+Since 1.3.80:
+ * Fixed a locking error in cm_TryBulkStat() which had the
+ potential of deadlocking the system for the length of time
+ it takes to perform a bulk status fetch operation.
+
+ * Replaced time conversion code (UnixTime <-> FILETIME) to
+ be completely arithmetic instead of relying on a bizarre
+ algorithm involving a variety of C RTL time functions.
+
+ * Fixed a invalid memory access under a bizarre circumstance.
+ Windows will allow a physical mass media device to be
+ installed via Plug N Play to the system and will assign it
+ the lowest available drive letter. This is true even if the
+ drive letter is currently assigned in the user session to
+ a network device via NET USE (or its equivalent.) When this
+ happens, queries sent to the CIFS server will contain invalid
+ data. This invalid data was not being caught by the AFS
+ Client Service and was resulting in a crash when Freelance
+ mode was in use.
+
+ * Fixed a reference count error when registering callbacks
+ on a stat cache object if the callback was already registered
+
+ * Add a case to cm_Analyze() in order to handle the case where
+ cm_GetConnByMServers() returns CM_ERROR_NOSUCHVOLUME because
+ the server list for the volume is empty. In this case, force
+ an update of the volume info and retry.
+
+ * Insert a missing cm_EndCallbackGrantingCall() which could
+ result in threads waiting for a callback to complete to never
+ be woken up.
+
+ * In the persistent cache, there is a maximum number of volume
+ entries. Allow volume entries to be reused if the maximum
+ number have been allocated and their reference count is zero.
+
+ * If we already have a dead virtual connection object, don't
+ ignore the fact that additional dead vc objects must be taken
+ care of.
+
+ * Removed a deadlock condition introduced in the summer of 2004.
+ Do not hold mx locks around calls to RX functions including
+ rx_NewCall(). That is what reference counts on the rx_connection
+ object are for.
+
+ * Fixed an initialization error in afslogon.dll which could
+ result in random behavior including a failure to terminate
+ the NPLogon function. (1.3.80b)
+
+ * Fixed an error preventing the use of SMB authentication
+ on Windows 2000. (1.3.80a)
+
+Since 1.3.77:
+ * Updated CellServDB to Public CellServDB 16 Mar 2005
+
+ * Fixed DNS AFSDB queries to ensure that "csail" cannot be
+ misinterpretted as "csail.mit.edu" when the resolver
+ is configured to append ".mit.edu" to failed DNS queries.
+
+ * Fixed another case in which the client would replace connections
+ to the host when it was not necessary. In this case the
+ situation would occur if cryptall was on and the connections
+ were unauthenticated due to lack of an appropriate token.
+
+ * OpenAFS for Windows has failed to work at sites which are
+ utilizing a cross-realm trust between an MIT/Heimdal realm
+ and a multi-domain Windows forest when the workstation being
+ accessed is not located in the root domain. This is caused
+ by a bug in the workstation which was triggered after the
+ introduction of Windows 2003 Server. When the bug is triggered,
+ the workstation attempts to authenticate users to afsd_service.exe
+ by contacting the Domain Controller instead of using the
+ LSA loopback authentication mechanism.
+
+ One of the reasons this bug occurs is because the workstation
+ does not have a reliable way of knowing that the service whose
+ netbios name is "AFS" is located on the workstation. This will
+ be fixed starting in Longhorn Beta 1 by Microsoft. The
+ "BackConnectionHostNames" registry value will be used to
+ indicate that the authentications to that service name should
+ be performed using the loopback authentication mechanism.
+
+ In the meantime, when Logon Caching is enabled, we can force
+ afsd_service.exe to authenticate using the logon cache before
+ contacting the Domain Controller. This will work with both
+ password and smart card based logons.
+
+ * The allDown logic in cm_ConnByMServers() was wrong. The allDown
+ flag should not be cleared if a volume's server reference is
+ marked as "offline". In the case where all of the volume's
+ servers are either "down" or the volumes are "offline", we want
+ cm_Analyze() to process the condition as CM_ERROR_ALLOFFLINE
+ instead of as CM_ERROR_TIMEDOUT. In fact, CM_ERROR_TIMEDOUT
+ should never occur in practice.
+
+ In the case of CM_ERROR_ALLOFFLINE, cm_Analyze() will sleep for
+ 5 seconds, clear the server down and volume busy flags, and
+ then force an update from the VLDB. This allows the client to
+ update the location of a volume if the reason for it being
+ marked offline is because it is being moved. Calls to
+ cm_ConnByMServers() will be retried either until success or
+ the RDRtimeout period is reached.
+
+ * Correct the Power Management code behavior in response to
+ Standby, Suspend, and Shutdown events. Instead of flushing the
+ buffers associated with the mounted SMB submounts, simply write
+ all buffers which are marked dirty.
+
+ * Added support for "TheseCells" to afslogon.dll. "TheseCells"
+ provides a list of cells other than the default cell for which
+ tokens should be obtained using the default Kerberos principal.
+ This functionality is logon domain specific and is only available
+ when using KFW for authentication.
+
+ * Fixed FindNext Invalid Handle error caused by over agressive
+ attempts at garbage collecting dirSearch entries when the
+ dirSearch ID wraps from the maximum value to 1.
+
+ * Add support for registry defined server preferences for VLDB and
+ File servers. See registry.txt for details.
+
+ * Increased default cache size to 96MB and default number of cache
+ entries to 10,000.
+
+ * Fixed refCount leaks related to directory lookups and pioctl calls.
+
+ * Callbacks revoked during a race condition with an attempt to
+ obtain the same callback no longer result in an inaccessible
+ stat cache entry.
+
+ * New command line tool:
+
+ afsdacl : Set or reset the DACL to allow starting or stopping
+ the afsd service by any ordinary user.
+
+ Usage : afsdacl [-set | -reset] [-show]
+ -set : Sets the DACL
+ -reset : Reset the DACL
+ -show : Show current DACL (SDSF)
+
+ * IP addresses are no longer queried once at startup. Instead IP
+ addresses are obtained as needed. Loopback adapter addresses are
+ no longer published to the server.
+
+ * Pay attention to the MIT KFW registry configuration for automatic
+ importation of MSLSA credentials. (SOFTWARE\MIT\Leash32,MsLsaImport)
+
+ * Fix (once again) case-sensitive comparisons which was apparently
+ broken in 1.3.72.
+
+ * Activate support for vos listvol -format
+
+ * Population of the "AFS Client Admins" group failed on non-English
+ versions of Windows because the name of the "Administrators" group
+ is localized. Now we lookup the name of the group by using the
+ Administrators Group Alias Relative ID.
+
+ * Multiple cell token acquisition within afscreds.exe was broken in the
+ case of Kerberos 5 cross realm authentication. Instead of contacting
+ the KDC associated with the cell's realm, afscreds would obtain a
+ token from the KDC of the user's realm. This would result in
+ "invalid kvno errors" while authenticating to the AFS servers.
+ Unauthenticated access would work. The symptoms would vary based upon
+ whether or not the VLDB servers had been contacted using unauthenticated
+ connections prior to the user obtaining tokens.
+
+ * The list of ACL entries was becoming corrupted. It appears as if
+ an ACL when it expires was not being appropriately cleaned up. In
+ fact, it was left in the list of ACLs associated with the scache
+ entry.
+
+ * Changed the default @sys name list to "x86_win32 i386_w2k i386_nt40"
+ for 32-bit x86 systems. The default for itanium will be "ia64_win64"
+ and "amd64_win64" for amd 64-bit processors.
+
+ * When executing executables, Windows provides a mechanisms by which
+ the normal search for DLLs can be bypassed. If a file foo.exe is
+ being executed and there exists a file or directory "foo.exe.local"
+ (the contents are ignored if a file), then Windows will search for
+ DLLs first in the "foo.exe.local" directory and second in the
+ directory in which the "foo.exe" file is located.
+
+ Previous releases of OAFW would improperly return
+ STATUS_NOT_A_DIRECTORY instead of the expected
+ STATUS_OBJECT_PATH_NOT_FOUND. This would cause the Windows SMB client
+ to terminate the search for the DLL causing the execution of the
+ application to fail.
+
+ * Rework the reference counting of smb_vc_t objects. The references
+ stored in the waiting locks were not counted. This could result in
+ an assertion if the reference count drops to zero.
+
+ * "fs wscell" returns "Freelance.Local.Root" for the workstation cell
+ when running in freelance mode.
+
+ * Added support for persistent caching of file contents, stat entries,
+ volume data, cell data, and name lookup data. When the registry
+ value, "NonPersistentCaching", is not defined or set to 0 the file
+ specified by "CachePath" becomes a persistent cache file. The
+ size of the cache file is computed at run time. It has a maximum
+ size of approximately 1.2GB. The contents of the file will be
+ validated according to the rules specified by the "ValidateCache"
+ registry value.
+
+ * Added support for UUIDs. UUIDs are kept for as long as the
+ cache file is intact.
+
+ * Added cmdebug.exe and support cache manager debugging callback
+ interfaces in afsd_service.exe.
+
+ Usage: cmdebug -servers <server machine> [-port <IP port>] [-long]
+ [-addrs] [-cache] [-help]
+ Where: -long print all info
+ -addrs print only host interfaces
+ -cache print only cache configuration
+
+ * Symlinks to \\AFS\[all\]... will now be treated the same as
+ symlinks to /afs/.... However, please use /afs/... as otherwise
+ the symlinks won't work on Unix.
+
+ * Correct a problem with local CellID allocation for cells whose
+ server list is obtained via DNS instead of a CellServDB file. If
+ the DNS information expires the CellID assigned to the entry will
+ be changed. This causes all of the cm_scache_t objects which refer
+ to the old cellID number to become useless. Attempts to access
+ files or directories with cm_scache_t objects using the old cellID
+ will fail since the server list cannot be obtained.
+
+ * Correct deadlock condition in cm_EndCallbackGrantingCall which can
+ be triggered if the volume referenced by the cm_scache_t object is
+ offline.
+
+ * The AFS Service needs to respond to SERVICE_ACCEPT_SHUTDOWN messages
+ in addition to SERVICE_ACCEPT_STOP.
+
+ * Move RPC shutdown until after the SMB and RX shutdown procedures
+ complete. Block until RPC shutdown is complete.
+
+ * Modify afslogon.dll (integrated logon) to wait for service if its
+ state is START_PENDING. If the timeout period occurs, reset to
+ the retry interval and not the sleep interval.
+
+ * When renewing the server list for a cell obtained via DNS AFSDB
+ records, the cm_cell_t entry must be removed from the list of all
+ cells. Otherwise, the list of cells will be corrupted.
+
+ * In the dcache and scache modules, use the cm_scache_t dataVersion
+ instead of the cm_fakeDirVersion.
+
+ * Synchronize fs.c with the unix version.
+
+ * The variable used to determine whether a file or virtual memory
+ mapped cache is used was not properly initialized to a default
+ value. If the registry setting "NonPersistentCaching" was not
+ set, the choice would be random. Properly initialized to be
+ "file".
+
+ * The memory mapped view was never unmapped before closing the file
+ at service shutdown. This is now properly cleaned up.
+
+ * Default location of Cache file is now %TEMP%\AFSCache
+
+Since 1.3.76:
+
+ * A bug affecting new installations of 1.3.75/76 would result in
+ the creating of incorrect mountpoints in the freelance root.afs
+ volume for the default cell.
+
+ If "fs \\afs\all\<cellname>" lists a volume name of "root" instead
+ of "root.cell", you have been affected by the bug. To correct the
+ problem, execute the following commands:
+
+ fs rmmount \\afs\all\<cellname>
+ fs rmmount \\afs\all\.<cellname>
+
+ fs mkmount \\afs\all\<cellname> root.cell <cellname>
+ fs mkmount \\afs\all\.<cellname> root.cell <cellname> -rw
+
+Since 1.3.75:
+
+ * A bug has been fixed in the auto-generation of Freelance root.afs
+ symlinks which produced random entries in the \\AFS\all directory.
+
+ * Support has been added for multi-homed servers
+
+Since 1.3.74:
+ * Added a new registry value, "StoreAnsiFilenames", which can be used
+ to force the use of ANSI character sets instead of OEM Code Pages.
+ This feature is useful when users require the ability to create
+ filenames with 8-bit characters and need to access the files from
+ both Latin-1 based Unix systems as well as from Windows.
+
+ Activation of this feature will prevent access to files stored with
+ 8-bit OEM characters.
+
+ * Shutdown all SMB threads in a synchronized manner when stopping the
+ service.
+
+ * There is currently a maximum cache size of 1.3GB. The limit is imposed
+ by the largest contiguous block of unused memory within the 2GB process
+ space which can be assigned to the memory mapped file. Unfortunately,
+ when the executable digital signature verification code is activated
+ Windows sees fit to further segment the process memory which in turn
+ reduces the size of the maximum cache file to less then 800MB. If
+ larger cache sizes are desired, a new registry value should be set:
+
+ HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0
+
+ Setting this value will disable the runtime verification of digital
+ signatures on afsd_service.exe and the afs dlls which it loads. It
+ will not disable the the version number check on those same files.
+ The signature verification is not a security messure and is only meant
+ to enhance the ability to afsd_service.exe to detect potential
+ destablizing mixtures of DLLs from incompatible distributions.
+
+ Added code to auto-disable the signature verification check if
+ the desired cache size is greater then 700MB.
+
+ * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is
+ used to verify the validity of the afsd_service.exe binary
+ as well as each of the AFS DLLs loaded by the service. Not only
+ must the digital signature be valid but the signatures of the
+ DLL must be signed by the same entity as the service.
+
+ * Implement new functions: cm_freelanceMountPointExists and
+ cm_freelanceSymlinkExists. Use them along with other validity
+ checks in cm_freelanceAddMount and cm_freelanceAddSymlink to
+ ensure that name collisions do not occur and that empty strings
+ are not valid file names.
+
+ A symlink may not have a name which would resolve to a valid
+ cell name. Doing so would prevent access to the cell.
+
+ * Add missing cm_HoldSCacheNoLock call to Freelance mount point
+ re-initialization code. The reference counts of the fake root.afs
+ volume scache object(s) would become invalid when the mount point
+ or symlink lists were altered.
+
+ * Add registry entries to provide mappings from the afsdsbmt.ini
+ to the new locations for applications which count on the use
+ of the old Profile file APIs. These apps are likely to fail
+ if the user does not have administrator privileges and the
+ registry is locked down.
+
+ * The afs_config.exe submounts dialog had two errors.
+ First, attempts to remove entries failed because the registry
+ key was being opened without KEY_WRITE privileges.
+ Second, when editing a submount entry, changing the name
+ would add a new key and leave the original one in place.
+ Now the original submount will be removed if its name is
+ changed.
+
+ * In recent months there have been several incidents in which
+ users have experienced problems starting or accessing
+ afsd_service.exe and after significant effort has been spent
+ it has turned out that they have two versions of AFS on the
+ machine or an inconsistent set of DLLs.
+
+ Code has now been added to afsd_service.exe which will walk
+ the list of modules loaded by afsd_service.exe and validate
+ that the version of the AFS DLLs matches the version of the
+ afsd_service.exe executable. If they do not match the service
+ will not start.
+
+ * When Freelance mode is enabled and there is no registry
+ key HKLM\SOFTWARE\OpenAFS\Client\Freelance, afsd_service.exe
+ will attempt to import the afs_freelance.ini file contents.
+ If the file does not exist, it was creating a dummy file
+ with a r/o and r/w entry for the default cell and then
+ importing those values.
+
+ This process has been changed. The temporary file is no
+ longer created. Also, both the OpenAFS Client install
+ directory as well as %WINDIR% are checked for previous
+ afs_freelance.ini files.
+
+ * Added support for VL_GetEntryByNameN(). Still need to add
+ support for VL_GetEntryByNameU() for multi-homed support.
+
+ * Fix a deadlock situation in afscreds.exe when canceling an
+ auto-generated Obtain Tokens dialog
+
+Since 1.3.72/73:
+ * Fix the locking of objects during Directory Searches in the
+ SMB/CIFS server. The failure to properly lock the reference
+ counts was resulting in the premature freeing of smb_dirSearch_t
+ objects while they were still in use by the SMB/CIFS client.
+ This does not solve the "Invalid Handle" problem.
+
+ * Fix Find Cell By Name pioctl call to return a valid cell
+ name for the Freelance fake root.afs volume.
+ "Freelance.Local.Root".
+
+ * Fix the Explorer Shell Extension Symlinks->Add operation.
+ The dialog template was missing and the link destination
+ string was too short.
+
+ * Add support for symlinks to Freelance root.afs volume
+ Stored at HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks
+ <number> = "<linkname>:<relative-path>."
+ Use symlink.exe to create, list, or remove
+
+ * Remove the fallback to the use of KFW's KRB4 library when obtaining
+ tokens. We never obtain KRB4 tickets.
+
+ * Fix AFS Client Configuration Control Panel to support new SysName
+ protocol.
+
+ * Fix a bug in afsd_service.exe which could result in the SysName
+ not being read from the registry.
+
+Since 1.3.71:
+ * Add code to block the issuance of AFS tokens by aklog.exe or
+ afscreds.exe when the Kerberos 5 principal name contains a dot.
+
+ * Modify the IsAdmin() function to always treat the local SYSTEM
+ account as an AFS client administrator. Affects fs.exe and
+ afs_config.exe.
+
+ * Modify the internal handling of Quota Exceeded errors
+
+ * Upgrade all reference count fields in the Windows cache manager
+ and the osi library to use unsigned long instead of signed short.
+ A similar fix has been applied to the afs rpc (rx) library.
+
+ * fix the Windows cache manager to prevent it from replacing the
+ rx_connection object associated with the cm_conn_t object on each
+ and every operation if "fs crypt" was set. This explains the
+ dramatic performance difference when crypt is used vs clear.
+ The problem: 'cryptall', a boolean flag indicating whether or not
+ "fs crypt" is set, was being compared to the rx_connection
+ cryptlevel which is either rxkad_clear:0 or rxkad_crypt:2.
+ 1 != 2 and therefore the rx_connection was always destroyed
+ and replaced on each and every operation.
+
+ Lock the cm_conn_t object around every call to RXAFS_xxxx functions.
+ It is not safe for the cm_conn_t object to not be locked because
+ rx_DestroyConnection might be called from another thread if:
+ - the user's tokens have changed or expired
+ - the crypt mode has changed
+
+ This fix appears to have also taken care of the problems associated
+ with Overlapped Writes resulting in Delayed Write errors.
+
+ * fix NSIS installer's AdminGroup.exe to properly create and
+ remove groups when given -create or -remove. The string comparison
+ test was wrong.
+
+ * fs sysname now accepts a list of sysname values
+
+ * added a new registry value HKLM\SOFTWARE\OpenAFS\Client "IoctlDebug"
+ DWORD which when set to a non-zero value will cause error message
+ text to be output to stderr from the pioctl() routine. Useful in
+ debugging failures of fs.exe, tokens.exe, etc.
+
+ * added a test to the power management code to only perform a
+ flush operation if there is at least one network adapter which
+ is not a loopback adapter.
+
+ * Fix bug in loading of registry value HKLM\SOFTWARE\OpenAFS\Client
+ "EnableKFW". This value will not be read if the key
+ HKCU\SOFTWARE\OpenAFS\Client exists; even if the "EnableKFW"
+ value under that key does not.
+
+ * provide mechanisms to force the use of krb524d for Kerberos 5
+ ticket to AFS token conversion. For afslogon.dll and afscreds.exe
+ there is a new registry value "Use524" and for aklog.exe a new
+ command line parameter "-m".
+
+ * Fix the pattern matching algorithm to properly match patterns
+ ending with a '*'.
+
+ * smb_ReceiveCoreRename() was factored to produce smb_Rename()
+ which is used by both the original function and the new
+ smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
+ creation of HardLinks in addition to Renaming. smb_Link()
+ is a new function which creates HardLinks via cm_Link().
+ cm_Link() is a new vnodeops function which creates links
+ using RXAFS_Link().
+
+ smb_ReceiveNTRename() does not support the File Copy and
+ Move Cluster Information operations described in its interface.
+ ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
+
+ * When opening files via symlinks, we should follow the symlinks
+ until we reach the actual file stat cache entry. The stat cache
+ entry of the file should then be stored in the FID instead of
+ stat scache entry of the symlink.
+
+ * return bad operation errors for all unimplemented functions
+ even if we do not know the functions exist.
+
+ * Log bad packets and unknown operation packets to the trace log
+
+ * Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
+ 0xC09820FF
+
+ * Update list of known CIFS operations to include all those listed
+ in CIFS-TR-1p00_FINAL.pdf.
+
+ * Modify the handling of HKLM\SOFTWARE\OpenAFS\Client\Submounts
+ to support the REG_EXPAND_SZ type.
+
Since 1.3.70:
+ * A new Windows authorization group "AFS Client Admins" is now
+ created and populated with the members of the "Administrators"
+ group. The group is used to determine which accounts on the
+ machine may be used to modify the AFS Client Configuration via
+ the UI and command line tools. afs_config.exe, fs.exe,
+
+ * Modify the WinLogon Logoff Event Handler to query NT4 domain
+ controllers for the remote profile path if Active Directory
+ services are not available.
+
* Fix aklog.exe to not add the AFS ID to the username
* PTS registration of new users to foreign cells has been added to