Kris Van Hees [Thu, 29 Jul 2004 04:13:37 +0000]
afs-suser-consistent-
20040728
FIXES 6034
always call afs_suser() with one arg.
always take one.
Rainer Schöpf [Thu, 29 Jul 2004 04:08:48 +0000]
linux-null-superblock-if-mount-failed-
20040728
FIXES 6002
The appended patch resets afs_globalVFS to NULL if /afs cannot be mounted,
eg., if no cell server is accessible.
There are two advantages:
- it is possible to do "afsd -shutdown" to terminate all daemons
- more importantly, if /afs cannot be mounted, the linux kernel will
probably free the superblock, ie the memory pointed to afs_globalVFS.
Derrick Brashear [Thu, 29 Jul 2004 03:46:48 +0000]
rx-provide-binding-version-of-init-
20040728
i should be dragged away and beaten for this
first pass at interface to allow bound Rx sockets
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
i should be dragged away and beaten for this
====================
i should be dragged away and beaten for this
first pass at interface to allow bound Rx sockets
====================
i should be dragged away and beaten for this
first pass at interface to allow bound Rx sockets
====================
i should be dragged away and beaten for this
first pass at interface to allow bound Rx sockets
====================
i should be dragged away and beaten for this
first pass at interface to allow bound Rx sockets
====================
i should be dragged away and beaten for this
first pass at interface to allow bound Rx sockets
====================
i should be dragged away and beaten for this
first pass at interface to allow bound Rx sockets
Derrick Brashear [Wed, 28 Jul 2004 22:49:18 +0000]
fssync-more-offline-volumes-
20040728
just let the offline volumes array be larger
Jeffrey Hutzelman [Wed, 28 Jul 2004 21:59:58 +0000]
lwp-track-qwaiting-second-try-
20040728
FIXES 5616
track qwaiting lwps rather than potentially leaking them
Jeffrey Altman [Wed, 28 Jul 2004 04:54:19 +0000]
unc-paths-current-directory-
20040727
fix the handling of unc paths in pioctl calls when the current directory
is the unc path. (not likely to be the case with cmd.exe since it does
not support pure unc path environments. 4nt.exe shows the problem though.)
Jeremy Mika [Tue, 27 Jul 2004 17:24:40 +0000]
fbsd53-
20040727
FreeBSD 5.3 has an extra thread arg to vflush()
Jim Rees [Tue, 27 Jul 2004 15:39:31 +0000]
bsd-new-releases-
20040727
Preliminary support for FreeBSD 5.3 and OpenBSD 3.6.
OpenBSD osi_vnodeops.c patch from brent@graveland.net (slightly modified)
Remove obsolete src/lwp/process.fbsd.s to prevent further confusion
Asanka Herath [Tue, 27 Jul 2004 14:32:38 +0000]
msi-deployment-guide-
20040727
a guide to making organization specific modifications to the msi
installer
Tommie Gannert [Tue, 27 Jul 2004 14:23:11 +0000]
registry-txt-
20040727
Remove duplicate entries
Jeffrey Altman [Tue, 27 Jul 2004 22:34:46 +0000]
freelance-rw-
20040727
Fix cm_Lookup to properly set the rw flag when adding Freelance mount
points based on whether the filename begins with a '.'
Fix cm_FreelanceAddMount to set the cellname to the cellname without
the '.' when rw mode is used and a cellname is not provided.
Jeffrey Altman [Tue, 27 Jul 2004 00:24:09 +0000]
winnotes-
20040726
Updates for 1.3.66
Asanka Herath [Tue, 27 Jul 2004 00:22:20 +0000]
afsd-
20040726
Prevent a TID allocated for IPC from being used for anything other than RAP.
Implement NetServerGetInfo instead of returning an error.
When looking for shares, go through root.afs first before trying to add a
mount point.
Jeffrey Altman [Tue, 27 Jul 2004 00:14:42 +0000]
afslogon-
20040726
Only display the "Integrated Login failed" message box if Integrated
Login is in fact being used.
Jeffrey Altman [Tue, 27 Jul 2004 00:01:31 +0000]
afsconfig-dns-cells-
20040726
Another annoying bug. afs_config.exe now validates cell names against
DNS in addition to the CellServDB file.
Jeffrey Altman [Mon, 26 Jul 2004 21:40:23 +0000]
misc-patches-
20040726
Update .cvsignore files for windows
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
cleanup uninitialized variables
====================
more dlls to be replaced
====================
When determining the full path of a UNC path, strip the server and
share names
Jeffrey Altman [Mon, 26 Jul 2004 20:08:42 +0000]
freelance-cellid-
20040726
Replace Freelance cellid constant 0x1 with a #define and set its
value to 0xFFFFFFFF to avoid collisions with the root.cell volumes
on remote cells.
Jeffrey Altman [Mon, 26 Jul 2004 03:48:47 +0000]
novolume-
20040725
if we are going to return CM_ERROR_NOSUCHVOLUME do it whenever the
server list is empty. If the server list is empty, allDown and allBusy
will always be set but there is nothing we can do.
Jeffrey Altman [Sun, 25 Jul 2004 22:47:20 +0000]
version-update-
20040725
Update version to 1.3.66
Jeffrey Altman [Sun, 25 Jul 2004 22:45:19 +0000]
kfw-2-6-4-
20040725
Update KFW SDK to 2.6.4
Jeffrey Altman [Sun, 25 Jul 2004 21:53:09 +0000]
small-tweaks-
20040725
* update winnotes
* add osi trace log entries to help diagnose issues with overlapped writes
from CIFS client
* fix osi trace log entries for freelance add mount to use osi_SaveLogString
* fix afscreds "Start Service" to automatically obtain tokens if kerberos
tickets are available
* update afscreds systray menu to use "..." after Remove Icon
* remove extra "." in wix installer resource
Jeffrey Altman [Sat, 24 Jul 2004 19:59:32 +0000]
force-vol-upd-
20040724
Change cm_ForceUpdateVolume to not try to perform an immediate update.
Just set the CM_VOLUMEFLAG_RESET flag. Calling cm_UpdateVolume calls
cm_connByMServers which then calls cm_Analyze which is how we ended
up having cm_ForceUpdateVolume called in the first place.
Jeffrey Altman [Sat, 24 Jul 2004 16:25:35 +0000]
global-drives-
20040724
If creating the global drive letter fails, attempt to cancel the
previous use and then re-create.
Jeffrey Altman [Sat, 24 Jul 2004 09:31:15 +0000]
smb-extended-
20040724
Don't fallback to SMB_AUTH_NTLM. Apparently, allowing SPNEGO to be
used each time prevents the failure of authentication when logged into
Windows with an external Kerberos principal mapped to a local account.
Asanka Herath [Sat, 24 Jul 2004 08:35:04 +0000]
wix-updates-
20040723
Change default security level to 'crypt'.
Add registry key for SMBAuthType.
Add configurable property for SMBAuthType.
Remove high security mode option from the UI.
Workaround UI bug where a text control would redraw twice, once properly, once without interpreting format codes when
there are two properties to replace.
Jeffrey Altman [Fri, 23 Jul 2004 23:58:24 +0000]
down-before-busy-
20040723
slight correction to previous patch.
check allDown before checking allBusy
Jeffrey Altman [Fri, 23 Jul 2004 23:25:23 +0000]
install-notes-
20040723
Update the install notes to describe conflicts between SMB Authentication
and Windows machines configured with non-Windows Kerberos authentication
used to map to local accounts.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
More updates to smb auth vs external kerberos login
Derrick Brashear [Fri, 23 Jul 2004 23:06:22 +0000]
linux-null-out-stat-struct-
20040723
FIXES 3812
we should memset this to 0. we should also only do it once for linux 2.2. code is slightly different in the cvs head.
Jeffrey Altman [Fri, 23 Jul 2004 22:55:23 +0000]
allserversdown-
20040723
When all servers associated with a volume get into the CM_SERVERFLAG_DOWN
state, the error CM_ERROR_ALLOFFLINE would be returned by cm_ConnByMServers.
cm_Analyze was then supposed to be pausing for 5 seconds and then reset the
volume information. Unfortunately, although it called cm_ForceUpdateVolume,
cm_ForceUpdateVolume does not reset the CM_SERVERFLAG_DOWN state on the
servers. Therefore, when cm_ForceUpdateVolume calls cm_ConnByMServers it
would be given a CM_ERROR_ALLOFFLINE. In other words, there was no way
out of the state.
cm_Analyze will now reset the CM_SERVERFLAG_DOWN as well as setting the
server status to not_busy after its 5 second wait. This will allow
cm_ForceUpdateVolume to actually reset the volume information, and
refresh it if servers for the volume are newly accessible.
Also, added some missing locking calls in cm_Analyze.
In cm_ConnByMServers, change the error reporting to return CM_ERROR_ALLBUSY
only when all servers are busy or down; return CM_ERROR_ALLOFFLINE when all
servers are down; and only return CM_ERROR_NOSUCHVOLUME if the server list
for the volume is empty. In all other cases return CM_ERROR_TIMEDOUT.
Jeffrey Altman [Fri, 23 Jul 2004 00:21:06 +0000]
afslogon-domain-
20040722
Fix null reference to bstr when active directory is not available
during a short domain acquisition
Jeffrey Altman [Thu, 22 Jul 2004 23:41:27 +0000]
prototypes-
20040723
fix prototype for afs_realm_of_cell
Jeffrey Altman [Thu, 22 Jul 2004 23:15:37 +0000]
afslogon-
20040722
the procedure used to obtain the profile directory failed in Domains
which were not Forests. If ADS_NAME_INITTYPE_GC fails, we must try
ADS_NAME_INITTYPE_DOMAIN which requires the Domain. Added a Domain
parameter to QueryAdHomePathFromSid. This was easy to obtain in
the NPLogonNotify since the logon domain is provided as a parameter.
Unfortunately, the domain provided to the winlogon event notification
routine is the user authentication domain, not the logon domain for
the local machine. Needed to create a GetLocalShortDomain function
which uses the IADsADSystemInfo COM interface to obtain the local
short domain. With this in place, we can now properly detect the
profile directory in all cases.
Document MaxLogSize in registry.txt
Jeffrey Altman [Thu, 22 Jul 2004 10:42:40 +0000]
misc-cleanup-
20040721
pass the correct data type into afssw_GetClientCellServDBDir
Jeffrey Altman [Thu, 22 Jul 2004 10:23:52 +0000]
misc-cleanups-
20040721
* Cleanup debug logging. In particular, allow the TraceOptions registry
value to be used as a bit flag as it was intended. Give each type of
debugging its own value instead of having each module test for the zero
bit.
* Modify the handling of the afsd_init.log file. This file originally
was replaced on each start. However, with auto-restart this causes
any error information from the previous halt to be lost. So it was
changed quite a while back to append forever. The problem with this
is that the file gets unreasonably large. Solution: add a new registry
value, MaxLogSize, which determins how large the file should be allowed
to become before truncation. The default is 100K. The magic value 0
means grow indefinitely.
* Update afslogon.dll. Cleanup logging. Fix some errors. Remove unused
variables. AND do not Forget Tokens on Logoff if the profile is located
in AFS space.
* Fix a bug introduced yesterday in cellconfig.c which caused problems
accessing the CellServDB file
* Update the NSIS installer to replace the CRTL DLLs instead of overwrite
them.
* Add new Startup Winlogon handler to initialize the TraceOption.
Derrick Brashear [Wed, 21 Jul 2004 23:23:38 +0000]
fstrace-avoid-double-glock-in-dentry-code-during-fstrace-
20040719
fstracing on a linux machine and trying to fs flush a file in the cache would trigger a hang on a machine with SMP kernel. fix it.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
fstracing on a linux machine and trying to fs flush a file in the cache would tr
igger a hang on a machine with SMP kernel. fix it.
Jeffrey Altman [Wed, 21 Jul 2004 22:41:33 +0000]
trace-logging-
20040721
TraceLogging is supposed to be activated for different purposes
with bit flags. The osi log and afslogon both used the same bit
flag. Bit 0 is now for afslogon; and Bit 1 is for osi log.
Jeffrey Altman [Wed, 21 Jul 2004 17:08:28 +0000]
cifs-rap-
20040721
Fix smb_ReceiveRAPNetShareEnum to report the correct buffer size to the
client
Jeffrey Altman [Wed, 21 Jul 2004 15:05:59 +0000]
registry-docs-logoff-
20040721
* Update Windows Notes files
* Modify logoff procedure to use a pioctl to check if an arbitrary path
exists within AFS
* Add a new registry value HKLM\Software\OpenAFS\Client CellServDBDir
which can be used to locate the CellServDB file in an arbitrary directory
Jeffrey Altman [Wed, 21 Jul 2004 06:27:44 +0000]
afslogon-
20040720
Do not release the AFS Tokens at logoff if the user's profile was loaded
from AFS. In this case we must keep the AFS tokens because we have no
idea how long writing back the profile might take.
Asanka Herath [Wed, 21 Jul 2004 05:43:07 +0000]
smb-rap-
20040720
Add CIFS RAP support to the SMB server. This allows AFS to be queried
with NetGetShareInfo, NetGetServerInfo, etc. This allows the AFS SMB
server to be browsed using NET VIEW.
Jeffrey Altman [Tue, 20 Jul 2004 16:51:07 +0000]
user-auth-cell-
20040720
remember to return the authentication cell name if found
Jeffrey Altman [Tue, 20 Jul 2004 16:48:18 +0000]
submounts-
20040720
Fix afsshare.c to strip the MountRoot off the afs-path before inserting into
the registry
Fix smb.c to read the submounts out of the registry.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
fix submount extraction from registry
Jeffrey Altman [Tue, 20 Jul 2004 06:16:35 +0000]
afsshare-
20040719
correct off by one error
Jeffrey Altman [Mon, 19 Jul 2004 23:40:12 +0000]
ioctl-freelance-
20040719
Do not perform a Cell Search when the name matches the SMB IOCTL filename.
This is a special name and is not to be treated as a cell. The failure
to find the name produces DNS queries as well as disk access.
Derrick Brashear [Mon, 19 Jul 2004 16:25:16 +0000]
pthread-ft-approxtime-is-time-
20040719
for tvolser most code paths simply never result in time being updated. seems dangerous.
Jeffrey Altman [Mon, 19 Jul 2004 15:39:38 +0000]
win32-fd_set-
20040719
Make sure that we do not alter the FD_SETSIZE on Windows.
On Windows this is an array of FD_SETSIZE. FD_SETSIZE does
not define the maximum socket handle value.
Asanka Herath [Fri, 16 Jul 2004 05:49:26 +0000]
registry-
20040715
Description of new afslogon functionality
Asanka Herath [Fri, 16 Jul 2004 05:40:54 +0000]
strsafe-
20040715
String Safety fixes
Jeffrey Altman [Fri, 16 Jul 2004 04:56:46 +0000]
ntmakefile-
20040715
Updated makefiles to avoid macro redefinitions and add new files
to src/WINNT/afsd
Asanka Herath [Fri, 16 Jul 2004 04:48:22 +0000]
afslogon-
20040715
New file for AD logon processing routines.
Jeffrey Altman [Fri, 16 Jul 2004 04:38:25 +0000]
afslogon-wix-cleanup-
20040715
- Fix NTMakefiles in many directories to define WIN32_LEAN_AND_MEAN NOGDI
to avoid macro redefinitions
- update text files
- add "authentication cell" registry value for afscreds.exe
From asanka@mit.edu:
Network provider :
- If the user is logging into an AD domain, then look up the user's
profile path, find out which cell it's in and then authenticate to
that cell instead of the default cell.
- Domain specific registry keys
- A few fixes for handling UNICODE_STRINGs
smb3.c :
- Delete partial security context during negotiation
client_cpa :
- As per the SDK which says we must handle CPL_INQUIRE message, we do.
Also fixes a small bug where the icon isn't properly set when viewing
the Control Panel folder.
loopbackutils.cpp
- Don't bother setting the app data template, because we are setting
it in the MSI anyway.
install/wix/NTMakefile
- Add a configurable symbol AFSDEV_AUXWIXDEFINES which can be used to
customize a build of the msi.
install/wix
- Move afslogon.dll to SYSTEM32 directory
- Add registry keys to support WinLogon notifications.
- Rename afsdcell.ini to CellServDB and move it to the client directory.
- If there's already an afsdcell.ini in the Windows directory, copy
that over to the client directory instead.
- Add descriptions to AFS client and server services
Jeffrey Altman [Thu, 15 Jul 2004 17:26:35 +0000]
winnotes-
20040715
Update Windows note files with the latest changes.
Jeffrey Altman [Thu, 15 Jul 2004 07:53:12 +0000]
nsis-installer-
20040714
Move afs_cpa.cpl control panel to the OpenAFS\Client\Program
directory and register it in the registry via the
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\
key.
Jeffrey Altman [Thu, 15 Jul 2004 06:24:22 +0000]
nsis-
20040714
Rename afsdcell.ini to CellServDB
Add Winlogon Event Notification support
Move afslogon.dll to %WINDIR%\System32
Jeffrey Altman [Thu, 15 Jul 2004 06:22:14 +0000]
cellservdb-
20040714
Search for the CellServDB in the OpenAFS client install directory
not in the %WINDIR% directory
Jeffrey Altman [Thu, 15 Jul 2004 06:20:33 +0000]
afslogon-
20040714
Add a Winlogon Event Notification handler to afslogon.dll to process
Logoff events. Upon Logoff call ktc_ForgetAllTokens() on behalf of
the logged off user.
Fix a filename wildcard matching error introduced a few versions back.
Jeffrey Altman [Wed, 14 Jul 2004 07:34:09 +0000]
incorrect-level-of-indirection-
20040713
When freeing a server_t, do not indirect to GC the connections
Asanka Herath [Wed, 14 Jul 2004 07:12:20 +0000]
xp-sp2-icf-
20040713
Windows XP SP2 adds a firewall which blocks all incoming ports by default.
This patch adds support to the AFS Client Service (but not the AFS Server)
to automatically open the firewall to ports in use by the application.
One of the new requirements of this functionality is the use of the
latest Platform SDK "Microsoft Platform SDK for Windows XP SP2".
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
For the XP SP2 SDK both the Core and Data Access SDKs are required
Hans-Gunther Borrmann [Wed, 14 Jul 2004 05:46:48 +0000]
butc-xbsa-
20040714
FIXES 5827
update for xbsa 5
Chas Williams [Wed, 14 Jul 2004 05:34:46 +0000]
glock-kernel-lock-ordering-
20040714
FIXES 5836
make lock order consistent
some routines have kernel lock held when entered, so...
Chas Williams [Wed, 14 Jul 2004 05:21:54 +0000]
fix-fstrace-for-linux-
20040714
FIXES 5835
don't deadlock when flushing dcache children
Chas Williams [Wed, 14 Jul 2004 05:14:31 +0000]
linux-free-dont-drop-alloc-sem-
20040714
FIXES 5831
dropping semaphore not needed, so don't
Christoph Becker-Freyseng [Wed, 14 Jul 2004 05:08:06 +0000]
linux24-update-
20040713
FIXES 5713
make getgroups compile
deal with afs_suser(x) and afs_suser()
Jeffrey Altman [Wed, 14 Jul 2004 04:28:36 +0000]
no-more-ini-files-
20040713
Get rid of all %WINDIR% INI files
afs_freelance.ini moved to the HKLM hive SOFTWARE\OpenAFS\Client\Freelance
afsdcell.ini moved to the Openafs Client install directory and renamed
to CellServDB to match Unix and the Openafs Server.
afsdsbmt.ini moved to the registry. Submounts are moved to HKLM hive
SOFTWARE\OpenAFS\Client\Submounts. Active Maps and Drive Mappings are
moved to the HKCU hive SOFTWARE\OpenAFS\Client\Active Maps and Mappings.
CSCPolicy is moved to HKCU hive.
afsdns.ini is no longer used.
NSIS installer updated to migrate the afsdcell.ini to CellServDB
The cm_freelance.ini module has been modified to migrate the afs_freelance.ini
data to the registry on first execution.
The afsdsbmt.ini file data is not currently being migrated.
Jeffrey Altman [Tue, 13 Jul 2004 14:09:16 +0000]
migrate-to-registry-
20040713
* NTMakefile: missing commit from SMB AUTH patches
* cm_config.c: obtain location of CellServDB from registry
[HKLM\SOFTWARE\OpenAFS\Client] "CellServDB"=reg_sz
This will allow us to move from %WINDIR%\afsdcell.ini to
C:\Program Files\OpenAFS\Client\CellServDB. This is necessary
for compatibility with Terminal Server in which applications
are not given access to %WINDIR%.
* cm_freelance.c: migrate freelance mount point data from
%WINDIR%\afs_freelance.ini to the registry
[HKLM\SOFTWARE\OpenAFS\Client\Freelance]
Each value, whose name is unimportant, contains one mount point
entry. After the first execution of this code, the current data
in afs_freelance.ini will be moved to the registry and then all
subsequent data access will be performed via the registry.
The afs_freelance.ini file will be deleted after the migration
has occurred.
Jeffrey Altman [Tue, 13 Jul 2004 07:22:53 +0000]
ntlm-back-connection-hostnames-
20040713
Add function configureBackConnectionHostNames(void)
On Windows XP SP2, Windows 2003 SP1, and all future Windows operating systems
there is a restriction on the use of SMB authentication on loopback connections.
There are two work arounds available:
(1) We can disable the check for matching host names. This does not
require a reboot:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableLoopbackCheck"=dword:
00000001
(2) We can add the AFS SMB/CIFS service name to an approved list. This
does require a reboot:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"BackConnectionHostNames"=multi-sz
The algorithm will be:
Check to see if cm_NetbiosName exists in the BackConnectionHostNames list
If not, add it to the list. (This will not take effect until the next reboot.)
and check to see if DisableLoopbackCheck is set.
If not set, set the DisableLoopbackCheck value to 0x1
and create HKLM\SOFTWARE\OpenAFS\Client UnsetDisableLoopbackCheck
else If cm_NetbiosName exists in the BackConnectionHostNames list,
check for the UnsetDisableLoopbackCheck value.
If set, set the DisableLoopbackCheck flag to 0x0
and delete the UnsetDisableLoopbackCheck value
Derrick Brashear [Tue, 13 Jul 2004 07:08:32 +0000]
admin-doc-sysname-
20040713
FIXES 4054
update docs to reflect sys being static.
Hans-Gunther Borrmann [Tue, 13 Jul 2004 06:52:44 +0000]
butc-xbsa-
20040713
FIXES 5761
update for butc xbsa support
Rainer Schöpf [Tue, 13 Jul 2004 06:49:54 +0000]
kdump-linux-26-
20040713
FIXES 5814
update kdump for linux 2.6
Rainer Schöpf [Tue, 13 Jul 2004 06:45:14 +0000]
afs-cold-shutdown-
20040713
FIXES 5768
use correct syscall parm for cold shutdown
Jeffrey Altman [Sun, 11 Jul 2004 22:22:57 +0000]
smb-auth-
20040711
Over last several years significant efforts have been made to work around
the inability to protect user tokens from use by inappropriate entities.
The tokens are associated with a given userid and session by a combination
of an SMB based ioctl and an authenticated/encrypted RPC. This has opened
the door for tokens to be borrowed by other users if they could connect
to the same SMB server with the identical userid. This was trivially
possible because the SMB connections were unauthenticated.
This patch adds two forms of authenticated SMB connections: NTLM and
Extended Security (aka GSS SPNEGO). By default Extended Security mode
is used. This patch has been tested on 2000 workstation, 2000 server,
XP SP1, and 2003 Server, and XP SP2 RC2. The Extended Security works on
all platforms except for XP SP2 RC2 regards of whether or not the machine
is part of a domain or not; and whether or not a local or domain account
is used.
On XP SP2 RC2, attempts to use negotiate Extended Security result in a
Logon Denied error from AcceptSecurityContext() and a substatus code of
0x7C90486A is logged to the Security Event log via the NTLM SSP.
The SMB AUTH NTLM mode succeeds on XP SP2 RC2.
Disabling SMB Authentication or specifying the use of NTLM mode may be done
via the registry.
Value : smbAuthType
Type : DWORD {0..2}
Default : 2
If this value is specified, it defines the type of SMB authentication
which must be present in order for the Windows SMB client to connect
to the AFS Client Service's SMB server. The values are:
0 = No authentication required
1 = NTLM authentication required
2 = Extended (GSS SPNEGO) authentication required
The default is Extended authentication
Jeffrey Altman [Sun, 11 Jul 2004 21:56:27 +0000]
unicode-strings-
20040711
UNICODE_STRING buffers are measured by their length field;
do not assume they are nul terminated
Jeffrey Altman [Thu, 8 Jul 2004 15:45:58 +0000]
winnotes-registry-
20040708
Add descriptions of Global Drive Mappings; MaxCPUs, and Environment
Variables
Jeffrey Altman [Thu, 8 Jul 2004 14:25:40 +0000]
aklog-uninitialized-variable-
20040708
make sure that the krb5_context is initialized to 0. Otherwise, we
might try to free it.
Jeffrey Altman [Thu, 8 Jul 2004 14:24:00 +0000]
local-rpc-
20040708
change the default RPC type from "ncacn_np" to "ncalrpc"
This says to use local rpc instead of named pipes from the
client to the server. Named pipes can still be used by
specifying the "AFS_RPC_PROTSEQ" environment variable.
Love Hörnquist-Åstrand [Thu, 8 Jul 2004 06:35:26 +0000]
openafs-for-arla-
20040708
FIXES 5490
allow use of openafs binaries with arla's linux 2.6 support
Kris Van Hees [Thu, 8 Jul 2004 06:23:53 +0000]
solaris10-
20040624
FIXES 5396
as substantially done by Jeff Woodward <Jeffrey.B.Woodward@Dartmouth.EDU>,
work diffed out and slightly rewritten
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 5396
this should be the correct way to give up the socket on all solaris versions
Jeffrey Hutzelman [Thu, 8 Jul 2004 06:16:55 +0000]
rx-lwp-fdsetsize-
20040708
FIXES 5615
limit our fd set size so we don't "lose" fds.
Jeffrey Hutzelman [Thu, 8 Jul 2004 06:11:34 +0000]
lwp-track-qwaiting-
20040708
FIXES 5616
track qwaiting lwps rather than potentially leaking them
Rainer Schöpf [Thu, 8 Jul 2004 05:52:38 +0000]
afsd-bitch-about-xfs-not-about-dir-for-memcache-
20040708
FIXES 5728
make afsd complain if cache partition is linux
don't complain if no cachedir and we're -memcache.
Jeffrey Altman [Thu, 1 Jul 2004 09:00:40 +0000]
dns-fix-
20040630
Fix the dns portion of cm_GetCell() to prevent against a NULL pointer
dereference when the ttl expired.
Jeffrey Altman [Mon, 28 Jun 2004 17:33:20 +0000]
afscreds-aklog-only-
20040626
Modify the Obtain Tokens dialog to allow a blank password
if a full principal name is provided. (for aklog only requests)
Jeffrey Altman [Mon, 28 Jun 2004 17:29:42 +0000]
freelance-rw-mounts-
20040626
Extend Freelance code to support r/w mount points in the fake root.afs
volume
Jeffrey Altman [Mon, 28 Jun 2004 17:28:38 +0000]
afskfw-aklog-only-
20040626
If no password is specified, perform aklog only using the provided
principal name
Jeffrey Altman [Fri, 25 Jun 2004 22:18:44 +0000]
maxcpus-
20040625
Add documentation on MaxCPUs entry.
Jeffrey Altman [Fri, 25 Jun 2004 20:48:44 +0000]
hyperthreading-bad-
20040625
Give folks an option of running afsd_service.exe on fewer processors
than are installed in the machine. A new registry value
TransarcAfsDaemon/Parameters MaxCPUs
allows a restriction to be applied. Set to 1 to use a single CPU
(or hyperthreading instance)
The restriction is applied with SetProcessAffinityMask()
Jeffrey Altman [Thu, 24 Jun 2004 19:57:51 +0000]
nsis-default-loopback-ip-
20040624
correct the default loopback IP addresses used
10.254.254.253 mask 255.255.255.252
Jeffrey Altman [Thu, 24 Jun 2004 19:24:14 +0000]
windows-install-notes-
20040624
A first cut at installation notes for windows.
Kris Van Hees [Thu, 24 Jun 2004 18:38:19 +0000]
solaris10-
20040624
FIXES 5396
as substantially done by Jeff Woodward <Jeffrey.B.Woodward@Dartmouth.EDU>,
work diffed out and slightly rewritten
Chas Williams [Thu, 24 Jun 2004 18:28:03 +0000]
linux-make-lock-unlock-
20040624
FIXES 5430
don't double lock the kernel
Derrick Brashear [Thu, 24 Jun 2004 17:56:20 +0000]
getce64-cleanup-
20040624
get rid of 64bit client & !64bit env case: won't work as is.
Derrick Brashear [Thu, 24 Jun 2004 17:55:00 +0000]
irix-ukernel-define-64bit-env-move-
200406024
FIXES 4896
don't include afs_sysnames.h before defining AFS_64BIT_ENV
oops
Asanka Herath [Thu, 24 Jun 2004 17:28:51 +0000]
wix-add-crypt-
20040624
1. Add gui option for SecurityLevel.
2. Fix grouping of symbol files.
Jeffrey Altman [Thu, 24 Jun 2004 05:51:54 +0000]
loopback-
20040623
properly set dependencies for NSIS and wix targets to build loopback target
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
do not install a second loopback adapter if one is already installed.
====================
1. Custom actions should not depend on any library that is not in the Windows distribution. Change makefile to link
with a static runtime.
2. Add common reporting mechanism to report ActionData messages back to the MSI process during the loopback
installation.
3. CoInitializeSecurity can be called only once per process. When running as a custom action DLL under the MSI process
we won't be able to successfully call this since the MSI process beats us to it.
====================
Compensate for difference in argument passing in MSI and RunDll32
Jeffrey Altman [Thu, 24 Jun 2004 05:16:46 +0000]
version-1365-
20040623
Version number to 1.3.6500
Asanka Herath [Thu, 24 Jun 2004 05:12:07 +0000]
nsis-
20040623
Remove obsolete registry entry: TruncateNetbios
Asanka Herath [Thu, 24 Jun 2004 05:11:02 +0000]
wix-
20040623
1. We are packaging debug symbols for all builds. In a checked build the default is to install debug symbols while on a
free build debug symbols won't be installed unless asked to.
2. Change impersonation level for loopback installation.
3. Change UI to allow for ActionData messages during the long wait while the loopback is installed.
4. Add templates for displaying ActionData.
5. Parameterize language resources.
Derrick Brashear [Wed, 23 Jun 2004 23:25:06 +0000]
darwin-updates-
20040623
this should be switched to use the freebsd style getnewvnode
perhaps it will be
Jeffrey Altman [Wed, 23 Jun 2004 21:22:42 +0000]
winnotes-
20040623
Updated change list and issues list to reflect the state of the world
as of 1.3.65
Marcus Watts [Wed, 23 Jun 2004 16:01:04 +0000]
ptserver-flags-default-switch-
20040623
FIXES 5418
allow ptserver flags to be defaulted different per switch