SOFTWARE\OpenAFS\Client\Freelance, afsd_service.exe
+ will attempt to import the afs_freelance.ini file contents.
+ If the file does not exist, it was creating a dummy file
+ with a r/o and r/w entry for the default cell and then
+ importing those values.
+
+ This process has been changed. The temporary file is no
+ longer created. Also, both the OpenAFS Client install
+ directory as well as %WINDIR% are checked for previous
+ afs_freelance.ini files.
+
+ * Added support for VL_GetEntryByNameN(). Still need to add
+ support for VL_GetEntryByNameU() for multi-homed support.
+
+ * Fix a deadlock situation in afscreds.exe when canceling an
+ auto-generated Obtain Tokens dialog
+
+Since 1.3.72/73:
+ * Fix the locking of objects during Directory Searches in the
+ SMB/CIFS server. The failure to properly lock the reference
+ counts was resulting in the premature freeing of smb_dirSearch_t
+ objects while they were still in use by the SMB/CIFS client.
+ This does not solve the "Invalid Handle" problem.
+
+ * Fix Find Cell By Name pioctl call to return a valid cell
+ name for the Freelance fake root.afs volume.
+ "Freelance.Local.Root".
+
+ * Fix the Explorer Shell Extension Symlinks->Add operation.
+ The dialog template was missing and the link destination
+ string was too short.
+
+ * Add support for symlinks to Freelance root.afs volume
+ Stored at HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks
+ <number> = "<linkname>:<relative-path>."
+ Use symlink.exe to create, list, or remove
+
+ * Remove the fallback to the use of KFW's KRB4 library when obtaining
+ tokens. We never obtain KRB4 tickets.
+
+ * Fix AFS Client Configuration Control Panel to support new SysName
+ protocol.
+ * Fix a bug in afsd_service.exe which could result in the SysName
+ not being read from the registry.
+
Since 1.3.71:
+ * Add code to block the issuance of AFS tokens by aklog.exe or
+ afscreds.exe when the Kerberos 5 principal name contains a dot.
+
+ * Modify the IsAdmin() function to always treat the local SYSTEM
+ account as an AFS client administrator. Affects fs.exe and
+ afs_config.exe.
+
+ * Modify the internal handling of Quota Exceeded errors
+
+ * Upgrade all reference count fields in the Windows cache manager
+ and the osi library to use unsigned long instead of signed short.
+ A similar fix has been applied to the afs rpc (rx) library.
+
+ * fix the Windows cache manager to prevent it from replacing the
+ rx_connection object associated with the cm_conn_t object on each
+ and every operation if "fs crypt" was set. This explains the
+ dramatic performance difference when crypt is used vs clear.
+ The problem: 'cryptall', a boolean flag indicating whether or not
+ "fs crypt" is set, was being compared to the rx_connection
+ cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
+ 1 != 2 and therefore the rx_connection was always destroyed
+ and replaced on each and every operation.
+
+ Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
+ It is not safe for the cm_conn_t object to not be locked because
+ rx_DestroyConnection might be called from another thread if:
+ - the user's tokens have changed or expired
+ - the crypt mode has changed
+
+ This fix appears to have also taken care of the problems associated
+ with Overlapped Writes resulting in Delayed Write errors.
+
+ * fix NSIS installer's AdminGroup.exe to properly create and
+ remove groups when given -create or -remove. The string comparison
+ test was wrong.
+
+ * fs sysname now accepts a list of sysname values
+
+ * added a new registry value HKLM\SOFTWARE\OpenAFS\Client "IoctlDebug"
+ DWORD which when set to a non-zero value will cause error message
+ text to be output to stderr from the pioctl() routine. Useful in
+ debugging failures of fs.exe, tokens.exe, etc.
+
+ * added a test to the power management code to only perform a
+ flush operation if there is at least one network adapter which
+ is not a loopback adapter.
+
+ * Fix bug in loading of registry value HKLM\SOFTWARE\OpenAFS\Client
+ "EnableKFW". This value will not be read if the key
+ HKCU\SOFTWARE\OpenAFS\Client exists; even if the "EnableKFW"
+ value under that key does not.
+
+ * provide mechanisms to force the use of krb524d for Kerberos 5
+ ticket to AFS token conversion. For afslogon.dll and afscreds.exe
+ there is a new registry value "Use524" and for aklog.exe a new
+ command line parameter "-m".
+
+ * Fix the pattern matching algorithm to properly match patterns
+ ending with a '*'.
+
* smb_ReceiveCoreRename() was factored to produce smb_Rename()
which is used by both the original function and the new
smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
* Update list of known CIFS operations to include all those listed
in CIFS-TR-1p00_FINAL.pdf.
+ * Modify the handling of HKLM\SOFTWARE\OpenAFS\Client\Submounts
+ to support the REG_EXPAND_SZ type.
+
Since 1.3.70:
* A new Windows authorization group "AFS Client Admins" is now
created and populated with the members of the "Administrators"
git://git.openafs.org / openafs.git / blobdiff