1 Since 1.4.0 rc8: 1.4.0 final tagged (20 Oct 2005); released (31 Oct 2005)
2 * Allow the AFS Client Service to set the firewall configuration by
3 retrying until after Windows determines the boot period is over.
5 * Do not attempt to configure the firewall on Windows 2000, XP pre-SP2,
8 * Add support for universal error codes.
10 * Detect IP address changes from within the AFS Client Service for the
11 purpose of checking down servers sooner
13 * If the file server or vldb server report RXKADUNKNOWNKEY, return
14 SEC_E_NO_KERB_KEY to Windows. This provides an indication to the
15 user that there is a Kerberos key problem. Previously the user would
16 receive no feedback when there was something wrong.
18 * Fix the large integer library support to properly handle values greater
21 Since 1.4.0 rc7: 1.4.0 rc8 released (15 Oct 2005)
24 * Fixed file name pattern matching. Question marks can match nothing
25 if found at the end of a component.
27 Since 1.4.0 rc6: 1.4.0 rc7 released (8 Oct 2005)
28 * Kerberos 5 ticket lifetimes should adhere to KFW Leash lifetimes
30 * The MSI installer now has a new Product ID for each build. This
31 is to allow for automated upgrades. The Upgrade ID is remaining
34 * Volumes that were cached and then subsequently were salvaged,
35 moved or otherwise taken temporarily offline (as opposed to being
36 busy) would become unreachable. A distinction is now made between
37 a volume being offline and a server being down.
39 Since 1.4.0 rc5: 1.4.0 rc6 released (2 Oct 2005)
41 * Fixed several AFS Shell Extension issues:
42 - Checking Server Status would only work if a specific cell was
44 - If servers were down, the Server Down dialog would write to
45 invalid memory and cause explorer.exe to crash
46 - Default Push Buttons were not specified for many dialogs
47 - The extension would be unloaded by the Explorer Shell and
48 never be reloaded under some circumstances.
50 * Fixed the AFS System Tray menu to disappear if another Window
51 was selected before a menu item was selected
53 * Added volume owner and group information to "fs examine" output
55 * Added fs and registry support for enabling/disabling/clearing
56 rx statistics gathering.
58 Since 1.4.0 rc4: 1.4.0 rc5 released (25 Sep 2005)
60 * New Product Code GUIDs issues for 1.4 and 1.5 branches. Separate
61 GUIDs for each platform.
63 * Documentation directory structure and default installation rules
66 * New OpenAFS for Windows HTML Release Notes installed
67 as part of the documentation set.
69 * Add thread id to rx debugging messages
71 * When all servers are offline, return a bad network path error
72 immediately. This is necessary to allow Explorer to do the
73 right thing and not hang. The background daemon thread will
74 check the down servers every 30 seconds to see if they are
77 Since 1.4.0 rc3: 1.4.0 rc4 released (14 Sep 2005)
79 * The AFSCache file has been modified to store both the
80 serial number of the volume on which the file resides
81 and the SID of the local machine. If either change,
82 a new UUID is generated.
84 * add "fs flushall" command that forces all data buffers
87 Since 1.4.0 rc2: 1.4.0 rc3 released (4 Sep 2005)
89 * add support for '/' instead of '\' in pioctl() calls
91 * Apply AFS Client Admins group protect to AFS Shell Extension
93 * Add support for \\afs\<name> to most AFS Shell Extension
94 commands except the symlink methods.
96 * when installing the Microsoft Loopback Adapter, enable
97 MS Client for Networks and prevent an install failure
98 by not calling CoInitialize twice in the same thread.
100 * reload cell vldb values from the CellServDB every two
101 hours in case it changes
103 * When updating cell information from DNS, be sure to set
106 * Add support to allow use of \\AFS\<foo> where <foo> is
107 either a mount point or symlink. As <foo> is normally
108 treated as a share name, we transform it into \\AFS\all\<foo>
111 * Init 'code' to prevent false errors when integrated logon
112 is disabled and the service is not running
114 Since 1.4.0 rc1: 1.4.0 rc2 released (28 Aug 2005)
116 * Removed trace log messages that were hampering performance.
118 * Fixed a deadlock that was being triggered by editing Word
119 documents stored within AFS with WinWord 2003.
121 * Bit 3 of the TraceOption registry value is now used to set the
122 default for "fs trace" in the non-Debug builds. The new default
123 is off for release builds and on for debug builds.
125 * Bit 2 of the TraceOption registry value can be used to turn on
126 real-time output of debug log entries to the Windows Debug
127 Output monitor interface. This data can be viewed with tools
128 such as Sysinternal's DbgView.
130 New development series 1.5.0 begun (17 Aug 2005)
132 Since 1.3.87: 1.4.0 rc1 released (17 Aug 2005)
133 * Byte-range locking as described in cm_vnodeops.c has been implemented.
135 * When the cache manager reports ALLBUSY or ALLOFFLINE for
136 a resource we should not be returning status codes such
137 as Network Busy or Remote Host Down because these errors
138 will imply that the AFS Client Service is Busy or Down
139 and that is simply not the case. Instead we will return
140 Bad Network Path as the path is temporarily not available.
142 Instead of returning Sharing Paused when there is a
143 timeout error, return Timeout. Once again, the AFS Client
144 Service is not paused.
146 * afscreds.exe would display an Obtain Creds dialog when
147 the expired credentials reminder was triggered even
148 if there was no network path to the KDC. This is prevented
149 by adding KDC probe logic to the reminder thread.
151 * afscreds.exe would display expired tokens no differently
152 than unexpired ones. This would make it difficult for the
153 user to distiguish when the tokens were expired. For the
154 English build added a new resource string "(expired) that
155 is displayed instead of the expiration time.
158 * "fs wscell" when executed in freelance mode will return the
159 name of the cell configured in the registry. The root.afs
160 volume is not loaded from this cell, but it is used for the
161 default for aklog and integrated login.
163 * "fs mkmount, fs rmmount, symlink make, symlink remove" will
164 no longer work on \\AFS\all when freelance is being used
165 unless the user is a member of the "AFS Client Admins" Windows
168 * some more checks performed during persistent cache validation.
171 * Optimize calls to cm_CheckServer from cm_Analyze. Only check
172 down servers for the current cell not all cells.
174 * If the scache LRU list becomes corrupted, the AFS Client Service
175 might enter an infinite loop at startup. Detect the corruption
176 and discard the cache contents in this case.
178 * Fixed the Explorer Shell's remove mountpoint functionality.
180 * Fixed a deadlock caused by the holder of cm_aclLock attempting to
181 obtain a mutex lock on a cm_scache_t object whose lock is held by
182 a thread attempting to obtain the cm_aclLock.
185 * Really fixed DNS AFSDB queries to ensure that "csail" cannot be
186 misinterpretted as "csail.mit.edu" when the resolver
187 is configured to append ".mit.edu" to failed DNS queries.
189 * Added a new registry key, "LogoffPreserveTokens" (see registry.txt),
190 that can be used to force the preservation of user tokens upon logout.
192 * Update the NSIS install scripts to use NSIS 2.07. This release adds
193 recommended installation categories: AFS Client, AFS Administrator,
194 AFS Server, AFS Development Kit. Each category includes a different
195 default subset of the OpenAFS components.
197 The OpenAFS logo is now associated with the NSIS uninstall entry
198 in the Add/Remove Programs control panel.
200 * The user name associated with AFS tokens when obtained with
201 integrated login, the afs systray tool, or aklog will always
202 include the full Kerberos 5 user principal name regardless of
203 whether or not the cell is local to the realm.
205 * Eric William's IFS redirector has been checked onto the CVS head.
206 This code is experimental at the current time and is not being
207 incorporated into the 1-4 branch releases. Instructions for
208 building from sources are found in the top-level README-NT file.
210 * Modify integrated login so that it does not enter an infinite
211 loop if the service is not set to auto start.
213 * Added asetkey.exe used to set a Kerberos 5 key for use by the
216 * Added uninstall.exe to Wix installation
218 * More modifications to algorithms used to wake sleeping threads.
222 * Changes to the algorithms used to wake threads when they are
223 put to sleep because of conflicts over buffer operations.
226 * The OpenAFS integrated logon obtains Kerberos 5 tickets as part of
227 the process of producing AFS tokens. The tokens are stored within
228 the AFS Client Service but the Kerberos 5 tickets have been discarded.
229 New functionality has been added to temporarily copy the tickets to
230 a file ccache during the short window between the NPLogonNotify and
231 WinLogon Logon Event. The Logon Event handler starts a process as
232 user, afscpcc.exe, that copies the tickets into the default ccache.
233 The file ccache is then destroyed by the event handler.
235 * During synchronization operations on stat cache entries, if threads
236 are forced to sleep it was possible that the threads would not be
237 woken under heavy load.
239 * Enforce the delete on close flag specified by the NTCreateX()
242 * A race condition in the rx library was fixed that resulted in
243 a deadlock in rx_NewCall when the RX_CONN_MAKECALL_WAITING flag
244 was cleared when threads were still waiting to use the
245 connection. Also, fixed a potential case in which the
246 connection could be destroyed while threads were waiting to use it.
248 * The DNLC freelist has been seen to become corrupted with still
249 active entries being stored on the freelist. Changes were made
250 to perform a better job of cleaning entries before placing them
251 onto the freelist; marking them with the correct magic value when
252 purging the list; and allowing the list to be purged on startup
253 if the cache validation fails.
255 * Windows Crash Reporting does not get triggered for afsd_service.exe
256 because it provides its own top level exception handler. This patch
257 places an explicit call to ReportCrash() on platforms which support
260 If you configure Crash Reporting via AD Policy to capture crash
261 reports within the domain, then you will receive this output.
263 * Generate MiniDumps independent of the Windows Crash Reporting.
265 (a) If an exception occurs,a minidump will be generated at the path
266 %TEMP%\afsd.dmp. The type of minidump defaults to Normal but
267 can be set to any other type via use of the
270 [HKLM\SOFTWARE\OpenAFS\Client] MiniDumpType (DWORD)
272 (b) MiniDumps can be generated at any time using the "fs minidump"
273 command. This allows you to generate a minidump without
274 stopping the process or even requiring the use of a debugger
277 * an RX connection which reports bad ticket now treats it the same way
278 the expired ticket is treated. The ticket is removed from the
279 connection and a new anonymous connection is established.
281 * fs memdump now requires that the caller be in the AFS Client Admins
284 * additional debugging information is provided in cm_Analyze when the
285 error code is ignored.
287 * Fix a regression introduced into the pioctl() client code which
288 will cause a crash in winlogon.exe, explorer.exe and fs.exe if
289 MIT KFW is not installed. (1.3.82a)
291 * Remove AFS Gateway option from OpenAFS Control Panel (1.3.82a)
294 * Fix a race condition in cm_EndCallbackGrantingCall() that
295 could leave 'nrevp' pointing to freed memory. In the process,
296 optimize the processing to ensure that the applications monitoring
297 the status of the stat cache entry are only notified at most
300 * Conditionalize access to the Explorer Shell AFS->Mount Point
301 ->Remove menu item. Disable the item if the selected item(s)
302 are not mount points.
304 * Activate AFS RPC (RX) Free Packet Queues stored in Thread
305 Local Storage. This eliminates thread contention on the
306 global RX free packet queue. This should improve performance
307 on multi-CPU systems.
309 * Fix the IP address filtering code to properly load/unload
310 the IPHelper DLL so that Windows XP/2003 and beyond systems
311 do not have to manually probe the registry.
313 * CleanupACLEnt() was not being called consistently with
314 the cm_scache_t object referred to by the back pointer
315 mutex locked. This could in very rare conditions lead to
316 an invalid memory access.
318 * Added a script command to the msi installer "afs_replace"
319 which can be used to replace one version of OpenAFS with
320 another without requiring an uninstall and reinstall if
321 the installed msi is no longer in its original location.
323 * Apparently the problem with multi-domain forests with cross-
324 realm trusts to non-Windows realms was not entirely solved.
325 The authentication to the AFS SMB service failed because
326 the wrong name was being used. Using ASU as an example,
327 the authentication was being performed with the name
328 "QAAD\user" (an account in the forest root) and not
329 "user@ASU.EDU (the MIT Kerberos principal used to login with)
331 The solution was to add an additional dependency on KFW
332 in order or to be able to easily obtain the client principal
333 name stored in the MSLSA ccache TGT. This information is
334 used in two locations:
336 - the pioctl() function
338 - a new WinLogon Event Handler for the "logon" event.
340 The pioctl function will now be able to use the correct
341 name when calling WNetAddConnection2() and the "logon"
342 event handler will now be able to call WNetAddConnection2().
343 The hope is that the "logon" event handler will be called
344 before the profile is loaded but I have not guarrantee
348 * Fixed a locking error in cm_TryBulkStat() which had the
349 potential of deadlocking the system for the length of time
350 it takes to perform a bulk status fetch operation.
352 * Replaced time conversion code (UnixTime <-> FILETIME) to
353 be completely arithmetic instead of relying on a bizarre
354 algorithm involving a variety of C RTL time functions.
355 This has the side effect that UnixTime and FILETIME which
356 are both stored in UTC are interpretted as UTC throughout
357 the year. Windows will apply the same localization to AFS
358 as it does to NTFS. Applications which rely on the ability
359 to sync files between the two file systems will no longer
360 see the timestamps of files in AFS change an hour relative
361 to the files stored in NTFS or Windows based backup devices.
363 * Fixed a invalid memory access under a bizarre circumstance.
364 Windows will allow a physical mass media device to be
365 installed via Plug N Play to the system and will assign it
366 the lowest available drive letter. This is true even if the
367 drive letter is currently assigned in the user session to
368 a network device via NET USE (or its equivalent.) When this
369 happens, queries sent to the CIFS server will contain invalid
370 data. This invalid data was not being caught by the AFS
371 Client Service and was resulting in a crash when Freelance
374 * Fixed a reference count error when registering callbacks
375 on a stat cache object if the callback was already registered
377 * Add a case to cm_Analyze() in order to handle the case where
378 cm_GetConnByMServers() returns CM_ERROR_NOSUCHVOLUME because
379 the server list for the volume is empty. In this case, force
380 an update of the volume info and retry.
382 * Insert a missing cm_EndCallbackGrantingCall() which could
383 result in threads waiting for a callback to complete to never
386 * In the persistent cache, there is a maximum number of volume
387 entries. Allow volume entries to be reused if the maximum
388 number have been allocated and their reference count is zero.
390 * If we already have a dead virtual connection object, don't
391 ignore the fact that additional dead vc objects must be taken
394 * Removed a deadlock condition introduced in the summer of 2004.
395 Do not hold mx locks around calls to RX functions including
396 rx_NewCall(). That is what reference counts on the rx_connection
399 * Fixed an initialization error in afslogon.dll which could
400 result in random behavior including a failure to terminate
401 the NPLogon function. (1.3.80b)
403 * Fixed an error preventing the use of SMB authentication
404 on Windows 2000. (1.3.80a)
407 * Updated CellServDB to Public CellServDB 16 Mar 2005
409 * Fixed DNS AFSDB queries to ensure that "csail" cannot be
410 misinterpretted as "csail.mit.edu" when the resolver
411 is configured to append ".mit.edu" to failed DNS queries.
413 * Fixed another case in which the client would replace connections
414 to the host when it was not necessary. In this case the
415 situation would occur if cryptall was on and the connections
416 were unauthenticated due to lack of an appropriate token.
418 * OpenAFS for Windows has failed to work at sites which are
419 utilizing a cross-realm trust between an MIT/Heimdal realm
420 and a multi-domain Windows forest when the workstation being
421 accessed is not located in the root domain. This is caused
422 by a bug in the workstation which was triggered after the
423 introduction of Windows 2003 Server. When the bug is triggered,
424 the workstation attempts to authenticate users to afsd_service.exe
425 by contacting the Domain Controller instead of using the
426 LSA loopback authentication mechanism.
428 One of the reasons this bug occurs is because the workstation
429 does not have a reliable way of knowing that the service whose
430 netbios name is "AFS" is located on the workstation. This will
431 be fixed starting in Longhorn Beta 1 by Microsoft. The
432 "BackConnectionHostNames" registry value will be used to
433 indicate that the authentications to that service name should
434 be performed using the loopback authentication mechanism.
436 In the meantime, when Logon Caching is enabled, we can force
437 afsd_service.exe to authenticate using the logon cache before
438 contacting the Domain Controller. This will work with both
439 password and smart card based logons.
441 * The allDown logic in cm_ConnByMServers() was wrong. The allDown
442 flag should not be cleared if a volume's server reference is
443 marked as "offline". In the case where all of the volume's
444 servers are either "down" or the volumes are "offline", we want
445 cm_Analyze() to process the condition as CM_ERROR_ALLOFFLINE
446 instead of as CM_ERROR_TIMEDOUT. In fact, CM_ERROR_TIMEDOUT
447 should never occur in practice.
449 In the case of CM_ERROR_ALLOFFLINE, cm_Analyze() will sleep for
450 5 seconds, clear the server down and volume busy flags, and
451 then force an update from the VLDB. This allows the client to
452 update the location of a volume if the reason for it being
453 marked offline is because it is being moved. Calls to
454 cm_ConnByMServers() will be retried either until success or
455 the RDRtimeout period is reached.
457 * Correct the Power Management code behavior in response to
458 Standby, Suspend, and Shutdown events. Instead of flushing the
459 buffers associated with the mounted SMB submounts, simply write
460 all buffers which are marked dirty.
462 * Added support for "TheseCells" to afslogon.dll. "TheseCells"
463 provides a list of cells other than the default cell for which
464 tokens should be obtained using the default Kerberos principal.
465 This functionality is logon domain specific and is only available
466 when using KFW for authentication.
468 * Fixed FindNext Invalid Handle error caused by over agressive
469 attempts at garbage collecting dirSearch entries when the
470 dirSearch ID wraps from the maximum value to 1.
472 * Add support for registry defined server preferences for VLDB and
473 File servers. See registry.txt for details.
475 * Increased default cache size to 96MB and default number of cache
478 * Fixed refCount leaks related to directory lookups and pioctl calls.
480 * Callbacks revoked during a race condition with an attempt to
481 obtain the same callback no longer result in an inaccessible
484 * New command line tool:
486 afsdacl : Set or reset the DACL to allow starting or stopping
487 the afsd service by any ordinary user.
489 Usage : afsdacl [-set | -reset] [-show]
491 -reset : Reset the DACL
492 -show : Show current DACL (SDSF)
494 * IP addresses are no longer queried once at startup. Instead IP
495 addresses are obtained as needed. Loopback adapter addresses are
496 no longer published to the server.
498 * Pay attention to the MIT KFW registry configuration for automatic
499 importation of MSLSA credentials. (SOFTWARE\MIT\Leash32,MsLsaImport)
501 * Fix (once again) case-sensitive comparisons which was apparently
504 * Activate support for vos listvol -format
506 * Population of the "AFS Client Admins" group failed on non-English
507 versions of Windows because the name of the "Administrators" group
508 is localized. Now we lookup the name of the group by using the
509 Administrators Group Alias Relative ID.
511 * Multiple cell token acquisition within afscreds.exe was broken in the
512 case of Kerberos 5 cross realm authentication. Instead of contacting
513 the KDC associated with the cell's realm, afscreds would obtain a
514 token from the KDC of the user's realm. This would result in
515 "invalid kvno errors" while authenticating to the AFS servers.
516 Unauthenticated access would work. The symptoms would vary based upon
517 whether or not the VLDB servers had been contacted using unauthenticated
518 connections prior to the user obtaining tokens.
520 * The list of ACL entries was becoming corrupted. It appears as if
521 an ACL when it expires was not being appropriately cleaned up. In
522 fact, it was left in the list of ACLs associated with the scache
525 * Changed the default @sys name list to "x86_win32 i386_w2k i386_nt40"
526 for 32-bit x86 systems. The default for itanium will be "ia64_win64"
527 and "amd64_win64" for amd 64-bit processors.
529 * When executing executables, Windows provides a mechanisms by which
530 the normal search for DLLs can be bypassed. If a file foo.exe is
531 being executed and there exists a file or directory "foo.exe.local"
532 (the contents are ignored if a file), then Windows will search for
533 DLLs first in the "foo.exe.local" directory and second in the
534 directory in which the "foo.exe" file is located.
536 Previous releases of OAFW would improperly return
537 STATUS_NOT_A_DIRECTORY instead of the expected
538 STATUS_OBJECT_PATH_NOT_FOUND. This would cause the Windows SMB client
539 to terminate the search for the DLL causing the execution of the
542 * Rework the reference counting of smb_vc_t objects. The references
543 stored in the waiting locks were not counted. This could result in
544 an assertion if the reference count drops to zero.
546 * "fs wscell" returns "Freelance.Local.Root" for the workstation cell
547 when running in freelance mode.
549 * Added support for persistent caching of file contents, stat entries,
550 volume data, cell data, and name lookup data. When the registry
551 value, "NonPersistentCaching", is not defined or set to 0 the file
552 specified by "CachePath" becomes a persistent cache file. The
553 size of the cache file is computed at run time. It has a maximum
554 size of approximately 1.2GB. The contents of the file will be
555 validated according to the rules specified by the "ValidateCache"
558 * Added support for UUIDs. UUIDs are kept for as long as the
559 cache file is intact.
561 * Added cmdebug.exe and support cache manager debugging callback
562 interfaces in afsd_service.exe.
564 Usage: cmdebug -servers <server machine> [-port <IP port>] [-long]
565 [-addrs] [-cache] [-help]
566 Where: -long print all info
567 -addrs print only host interfaces
568 -cache print only cache configuration
570 * Symlinks to \\AFS\[all\]... will now be treated the same as
571 symlinks to /afs/.... However, please use /afs/... as otherwise
572 the symlinks won't work on Unix.
574 * Correct a problem with local CellID allocation for cells whose
575 server list is obtained via DNS instead of a CellServDB file. If
576 the DNS information expires the CellID assigned to the entry will
577 be changed. This causes all of the cm_scache_t objects which refer
578 to the old cellID number to become useless. Attempts to access
579 files or directories with cm_scache_t objects using the old cellID
580 will fail since the server list cannot be obtained.
582 * Correct deadlock condition in cm_EndCallbackGrantingCall which can
583 be triggered if the volume referenced by the cm_scache_t object is
586 * The AFS Service needs to respond to SERVICE_ACCEPT_SHUTDOWN messages
587 in addition to SERVICE_ACCEPT_STOP.
589 * Move RPC shutdown until after the SMB and RX shutdown procedures
590 complete. Block until RPC shutdown is complete.
592 * Modify afslogon.dll (integrated logon) to wait for service if its
593 state is START_PENDING. If the timeout period occurs, reset to
594 the retry interval and not the sleep interval.
596 * When renewing the server list for a cell obtained via DNS AFSDB
597 records, the cm_cell_t entry must be removed from the list of all
598 cells. Otherwise, the list of cells will be corrupted.
600 * In the dcache and scache modules, use the cm_scache_t dataVersion
601 instead of the cm_fakeDirVersion.
603 * Synchronize fs.c with the unix version.
605 * The variable used to determine whether a file or virtual memory
606 mapped cache is used was not properly initialized to a default
607 value. If the registry setting "NonPersistentCaching" was not
608 set, the choice would be random. Properly initialized to be
611 * The memory mapped view was never unmapped before closing the file
612 at service shutdown. This is now properly cleaned up.
614 * Default location of Cache file is now %TEMP%\AFSCache
618 * A bug affecting new installations of 1.3.75/76 would result in
619 the creating of incorrect mountpoints in the freelance root.afs
620 volume for the default cell.
622 If "fs \\afs\all\<cellname>" lists a volume name of "root" instead
623 of "root.cell", you have been affected by the bug. To correct the
624 problem, execute the following commands:
626 fs rmmount \\afs\all\<cellname>
627 fs rmmount \\afs\all\.<cellname>
629 fs mkmount \\afs\all\<cellname> root.cell <cellname>
630 fs mkmount \\afs\all\.<cellname> root.cell <cellname> -rw
634 * A bug has been fixed in the auto-generation of Freelance root.afs
635 symlinks which produced random entries in the \\AFS\all directory.
637 * Support has been added for multi-homed servers
640 * Added a new registry value, "StoreAnsiFilenames", which can be used
641 to force the use of ANSI character sets instead of OEM Code Pages.
642 This feature is useful when users require the ability to create
643 filenames with 8-bit characters and need to access the files from
644 both Latin-1 based Unix systems as well as from Windows.
646 Activation of this feature will prevent access to files stored with
647 8-bit OEM characters.
649 * Shutdown all SMB threads in a synchronized manner when stopping the
652 * There is currently a maximum cache size of 1.3GB. The limit is imposed
653 by the largest contiguous block of unused memory within the 2GB process
654 space which can be assigned to the memory mapped file. Unfortunately,
655 when the executable digital signature verification code is activated
656 Windows sees fit to further segment the process memory which in turn
657 reduces the size of the maximum cache file to less then 800MB. If
658 larger cache sizes are desired, a new registry value should be set:
660 HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0
662 Setting this value will disable the runtime verification of digital
663 signatures on afsd_service.exe and the afs dlls which it loads. It
664 will not disable the the version number check on those same files.
665 The signature verification is not a security messure and is only meant
666 to enhance the ability to afsd_service.exe to detect potential
667 destablizing mixtures of DLLs from incompatible distributions.
669 Added code to auto-disable the signature verification check if
670 the desired cache size is greater then 700MB.
672 * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is
673 used to verify the validity of the afsd_service.exe binary
674 as well as each of the AFS DLLs loaded by the service. Not only
675 must the digital signature be valid but the signatures of the
676 DLL must be signed by the same entity as the service.
678 * Implement new functions: cm_freelanceMountPointExists and
679 cm_freelanceSymlinkExists. Use them along with other validity
680 checks in cm_freelanceAddMount and cm_freelanceAddSymlink to
681 ensure that name collisions do not occur and that empty strings
682 are not valid file names.
684 A symlink may not have a name which would resolve to a valid
685 cell name. Doing so would prevent access to the cell.
687 * Add missing cm_HoldSCacheNoLock call to Freelance mount point
688 re-initialization code. The reference counts of the fake root.afs
689 volume scache object(s) would become invalid when the mount point
690 or symlink lists were altered.
692 * Add registry entries to provide mappings from the afsdsbmt.ini
693 to the new locations for applications which count on the use
694 of the old Profile file APIs. These apps are likely to fail
695 if the user does not have administrator privileges and the
696 registry is locked down.
698 * The afs_config.exe submounts dialog had two errors.
699 First, attempts to remove entries failed because the registry
700 key was being opened without KEY_WRITE privileges.
701 Second, when editing a submount entry, changing the name
702 would add a new key and leave the original one in place.
703 Now the original submount will be removed if its name is
706 * In recent months there have been several incidents in which
707 users have experienced problems starting or accessing
708 afsd_service.exe and after significant effort has been spent
709 it has turned out that they have two versions of AFS on the
710 machine or an inconsistent set of DLLs.
712 Code has now been added to afsd_service.exe which will walk
713 the list of modules loaded by afsd_service.exe and validate
714 that the version of the AFS DLLs matches the version of the
715 afsd_service.exe executable. If they do not match the service
718 * When Freelance mode is enabled and there is no registry
719 key HKLM\SOFTWARE\OpenAFS\Client\Freelance, afsd_service.exe
720 will attempt to import the afs_freelance.ini file contents.
721 If the file does not exist, it was creating a dummy file
722 with a r/o and r/w entry for the default cell and then
723 importing those values.
725 This process has been changed. The temporary file is no
726 longer created. Also, both the OpenAFS Client install
727 directory as well as %WINDIR% are checked for previous
728 afs_freelance.ini files.
730 * Added support for VL_GetEntryByNameN(). Still need to add
731 support for VL_GetEntryByNameU() for multi-homed support.
733 * Fix a deadlock situation in afscreds.exe when canceling an
734 auto-generated Obtain Tokens dialog
737 * Fix the locking of objects during Directory Searches in the
738 SMB/CIFS server. The failure to properly lock the reference
739 counts was resulting in the premature freeing of smb_dirSearch_t
740 objects while they were still in use by the SMB/CIFS client.
741 This does not solve the "Invalid Handle" problem.
743 * Fix Find Cell By Name pioctl call to return a valid cell
744 name for the Freelance fake root.afs volume.
745 "Freelance.Local.Root".
747 * Fix the Explorer Shell Extension Symlinks->Add operation.
748 The dialog template was missing and the link destination
749 string was too short.
751 * Add support for symlinks to Freelance root.afs volume
752 Stored at HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks
753 <number> = "<linkname>:<relative-path>."
754 Use symlink.exe to create, list, or remove
756 * Remove the fallback to the use of KFW's KRB4 library when obtaining
757 tokens. We never obtain KRB4 tickets.
759 * Fix AFS Client Configuration Control Panel to support new SysName
762 * Fix a bug in afsd_service.exe which could result in the SysName
763 not being read from the registry.
766 * Add code to block the issuance of AFS tokens by aklog.exe or
767 afscreds.exe when the Kerberos 5 principal name contains a dot.
769 * Modify the IsAdmin() function to always treat the local SYSTEM
770 account as an AFS client administrator. Affects fs.exe and
773 * Modify the internal handling of Quota Exceeded errors
775 * Upgrade all reference count fields in the Windows cache manager
776 and the osi library to use unsigned long instead of signed short.
777 A similar fix has been applied to the afs rpc (rx) library.
779 * fix the Windows cache manager to prevent it from replacing the
780 rx_connection object associated with the cm_conn_t object on each
781 and every operation if "fs crypt" was set. This explains the
782 dramatic performance difference when crypt is used vs clear.
783 The problem: 'cryptall', a boolean flag indicating whether or not
784 "fs crypt" is set, was being compared to the rx_connection
785 cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
786 1 != 2 and therefore the rx_connection was always destroyed
787 and replaced on each and every operation.
789 Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
790 It is not safe for the cm_conn_t object to not be locked because
791 rx_DestroyConnection might be called from another thread if:
792 - the user's tokens have changed or expired
793 - the crypt mode has changed
795 This fix appears to have also taken care of the problems associated
796 with Overlapped Writes resulting in Delayed Write errors.
798 * fix NSIS installer's AdminGroup.exe to properly create and
799 remove groups when given -create or -remove. The string comparison
802 * fs sysname now accepts a list of sysname values
804 * added a new registry value HKLM\SOFTWARE\OpenAFS\Client "IoctlDebug"
805 DWORD which when set to a non-zero value will cause error message
806 text to be output to stderr from the pioctl() routine. Useful in
807 debugging failures of fs.exe, tokens.exe, etc.
809 * added a test to the power management code to only perform a
810 flush operation if there is at least one network adapter which
811 is not a loopback adapter.
813 * Fix bug in loading of registry value HKLM\SOFTWARE\OpenAFS\Client
814 "EnableKFW". This value will not be read if the key
815 HKCU\SOFTWARE\OpenAFS\Client exists; even if the "EnableKFW"
816 value under that key does not.
818 * provide mechanisms to force the use of krb524d for Kerberos 5
819 ticket to AFS token conversion. For afslogon.dll and afscreds.exe
820 there is a new registry value "Use524" and for aklog.exe a new
821 command line parameter "-m".
823 * Fix the pattern matching algorithm to properly match patterns
826 * smb_ReceiveCoreRename() was factored to produce smb_Rename()
827 which is used by both the original function and the new
828 smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
829 creation of HardLinks in addition to Renaming. smb_Link()
830 is a new function which creates HardLinks via cm_Link().
831 cm_Link() is a new vnodeops function which creates links
834 smb_ReceiveNTRename() does not support the File Copy and
835 Move Cluster Information operations described in its interface.
836 ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
838 * When opening files via symlinks, we should follow the symlinks
839 until we reach the actual file stat cache entry. The stat cache
840 entry of the file should then be stored in the FID instead of
841 stat scache entry of the symlink.
843 * return bad operation errors for all unimplemented functions
844 even if we do not know the functions exist.
846 * Log bad packets and unknown operation packets to the trace log
848 * Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
851 * Update list of known CIFS operations to include all those listed
852 in CIFS-TR-1p00_FINAL.pdf.
854 * Modify the handling of HKLM\SOFTWARE\OpenAFS\Client\Submounts
855 to support the REG_EXPAND_SZ type.
858 * A new Windows authorization group "AFS Client Admins" is now
859 created and populated with the members of the "Administrators"
860 group. The group is used to determine which accounts on the
861 machine may be used to modify the AFS Client Configuration via
862 the UI and command line tools. afs_config.exe, fs.exe,
864 * Modify the WinLogon Logoff Event Handler to query NT4 domain
865 controllers for the remote profile path if Active Directory
866 services are not available.
868 * Fix aklog.exe to not add the AFS ID to the username
870 * PTS registration of new users to foreign cells has been added to
873 * The cm_Daemon thread is used to perform checks for
874 down servers, up servers, volumes, callback expirations,
875 lock maintenance and token expiration. Due to a gaff in
876 larger integer division the thread never performed any
877 work. Instead the current time computation would always
878 be less then the trigger times. This had an adverse affect
879 on the client's ability to maintain communication with servers,
880 keep volumes up to date, and flush user tokens and acls
881 when they have expired. This was broken when the 1.3 branch
882 was modified to support VC7 which no longer included
885 * An initialization problem with the Freelance code was
886 detected while fixing the callbackRequest. The cm_rootSCachep
887 object is obtained during afsd_InitDaemons() but the callback
888 information is incomplete. The callback information will not
889 be obtained until cm_MergeStatus is called from within
890 cm_GetCallback. Unfortunately, cm_SyncOp did not properly
891 test for the conditions under which the callback information
894 * Reports have been filed indicating that callbacks were
895 being lost. An examination of the code indicated that the
896 cm_server_t objects were not being properly reference
897 counted by the cm_scache_t and cm_callbackRequest_t objects.
898 In particular, the cm_server_t objects may have been freed
899 from beneath the cm_conn_t objects.
901 All of the reference counting is now done via the functions:
906 this improves the ability to track the referrals.
908 Each cm_BeginCallbackGranting Call now allocates a reference
909 to the cm_server_t. The cm_EndCallbackGrantingCall either
910 frees the reference or transfers it to the cm_scache_t
911 cbServerp field. These are then appropriately tracked
912 through the cm_Analyze call.
914 * Ensure that the dnlc hash table is the same size as the
915 dir name hash table (as per original author's note).
916 Increase the dnlc CM_AFSNCNAMESIZE to a multiple of 8
917 for compatibility with 64-bit systems.
919 * fix smb_ApplyV3DirListPatches to properly apply the hidden
920 attribute to dotfiles when the infoLevel < 0x101 and
921 cm_SyncOp has failed.
923 * Fix the Freelance registry initialization code. There
924 was a possibility that some systems could end up with
925 garbage in the registry during a clean install.
928 * file and directory names beginning with "." will now be given the
929 hidden attribute when the volume access is anonymous. this matches
930 the behavior when the volume access is via an authenticated user.
932 * Added a change monitor to the HKLM\SOFTWARE\OpenAFS\Client\Freelance
933 key. When a change occurs mark the root.afs data as invalid and
934 for it to be reloaded on the next access. This allows administrators
935 to modify the mount point list without restarting the service.
937 The freelance client used to provide a fake modification time for
938 the root.afs volume data and its mount points of 7/09/2001 14:24 EDT.
939 Added code to extract the last modification time of the Freelance
940 registry key and use that instead. The time now represents the
941 most recent mount point change.
943 * PTS registration of new users to foreign cells has been added to
946 * Additional Cache Control and Credential Manager options have been
947 added to the WiX installer. See deployment guide for details.
949 * The CachePath setting is now optionally a REG_EXPAND_SZ type
951 * The WiX installer has been upgraded. Version 2.0.1927.1 is now
954 * The loopback installation code may have had a problem updating the
955 %ETC%\HOSTS file which could have resulted in a premature failure.
956 Work around code has been added for the case where the file cannot
959 * The default max chunksize was increased from 15 (32K) to 17 (128K)
960 because Windows sends 64K blocks when using overlapped writes.
962 * The default number of server threads was increased from 4 to 25 to
963 better handle overlapped writes.
965 * The "AfscredsShortcutParams" registry value was not being properly
966 loaded by afscreds.exe. Therefore, the default value was always being
967 used instead of the value set by the installer.
969 * Windows XP provides downgrade attack detection to prevent an attacker
970 from being able to force the use of NTLM simply by disrupting
971 communication with the KDC. This attack cannot exist between the
972 Windows CIFS client and the AFS Client Service. Therefore, when a
973 downgrade has been detected the afs pioctl library will force the
974 establishment of a new CIFS connection using NTLM.
976 * A locking error was discovered surrounding all references to volume
977 server lists within the cm_cell.c source file.
979 * The logged into Windows username was incorrect on Terminal Server
982 * A new registry value "NonPersistentCaching" was added to the service
983 parameters key. When set to a non-zero value, the afs cache is stored
984 in the Windows paging file. There are two limitations to choosing
986 1. when persistent caching is implemented it won't work with
987 this flag set since there will be nothing to persist.
988 2. with this flag set the initial paging allocation cannot be
989 changed while the service is running
991 * An initialization bug was discovered in aklog.exe which affected users
992 who have a domain name for their afs servers which could not be mapped
996 * afs_config.exe now validates cell names against DNS in addition
997 to the CellServDB file.
999 * In order to allow the freelance client to connect to a volume with ID
1000 equal to 1 on the default cell we changed the fake root.afs volume ID
1001 once again. This time we choose 0xFFFFFFFF. In addition, we change
1002 the cell ID of the fake root.afs volume from 1 to 0xFFFFFFFF as well.
1003 It will now be impossible for a volume ID to match that of another
1004 cell unless the client is connected to 0xFFFFFFFD cells. That should
1005 be enough room for growth.
1007 * Fix "fs mkmount" command to work with UNC paths and when
1008 started from non-AFS drives. It is now possible to create a mount
1009 point in the freelance fake root.afs volume with the command
1011 fs mkmount \\AFS\all\<directory-name> <volume-name> <cellname>
1015 fs mkmount \\AFS\all\openafs.org root.cell openafs.org
1016 fs mkmount \\AFS\all\.openafs.org root.cell openafs.org -rw
1018 * The algorithm used to re-attempt access to the servers associated with
1019 a volume has been altered to properly address the case in which all
1020 servers have been marked down. The previous algorithm did not reset
1021 the server's down flags so the servers were never actually retried.
1022 This caused a problem with active volumes if the network connectivity
1023 was lost as could be the case with a network cable removal, wireless
1024 drop, or laptop hibernation. With the fix volume access is restored
1025 almost instantenously when network connectivity becomes available.
1027 * Support for SMB/CIFS browsing has been added to the AFS Client Service
1028 SMB server. It is now possible to use "NET VIEW \\AFS" to obtain a
1029 listing of AFS submounts and freelance mount points. Support for
1030 NETSHAREENUM, NETSHAREGETINFO, NETSERVERENUM2, NETSERVERGETINFO
1031 significantly enhances the behavior of AFS volumes within the Explorer
1032 Shell. For instance, "AFS" now shows up as server in the Explorer
1033 with each submount or freelance mount point visible as a share.
1034 The right click menu in each folder now works with full functionality
1035 on a consistent basis.
1037 * The network provider can be configured to have different behavior
1038 depending on the domain that the user logs into. These settings are
1039 only relevant when using integrated login. A domain refers to an
1040 Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
1041 local machine (i.e. local account logins). The domain name that is
1042 used for selecting the domain would be the domain that is passed into
1043 the NPLogonNotify function of the network provider. (see registry.txt
1046 * Added a new registry value [HKCU\SOFTWARE\OpenAFS\Client]
1047 "Authentication Cell" which may be used to specify a default
1048 authentication cell for afscreds.exe which is different from
1049 the default cell for the AFS Client Service daemon.
1051 * Added a Logoff WinLogon Event Notification function to afslogon.dll.
1052 afslogon.dll moved to %WINDIR%\System32\.
1053 New registry entries added to register the dll for Winlogon events.
1055 The logoff event will now force a call to ktc_ForgetAllTokens()
1056 using the context of the user being logged off as long as the
1057 user's profile is not loaded from within AFS. If the profile
1058 was loaded from AFS we can't release the tokens since the Logoff
1059 event is triggered prior to the profile being written back to
1060 the its source location. This is now performed in an XP SP2
1063 * Windows XP SP2 Internet Connection Firewall interoperability
1066 * The %WINDIR%\afsdsbmt.ini contains four sections:
1067 Submounts, Drive Mappings, Active Maps and CSC Policies.
1068 The Submounts and CSC policies are now stored in the registry under
1069 [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
1070 [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
1071 The Drive Mappings and Active Maps are stored in the registry under
1072 [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
1073 [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
1075 There is no automatic migration of this data as it would be impossible
1076 to consistently migrate data to user profiles which may not be active
1077 when the machine is updated.
1079 * The %WINDIR%\afs_freelance.ini contains lists of mountpoints for the
1080 fake root.afs volume. For the same reasons as for the cellservdb file,
1081 this information should not be in %WINDIR%. This information is now
1082 kept under the registry key
1083 [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
1085 The data from the afs_freelance.ini file will be automatically
1086 migrated to the registry on first execution of afsd_service.exe
1088 * Keeping the CellServDB file in the location %WINDIR%\afsdcell.ini is
1089 troublesome for several reasons. One, it is confusing for those who
1090 expect the file to be named "CellServDB" instead of "afsdcell.ini".
1091 Two, this file is not a Windows Profile formatted file. Three,
1092 applications should not be reading or writing to %WINDIR%. It causes
1093 problems for Windows Terminal Server.
1095 The new location of CellServDB will be the OpenAFS Client install
1096 directory which is by default C:\Program Files\OpenAFS\Client and can
1097 be determined by querying the registry for
1098 [HKLM\SOFTWARE\TransarcCorporation\AFS Client\CurrentVersion]PathName
1100 The existing afsdcell.ini will be migrated by the NSIS installer.
1101 The Wix installer must still be updated to do the same.
1103 * Change NSIS installer to use DNS by default; to remove Integrated Logon
1104 High Security mode; and to add Terminal Services compatibility registry
1105 entries to allow the OpenAFS tools to find the afsdcell.ini and other
1106 configuration files in %WINDIR%.
1108 * Add support for authenticated SMB connections. This will remove
1109 the need for high security mode in most situations. Both NTLM
1110 and Extended Security (GSS SPNEGO) modes are supported. Effectively,
1111 only NTLM can be used even though Kerberos is now supported. The
1112 reason is that it is not possible to construct a service principal
1113 which is unique to each individual machine.
1115 SMB Extended Auth does not work on XP SP2 unless one of two registry
1116 modifications are made:
1118 (1) To disable the check for matching host names on loopback connections
1119 set this key. This does not require a reboot:
1121 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
1122 "DisableLoopbackCheck"=dword:00000001
1124 (2) To add the AFS SMB/CIFS service name to an approved list. This
1125 does require a reboot:
1127 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
1128 "BackConnectionHostNames"=multi-sz "AFS" "MACHINE-AFS"
1130 afsd_service.exe will automatically add the current Netbios Name
1131 to the BackConnectionHostNames list and then temporarily disable
1132 the loopback check for one cycle of startup/shutdown of the service.
1133 We assume most folks do not start/stop without a reboot so this
1134 will be adequate in most cases.
1136 * Fix security hole in afslogon.dll which allowed passwords to be
1137 sent in clear text to the KDC in a misformed principal name.
1139 * Fix cm_GetCell() to properly handle expired dns entries
1142 * If Freelance mode is active and the afs_freelance.ini
1143 file does not exist, do not create an empty file.
1144 Instead create a file containing ro and rw mountpoints
1145 to the default cell using the standard conventions.
1147 * Modify the Freelance support to handle the ability
1148 to create rw mount points in the fake root.afs volume.
1150 * Changed the RPC mechanism used for token setting from
1151 named pipes to local. Use of named pipes can be restored
1152 by setting the environment variable AFS_RPC_PROTSEQ to
1155 Named pipes were required when a Windows 9x system was
1156 using a NT system in gateway mode which is incompatible
1157 with our use of local loopback adapters.
1159 * In afscreds.exe, if a username of the form user@REALM is
1160 specified and no password is specified, do not perform a
1161 kinit operation. Only perform the aklog functionality.
1163 * Add a new registry value which allows the number of processors
1164 on which afsd_service.exe executes to be restricted. Valid
1165 values are 1..numOfProcessors
1167 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAfsDaemon\Parameters
1171 * A second MSI based installer option is now available.
1173 * Fixed Kerberos 5 kinit functionality in afscreds.exe to properly
1174 request tickets for user/instance@REALM instead of just user@REALM
1176 * Modify the Power Management Notify routine to wait for the Hard Dead
1177 timeout period instead of a fixed 19 seconds. With the longer timeout
1178 periods Hibernation and Standby could never succeed when network
1179 connectivity is not available.
1181 * The following fs.exe commands are now restricted to Administrator:
1182 - checkservers with a non-zero timer value
1185 - sysname with a new sysname list
1194 setting the default sysname for a machine should be done via the
1195 registry and not via "fs sysname".
1197 * NSIS installer adds options to install Debugging Symbols
1198 and the Microsoft Loopback Adapter; the user is now also
1199 given the ability to select the afscreds.exe startup options.
1201 * Build system modified to generate symbols for FREE (aka RELEASE)
1202 builds as well as CHECKED (aka DEBUG) builds
1204 * Sites which have a volume ID of 0x20000001 assigned to their
1205 root.cell volumes have been experiencing problems with accessing
1206 the root.cell volume of their cell when Freelance mode has been
1207 active. This was because 0x20000001 was assigned to the fake
1208 root.afs volume created by freelance. The fake volume id is
1209 now set to 0x00000001 to prevent conflicts.
1211 * The timeout logic in the AFS Client Service has been wrong
1212 for sometime. It is based on two different assumptions.
1213 First, the SMB client timeout is a fix value as was the case
1214 with OS/2 Lan Manager. This assumption is incorrect. The
1215 SMB timeout in Windows is a dynamic value computed based upon
1216 a fixed minimum timeout to which is added time based upon the
1217 size of the request and the performance characteristics of
1218 the connection. Second, it is the responsibility of the
1219 SMB Server to enforce the timeout requirements of the client.
1220 This is untrue. The SMB Server cannot be expected to know
1221 the requirements of the client. More importantly, if the
1222 SMB server uses the SMB client timeout as a value to restrict
1223 its behavior as an RX client, the performance characteristics
1224 of the local SMB session would be used to prematurely terminate
1225 WAN connections with significantly different performance
1228 The timeout logic has therefore been modified in the following
1230 . the Lan Manager Workstation (SMB) Session Timeout is used only
1231 as a basis for configuring the Connection Dead Timeout
1232 and Hard Dead Timeout values. The Connection Dead Timeout
1233 must be at least 15 seconds longer than the SMB Timeout
1234 and the Hard Dead Timeout must be at least double the
1235 Connection Dead Timeout.
1236 . New registry entries have been added to allow the Connection
1237 Dead Timeout and Hard Dead Timeout values independent of the
1238 Lan Manager Workstation Session Timeout
1239 . The test to enforce the SMB Client Timeout has been removed.
1241 One of the side-effects of removing the enforcement of the SMB
1242 Client Timeout is that regardless of whether or not the SMB client
1243 is available to receive the response (and how would the SMB server
1244 know) the RX protocol response can be used to update the AFS
1245 Client Service state for ready access by future SMB client
1248 This should be the end of the "Server paused or restarting messages"
1250 * Add support for arbitrary UNC paths to the pioctl() support.
1251 This enables the fs commands as well as the AFS Shell Extension
1252 to work correctly when UNC paths are being used.
1254 * Fix afscreds.exe (by updating afskfw.lib) to search for cells via
1255 DNS if the cell configuration cannot be determined via CellServDB
1257 * Add debug info to test whether CM_BUF_WAITING or CM_SCACHE_WAITING
1258 are ever set more than once at a time
1260 * Fix the management of lists of cm_cell_t structures when using
1261 DNS to lookup cell information. The previous code would fail to
1262 reuse the same cellID for a cell if DNS was used more than once
1263 for a given cell name. When the ttl expired, a single cm_cell_t
1264 could be inserted into the cm_allCellsp list more than once
1265 producing a loop. In addition, the vlServerp list belonging to
1266 the cell was not freed resulting in improper refCounting of the
1269 * Add DNS support to cm_IoctlNewCell() which previous only examined
1272 * Add cm_FreeServer() function and call it from cm_FreeServerList()
1273 to properly garbage collect cm_server_t objects
1275 * Add numVCs variable to smb.c to track the number of smb_vc_t
1276 objects created and use it to initialize the vcID field which
1277 previously was set to 0 in all objects resulting in FindByID
1280 * Fixed DNS lookups to work consistently throughout the OpenAFS
1281 product instead of just from within the afsd_service.exe
1283 * Added a runtime check to ensure that AFS Client Service SMB
1284 Server is accepting connections before attempting to mount
1287 * Read IP addresses for volume servers out of the CellServDB
1288 file if gethostbyname() on the hostname fails.
1290 * Fix getcellconfig() to populate both the Hostnames as well
1291 as IP addresses when loading cell data via DNS
1293 * Increase the Connection Dead Time to 50 from 20 seconds
1294 Increase the Hard Dead Time to 120 from 40 seconds
1295 (matches the Unix values)
1297 * Fixed an assertion validating the number of allocated NCBs
1299 * Fixed the build environment to consistently build for
1300 Windows 2000 and above. (APPVER = 5.0)
1302 * Fixed rx_debug to properly validate the receipt in incoming
1303 data with select() and recvfrom(). Do not copy data out of
1304 the socket buffer unless success is indicated.
1307 * afsd_service.exe will now display a message box to the
1308 desktop when it terminates due to an IP Address Change.
1310 * installer no longer deletes AFS Server configuration data
1313 * installer generates a warning dialog if the RPC service
1314 is not properly configured
1316 * installer compressed with lzma instead of bzip2
1318 * afsd_service.exe shutdown crash solved once and for all
1320 * reference counting of smb_vc_t data structures improved
1322 * name space collision of smb_fid_t event objects corrected
1324 * the output of "fs memdump" is now written to
1325 %WINDIR%\TEMP\afsd_alloc.log
1327 * the file TaAfsApp_1033.dll is now properly installed allowing
1328 the User Manager to start
1330 * a new algorithm is used for computing filename pattern matches
1332 * afscreds.exe now accepts user names containing instance
1335 * Fix the Directory Name Lookup Cache to be case-sensitive.
1336 This is crucial in environments in which a Windows client
1337 is accessing a directory with more than one filename that
1338 differs only by case. If the directory contains "FOO"
1339 and "Foo". You want "DEL Foo" to delete the correct one.
1340 We still have a problem in that "DEL foo" will delete a
1341 random filename. This will be addressed in a future release.
1343 * Fix afscreds.exe -M option (renewMaps) to work when High
1344 Security mode is off. Also, remember to disable the ActiveMap
1345 flag in afsdsbmt.ini when a drive mapping is removed.
1347 * Updates to NSIS installer script. AFS Server configuration
1348 data will not be destroyed on un-install or re-install.
1349 Use a better compression algorithm.
1351 * afslogon.dll now uses KFW to obtain tokens when available
1353 * afslogon.dll when given an all uppercase username will
1354 attempt to authenticate with both the uppercase name
1355 and an all lowercase variation
1357 * DST modification removed. The fix appears to make things
1358 worse after a reboot of the machine.
1360 * fs.exe: added "cscpolicy" which is used to
1361 change client side caching policy for AFS shares
1363 Usage: fs cscpolicy [-share <AFS share>] [-manual] [-programs]
1364 [-documents] [-disable] [-help]
1366 * Several uninitialized variables have been initialized
1368 * It is now possible to obtain tokens using cross realm
1369 Kerberos within afscreds.exe:
1371 user: jaltman@ATHENA.MIT.EDU
1373 Will obtain a cross realm ticket for jaltman/DEMENTIA.ORG@ATHENA.MIT.EDU
1374 will will in turn be used to obtain afs@DEMENTIA.ORG.
1375 The resulting token will be stored with the display name
1376 jaltman@ATHENA.MIT.EDU@dementia.org
1378 * aklog.exe has been added to the client
1380 Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]]
1381 [[-p | -path] pathname]
1385 -d gives debugging information.
1386 krb_realm is the kerberos realm of a cell.
1387 pathname is the name of a directory to which you wish to authenticate.
1388 -noprdb means don't try to determine AFS ID.
1389 -5 or -4 selects whether to use Kerberos V or Kerberos IV.
1390 (default is Kerberos V)
1391 No commandline arguments means authenticate to the local cell.
1394 * All of the resource files have been restructured to adhere to
1395 a set of rules IBM implemented for loading string resources.
1396 These rules had either been forgotten or were not discovered
1397 by folks working on the OpenAFS sources. The end result was
1398 memory corruption. This is primary item which was preventing
1399 the AFS Server from working.
1401 * Increased the size of the maximum ticket size stored in a token
1402 from 344 bytes to 12,000. Increased the buffers used to convey
1403 messages between the pioctl() caller and the SMB Server from
1404 1000 bytes to 12,512. The code appeared to have been writing
1405 above the top of the stack by quite a few number of bytes.
1406 (The increased ticket size is necessary for the next item.)
1408 * When obtaining AFS Tokens via KFW, krb524 is no longer required.
1409 Instead the raw Kerberos 5 ticket is used in its entirety. This
1410 is extremely important as it allows us to use pure Kerberos 5 KDCs
1411 as the source of the AFS authentication. The use of up to 12,000 byte
1412 tickets will allow tickets produced by all versions of Microsoft
1413 Active Directory to be used.
1414 - create a user account.
1415 - designate it DES only
1417 - specify its UPN to be "afs@realm"
1418 - assign a SPN of "afs/cellname" to the UPN with setspn.exe
1420 * Do not enforce the funky 8dot3 pattern matching rule that the first "."
1421 is special when using long file names. (you must use "*.*" and not "*")
1422 Instead only enforce it when performing 8dot3 searches.
1424 * Fixed the DST problem with creation times being set one hour ahead
1426 * Fixed the problem when using \\afs\cell-alias. For example,
1427 \\afs\uncc instead of \\afs\uncc.edu. Do not a new cell struct
1428 for the alias name; instead simply expand the name. One of the
1429 symptoms of this problem was a loss of acquired tokens.
1431 * Fixed the AFS Shell Extension. The Symbolic Link menu was empty
1432 of strings. (Only English strings provided.)
1434 * Fixed the installer to properly replace in use files.
1436 * Fixed the build system to cleanup generated component version files
1438 * The release build compiled with MSVC 6.0 compiler to avoid the
1439 afsd_service.exe shutdown crash. This does not solve the problem
1440 but simply avoids it for the time being.
1444 * fix afslogon.dll to not corrupt memory when High Security mode
1447 * fix afsd_service.exe to not attempt to restore the stack when
1448 an exception occurs. (not safe in multi-threaded programs)
1450 * fix uninstaller to properly remove the CRT and MFC DLLs
1452 * remove a Message Box from afscreds.exe when getcellconfig()
1453 fails on a kerberos realm which is not a cell
1455 The following is a list of changes to the OpenAFS for Window client
1458 * "fs setserverprefs" will leave afsd service deadlocked
1460 * "vos listaddrs" will core dump
1462 * installer sets the appropriate keys to support Integrated Logon
1464 * installer disables the "Find Lana by Name" functionality as it
1465 was causing headaches for many users
1467 * fix the intermittent crash of the power management thread when
1468 shutting down the AFS Client Service
1470 * optimizes the obtain drive mount list functionality which is
1471 executed every time the mount tab in afscreds.exe and afs_config.exe
1472 are refreshed. (this happens a lot)
1474 * fix the service shutdown logic. add the STOP_PENDING state
1475 and do not accept additional service events after we declare
1478 The following is a list of changes to the OpenAFS for Window client
1481 * flexelint was run against the source tree and hundreds (perhaps
1482 thousands) of corrections were applied to ensure prototypes
1483 were in use; types were used consistently; variables were
1484 initialized; unused variables were removed; etc.
1486 * A wide variety of instrumentation was added including the
1487 ability to produce a stack trace from within afsd_service.exe
1490 * Dynamic configuration of the RDRtimeout value based upon the
1491 LanMan Workstation Session Timeout
1493 * The mount root no longer needs to be called "/afs". This
1494 is now set by a registry value "MountRoot" within the key
1495 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
1497 * The cell list is now only read out of afsdcell.ini when the
1498 file changes instead of each time a cell is resolved.
1500 * Thread synchronization was added to cm_server.c and ktc_nt.c
1502 * All calls to GlobalAlloc()/GlobalFree() were replaced with
1503 calloc()/free(). The Global functions were needed on Windows 3.x
1504 but have caused a variety of problems on the Win32 platforms.
1505 Avoiding them is highly recommended by several Microsoft
1506 Knowledgebase articles
1508 * Support for Symbolic Links added to the AFS Shell Extension
1510 * Added a registry value "OverlayEnabled" to determine if
1511 Shell Extension Overlays should be enabled.
1512 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
1514 * New Build system to support VC6, VC.NET, VC.NET2003 compilers and
1515 separate trees for checked and free builds. Build system supports
1516 a custom directory src\WINNT\extra which can be used as a grafting
1517 location of organization specific additions to the build tree.
1519 * New installer built using NSIS 2.0.
1521 * Named all kernel objects in order to allow them to be monitored
1522 with tools such as SysInternals' ProcExp.exe.
1524 * Introduced new EventLog framework for AFSD
1526 * Introduced Power Management interface to AFSD for Standby and
1527 Hibernate modes to allow cache to be flushed prior to network
1530 * Utilize Win32 DNSQuery API instead of internal routines. This
1531 allows DNS SRV queries to be sent to all current domain name
1532 servers. Not just one specified in an INI file. DNS is now
1535 * "NetbiosName" registry value may be used to specify a fixed
1536 Netbios Name such as "AFS" to be used instead of "HOSTNAME-AFS"
1537 when the loopback adapter is in use. If you need to use the
1538 old notation with a loopback adapter installed specify a registry
1541 "NetbiosName" REG_EXPAND_SZ = "%COMPUTERNAME%-AFS"
1543 * Refactor all modules which depend on LAN Adapter and NetbiosName
1544 determination in a new library: lanahelper.lib. This allows for
1545 consistent behavior throughout the product.
1547 * Move the afsd.log and afsd_init.log files to the directory specified
1548 by the "TEMP" environment variable. This is usually %WINDIR%\TEMP
1549 for services. Added the Date to the log entries.
1551 * New registry value "RxMaxMTU" used to limit the size of the RX
1552 packets sent by the AFS Client Service to the Server. In order
1553 to enable OpenAFS to work across the Cisco IPSec VPN the packet
1554 size must be restricted to 1264 or smaller. The latest NSIS
1555 installer sets a value of 1260 by default.
1557 * New registry value "RxNoJumbo" to disable the use of Jumbo Rx
1558 packets. This is not needed in order to work across the Cisco
1559 VPN but might be needed for other network environments. This
1560 value is not set by the NSIS installer.
1562 * New registry value "HideDotFiles" is used to apply the Hidden
1563 attribute to files whose names begin with a '.'. This value
1564 is set by the NSIS installer.
1566 * New registry value "MaxMpxRequests" allows the maximum number
1567 of multiplexed sessions to be configured at run time. This
1568 value is not set by the NSIS installer. The default value is
1571 * New registry value "MaxVCPerServer" allows the maxmimum number
1572 of VCs per server to be configured at run time. This value is
1573 not set by the NSIS installer. The default value is 100.
1575 * New registry value "AllSubmount" allows the "all" submount to
1576 be disabled by setting its value to 0x00.
1578 * Allow cells names to be valid mount points
1579 \\<netbiosName>\<cellname>
1581 * Store the active state of drive mappings in order for afscreds.exe
1582 to restore them upon startup
1584 * Add exception handling to generate a Stack Trace to the afsd_init.log
1585 file if one happens to occur.
1587 * Add lots of logging to help detect the cause of invalid SMB packets
1589 * Enable Kerberos for Windows to be used to obtain AFS Tokens via
1590 conversion of Kerberos 5 "afs" service tickets. Supports auto-
1591 renewal of expiring tokens as long as afscreds.exe is running.
1593 * New afscreds.exe command line options:
1595 -M = renew drive maps
1596 -N = ip address change detection
1599 * New registry value "EnableKFW" in {HKCU,HKLM}SOFTWARE\OpenAFS\Client
1600 determines whether or not MIT Kerberos for Windows should be used
1601 to obtain tokens via Kerberos 5 tickets.
1603 * New registry value "AfscredsShortcutParams" in
1604 {HKCU,HKLM}SOFTWARE\OpenAFS\Client
1605 determines the command line parameters to be specified when "fixing"
1606 the AFS Shortcut in the user's startup folder.
1608 * The "ShowTrayIcon" registry value has been moved from
1609 HKLM\Software\TransarcCorporation\AFS Client\AfsCreds to
1610 {HKCU,HKLM}SOFTWARE\OpenAFS\Client
1612 * The <cell name> registry values used to store the token expiration
1613 reminders have been moved from
1614 HKLM\Software\TransarcCorporation\AFS Client\AfsCreds to
1615 {HKCU,HKLM}SOFTWARE\OpenAFS\Client\Reminders
1617 * Obtain the Logon User Name from the Explorer key when available
1619 * new text document doc\txt\winnotes\registry.txt lists all registry
1620 values used by OpenAFS (excluding the AFS Server)
1622 * BUG: rx_securityClass objects were not properly reference
1623 counted and were never freed.
1625 * BUG: reduce the number of conditions under which CM_ERROR_TIMEOUT
1626 would be generated. The existence of a server does not imply
1627 that it is not down. If all of the servers for a cell are down
1628 return CM_ERROR_NOSUCHVOLUME instead. This prevents the Explorer
1631 * BUG: the directory name lookup cache failed to free the entries
1632 in the cache when the name cache entries cycled. The entries
1633 in the cache would become dereferenced without being freed.
1635 * BUG: fs setserverprefs could be executed without Administrator
1638 * BUG: the number of allocated NCB objects (100) exceeded the number
1639 which could actually be waited upon by the kernel (64). Any objects
1640 which were utilized above the limit could never have event completions
1643 * BUG: smb_username_t objects were not being reference counted and
1644 were not properly freed.
1646 * BUG: smb_tid_t objects could under unusual circumstances be freed
1647 before they were no longer referenced.
1649 * BUG: smb_fid_t object pointer were frequently used even when
1650 their value could be NULL. They were not properly released and
1651 therefore they were never freed.
1653 * BUG: smb_packet_t data structures were not completely initialized
1656 * BUG: when Rx produces a CM_ERROR_NOIPC error do not return "Access
1657 Denied" because that causes the Explorer Shell to try again until
1658 access is obtained. Instead return "Remote Resources" which allows
1659 the shell to move on and treat the error as transient.
1661 * BUG: when initializing the NCBreturns structure, separate Event objects
1662 were created for each NCB although a single Event object was supposed
1663 to be shared by all.
1665 * BUG: smb_dirSearch_t objects were not being properly referenced counted
1668 * BUG: smb_tran2Packet_t objects were not being properly referenced
1671 * BUG: directory path creation did not handle the case of multiple
1672 directories requiring creation in one attempt
1674 * BUG: SMB requests which required an Extended Response were ignored.
1675 This prevented some files from being written to AFS volumes.
1677 * BUG: character strings were being freed even after they were
1678 inserted into in use data structures
1680 * BUG: inconsistent usernames were used when High Security mode was
1681 enabled. (there is still much to do in this area)
1683 * BUG: pioctl() calls which require out of band RPC operations were
1684 susceptible to race conditions when performed by multiple processes
1686 * BUG: memory allocation and deallocation crossed instances of the
1687 C Runtime Library producing memory leakage and corruption in
1688 afscreds and the client configurator.