LICENSE BSD
Add documentation of foreign realm user registration and cross-realm PTS
groups. Add documentation of missing ptserver flags. Add some additional
to-do entries for the man pages.
LICENSE IPL10
Update the fileserver documentation for demand-attach and add documentation
of other missing options and notes where some options are only applicable
with particular builds.
LICENSE BSD
Add some additional cross-references, add some missing man pages, fix a
few references to the OpenAFS manuals, document the -live flag to vos
move, and add an example for rxdebug.
Add a new fs newalias man page. Add -help to the synopsis and options of
the other new man pages. Add additional missing links in the fs man page.
Fix some wording in the CellAlias man page.
Complete the documentation of the afsd flags and update a few things like
-settime and -nosettime. Add man pages for fs setcrypt, fs getcrypt, and
CellAlias. Based on work by Jason Edgecombe and then extensively edited,
so any errors I probably introduced.
FIXES 65988
Mention aklog and kinit in klog's man page, add -dynroot to the afsd man
page, and mention that -skipauth tells uss not to create any Kerberos
principal and this has to be done separately.
Add additional arguments to the SYNOPSIS that the file server recognizes.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Missed another erroneous option argument.
ka-forwarder is under a different copyright not previously covered, so
embed the actual licensing in the source rather than referring to a file
that doesn't exist and add the relevant information to the LICENSE files.
FIXES 60137
commit updates to the docs for obsolete stuff
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
also the appendix file
Remove generated files from CVS.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Some initial obvious cleanup. Removed all the sections on Digital UNIX,
changed IBM AFS to OpenAFS throughout, and reformatted and cleaned up the
front matter and some of the first few pages.
Add some comments to the makefile, set up dependencies to build the index
automatically, remove a bunch of unnecessary @-signs in front of commands,
and add a clean target.
Document (at least partially) AFS's mapping of Kerberos v5 principal names
to Kerberos v4 format in the aklog man page. Also document that -setpag
may not always work.
When using the install-sh that ships with the source tree, Autoconf
substitutes in a relative path just to be annoying. Define the INSTALL
variables in each individual Makefile so that they find the proper file.
Remove the definitions from Makefile.config so that no one will
accidentally get the wrong ones.
Delete pinstall and convert the entire tree to use the install program
found by configure (falling back on install-sh in the local tree). This
means that we have to pre-create directories with install -d. Also redo
the install and dest rules to be lists of install rules rather than
dependencies driving separate make rules so that running make install will
always update the target directory with the current code, even if there are
files in the install area that are newer.
Stop installing libafssetpag; we're about to kill it in favor of a
different library. Remove some djgpp rules.
Rewrite the aklog man page in POD and add documentation of the new flags
and .xlog.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Fix my misunderstanding of what rxkad2b is.
====================
Fix unterminated B<>.
Autoconf 2.60 will replace some variables, most notably mandir, with values
relative to datarootdir, a new variable. Add settings of datarootdir to
the affected files.
Implement proper synopsis wrapping for HTML generation.
This was done in three pieces. First, add HTML-specific tags to the POD to
mark the synopsis for HTML purposes so that we can apply style information
to it. Second, update the style sheet to indent all lines except for the
first in the synopsis section. Third, add the appropriate S<> tags around
option and argument pairs so that we don't wrap between the option and its
argument.
Unfortunately, due to the <I<foo>> style that looks nicer for other reasons,
we have to use the very verbose S<<< >>>. Oh well.
Make the mentions of subcommands in the fs command introduction links to
the relevant pages, and add to README a to-do note to do this for the rest
of the introductory pages.
Fix links to man pages that contain underscores by working around a bug
in Pod::Simple.
Initial cut at an HTML conversion of the POD reference pages. Requires
Pod::Simple be installed (version 3.0 or later, probably). Also fix a POD
formatting bug in the afs(1) man page noticed while testing HTML output.
Add man pages for rxgen and cmdebug. The cmdebug man page was written from
scratch based on the source code. The rxgen man page is a conversion of an
old TeX document to POD.
Add new man pages for livesys and voldump. Fix the man page for sys to say
what it actually does, rather than implying that it works like livesys, and
to recommend livesys instead. Fix a path error in the NetInfo
documentation. Update the README for the current status, including
listing all installed commands that don't have man pages. (There may still
be some subcommands that don't have man pages but aren't listed.)
On installation, substitute the configured paths into the man pages,
replacing the Transarc paths. Also fix a problem with the way that
pinstall was being used to install man pages. (Silly me, I was assuming
it had the same behavior as install.)
This is just a quick first pass. Longer term, it's probably better to
replace all paths in the man pages with unambiguous tokens and then
replace those tokens instead of assuming that the man pages use Transarc
paths and replacing those paths specifically. The current method has a
few minor problems, such as not being able to distinguish between the
various paths that make up /usr/afs/bin. Still, the results of this method
are good enough to start with.
Move man page generation out into a separate script that's just invoked
from regen.sh, so that someone can run that separate script later if they
wish. Make that script more robust against problems such as empty podN
directories. Diagnose a missing pod2man and warn about old versions of
Pod::Man.
Also, remove the old programs used to do the initial conversion from HTML.
Enough post-conversion editing was done that they're no longer necessary
except for historical curiosity, and for that purpose they can be pulled
out of CVS.
This completes the first editing pass of the man pages. Very little
content editing has been done, but the server and client versions of
various man pages have been combined into a single man page for the
file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the
descriptions of the various AFS cache files have been combined into one
afs_cache man page, and the descriptions of the two butc log files have
been combined into one butc_logs man page.
For man pages for databases with two files, symlinks are now created on
installation for the secondary file name.
All of the man pages should now be ready for public review, additional
editing and cleanup, and content editing.
This completes the initial editing pass of the section eight man pages.
Only small amounts of content editing has been done. Some known problems
have been noted in README, but there will doubtless be others, as well as
some lingering formatting problems. However, the quality should now be
good enough for general public review.
Some of the section eight man pages were really supposed to be section one,
the package apropros and package help commands are too useless to document,
and a few of the difficult-to-name section five man pages have now acquired
names.
Initial documentation for the man page project, including initial notes
on conversion, a start at a formatting guide, information on how to
contribute, and an initial issues list of things I happened to notice
while editing the section one pages.
Generate the man pages in man1, man5, and man8 subdirectories rather than
directly in the doc/man-pages directory to reduce clutter. Add a
.cvsignore to reduce noise.
Complete an initial editing and cleanup pass for all section one man pages.
Fix various conversion problems, formatting inconsistencies, and obvious
problems. Please note that no editing for content has yet been done; this
is solely editing for formatting and correct conversion to POD.
Also, add some additional section five man pages that were omitted from the
first conversion run due to unusual file names, and globally replace
CAVEATS with CAUTIONS in the man pages to match the original section name.
The section one man pages should now be in reasonable shape and ready for
additional review and further updates, although there are probably still
remaining obvious problems.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
This file got the wrong name when it was originally committed. Fix.
This is the initial conversion of the AFS Adminstrators Reference into POD
for use as man pages. The man pages are now generated via pod2man from
regen.sh so that only those working from CVS have to have pod2man
available. The Makefile only installs. The pages have also been sorted
out into pod1, pod5, and pod8 directories, making conversion to the right
section of man page easier without maintaining a separate list and allowing
for names to be duplicated between pod5 and pod1 or pod8 (which will likely
be needed in a few cases).
This reconversion is done with a new script based on work by Chas Williams.
In some cases, the output is worse than the previous POD pages, but this is
a more comprehensive conversion.
This is only the first step, and this initial conversion has various
problems. In addition, the file man pages that didn't have simple names
have not been converted in this pass and will be added later. Some of the
man pages have syntax problems and all of them have formatting errors. The
next editing pass, coming shortly, will clean up most of the remaining
mess.
"fs flushall" is like "fs flushvolume" but flushes all data in the cache
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
typo
Now that OAFW is ready for a stable series, we will default "fs trace"
to off on non-Debug builds. It can be set to on via the TraceOption
registry value. (see registry.txt)
Added a new option for viewing the trace log data in real time
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Include the Thread ID in the output to make it usable for debugging
deadlocks.
====================
alter the afsd_init.log tag for the TraceOption to not be
Windows Event Log specific.
Byte range locks:
The OpenAFS Windows client has to fake byte range locks given no
server side support for such locks. This is implemented as keyed
byte range locks on the cache manager.
Keyed byte range locks:
Each cm_scache_t structure keeps track of a list of keyed locks.
The key for a lock is essentially a token which identifies an owner
of a set of locks (referred to as a client). The set of keys used
within a specific cm_scache_t structure form a namespace that has a
scope of just that cm_scache_t structure. The same key value can
be used with another cm_scache_t structure and correspond to a
completely different client. However it is advantageous for the
SMB or IFS layer to make sure that there is a 1-1 mapping between
client and keys irrespective of the cm_scache_t.
Assume a client C has key Key(C) (although, since the scope of the
key is a cm_scache_t, the key can be Key(C,S), where S is the
cm_scache_t. But assume a 1-1 relation between keys and clients).
A byte range (O,+L) denotes byte addresses (O) through (O+L-1)
inclusive (a.k.a. [O,O+L-1]). The function Key(x) is implemented
through cm_generateKey() function for both SMB and IFS.
The cache manager will set a lock on the AFS file server in order
to assert the locks in S->fileLocks. If only shared locks are in
place for S, then the cache manager will obtain a LockRead lock,
while if there are any exclusive locks, it will obtain a LockWrite
lock. If the exclusive locks are all released while the shared
locks remain, then the cache manager will downgrade the lock from
LockWrite to LockRead.
Lock states:
A lock exists iff it is in S->fileLocks for some cm_scache_t
S. Existing locks are in one of the following states: ACTIVE,
WAITLOCK, WAITUNLOCK, LOST, DELETED.
The following sections describe each lock and the associated
transitions.
1. ACTIVE: A lock L is ACTIVE iff the cache manager has asserted
the lock with the AFS file server. This type of lock can be
exercised by a client to read or write to the locked region (as
the lock allows).
1.1 ACTIVE->LOST: When the AFS file server fails to extend a
server lock that was required to assert the lock.
1.2 ACTIVE->DELETED: Lock is released.
2. WAITLOCK: A lock is in a WAITLOCK state if the cache manager
grants the lock but the lock is yet to be asserted with the AFS
file server. Once the file server grants the lock, the state
will transition to an ACTIVE lock.
2.1 WAITLOCK->ACTIVE: The server granted the lock.
2.2 WAITLOCK->DELETED: Lock is abandoned, or timed out during
waiting.
2.3 WAITLOCK->LOST: One or more locks from this client were
marked as LOST. No further locks will be granted to this
client until al lost locks are removed.
3. WAITUNLOCK: A lock is in a WAITUNLOCK state if the cache manager
receives a request for a lock that conflicts with an existing
ACTIVE or WAITLOCK lock. The lock will be placed in the queue
and will be granted at such time the conflicting locks are
removed, at which point the state will transition to either
WAITLOCK or ACTIVE.
3.1 WAITUNLOCK->ACTIVE: The conflicting lock was removed. The
current serverLock is sufficient to assert this lock, or a
sufficient serverLock is obtained.
3.2 WAITUNLOCK->WAITLOCK: The conflicting lock was removed,
however the required serverLock is yet to be asserted with the
server.
3.3 WAITUNLOCK->DELETED: The lock is abandoned or timed out.
3.5 WAITUNLOCK->LOST: One or more locks from this client were
marked as LOST. No further locks will be granted to this
client until all lost locks are removed.
4. LOST: A lock L is LOST if the server lock that was required to
assert the lock could not be obtained or if it could not be
extended, or if other locks by the same client were LOST.
Effectively, once a lock is LOST, the contract between the cache
manager and that specific client is no longer valid.
The cache manager rechecks the server lock once every minute and
extends it as appropriate. If this is not done for 5 minutes,
the AFS file server will release the lock. Once released, the
lock cannot be re-obtained without verifying that the contents
of the file hasn't been modified since the time the lock was
released. Doing so may cause data corruption.
4.1 LOST->DELETED: The lock is released.
4.2 LOST->ACTIVE: The lock is reassertd. This requires
verifying that the file was not modified in between.
4.3 LOST->WAITLOCK: All LOST ACTIVE locks from this client were
reasserted. The cache manager can reinstate this waiting
lock.
4.4 LOST->WAITUNLOCK: All LOST ACTIVE locks from this client
were reasserted. The cache manager can reinstate this waiting
lock.
5. DELETED: The lock is no longer relevant. Eventually, it will
get removed from the cm_scache_t. In the meantime, it will be
treated as if it does not exist.
5.1 DELETED->not exist: The lock is removed from the
cm_scache_t.
6* A lock L is ACCEPTED if it is ACTIVE or WAITLOCK.
These locks have been accepted by the cache manager, but may or
may not have been granted back to the client.
7* A lock L is QUEUED if it is ACTIVE, WAITLOCK or WAITUNLOCK.
8* A lock L is EFFECTIVE if it is ACTIVE or LOST.
9* A lock L is WAITING if it is WAITLOCK or WAITUNLOCK.
Lock operation:
A client C can READ range (Offset,+Length) of cm_scache_t S iff:
1. for all _a_ in (Offset,+Length), one of the following is true:
1.1 There does NOT exist an ACTIVE lock L in S->fileLocks such
that _a_ in (L->LOffset,+L->LLength) (IOW: byte _a_ of S is
unowned)
AND
For each LOST lock M in S->fileLocks such that
_a_ in (M->LOffset,+M->LLength), M->LockType is shared AND
M->key != Key(C).
(Note: If this is a different client from one whose shared
lock was LOST, then the contract between this client and the
cache manager is indistinguishable from that where no lock
was lost. If an exclusive lock was lost, then the range is
considered unsafe for consumption.)
1.3 There is an ACTIVE lock L in S->fileLocks such that: L->key
== Key(C) && _a_ in (L->LOffset,+L->LLength) (IOW: byte _a_
of S is owned by C under lock L)
1.4 There is an ACTIVE lock L in S->fileLocks such that _a_ in
(L->LOffset,L->+LLength) && L->LockType is shared (IOW: byte
_a_ of S is shared) AND there is no LOST lock M such that _a_
in (M->LOffset,+M->LLength) and M->key == Key(C)
A client C can WRITE range (Offset,+Length) of cm_scache_t S iff:
2. for all _a_ in (Offset,+Length), one of the following is true:
2.1 Byte _a_ of S is unowned (as above) AND for each LOST lock
L in S->fileLocks _a_ NOT in (L->LOffset,+L->LLength).
2.2 Byte _a_ of S is owned by C under lock L (as above) AND
L->LockType is exclusive.
A client C can OBTAIN a lock L on cm_scache_t S iff:
3. for all _a_ in (L->LOffset,+L->LLength), ALL of the following is
true:
3.1 L->LockType is exclusive IMPLIES there does NOT exist a QUEUED lock
M in S->fileLocks such that _a_ in (M->LOffset,+M->LLength).
(Note: If we count all QUEUED locks then we hit cases such as
cascading waiting locks where the locks later on in the queue
can be granted without compromising file integrity. On the
other hand if only ACCEPTED locks are considered, then locks
that were received earlier may end up waiting for locks that
were received later to be unlocked. The choice of QUEUED
locks were made so that large locks don't consistently get
trumped by smaller locks which were requested later.)
3.2 L->LockType is shared IMPLIES for each QUEUED lock M in
S->fileLocks, if _a_ in (M->LOffset,+M->LLength) then
M->LockType is shared.
4. For each LOST lock M in S->fileLocks, M->key != Key(C)
(Note: If a client loses a lock, it loses all locks.
Subsequently, it will not be allowed to obtain any more locks
until all existing LOST locks that belong to the client are
released. Once all locks are released by a single client,
there exists no further contract between the client and AFS
about the contents of the file, hence the client can then
proceed to obtain new locks and establish a new contract.)
A client C can only unlock locks L in S->fileLocks which have
L->key == Key(C).
The representation and invariants are as follows:
- Each cm_scache_t structure keeps:
- A queue of byte-range locks (cm_scache_t::fileLocks) which
are of type cm_file_lock_t.
- A record of the highest server-side lock that has been
obtained for this object (cm_scache_t::serverLock), which is
one of (-1), LockRead, LockWrite.
- A count of ACCEPTED exclusive and shared locks that are in the
queue (cm_scache_t::sharedLocks and
cm_scache_t::exclusiveLocks)
- Each cm_file_lock_t structure keeps:
- The type of lock (cm_file_lock_t::LockType)
- The key associated with the lock (cm_file_lock_t::key)
- The offset and length of the lock (cm_file_lock_t::LOffset
and cm_file_lock_t::LLength)
- The state of the lock.
- Time of issuance or last successful extension
Semantic invariants:
I1. The number of ACCEPTED locks in S->fileLocks are
(S->sharedLocks + S->exclusiveLocks)
External invariants:
I3. S->serverLock is the lock that we have asserted with the
AFS file server for this cm_scache_t.
I4. S->serverLock == LockRead iff there is at least one ACTIVE
shared lock, but no ACTIVE exclusive locks.
I5. S->serverLock == LockWrite iff there is at least one ACTIVE
exclusive lock.
I6. If a WAITUNLOCK lock L exists in S->fileLocks, then all
locks that L is waiting on are ahead of L in S->fileLocks.
I7. If L is a LOST lock, then for each lock M in S->fileLocks,
M->key == L->key IMPLIES M is LOST or DELETED.
--asanka
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Byte range locks added to change list
====================
should improve error codes, and allow lock promotions and demotions
by releasing locks.
====================
More improvements to the byte range locking. Handle errors caused
by a failure to have locking privs; report sharing violations when
opening files; lie about locks on read-only volumes; implement
shared read/write file creation in the smb layer.
====================
remove assertion
====================
must reference count local references to objects if the lock
is being released
====================
Do not use a variable until you assign it a value
====================
remove an unwanted assertion and move the resetting of scp->serverLock
to -1 into cm_LockMarkSCacheLost() so that others do not forget to set
it. cm_LockMarkSCacheLost() is always called when the scp->mx is held
so it is ok to do so.
Do not return error codes from the SMB/CIFS server that can be interpretted
by the SMB/CIFS client as meaning that the AFS Client Service is not
available.
When tokens expire, do not display an obtain tokens dialog if there
is no network connectivity to the kdc for the realm associated with
the cell.
In the en_US build, stop displaying the expiration time of tokens
after the tokens expire.
1.3.8201
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
remove AFS Gateway option
Apparently the problem with multi-domain forests with cross-
realm trusts to non-Windows realms was not entirely solved.
The authentication to the AFS SMB service failed because
the wrong name was being used. Using ASU as an example,
the authentication was being performed with the name
"QAAD\user" (an account in the forest root) and not
"user@ASU.EDU (the MIT Kerberos principal used to login with)
The solution was to add an additional dependency on KFW
in order or to be able to easily obtain the client principal
name stored in the MSLSA ccache TGT. This information is
used in two locations:
- the pioctl() function
- a new WinLogon Event Handler for the "logon" event.
The pioctl function will now be able to use the correct
name when calling WNetAddConnection2() and the "logon"
event handler will now be able to call WNetAddConnection2().
The hope is that the "logon" event handler will be called
before the profile is loaded but I have not guarrantee
that will happen.
FIXES 18131
collect all licenses here
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 18131
install LICENSE into destdir builds
updates for 1.3.80
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
update issues list
This patch applies all of the work done to add persistent cache support,
cache manager debugging, and a variety of bug fixes. A full description
will be committed within doc/txt/winnotes as part of a later commit.
* The variable used to determine whether a file or virtual memory
mapped cache is used was not properly initialized to a default
value. If the registry setting "NonPersistentCaching" was not
set, the choice would be random. Properly initialized to be
"file".
* The memory mapped view was never unmapped before closing the file
at service shutdown. This is now properly cleaned up.
* Default location of Cache file is now %TEMP%\AFSCache
Add new Property for StoreAnsiFilenames
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Add property for StoreAnsiFilenames
update text files for StoreAnsiFilenames.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Allow users to choose to store file names in AFS using ANSI code pages
instead of OEM code pages.
Install registry values to force a mapping from afsdsbmt.ini file updates
via the old profile API to the new HKLM\Software\OpenAFS\Client\Submounts
key.
update docs
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
conditionalize the cleanup of language files on their existence
====================
reformat parts of afsd_init.c
add support for version number checking to afsd_service.exe
====================
Fix the afs_config.exe submount dialog operations: Edit Submount name and
Remove submount entry.
====================
Fix the version info data stored in the resource block to
use the same language identifier as is advertised.
the VC++ 2003 Toolkit is missing some important libraries.
remove it from the README-NT file
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
update docs
====================
simplify the freelance import from afs_freelance.ini code. don't generate
an new file if the old one does not exist.
begin conversion from old string functions to new strsafe functions.
this will need to be done for all of the afsd_service.exe source
modules before we can regularly use VS .NET 2005
Add support for VL_GetEntryByNameN. Still need to figure out what needs
to be done for VL_GetEntryByNameU. (multi-homed support)
====================
fix a deadlock situation if an Obtain Tokens dialog is produced
by an expiration event and the user chooses to cancel instead of
obtain new credentials.
Fix the registry query in afskfw.lib to read the HKLM machine value
even if the HKCU key is present.
Update text in the install notes to better describe the krb524
issues
Provide mechanisms to force the use of krb524 via afscreds, afslogon,
and aklog. afslogon and afscreds rely on a new "Use524" registry value
(see registry.txt) and aklog has a new "-m" command line option.
The pattern matching algorithm was failing to match strings when the
pattern terminated in a '*'. The logic was also too complex because
it failed to simply the patterns prior to processing. Any combination
of '*' and '?' == '*' according to the Windows file name pattern
matching rules.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 15365
The pattern matching algorithm was failing to match strings when the
pattern terminated in a '*'. The logic was also too complex because
it failed to simply the patterns prior to processing. Any combination
of '*' and '?' == '*' according to the Windows file name pattern
matching rules.
FIXES 915
FIXES 15250
* smb_ReceiveCoreRename() was factored to produce smb_Rename()
which is used by both the original function and the new
smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
creation of HardLinks in addition to Renaming. smb_Link()
is a new function which creates HardLinks via cm_Link().
cm_Link() is a new vnodeops function which creates links
using RXAFS_Link().
smb_ReceiveNTRename() does not support the File Copy and
Move Cluster Information operations described in its interface.
ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
* When opening files via symlinks, we should follow the symlinks
until we reach the actual file stat cache entry. The stat cache
entry of the file should then be stored in the FID instead of
stat scache entry of the symlink.
* return bad operation errors for all unimplemented functions
even if we do not know the functions exist.
* Log bad packets and unknown operation packets to the trace log
* Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
0xC09820FF
* Update list of known CIFS operations to include all those listed
in CIFS-TR-1p00_FINAL.pdf.
* modify registry.txt to replace QWORD with DWORD
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
* add expanded registry support to "submounts"
Update text files for 1.3.71 and describe the new Windows Authorization
Group "AFS Client Admins"
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Add support for "AFS Client Admins" windows authortization group
====================
NTMakefile changes for Admin Group
* Fix aklog.exe to not add the AFS ID to the username
* PTS registration of new users to foreign cells has been added to
afscreds.exe
* The cm_Daemon thread is used to perform checks for
down servers, up servers, volumes, callback expirations,
lock maintenance and token expiration. Due to a gaff in
larger integer division the thread never performed any
work. Instead the current time computation would always
be less then the trigger times. This had an adverse affect
on the client's ability to maintain communication with servers,
keep volumes up to date, and flush user tokens and acls
when they have expired. This was broken when the 1.3 branch
was modified to support VC7 which no longer included
largeint.lib
* An initialization problem with the Freelance code was
detected while fixing the callbackRequest. The cm_rootSCachep
object is obtained during afsd_InitDaemons() but the callback
information is incomplete. The callback information will not
be obtained until cm_MergeStatus is called from within
cm_GetCallback. Unfortunately, cm_SyncOp did not properly
test for the conditions under which the callback information
must be obtained.
* Reports have been filed indicating that callbacks were
being lost. An examination of the code indicated that the
cm_server_t objects were not being properly reference
counted by the cm_scache_t and cm_callbackRequest_t objects.
In particular, the cm_server_t objects may have been freed
from beneath the cm_conn_t objects.
All of the reference counting is now done via the functions:
cm_GetServer
cm_GetServerNoLock
cm_PutServer
cm_PutServerNoLock
this improves the ability to track the referrals.
Each cm_BeginCallbackGranting Call now allocates a reference
to the cm_server_t. The cm_EndCallbackGrantingCall either
frees the reference or transfers it to the cm_scache_t
cbServerp field. These are then appropriately tracked
through the cm_Analyze call.
* Ensure that the dnlc hash table is the same size as the
dir name hash table (as per original author's note).
Increase the dnlc CM_AFSNCNAMESIZE to a multiple of 8
for compatibility with 64-bit systems.
* fix smb_ApplyV3DirListPatches to properly apply the hidden
attribute to dotfiles when the infoLevel < 0x101 and
cm_SyncOp has failed.
* Fix the Freelance registry initialization code. There
was a possibility that some systems could end up with
garbage in the registry during a clean install.
Restore the installation of afslogon.dll as a winlogon event handler.
Microsoft identified the problem as being a newly added restriction
on the behavior of DllMain entry points. Network operations such
as bind() may no longer be called. The ICF blocks them but does not
cause an error to be returned.
Disable the installation of the WinLogon Event Handlers to avoid
problems with XP SP2 Final Release booting and profiles being released
on logoff.
Update version to 1.3.7000
Add VS8 entries to the build system
document new freelance functionality and update install notes
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
more updates
Updates winnotes with current info
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
summary of changes performed this week for 1.3.70
Update documentation on cache control and credential manager options
in MSI deployment guide.
'CachePath' setting in registry allows REG_EXPAND_SZ type.
Update registry documentation for 'CachePath' setting.
Both installers save the credential manager command line options in
registry.
Fix handling of existing 'afsdcell.ini' file in WiX installer.
WiX 2.0.1927 changed the XML schema. The WiX installer has beed
updated accordingly.
* update winnotes
* add osi trace log entries to help diagnose issues with overlapped writes
from CIFS client
* fix osi trace log entries for freelance add mount to use osi_SaveLogString
* fix afscreds "Start Service" to automatically obtain tokens if kerberos
tickets are available
* update afscreds systray menu to use "..." after Remove Icon
* remove extra "." in wix installer resource
Update the install notes to describe conflicts between SMB Authentication
and Windows machines configured with non-Windows Kerberos authentication
used to map to local accounts.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
More updates to smb auth vs external kerberos login
the procedure used to obtain the profile directory failed in Domains
which were not Forests. If ADS_NAME_INITTYPE_GC fails, we must try
ADS_NAME_INITTYPE_DOMAIN which requires the Domain. Added a Domain
parameter to QueryAdHomePathFromSid. This was easy to obtain in
the NPLogonNotify since the logon domain is provided as a parameter.
Unfortunately, the domain provided to the winlogon event notification
routine is the user authentication domain, not the logon domain for
the local machine. Needed to create a GetLocalShortDomain function
which uses the IADsADSystemInfo COM interface to obtain the local
short domain. With this in place, we can now properly detect the
profile directory in all cases.
Document MaxLogSize in registry.txt
TraceLogging is supposed to be activated for different purposes
with bit flags. The osi log and afslogon both used the same bit
flag. Bit 0 is now for afslogon; and Bit 1 is for osi log.
* Update Windows Notes files
* Modify logoff procedure to use a pioctl to check if an arbitrary path
exists within AFS
* Add a new registry value HKLM\Software\OpenAFS\Client CellServDBDir
which can be used to locate the CellServDB file in an arbitrary directory
- Fix NTMakefiles in many directories to define WIN32_LEAN_AND_MEAN NOGDI
to avoid macro redefinitions
- update text files
- add "authentication cell" registry value for afscreds.exe
From asanka@mit.edu:
Network provider :
- If the user is logging into an AD domain, then look up the user's
profile path, find out which cell it's in and then authenticate to
that cell instead of the default cell.
- Domain specific registry keys
- A few fixes for handling UNICODE_STRINGs
smb3.c :
- Delete partial security context during negotiation
client_cpa :
- As per the SDK which says we must handle CPL_INQUIRE message, we do.
Also fixes a small bug where the icon isn't properly set when viewing
the Control Panel folder.
loopbackutils.cpp
- Don't bother setting the app data template, because we are setting
it in the MSI anyway.
install/wix/NTMakefile
- Add a configurable symbol AFSDEV_AUXWIXDEFINES which can be used to
customize a build of the msi.
install/wix
- Move afslogon.dll to SYSTEM32 directory
- Add registry keys to support WinLogon notifications.
- Rename afsdcell.ini to CellServDB and move it to the client directory.
- If there's already an afsdcell.ini in the Windows directory, copy
that over to the client directory instead.
- Add descriptions to AFS client and server services
Over last several years significant efforts have been made to work around
the inability to protect user tokens from use by inappropriate entities.
The tokens are associated with a given userid and session by a combination
of an SMB based ioctl and an authenticated/encrypted RPC. This has opened
the door for tokens to be borrowed by other users if they could connect
to the same SMB server with the identical userid. This was trivially
possible because the SMB connections were unauthenticated.
This patch adds two forms of authenticated SMB connections: NTLM and
Extended Security (aka GSS SPNEGO). By default Extended Security mode
is used. This patch has been tested on 2000 workstation, 2000 server,
XP SP1, and 2003 Server, and XP SP2 RC2. The Extended Security works on
all platforms except for XP SP2 RC2 regards of whether or not the machine
is part of a domain or not; and whether or not a local or domain account
is used.
On XP SP2 RC2, attempts to use negotiate Extended Security result in a
Logon Denied error from AcceptSecurityContext() and a substatus code of
0x7C90486A is logged to the Security Event log via the NTLM SSP.
The SMB AUTH NTLM mode succeeds on XP SP2 RC2.
Disabling SMB Authentication or specifying the use of NTLM mode may be done
via the registry.
Value : smbAuthType
Type : DWORD {0..2}
Default : 2
If this value is specified, it defines the type of SMB authentication
which must be present in order for the Windows SMB client to connect
to the AFS Client Service's SMB server. The values are:
0 = No authentication required
1 = NTLM authentication required
2 = Extended (GSS SPNEGO) authentication required
The default is Extended authentication
Change the NetbiosName registry value from REG_SZ to REG_EXPAND_SZ
and add the necessary code to expand the strings. This will allow
the use of %COMPUTERNAME%-AFS in case people want to explicitly use
a non-portable name.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Update text for NetbiosName value.
From Skyrope:
The Skyrope work attempted to improve on the end user experience of using
OpenAFS in the following ways:
* Obtain tokens using renewable Kerberos 5 tickets in order to
reduce the need for end users to renew expired tokens
* Monitor the list of IP Addresses in order to detect changes
in the network configuration which might affect the reachability
of cells or the state of the AFS Client Service. When cells
are newly reachable, obtain tokens for the cells. If the AFS
Client Service is not running, start it. If tokens are expiring
attempt to renew them.
* Use KDC probes to detect the accessibility of realms/cells. If
the KDC is not reachable, do not prompt the end user for a
username and password. (fs probe is not implemented on windows)
* Automatically obtain tokens using the Windows Logon Session
Kerberos credentials (if available)
* Allow tokens for multiple cells to be obtained by using the
same Kerberos 5 tickets. (no UI yet implemented)
* Perform drive mapping persistance by tracking it within the
afsdsbmt.ini file instead of relying on the Windows Shell
to persist the state.
* Add new afscreds.exe command line options and change the
default set used when creating the "AFS Credentials" shortcut
in the Start Menu->Programs->Startup folder.
From MIT:
* Auto-detection of loopback adapters. Use "AFS" as the netbios
name when a loopback adapter is installed.
* Support for responding to power management events. Used to
flush the cache when the machine is about to suspend, hibernate,
or shutdown
* Documentation of Registry entries
* Support for Extended SMB Requests
* Beginning of support for true Event Log reporting from a
message database
* Hidden Dot File support (configured via the HideDotFiles
registry option)
* Configurable Max number of Multiplexed Sessions (MaxMpxRequests
registry option)
* Configurable Max MTU size (RxMaxMTU registry option)
* Configurable Jumbogram support (RxNoJumbo registry option)
* Configurable Max number of Virtual Connections per Server
(MaxVCPerServer registry option)
* Win32 DNS API support
* Addition of SMB_ATTR_xxxx defines for use instead of hex numbers
* A variety of heap access and resource deallocation errors corrected
in the SMB code
* Support for recursive directory creation
* Modifications to the en_US version of the client configuration
dialog (need to port to other languages)
Notes on the current check-in:
* The KfW code will always be used when installed on the machine.
This code only supports Krb5 and will not work with Krb4 only
realms. A registry flag indicating whether or not KfW should be
used if found needs to be added.
* afscreds.exe needs to have a registry entry created to control
the parameter list it should be started with. There should be
a dialog to control this in the installer and within afscreds.exe
* The MIT method of auto-assigning the mount-root and the netbios
name is in conflict with the morgan stanley submissions in some
parts of the code. If you are using the loopback adapter with
this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs"
registry options must be specified. This will be fixed in coming
days.
add ignore_uid (like ignore_root) plus set_token (set token in auth step instead of setcred), refresh_token (no new pag), use_klog (fork a klog child), no_unlog, remainlifetime (sleep before deleting creds at logout)
"I noticed that the pdf documentation bundled with openafs doesn't include
the correct fonts to display properly (atleast with my acrobat). I've
generated afs-pdf:s with type1 fonts"