From 53f0da3fb019cbc44bc012fbf0af0c85e7341381 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 30 Nov 2004 07:40:11 +0000 Subject: [PATCH 1/1] windows-notes-upd-20041130 update docs --- doc/txt/winnotes/afs-changes-since-1.2.txt | 40 +++++++++++++++++ doc/txt/winnotes/afs-install-notes.txt | 24 +++++++++++ doc/txt/winnotes/afs-issues.txt | 69 ++++++++++++++---------------- doc/txt/winnotes/registry.txt | 15 +++++++ 4 files changed, 110 insertions(+), 38 deletions(-) diff --git a/doc/txt/winnotes/afs-changes-since-1.2.txt b/doc/txt/winnotes/afs-changes-since-1.2.txt index 5c7606a..e9e8c06 100644 --- a/doc/txt/winnotes/afs-changes-since-1.2.txt +++ b/doc/txt/winnotes/afs-changes-since-1.2.txt @@ -1,4 +1,44 @@ Since 1.3.74: + * There is currently a maximum cache size of 1.3GB. The limit is imposed + by the largest contiguous block of unused memory within the 2GB process + space which can be assigned to the memory mapped file. Unfortunately, + when the executable digital signature verification code is activated + Windows sees fit to further segment the process memory which in turn + reduces the size of the maximum cache file to less then 800MB. If + larger cache sizes are desired, a new registry value should be set: + + HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0 + + Setting this value will disable the runtime verification of digital + signatures on afsd_service.exe and the afs dlls which it loads. It + will not disable the the version number check on those same files. + The signature verification is not a security messure and is only meant + to enhance the ability to afsd_service.exe to detect potential + destablizing mixtures of DLLs from incompatible distributions. + + Added code to auto-disable the signature verification check if + the desired cache size is greater then 700MB. + + * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is + used to verify the validity of the afsd_service.exe binary + as well as each of the AFS DLLs loaded by the service. Not only + must the digital signature be valid but the signatures of the + DLL must be signed by the same entity as the service. + + * Implement new functions: cm_freelanceMountPointExists and + cm_freelanceSymlinkExists. Use them along with other validity + checks in cm_freelanceAddMount and cm_freelanceAddSymlink to + ensure that name collisions do not occur and that empty strings + are not valid file names. + + A symlink may not have a name which would resolve to a valid + cell name. Doing so would prevent access to the cell. + + * Add missing cm_HoldSCacheNoLock call to Freelance mount point + re-initialization code. The reference counts of the fake root.afs + volume scache object(s) would become invalid when the mount point + or symlink lists were altered. + * Add registry entries to provide mappings from the afsdsbmt.ini to the new locations for applications which count on the use of the old Profile file APIs. These apps are likely to fail diff --git a/doc/txt/winnotes/afs-install-notes.txt b/doc/txt/winnotes/afs-install-notes.txt index fc1ce2a..38a7b3a 100644 --- a/doc/txt/winnotes/afs-install-notes.txt +++ b/doc/txt/winnotes/afs-install-notes.txt @@ -392,6 +392,30 @@ TCP/IP" is disabled on the machine, then communication with the AFS Client Service will be impossible. +27. The AFS Client Service and related binaries are digitally signed by +"Secure Endpoints Inc." beginning with the 1.3.7400 release of OpenAFS +for Windows. Starting in the 1.3.7500 release, the AFS Client Service +will perform a run-time verification check to ensure that all AFS related +DLLs loaded by the service match the same file version number and were +signed by the same entity. This check has been added to prevent the +stability problems caused by more then one version of AFS being installed +on a machine at the same time. Many hours of support time have been wasted +tracking down problems caused by the mixture of files from different +releases. + +The registry.txt file documents the "VerifyServiceSignature" registry +value which can be used to disable the signature check. The file version +check cannot be disabled. + + +28. The maximum cache size is approximately 1.3GB. This is the largest +contiguous block of memory in the 2GB process address space which can be +used for the memory mapped file. Due to fragmentation of the process +spaced caused by the digital signature verification code, any attempt to +specify a cache size greater then 700MB will result in the automatic +disabling of the signature check. + + ------------------------------------------------------------------------ Reporting Bugs: diff --git a/doc/txt/winnotes/afs-issues.txt b/doc/txt/winnotes/afs-issues.txt index 8bf80df..670eda4 100644 --- a/doc/txt/winnotes/afs-issues.txt +++ b/doc/txt/winnotes/afs-issues.txt @@ -29,36 +29,33 @@ is imposing significant delays in the movement of data from between the SMB and RX protocol operations. There was also an issue with large numbers of page faults which have since been fixed. -(7) There appear to be directory locking problems associated with renaming -directories. +(7) File termination differences between Win9x and nt/w2k/xp (Jim Peterson) -(8) File termination differences between Win9x and nt/w2k/xp (Jim Peterson) +(8) How to silence "Explorer" when the mapped drive is not available? -(9) How to silence "Explorer" when the mapped drive is not available? +(9) Convert to IFS!!!!!! -(10) Convert to IFS!!!!!! - -(11) Kerberos 5 integration: -(11f) allow arbitrary cell to realm mappings -(11g) modify UI to allow user to choose whether to authenticate +(10) Kerberos 5 integration: +(10f) allow arbitrary cell to realm mappings +(10g) modify UI to allow user to choose whether to authenticate using Kerberos or AFS -(11h) modify UI to allow user to select an existing principal to +(10h) modify UI to allow user to select an existing principal to be used to request AFS tokens -(11i) modify UI to display Kerberos 5 ticket info (principal, +(10i) modify UI to display Kerberos 5 ticket info (principal, ticket lifetimes, etc) -(12) Default cell is system global just like everything else. Different +(11) Default cell is system global just like everything else. Different users logging in via Integrated Logon or using afscreds.exe cannot be automatically prompted for different cells -(13) AFS Integrated Logon: -(13b) If using Kerberos, need to figure out a means of passing credentials +(12) AFS Integrated Logon: +(12b) If using Kerberos, need to figure out a means of passing credentials into the user space until such time as I finish the new credential cache service. -(13c) If network is not available must store the username and password +(12c) If network is not available must store the username and password somewhere until such time as the network starts. -(14) Loopback adapter is not always installed with bindings to "File and +(13) Loopback adapter is not always installed with bindings to "File and Printer Sharing for Microsoft Networks" or "Client for Microsoft Networks". If these are not bound then SMB names will successfully be published to a list of zero which causes the AFS not to function. @@ -67,7 +64,7 @@ directories. the bindings on Win2000 the loopback adapter frequently fails to publish SMB names. Of course, the error messages report nothing. -(15) If a drive mapping is "in use", then afscreds cannot be used to Modify +(14) If a drive mapping is "in use", then afscreds cannot be used to Modify or Delete the Mapping. If a map to "H:" to \afs\cell\foo" with description "home" is modified to point to \afs\cell\bar, then the description must be unique. "home" cannot be reused. We need a way @@ -75,57 +72,53 @@ directories. [Actually, an end user should not be able to modify the submount list] -(16) WinAFS configuration values are still stored in old style INI files - instead of using the Registry. This is especially important for - per-user values such as drive mappings - -(17) Drive mappings are lost on WinXP after return from Standby. (This could +(15) Drive mappings are lost on WinXP after return from Standby. (This could be because the AFS Client Service fails OR because the RX protocol is temporarily unable to access the Cell due to network restore timing issues.) -(18) No support for Unicode CIFS/SMB data structures. OEM Code Pages prevent +(16) No support for Unicode CIFS/SMB data structures. OEM Code Pages prevent the use of interoperable file names; force the use of paths no longer than 256 characters; force share names to be no longer than 13 characters; restrict authentication to ASCII only names and passwords; etc. -(19) No auto-restart on service failure +(17) No auto-restart on service failure -(20) Better EventLog handling +(18) Better EventLog handling -(21) Named Pipes Support [requires modifications to AFS servers to support] +(19) Named Pipes Support [requires modifications to AFS servers to support] -(22) Memory Mapped File support +(20) Memory Mapped File support -(23) Large file support [both SMB/CIFS and AFS] +(21) Large file support [both SMB/CIFS and AFS] -(24) Implement persistent disk based cache which survives restarts +(22) Implement persistent disk based cache which survives restarts -(25) NSIS Installer issues +(23) NSIS Installer issues (a) integration with KFW install script (b) Optional removal of AFS Server volumes -(26) The User Interface needs to be re-designed to separate the per-user +(24) The User Interface needs to be re-designed to separate the per-user and per-machine settings. All of the new registry items need to be added to the UI -(27) Thread initialization versus Global Drive Mapping. There is no +(25) Thread initialization versus Global Drive Mapping. There is no mechanism in the afsd_init.c to ensure that all of the threads complete initializing in the correct sequence. In the case of Global Drive Maps this is a problem because the Global Drive Maps can be executed prior to the completion of the SMB registration and service thread initialization. -(28) CIFS Remote Administration Protocol implementation is incomplete. +(26) CIFS Remote Administration Protocol implementation is incomplete. Notifications are not made to requestors when the view of a file or folder changes due to token acquisition; token expiration; or token destruction -(29) The Cache Manager Flush routines do not return or check error +(27) The Cache Manager Flush routines do not return or check error codes. -(30) Remove submount creation as a side effect of AFS drive mapping. +(28) Remove submount creation as a side effect of AFS drive mapping. The AFS Submount is effectively a server side alias for a path located in the AFS space. This alias is exported by the AFS @@ -142,7 +135,7 @@ directories. or by the new AFS Client Service Administration tool when executed by an authorized user. -(31) Add support for multi-homed servers +(29) Add support for multi-homed servers ------------------------------------------------------------------------- @@ -190,7 +183,7 @@ List of unfunded projects: 10. Identify why 16-bit DOS applications executed out of AFS fail 11. Add support for configurable Icon file representing AFS folders within the Explorer Shell 12. Documentation Documentation Documentation - 13. Large File support (> 2GB) + 13. Large File support (> 2GB) in SMB/CIFS client 14. Integrate KFW installation into the NSIS and MSI installers 15. Add support for record locking to AFS (requires changes to the servers) 16. Unicode enable the SMB/CIFS server. OEM Code Pages: @@ -223,5 +216,5 @@ List of unfunded projects: 24. Add support for storing Extended Attributes on files 25. Add support for storing Windows ACLs on files 26. Remove submount creation as a side effect of drive creation - 27. Finish conversion from string.h to strsafe.h + 27. Finish conversion from string.h to strsafe.h for VS.NET 2005 28. Add support for multi-homed servers diff --git a/doc/txt/winnotes/registry.txt b/doc/txt/winnotes/registry.txt index edc6734..064455d 100644 --- a/doc/txt/winnotes/registry.txt +++ b/doc/txt/winnotes/registry.txt @@ -434,6 +434,21 @@ Default : directory is used. +Value : VerifyServiceSignature +Type : REG_DWORD +Default : 0x1 + + This value can be used to disable the runtime verification of + the digital signatures applied to afsd_service.exe and the + OpenAFS DLLs it loads. This test is performed to verify that + the DLLs which are loaded by afsd_service.exe are from the + same distribution as afsd_service.exe. This is to prevent + random errors caused when DLLs from one distribution of AFS + are loaded by another one. This is not a security test. The + reason for disabling this test is to free up additional memory + which can be used for a large cache size. + + Value : IoctlDebug Type : REG_DEBUG Default : 0x0 -- 1.9.4