+Since 1.3.71:
+ * Fix the pattern matching algorithm to properly match patterns
+ ending with a '*'.
+
+ * smb_ReceiveCoreRename() was factored to produce smb_Rename()
+ which is used by both the original function and the new
+ smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
+ creation of HardLinks in addition to Renaming. smb_Link()
+ is a new function which creates HardLinks via cm_Link().
+ cm_Link() is a new vnodeops function which creates links
+ using RXAFS_Link().
+
+ smb_ReceiveNTRename() does not support the File Copy and
+ Move Cluster Information operations described in its interface.
+ ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
+
+ * When opening files via symlinks, we should follow the symlinks
+ until we reach the actual file stat cache entry. The stat cache
+ entry of the file should then be stored in the FID instead of
+ stat scache entry of the symlink.
+
+ * return bad operation errors for all unimplemented functions
+ even if we do not know the functions exist.
+
+ * Log bad packets and unknown operation packets to the trace log
+
+ * Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
+ 0xC09820FF
+
+ * Update list of known CIFS operations to include all those listed
+ in CIFS-TR-1p00_FINAL.pdf.
+
+Since 1.3.70:
+ * A new Windows authorization group "AFS Client Admins" is now
+ created and populated with the members of the "Administrators"
+ group. The group is used to determine which accounts on the
+ machine may be used to modify the AFS Client Configuration via
+ the UI and command line tools. afs_config.exe, fs.exe,
+
+ * Modify the WinLogon Logoff Event Handler to query NT4 domain
+ controllers for the remote profile path if Active Directory
+ services are not available.
+
+ * Fix aklog.exe to not add the AFS ID to the username
+
+ * PTS registration of new users to foreign cells has been added to
+ afscreds.exe
+
+ * The cm_Daemon thread is used to perform checks for
+ down servers, up servers, volumes, callback expirations,
+ lock maintenance and token expiration. Due to a gaff in
+ larger integer division the thread never performed any
+ work. Instead the current time computation would always
+ be less then the trigger times. This had an adverse affect
+ on the client's ability to maintain communication with servers,
+ keep volumes up to date, and flush user tokens and acls
+ when they have expired. This was broken when the 1.3 branch
+ was modified to support VC7 which no longer included
+ largeint.lib
+
+ * An initialization problem with the Freelance code was
+ detected while fixing the callbackRequest. The cm_rootSCachep
+ object is obtained during afsd_InitDaemons() but the callback
+ information is incomplete. The callback information will not
+ be obtained until cm_MergeStatus is called from within
+ cm_GetCallback. Unfortunately, cm_SyncOp did not properly
+ test for the conditions under which the callback information
+ must be obtained.
+
+ * Reports have been filed indicating that callbacks were
+ being lost. An examination of the code indicated that the
+ cm_server_t objects were not being properly reference
+ counted by the cm_scache_t and cm_callbackRequest_t objects.
+ In particular, the cm_server_t objects may have been freed
+ from beneath the cm_conn_t objects.
+
+ All of the reference counting is now done via the functions:
+ cm_GetServer
+ cm_GetServerNoLock
+ cm_PutServer
+ cm_PutServerNoLock
+ this improves the ability to track the referrals.
+
+ Each cm_BeginCallbackGranting Call now allocates a reference
+ to the cm_server_t. The cm_EndCallbackGrantingCall either
+ frees the reference or transfers it to the cm_scache_t
+ cbServerp field. These are then appropriately tracked
+ through the cm_Analyze call.
+
+ * Ensure that the dnlc hash table is the same size as the
+ dir name hash table (as per original author's note).
+ Increase the dnlc CM_AFSNCNAMESIZE to a multiple of 8
+ for compatibility with 64-bit systems.
+
+ * fix smb_ApplyV3DirListPatches to properly apply the hidden
+ attribute to dotfiles when the infoLevel < 0x101 and
+ cm_SyncOp has failed.
+
+ * Fix the Freelance registry initialization code. There
+ was a possibility that some systems could end up with
+ garbage in the registry during a clean install.
+
+Since 1.3.66:
+ * file and directory names beginning with "." will now be given the
+ hidden attribute when the volume access is anonymous. this matches
+ the behavior when the volume access is via an authenticated user.
+
+ * Added a change monitor to the HKLM\SOFTWARE\OpenAFS\Client\Freelance
+ key. When a change occurs mark the root.afs data as invalid and
+ for it to be reloaded on the next access. This allows administrators
+ to modify the mount point list without restarting the service.
+
+ The freelance client used to provide a fake modification time for
+ the root.afs volume data and its mount points of 7/09/2001 14:24 EDT.
+ Added code to extract the last modification time of the Freelance
+ registry key and use that instead. The time now represents the
+ most recent mount point change.
+
+ * PTS registration of new users to foreign cells has been added to
+ aklog.exe
+
+ * Additional Cache Control and Credential Manager options have been
+ added to the WiX installer. See deployment guide for details.
+
+ * The CachePath setting is now optionally a REG_EXPAND_SZ type
+
+ * The WiX installer has been upgraded. Version 2.0.1927.1 is now
+ required.
+
+ * The loopback installation code may have had a problem updating the
+ %ETC%\HOSTS file which could have resulted in a premature failure.
+ Work around code has been added for the case where the file cannot
+ be deleted.
+
+ * The default max chunksize was increased from 15 (32K) to 17 (128K)
+ because Windows sends 64K blocks when using overlapped writes.
+
+ * The default number of server threads was increased from 4 to 25 to
+ better handle overlapped writes.
+
+ * The "AfscredsShortcutParams" registry value was not being properly
+ loaded by afscreds.exe. Therefore, the default value was always being
+ used instead of the value set by the installer.
+
+ * Windows XP provides downgrade attack detection to prevent an attacker
+ from being able to force the use of NTLM simply by disrupting
+ communication with the KDC. This attack cannot exist between the
+ Windows CIFS client and the AFS Client Service. Therefore, when a
+ downgrade has been detected the afs pioctl library will force the
+ establishment of a new CIFS connection using NTLM.
+
+ * A locking error was discovered surrounding all references to volume
+ server lists within the cm_cell.c source file.
+
+ * The logged into Windows username was incorrect on Terminal Server
+ machines.
+
+ * A new registry value "NonPersistentCaching" was added to the service
+ parameters key. When set to a non-zero value, the afs cache is stored
+ in the Windows paging file. There are two limitations to choosing
+ this option:
+ 1. when persistent caching is implemented it won't work with
+ this flag set since there will be nothing to persist.
+ 2. with this flag set the initial paging allocation cannot be
+ changed while the service is running
+
+ * An initialization bug was discovered in aklog.exe which affected users
+ who have a domain name for their afs servers which could not be mapped
+ to a realm
+
+Since 1.3.65:
+ * afs_config.exe now validates cell names against DNS in addition
+ to the CellServDB file.
+
+ * In order to allow the freelance client to connect to a volume with ID
+ equal to 1 on the default cell we changed the fake root.afs volume ID
+ once again. This time we choose 0xFFFFFFFF. In addition, we change
+ the cell ID of the fake root.afs volume from 1 to 0xFFFFFFFF as well.
+ It will now be impossible for a volume ID to match that of another
+ cell unless the client is connected to 0xFFFFFFFD cells. That should
+ be enough room for growth.
+
+ * Fix "fs mkmount" command to work with UNC paths and when
+ started from non-AFS drives. It is now possible to create a mount
+ point in the freelance fake root.afs volume with the command
+
+ fs mkmount \\AFS\all\<directory-name> <volume-name> <cellname>
+
+ For example,
+
+ fs mkmount \\AFS\all\openafs.org root.cell openafs.org
+ fs mkmount \\AFS\all\.openafs.org root.cell openafs.org -rw
+
+ * The algorithm used to re-attempt access to the servers associated with
+ a volume has been altered to properly address the case in which all
+ servers have been marked down. The previous algorithm did not reset
+ the server's down flags so the servers were never actually retried.
+ This caused a problem with active volumes if the network connectivity
+ was lost as could be the case with a network cable removal, wireless
+ drop, or laptop hibernation. With the fix volume access is restored
+ almost instantenously when network connectivity becomes available.
+
+ * Support for SMB/CIFS browsing has been added to the AFS Client Service
+ SMB server. It is now possible to use "NET VIEW \\AFS" to obtain a
+ listing of AFS submounts and freelance mount points. Support for
+ NETSHAREENUM, NETSHAREGETINFO, NETSERVERENUM2, NETSERVERGETINFO
+ significantly enhances the behavior of AFS volumes within the Explorer
+ Shell. For instance, "AFS" now shows up as server in the Explorer
+ with each submount or freelance mount point visible as a share.
+ The right click menu in each folder now works with full functionality
+ on a consistent basis.
+
+ * The network provider can be configured to have different behavior
+ depending on the domain that the user logs into. These settings are
+ only relevant when using integrated login. A domain refers to an
+ Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
+ local machine (i.e. local account logins). The domain name that is
+ used for selecting the domain would be the domain that is passed into
+ the NPLogonNotify function of the network provider. (see registry.txt
+ for details)
+
+ * Added a new registry value [HKCU\SOFTWARE\OpenAFS\Client]
+ "Authentication Cell" which may be used to specify a default
+ authentication cell for afscreds.exe which is different from
+ the default cell for the AFS Client Service daemon.
+
+ * Added a Logoff WinLogon Event Notification function to afslogon.dll.
+ afslogon.dll moved to %WINDIR%\System32\.
+ New registry entries added to register the dll for Winlogon events.
+
+ The logoff event will now force a call to ktc_ForgetAllTokens()
+ using the context of the user being logged off as long as the
+ user's profile is not loaded from within AFS. If the profile
+ was loaded from AFS we can't release the tokens since the Logoff
+ event is triggered prior to the profile being written back to
+ the its source location. This is now performed in an XP SP2
+ safe manner.
+
+ * Windows XP SP2 Internet Connection Firewall interoperability
+ has been added.
+
+ * The %WINDIR%\afsdsbmt.ini contains four sections:
+ Submounts, Drive Mappings, Active Maps and CSC Policies.
+ The Submounts and CSC policies are now stored in the registry under
+ [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
+ [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
+ The Drive Mappings and Active Maps are stored in the registry under
+ [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
+ [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
+
+ There is no automatic migration of this data as it would be impossible
+ to consistently migrate data to user profiles which may not be active
+ when the machine is updated.
+
+ * The %WINDIR%\afs_freelance.ini contains lists of mountpoints for the
+ fake root.afs volume. For the same reasons as for the cellservdb file,
+ this information should not be in %WINDIR%. This information is now
+ kept under the registry key
+ [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
+
+ The data from the afs_freelance.ini file will be automatically
+ migrated to the registry on first execution of afsd_service.exe
+
+ * Keeping the CellServDB file in the location %WINDIR%\afsdcell.ini is
+ troublesome for several reasons. One, it is confusing for those who
+ expect the file to be named "CellServDB" instead of "afsdcell.ini".
+ Two, this file is not a Windows Profile formatted file. Three,
+ applications should not be reading or writing to %WINDIR%. It causes
+ problems for Windows Terminal Server.
+
+ The new location of CellServDB will be the OpenAFS Client install
+ directory which is by default C:\Program Files\OpenAFS\Client and can
+ be determined by querying the registry for
+ [HKLM\SOFTWARE\TransarcCorporation\AFS Client\CurrentVersion]PathName
+
+ The existing afsdcell.ini will be migrated by the NSIS installer.
+ The Wix installer must still be updated to do the same.
+
+ * Change NSIS installer to use DNS by default; to remove Integrated Logon
+ High Security mode; and to add Terminal Services compatibility registry
+ entries to allow the OpenAFS tools to find the afsdcell.ini and other
+ configuration files in %WINDIR%.
+
+ * Add support for authenticated SMB connections. This will remove
+ the need for high security mode in most situations. Both NTLM
+ and Extended Security (GSS SPNEGO) modes are supported. Effectively,
+ only NTLM can be used even though Kerberos is now supported. The
+ reason is that it is not possible to construct a service principal
+ which is unique to each individual machine.
+
+ SMB Extended Auth does not work on XP SP2 unless one of two registry
+ modifications are made:
+
+ (1) To disable the check for matching host names on loopback connections
+ set this key. This does not require a reboot:
+
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
+ "DisableLoopbackCheck"=dword:00000001
+
+ (2) To add the AFS SMB/CIFS service name to an approved list. This
+ does require a reboot:
+
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
+ "BackConnectionHostNames"=multi-sz "AFS" "MACHINE-AFS"
+
+ afsd_service.exe will automatically add the current Netbios Name
+ to the BackConnectionHostNames list and then temporarily disable
+ the loopback check for one cycle of startup/shutdown of the service.
+ We assume most folks do not start/stop without a reboot so this
+ will be adequate in most cases.
+
+ * Fix security hole in afslogon.dll which allowed passwords to be
+ sent in clear text to the KDC in a misformed principal name.
+
+ * Fix cm_GetCell() to properly handle expired dns entries
+ without crashing
+
+ * If Freelance mode is active and the afs_freelance.ini
+ file does not exist, do not create an empty file.
+ Instead create a file containing ro and rw mountpoints
+ to the default cell using the standard conventions.
+
+ * Modify the Freelance support to handle the ability
+ to create rw mount points in the fake root.afs volume.
+
+ * Changed the RPC mechanism used for token setting from
+ named pipes to local. Use of named pipes can be restored
+ by setting the environment variable AFS_RPC_PROTSEQ to
+ "ncacn_np".
+
+ Named pipes were required when a Windows 9x system was
+ using a NT system in gateway mode which is incompatible
+ with our use of local loopback adapters.
+
+ * In afscreds.exe, if a username of the form user@REALM is
+ specified and no password is specified, do not perform a
+ kinit operation. Only perform the aklog functionality.
+
+ * Add a new registry value which allows the number of processors
+ on which afsd_service.exe executes to be restricted. Valid
+ values are 1..numOfProcessors
+
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAfsDaemon\Parameters
+ (DWORD) MaxCPUs
+
+Since 1.3.64:
+ * A second MSI based installer option is now available.
+
+ * Fixed Kerberos 5 kinit functionality in afscreds.exe to properly
+ request tickets for user/instance@REALM instead of just user@REALM
+
+ * Modify the Power Management Notify routine to wait for the Hard Dead
+ timeout period instead of a fixed 19 seconds. With the longer timeout
+ periods Hibernation and Standby could never succeed when network
+ connectivity is not available.
+
+ * The following fs.exe commands are now restricted to Administrator:
+ - checkservers with a non-zero timer value
+ - setcachesize
+ - newcell
+ - sysname with a new sysname list
+ - exportafs
+ - setcell
+ - setserverprefs
+ - storebehind
+ - setcrypt
+ - cscpolicy
+ - trace
+
+ setting the default sysname for a machine should be done via the
+ registry and not via "fs sysname".
+
+ * NSIS installer adds options to install Debugging Symbols
+ and the Microsoft Loopback Adapter; the user is now also
+ given the ability to select the afscreds.exe startup options.
+
+ * Build system modified to generate symbols for FREE (aka RELEASE)
+ builds as well as CHECKED (aka DEBUG) builds
+
+ * Sites which have a volume ID of 0x20000001 assigned to their
+ root.cell volumes have been experiencing problems with accessing
+ the root.cell volume of their cell when Freelance mode has been
+ active. This was because 0x20000001 was assigned to the fake
+ root.afs volume created by freelance. The fake volume id is
+ now set to 0x00000001 to prevent conflicts.
+
+ * The timeout logic in the AFS Client Service has been wrong
+ for sometime. It is based on two different assumptions.
+ First, the SMB client timeout is a fix value as was the case
+ with OS/2 Lan Manager. This assumption is incorrect. The
+ SMB timeout in Windows is a dynamic value computed based upon
+ a fixed minimum timeout to which is added time based upon the
+ size of the request and the performance characteristics of
+ the connection. Second, it is the responsibility of the
+ SMB Server to enforce the timeout requirements of the client.
+ This is untrue. The SMB Server cannot be expected to know
+ the requirements of the client. More importantly, if the
+ SMB server uses the SMB client timeout as a value to restrict
+ its behavior as an RX client, the performance characteristics
+ of the local SMB session would be used to prematurely terminate
+ WAN connections with significantly different performance
+ characteristics.
+
+ The timeout logic has therefore been modified in the following
+ manner:
+ . the Lan Manager Workstation (SMB) Session Timeout is used only
+ as a basis for configuring the Connection Dead Timeout
+ and Hard Dead Timeout values. The Connection Dead Timeout
+ must be at least 15 seconds longer than the SMB Timeout
+ and the Hard Dead Timeout must be at least double the
+ Connection Dead Timeout.
+ . New registry entries have been added to allow the Connection
+ Dead Timeout and Hard Dead Timeout values independent of the
+ Lan Manager Workstation Session Timeout
+ . The test to enforce the SMB Client Timeout has been removed.
+
+ One of the side-effects of removing the enforcement of the SMB
+ Client Timeout is that regardless of whether or not the SMB client
+ is available to receive the response (and how would the SMB server
+ know) the RX protocol response can be used to update the AFS
+ Client Service state for ready access by future SMB client
+ requests.
+
+ This should be the end of the "Server paused or restarting messages"
+
+ * Add support for arbitrary UNC paths to the pioctl() support.
+ This enables the fs commands as well as the AFS Shell Extension
+ to work correctly when UNC paths are being used.
+
+ * Fix afscreds.exe (by updating afskfw.lib) to search for cells via
+ DNS if the cell configuration cannot be determined via CellServDB
+
+ * Add debug info to test whether CM_BUF_WAITING or CM_SCACHE_WAITING
+ are ever set more than once at a time
+
+ * Fix the management of lists of cm_cell_t structures when using
+ DNS to lookup cell information. The previous code would fail to
+ reuse the same cellID for a cell if DNS was used more than once
+ for a given cell name. When the ttl expired, a single cm_cell_t
+ could be inserted into the cm_allCellsp list more than once
+ producing a loop. In addition, the vlServerp list belonging to
+ the cell was not freed resulting in improper refCounting of the
+ servers.
+
+ * Add DNS support to cm_IoctlNewCell() which previous only examined
+ the CellServDB file
+
+ * Add cm_FreeServer() function and call it from cm_FreeServerList()
+ to properly garbage collect cm_server_t objects
+
+ * Add numVCs variable to smb.c to track the number of smb_vc_t
+ objects created and use it to initialize the vcID field which
+ previously was set to 0 in all objects resulting in FindByID
+ collisions.
+
+ * Fixed DNS lookups to work consistently throughout the OpenAFS
+ product instead of just from within the afsd_service.exe
+
+ * Added a runtime check to ensure that AFS Client Service SMB
+ Server is accepting connections before attempting to mount
+ global drives.
+
+ * Read IP addresses for volume servers out of the CellServDB
+ file if gethostbyname() on the hostname fails.
+
+ * Fix getcellconfig() to populate both the Hostnames as well
+ as IP addresses when loading cell data via DNS
+
+ * Increase the Connection Dead Time to 50 from 20 seconds
+ Increase the Hard Dead Time to 120 from 40 seconds
+ (matches the Unix values)
+
+ * Fixed an assertion validating the number of allocated NCBs
+
+ * Fixed the build environment to consistently build for
+ Windows 2000 and above. (APPVER = 5.0)
+
+ * Fixed rx_debug to properly validate the receipt in incoming
+ data with select() and recvfrom(). Do not copy data out of
+ the socket buffer unless success is indicated.
+
+Since 1.3.63:
+ * afsd_service.exe will now display a message box to the
+ desktop when it terminates due to an IP Address Change.
+
+ * installer no longer deletes AFS Server configuration data
+ on uninstall
+
+ * installer generates a warning dialog if the RPC service
+ is not properly configured
+
+ * installer compressed with lzma instead of bzip2
+
+ * afsd_service.exe shutdown crash solved once and for all
+
+ * reference counting of smb_vc_t data structures improved
+
+ * name space collision of smb_fid_t event objects corrected
+
+ * the output of "fs memdump" is now written to
+ %WINDIR%\TEMP\afsd_alloc.log
+
+ * the file TaAfsApp_1033.dll is now properly installed allowing
+ the User Manager to start
+
+ * a new algorithm is used for computing filename pattern matches
+
+ * afscreds.exe now accepts user names containing instance
+ fields.
+
+ * Fix the Directory Name Lookup Cache to be case-sensitive.
+ This is crucial in environments in which a Windows client
+ is accessing a directory with more than one filename that
+ differs only by case. If the directory contains "FOO"
+ and "Foo". You want "DEL Foo" to delete the correct one.
+ We still have a problem in that "DEL foo" will delete a
+ random filename. This will be addressed in a future release.
+
+ * Fix afscreds.exe -M option (renewMaps) to work when High
+ Security mode is off. Also, remember to disable the ActiveMap
+ flag in afsdsbmt.ini when a drive mapping is removed.
+
+ * Updates to NSIS installer script. AFS Server configuration
+ data will not be destroyed on un-install or re-install.
+ Use a better compression algorithm.
+
+ * afslogon.dll now uses KFW to obtain tokens when available
+
+ * afslogon.dll when given an all uppercase username will
+ attempt to authenticate with both the uppercase name
+ and an all lowercase variation
+
+ * DST modification removed. The fix appears to make things
+ worse after a reboot of the machine.
+
+ * fs.exe: added "cscpolicy" which is used to
+ change client side caching policy for AFS shares
+
+ Usage: fs cscpolicy [-share <AFS share>] [-manual] [-programs]
+ [-documents] [-disable] [-help]
+
+ * Several uninitialized variables have been initialized
+
+ * It is now possible to obtain tokens using cross realm
+ Kerberos within afscreds.exe:
+ cell: dementia.org
+ user: jaltman@ATHENA.MIT.EDU
+ password: xxxxxxxx
+ Will obtain a cross realm ticket for jaltman/DEMENTIA.ORG@ATHENA.MIT.EDU
+ will will in turn be used to obtain afs@DEMENTIA.ORG.
+ The resulting token will be stored with the display name
+ jaltman@ATHENA.MIT.EDU@dementia.org
+
+ * aklog.exe has been added to the client
+
+ Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]]
+ [[-p | -path] pathname]
+ [-noprdb] [-force]
+ [-5 | -4]
+
+ -d gives debugging information.
+ krb_realm is the kerberos realm of a cell.
+ pathname is the name of a directory to which you wish to authenticate.
+ -noprdb means don't try to determine AFS ID.
+ -5 or -4 selects whether to use Kerberos V or Kerberos IV.
+ (default is Kerberos V)
+ No commandline arguments means authenticate to the local cell.
+
Since 1.3.62:
* All of the resource files have been restructured to adhere to
a set of rules IBM implemented for loading string resources.