Recent changes added a new dependency of afspioctl.lib to all
server binaries.
Export new afsconf_ functions from libafsauthent.dll
Fix afsconf_* usage in afsio.c
Change-Id: I03e377a3d28b4efbea4a799e6ca63606eab699c9
Reviewed-on: http://gerrit.openafs.org/1273
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Our include paths are a bit of a mess. Fix these so that they're
more rational, and more in line with normal coding style.
In particular:
*) Don't include all of the subdirectories of our top level
include directory. If a file wants afs/file.h, it should
include that, not "file.h"
*) Try to avoid including '.' in the search path (although
objdir builds make this harder)
*) Don't blindly include other directories from the code tree
in the search path. If a package wants another packages header,
then it should get it from the include directory
*) Use the convention that quoted includes ("") pick up local
headers. Bracketed includes (<>) pick up ones from the top level
include dir
*) In directories which pull in files from multiple packages, don't
blindly put all of the package directories in the search path.
Specifically include the file's package directory when required
The big change here is that it's no longer possible to hide a system
include by placing a header of the same name in include/afs. The most
common case where this was happening was for 'assert.h'
Change-Id: I0796fabcf83ffcd74e533624c64e138a160dd632
Reviewed-on: http://gerrit.openafs.org/834
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
A number of recent changes haven't caught all of the locations where
warning inhibition can be removed. This patch updates all of the
inhibitions to reflect the current state of the tree when built with
gcc4.2
Change-Id: I7bad4fee1258f4e37fd729cda84711fed66acbc9
Reviewed-on: http://gerrit.openafs.org/813
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
With this commit afsio builds on Windows. It will not work
until the VIOC_FS_CMD OSD extension is implemented in the
Windows Cache Manager.
Required changes:
* Export ugen_ClientInit from libafsauthent.dll
* Fix util_GetInt64 and util_GetUInt64 to return afs_int32
instead of afs_int64 since it is just returning success
or error
* Define VIOC_FS_CMD for Windows even though it isn't implemented
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/587
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
This patch adds a '--enable-checking' configuration option. When this
option is supplied, and gcc is in use, the compiler will treat any
warnings as errors. This will hopefully help stop new warnings from
creeping into the tree.
In order to still be able to build, all of the currently existing
warnings are accepted (these are documented in README.WARNINGS). With
this set of warning inhibitions, the tree is known to build on 32bit
Leopard - other systems may vary. Warning inhibition may be disabled
by supplying --enable-checking=all - in this case the tree will
definitely not build!
If --enabled-checking is not specified, the existing compilation
behaviour is maintained, so there is no user-visible change.
Gcc 4.2, or later, is required to use the pragma sets contained within
this patch. Again, they are not visible unless --enable-checking is
given.
Reviewed-on: http://gerrit.openafs.org/526
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Microsoft Debugging Tools for Windows, Visual Studio Debugger,
and SysInternals tools can all make use of a Symbol Server.
http://msdn.microsoft.com/en-us/magazine/cc163563.aspx
The commit adds functionality to the build system to automatically
add binaries and symbols to a symbol store during the build.
This functionality is only enabled if two environment variables
are defined:
SYMSTORE_EXE - specifies the location of symstore.exe
SYMSTORE_ROOT - specifies the location of the symbol store
an optional environment variable permits an arbitrary comment
to be added to the symbol store history file.
SYMSTORE_COMMENT - arbitrary text to be added to the history
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/324
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Adds support for sysv message queues for fileserver audit logs. This
also organizes the audit log code into various 'interfaces', of which
there are two: the original 'file' interface, and the 'sysvmq' interface
that this adds. The interface is configurable at runtime with the
-audit-interface switch.
FIXES 124674
Reviewed-on: http://gerrit.openafs.org/82
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
For many years the Windows Build System has incorrectly mixed
some Pthread and LWP code. One of the side effects of this
mixing was the need for the EXT2 extern macro definition in
src/rx/rx_globals.h which permitted the LWP compiled routines
to link with the Pthreaded afsrpc library.
This commit creates or modifies multi-threaded versions of various
libraries including mtafsubik.lib, mtafsutil.lib, mtafsvldb.lib,
and mtafsvol.lib.
All of the threaded servers now make use of these libraries.
This reduces the number of times that many source files were
recompiled for each server directory.
util_GetInt32 was defined in both src/util/volparse.c and
src/WINNT/afsd/fs_utils.c. Now that mtafsutil.lib is being
used within src/WINNT/afsd there is no need to maintain the
duplicate copy.
The export list for afsauthent.def now includes all of the
ubik_PR_xxxx function variants and afsrpc.def now include
rxi_CallError as it is linked to outside the rx library.
The top-level NTMakefile has been modified to permit the
tree to build with the new header and library dependencies.
The threaded volserver which never built before now does.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/77
Verified-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Verified-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Asanka Herath <asanka@secure-endpoints.com>
Verified-by: Asanka Herath <asanka@secure-endpoints.com>
Verified-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Other functions included in libafsauthent and libafsrpc are using strlcpy
and strlcat, so include those objects in the libraries so that they stay
self-contained.
strlcat and strlcpy shouldn't be part of the public API for the libraries,
for various reasons including the fact that they're not built on all
platforms. Therefore, don't add the functions to the library exports and
include them separately in each library.
Reviewed-on: http://gerrit.openafs.org/63
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Verified-by: Derrick Brashear <shadow@dementia.org>
Now we're in git we don't need any cvsignore files any more...
Reviewed-on: http://gerrit.openafs.org/1
Verified-by: Derrick Brashear <shadow@gmail.com>
Reviewed-by: Derrick Brashear <shadow@gmail.com>
LICENSE MIT
libafsconf.dll has been present since OpenAFS 1.0. However,
for some unknown reason the components that it consists of
(cm_dns.obj, cm_config.obj, cm_nls.obj) have been staticly
linked into exes and dlls all over the code base. This commit
removes all of the static references and replaces them with
libafsconf.lib.
libafsconf.dll is also moved from Client\Program to Common
because it is now linked to by server and utility components.
LICENSE MIT
Add code signing with signtool.exe to the build process.
If all three of the required CODESIGN_xxxx environment
variables are defined, signtool will be used to sign each
exe, dll, and installer as they are built.
The three environment variables are:
CODESIGN_DESC = <description of application>
CODESIGN_TIMESTAMP = <url of certificate authority timestamp server>
CODESIGN_URL = <end user help URL>
The default signing certificate is the one that will be used by
signtool. If these environment variables are not defined, code
signing will be skipped.
LICENSE MIT
An incremental commit. This patch adds support for normalization of Unicode
but we have concluded that the normalization rules are incorrect. Normalized
strings should not be written to the file server or returned to the application.
LICENSE MIT
This delta provides a fairly complete implementation of Unicode character
set support for the Windows Cache Manager and supporting tools including
fs.exe, symlink.exe, the pioctl library, and the explorer shell extension.
New Build requirements:
In order to build the Microsoft IDN Mitigation APIs SDK 1.1 is now required.
This SDK provides the normalization.h header and the redistribution
install packages required to install normaliz.dll. The AFSDEV_INCLUDE
path must be modified to point to the directory containing normalization.h.
There are no lib files for this package.
Cache Manager:
The CM SMB server has been modified to negotiate the use of UNICODE.
By default it is on. The "fs smbunicode" command can be used to disable
UNICODE at runtime.
cm_utils now contains UNICODE normalization and conversion routines built
on top of the IDN Mitigation APIs.
All input strings are normalized with UNICODE Normalization Form C.
The pioctl interface now supports UTF8 strings in addition to ANSI.
UTF8 strings are prefixed with <ESC> % 8 as per the ISO 2022 extension.
Pioctl Library:
New apps should use the pioctl_utf8() function instead of pioctl().
pioctl() is for ANSI strings and provides backward compatibility
with third party apps.
fs.exe and symlink.exe:
Converted to Unicode applications. All strings are now communicated
using UTF-8.
Explorer Shell Extension:
Converted to a Unicode DLL. All strings are now communicated using
UTF-8. Fonts on U.S. Windows distributions are not fully populated.
As a result not all of the characters can be displayed in all of the
dialog boxes.
Still to do:
1. Add Unicode normalization to AFS directory entries and mountpoint
and symlink target strings.
2. Use the Unicode version of GetCurrentDirectory in fs_utils.c
3. Update the installers to install the IDN Mitigation APIs on XP
and 2003. Vista already has them and they are not supported on
pre XP SP2 releases.
LICENSE MIT
Modify the search order for determining the location of CellServDB
and other client configuration files.
1. AFSCONF environment variable
2. registry setting
3. NEW - use All Users\AppData\OpenAFS\Client only if CellServDB exists
4. use Program Files\OpenAFS\Client
When using the install-sh that ships with the source tree, Autoconf
substitutes in a relative path just to be annoying. Define the INSTALL
variables in each individual Makefile so that they find the proper file.
Remove the definitions from Makefile.config so that no one will
accidentally get the wrong ones.
Add a shared libkopenafs that provides k_hasafs, k_setpag, k_unlog, and
k_pioctl (in other words, enough for a PAM session module that calls an
external aklog).
Delete pinstall and convert the entire tree to use the install program
found by configure (falling back on install-sh in the local tree). This
means that we have to pre-create directories with install -d. Also redo
the install and dest rules to be lists of install rules rather than
dependencies driving separate make rules so that running make install will
always update the target directory with the current code, even if there are
files in the install area that are newer.
Stop installing libafssetpag; we're about to kill it in favor of a
different library. Remove some djgpp rules.
make ubik_Call removal work on Windows.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
another fix for Windows
Export rx_Finalize and rx_InitHost
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
* add afs_winsockCleanup() call to rx_Finalize
* do not start listener threads multiple times
====================
* export rx_Finalize and pr_End
====================
afs_winsockCleanup
In order to properly handle the local allocation of locks
the cache manager must enforce the locking rules associated
with PRSFS_WRITE and PRSFS_INSERT and PRSFS_LOCK. Insert
affects "new files" which in AFS are defined as any file that
is owned by the user. Therefore, we must know the afsid of the
user so that it can be compared to owner of the file.
This commit includes a query using PR_SNameToId where the name
is the name specified by the entity setting the token. There
does not currently exist a Protection Service RPC to return the
AFSID of the entity that the rx connection was authenticated as.
Such a function will have to be added in order to make this
functionality secure.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Export functions missing from the UNIX version and the PR_ functions
required by the Windows Cache Manager.
This patch extends the krb.conf file allowing the specification of
multiple realms which should be treated as equivalents to the local
cell authentication domain. Additional realms are specified on the
first line of the krb.conf file and are separated by white space.
In addition, the patch adds a new file stored in the same directory
as the krb.conf file called krb.excl. This file contains a list of
principal names, one per line, that must not be treated as local
identities.
The purpose of this patch is to allow organizations that are supporting
multiple realms with synchronized user principal databases to allow
their users to login with any of the realms and treat the principal
names as equivalent to the local PTS identity. The exclusion is
to allow certain names, such as those for administrative IDs, to be
restricted to a subset of the realms.
Further optimization of the afs_krb_exclusion() should be performed to
remove the need to re-read the file. This patch should be considered
a temporary solution until a more permanent set of extensions to the
PT database and RPCs allow for the assignment of mechanism specific
aliases for PT IDs.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
correction to exclusion list parsing
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
more corrections for use of 64-bit types on Windows
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
====================
64-bit type safety changes required for successful compilation
on Windows 64-bit systems with the VS 2005 compiler
all servers now take -auditlog (path), send ibm-style auditlogs there, rotate the logs like the normal server logs, and will log thread ids when it's multiprocessor. /usr/afs/local/Audit can also be used like on aix on other platforms now.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
all servers now take -auditlog (path), send ibm-style auditlogs there, rotate th
e logs like the normal server logs, and will log thread ids when it's multiproce
ssor. /usr/afs/local/Audit can also be used like on aix on other platforms now.
====================
all servers now take -auditlog (path), send ibm-style auditlogs there, rotate th
e logs like the normal server logs, and will log thread ids when it's multiproce
ssor. /usr/afs/local/Audit can also be used like on aix on other platforms now.
====================
all servers now take -auditlog (path), send ibm-style auditlogs there, rotate th
e logs like the normal server logs, and will log thread ids when it's multiproce
ssor. /usr/afs/local/Audit can also be used like on aix on other platforms now.
====================
Windows build dependency changes to support the audit logs
Apparently the problem with multi-domain forests with cross-
realm trusts to non-Windows realms was not entirely solved.
The authentication to the AFS SMB service failed because
the wrong name was being used. Using ASU as an example,
the authentication was being performed with the name
"QAAD\user" (an account in the forest root) and not
"user@ASU.EDU (the MIT Kerberos principal used to login with)
The solution was to add an additional dependency on KFW
in order or to be able to easily obtain the client principal
name stored in the MSLSA ccache TGT. This information is
used in two locations:
- the pioctl() function
- a new WinLogon Event Handler for the "logon" event.
The pioctl function will now be able to use the correct
name when calling WNetAddConnection2() and the "logon"
event handler will now be able to call WNetAddConnection2().
The hope is that the "logon" event handler will be called
before the profile is loaded but I have not guarrantee
that will happen.
FIXES 16432
need AssertionFailed in libafsrpc. ndon't need casestrcpy in libafsauthent
VS: ----------------------------------------------------------------------
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 16432
need AssertionFailed in libafsrpc. ndon't need casestrcpy in libafsauthent
Increase max chunksize to 128K from 32K. Windows uses 64K SMB writes.
The large chunksize helps reduce the overlapped write to afs issue.
Increase number of server threads from 4 to 25. Also helps to aleviate
the symptoms of the overlapped write to afs issue. I can now write files
as large as 80MB. 120MB files still fail.
Export pr_CreateUser and pr_SNameToId from afsauthent.lib in order to
allow aklog.exe to use them to determine if a new pts uid should be
created for a user when accessing a foreign cell.
Modify pioctl to output a message to stderr if a Downgrade Detection error
has been returned when attempting to open the __IOCTL__ file.
Increase version number to 1.3.6601
Use HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer:Logon User Name
to determine the current user name for the afscreds.exe display
Do not allow submount names to have forward or backward slashes
Add debug info to cm_ioctl to track token addition and deletion
Add register new user code to aklog.exe from KenH's AFS kit
Correct test in cm_callback.c for freelance root.afs volume which
should not have been applied when freelance was not active.
* at my request Asanka Hearth of MIT ripped out all of the code used
the compute the Netbios Name of the SMB Server and the mountRoot
and constructed one commonly used library called lanahelper.lib.
This library is now constructed in the WINNT/afsd directory and
used throughout the tree. At least we now have consistency if
nothing else.
From Skyrope:
The Skyrope work attempted to improve on the end user experience of using
OpenAFS in the following ways:
* Obtain tokens using renewable Kerberos 5 tickets in order to
reduce the need for end users to renew expired tokens
* Monitor the list of IP Addresses in order to detect changes
in the network configuration which might affect the reachability
of cells or the state of the AFS Client Service. When cells
are newly reachable, obtain tokens for the cells. If the AFS
Client Service is not running, start it. If tokens are expiring
attempt to renew them.
* Use KDC probes to detect the accessibility of realms/cells. If
the KDC is not reachable, do not prompt the end user for a
username and password. (fs probe is not implemented on windows)
* Automatically obtain tokens using the Windows Logon Session
Kerberos credentials (if available)
* Allow tokens for multiple cells to be obtained by using the
same Kerberos 5 tickets. (no UI yet implemented)
* Perform drive mapping persistance by tracking it within the
afsdsbmt.ini file instead of relying on the Windows Shell
to persist the state.
* Add new afscreds.exe command line options and change the
default set used when creating the "AFS Credentials" shortcut
in the Start Menu->Programs->Startup folder.
From MIT:
* Auto-detection of loopback adapters. Use "AFS" as the netbios
name when a loopback adapter is installed.
* Support for responding to power management events. Used to
flush the cache when the machine is about to suspend, hibernate,
or shutdown
* Documentation of Registry entries
* Support for Extended SMB Requests
* Beginning of support for true Event Log reporting from a
message database
* Hidden Dot File support (configured via the HideDotFiles
registry option)
* Configurable Max number of Multiplexed Sessions (MaxMpxRequests
registry option)
* Configurable Max MTU size (RxMaxMTU registry option)
* Configurable Jumbogram support (RxNoJumbo registry option)
* Configurable Max number of Virtual Connections per Server
(MaxVCPerServer registry option)
* Win32 DNS API support
* Addition of SMB_ATTR_xxxx defines for use instead of hex numbers
* A variety of heap access and resource deallocation errors corrected
in the SMB code
* Support for recursive directory creation
* Modifications to the en_US version of the client configuration
dialog (need to port to other languages)
Notes on the current check-in:
* The KfW code will always be used when installed on the machine.
This code only supports Krb5 and will not work with Krb4 only
realms. A registry flag indicating whether or not KfW should be
used if found needs to be added.
* afscreds.exe needs to have a registry entry created to control
the parameter list it should be started with. There should be
a dialog to control this in the installer and within afscreds.exe
* The MIT method of auto-assigning the mount-root and the netbios
name is in conflict with the morgan stanley submissions in some
parts of the code. If you are using the loopback adapter with
this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs"
registry options must be specified. This will be fixed in coming
days.
This massive patch contains changes in several significant areas for Windows:
- the ability to specify the mount point to be something other than /afs
- functionality to assist debugging of the NT Services
- support for languages other than English (NTLang.bat)
- revisions to the Build system to support separate trees for src, obj,
dest and free or checked; allow any MS compiler to be used
- updates to NSIS installer build
- mutex locking added to critical locations
- updates to IS5 directory tree creation
- update to afswsNetscape_config.sh
FIXES 1488
It adds:
- the binary version of the file version/productversion, which the MSI
engine sort of want files in MSI packages to all have. This requires
another variable to be maintained in NTMakefile.i386_nt40 (Please don't
change the value from 1,2,910,0 to 1,2,9,1 or something like that. The last
number group in the version is considered completely insignificant by some
things)
- some file typing, which I don't know if anything cares about
- Some new items in the stringfileinfo table, (InternalName and
OriginalFilename) without which explorer won't show use the version info in
constructing tooltip text.
- Actually setting ProductVersion and FileVersion to something real
- Language codes, which the MSI engine also wants
support for V6.0 and .Net complier, compile from either NT4.0 or XP
Source and object are separated into different directories. The directory
tree would look as follows:
Base from %AFSROOT% environment variable
%AFSROOT%\src\... - all source and generated source
%AFSROOT%\obj\checked\... objects from a checked build
%AFSROOT%\obj\free\... objects from a free build
%AFSROOT%\obj\dest\checked\... DEST folder from a checked build
%AFSROOT%\obj\dest\free\.... DEST folder from a free build
Before you start the build, you must build an object tree by issuing the
following:
nmake -f NTMAKEFILE mkdir
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
support for V6.0 and .Net complier, compile from either NT4.0 or XP
Source and object are separated into different directories. The directory
tree would look as follows:
"1. The default Open AFS is set to normal security (doesn't generate random
user names).
If you are installing over a previous version (before 1.2.2b) it's default
is
high security; therefore, if you want the normal security, you should
uninstall the previous version (1.2.2a or earlier) and select to 'Not
Preserve previous settings'.
To manually change security you need to set the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemond\NetworkProvider
LogonOptions = 1 - Integrated Logon
LogonOptions = 2 - High Security options, Random User name generation
LogonOptions = 3 - both
3. Windows 2000/NT, Win9x - First time installations will create necessary
directories when user decides to download CellServDB
4. Windows 2000/NT, Global Drive working.
5. Windows XP - Drive mapping via GUI working.
6. Rename pthread.dll to afspthread.dll"
