ipaddrchg.[ch]: contains the ip address change monitor thread functionality
which was previously in afskfw.[ch] but which is now a
library in src/WINNT/afsd
creds.cpp: add support for principal name instances to the Obtain Tokens
function. Previously instances were not parsed.
main.cpp: Fix the -M (renewMaps) option to always call DoMapShare()
mounttab.cpp: When removing a drive mapping, remove the "active" entry
from the afsdsbmt.ini file.
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Add KFW support to afslogon.dll
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Move IP Address Change Monitor into new source files.
Add smbname support to the KFW set token functionality in afscreds.exe
(1) remove the tkt_lifetime table which is no longer used
(2) improve the handling of token to k5 principal mapping
(3) assign the REALM to the token client name if the realm of
the cell does not match the realm of the user
If afscreds.exe you can now obtain credentials for cell "foo.com" with
credentials from "user@BAR.COM" when specifying a password. This is a
first step since if there are already valid credentials for "user@BAR.COM"
the password should not be requested. That would allow you to obtain
tokens for multiple cells with the same kerberos tgt.
* fix uninitialized return variables in smb.c and smb3.c
* open the osi_log file as early as possible in afsd_init.c
* create an argv to use for non-service executions
* add support for \\afs\.cellname for rw volumes
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Do not use IsKerberosLogon() it does not always report the right value.
Lowercase the cell name (from realm name) for which we are
requesting set/get token operations
Return the error code generated by the ktc_SetToken operation and
not one of the many Kerberos operations.
Remove internally defined life_to_time. Instead rely on version
in rxkad
Use kvno = RXKAD_TKT_TYPE_KERBEROS_V5 when setting tokens. No longer
use krb524d.
Fix the assignment of the username and instance to place the instance
within the aclient.instance field instead of appended to the aclient.name
field.
Renumber and re-organize all of the String Table entries
to adhere to the rules specified for dynamically loading
them with the tools in WINNT/talocale. All numbers must
be sequential. Each block must begin on a mod 16 == 0
value.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Update resource constants to avoid conflicts
Improve error checking in GetNumOfIpAddrs to prevent potential
invalid memory access if the IP Address Table cannot be accessed.
(win2000 with no privs)
NotifyAddrChange() on Win2000 without privs fails. Detect the failure
and terminate the IPChangeMonitor thread to prevent an infinite loop
eating up system resources.
Anyone have a clue which bits are required?
Fix the DependsOnGroup NetworkProvider key to ensure it is placed in
the correct location
Change the location of the ShowTrayIcon key so that we no longer store
user data in the HKLM Transarc tree
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Move the locations of the ShowTrayIcon and cell name based expiration
reminder keys out of the HKLM\SOFTWARE\Transarc... key and into the
{HKCU,HKLM}\SOFTWARE\OpenAFS\... tree. This is safe to do because these
keys are transient in nature (created by afscreds.exe) and really do
belong to the user and not to the machine.
* at my request Asanka Hearth of MIT ripped out all of the code used
the compute the Netbios Name of the SMB Server and the mountRoot
and constructed one commonly used library called lanahelper.lib.
This library is now constructed in the WINNT/afsd directory and
used throughout the tree. At least we now have consistency if
nothing else.
Obtain Shortcut Parameters from Registry Key
{HKLM, HKCU}\SOFTWARE\OpenAFS\Client
(REG_SZ) AfscredsShortcutParams
Default value is "-A -M -N -Q" if not found
From Skyrope:
The Skyrope work attempted to improve on the end user experience of using
OpenAFS in the following ways:
* Obtain tokens using renewable Kerberos 5 tickets in order to
reduce the need for end users to renew expired tokens
* Monitor the list of IP Addresses in order to detect changes
in the network configuration which might affect the reachability
of cells or the state of the AFS Client Service. When cells
are newly reachable, obtain tokens for the cells. If the AFS
Client Service is not running, start it. If tokens are expiring
attempt to renew them.
* Use KDC probes to detect the accessibility of realms/cells. If
the KDC is not reachable, do not prompt the end user for a
username and password. (fs probe is not implemented on windows)
* Automatically obtain tokens using the Windows Logon Session
Kerberos credentials (if available)
* Allow tokens for multiple cells to be obtained by using the
same Kerberos 5 tickets. (no UI yet implemented)
* Perform drive mapping persistance by tracking it within the
afsdsbmt.ini file instead of relying on the Windows Shell
to persist the state.
* Add new afscreds.exe command line options and change the
default set used when creating the "AFS Credentials" shortcut
in the Start Menu->Programs->Startup folder.
From MIT:
* Auto-detection of loopback adapters. Use "AFS" as the netbios
name when a loopback adapter is installed.
* Support for responding to power management events. Used to
flush the cache when the machine is about to suspend, hibernate,
or shutdown
* Documentation of Registry entries
* Support for Extended SMB Requests
* Beginning of support for true Event Log reporting from a
message database
* Hidden Dot File support (configured via the HideDotFiles
registry option)
* Configurable Max number of Multiplexed Sessions (MaxMpxRequests
registry option)
* Configurable Max MTU size (RxMaxMTU registry option)
* Configurable Jumbogram support (RxNoJumbo registry option)
* Configurable Max number of Virtual Connections per Server
(MaxVCPerServer registry option)
* Win32 DNS API support
* Addition of SMB_ATTR_xxxx defines for use instead of hex numbers
* A variety of heap access and resource deallocation errors corrected
in the SMB code
* Support for recursive directory creation
* Modifications to the en_US version of the client configuration
dialog (need to port to other languages)
Notes on the current check-in:
* The KfW code will always be used when installed on the machine.
This code only supports Krb5 and will not work with Krb4 only
realms. A registry flag indicating whether or not KfW should be
used if found needs to be added.
* afscreds.exe needs to have a registry entry created to control
the parameter list it should be started with. There should be
a dialog to control this in the installer and within afscreds.exe
* The MIT method of auto-assigning the mount-root and the netbios
name is in conflict with the morgan stanley submissions in some
parts of the code. If you are using the loopback adapter with
this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs"
registry options must be specified. This will be fixed in coming
days.
TICKET 2618
flexelint patches for prototype handling from Joe Beuhler
>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This patch adds a bunch of missing prototypes, makes various
corrections to global prototypes, and removes global declarations that
are not needed.
One set of added prototypes is commented out because it applies to
some printf-like functions that are implemented the way it used to be
done before varargs existed, and they need to be unprototyped or the
code will fail to compile. (There are a number of functions in the
OpenAFS code that need to be converted to use varargs...)
There is one place of note in src/WINNT/afsd/fs.c where typedefs for
afs_int32 and afs_uint32 conflict with afs/stds.h. I just added a
note to that effect.
Prototypes in src/WINNT/afsd/fs.c are incorrect for Windows NT. I
don't know whether the return type involved changes from platform to
platform -- they come from .xg files.
Some prototypes are now commented out or #ifdef'd to match the code
that uses them.
Some global variables conflict between modules and have been made static.
The bufferBlock variable was of two completely different types...
In src/config/stds.h, I changed the declaration of afs_intmax_t to
reflect the fact that the Windows platform supports 64 bit integers.
This may be incorrect semantically, but I believe it is needed for the
%llx format to match afs_intmax_t arguments (for printing of inodes
mainly, I believe).
There were two different declarations for the rxkad_stats structure --
I synced them up.
- Joe
Removed the conflicting typedefs from src/WINNT/afsd/fs.c
Removed the changes to src/config/stds.h. Added declaration of
AFS_64BIT_CLIENT to src/config/NTMakefile.i386_nt40 instead.
Do not remove unused variables which are defintions of data type
values. Instead comment them out to avoid space utilization and
warnings.
This patch mainly makes explicit some initializations that were implicit.
There are several places where it looks like the missing initialization
may be a bug, and I have inserted comments to that effect in the
relevant patches. Someone needs to look at them and supply
whatever is missing (if anything is).
In make_keyperm.c, an array was sized too large.
--
Joe Buehler
Changes to afscreds to place the obtain tokens dialog into a separate
thread to prevent blocking of the Windows Message queue. Requires
utilization of mutex semaphores to protect credential data structures.
Previous versions of afscreds would set/unset the timer event every
time the program received an event indicating user activity including
dragging the mouse across the systemtray icon. This resulted in
extremely unpredictable behavior. Now the timer event is only turned
off when it must be turned off; and turned on when it must be turned on.
The result is a credential expiration check once a minute.
This massive patch contains changes in several significant areas for Windows:
- the ability to specify the mount point to be something other than /afs
- functionality to assist debugging of the NT Services
- support for languages other than English (NTLang.bat)
- revisions to the Build system to support separate trees for src, obj,
dest and free or checked; allow any MS compiler to be used
- updates to NSIS installer build
- mutex locking added to critical locations
- updates to IS5 directory tree creation
- update to afswsNetscape_config.sh
FIXES 2120
WINNT/talocale/TaLocale.h conditionally defines REALLOC() to
TaLocaleReallocFunction().
WINNT/client_creds/afscred.h conditionally defines REALLOC() to
AfsCredsReallocFunction().
Unfortunately, AfsCredsReallocFunction is never used because REALLOC is
always defined first by an include of Talocale.h within afscreds.h.
This is a problem because it results in memory being allocated within a
DLL and then freed by the EXE. This results in both a memory leak in
the DLL and memory corruption in the EXE.
FIXES 1488
It adds:
- the binary version of the file version/productversion, which the MSI
engine sort of want files in MSI packages to all have. This requires
another variable to be maintained in NTMakefile.i386_nt40 (Please don't
change the value from 1,2,910,0 to 1,2,9,1 or something like that. The last
number group in the version is considered completely insignificant by some
things)
- some file typing, which I don't know if anything cares about
- Some new items in the stringfileinfo table, (InternalName and
OriginalFilename) without which explorer won't show use the version info in
constructing tooltip text.
- Actually setting ProductVersion and FileVersion to something real
- Language codes, which the MSI engine also wants
support for V6.0 and .Net complier, compile from either NT4.0 or XP
Source and object are separated into different directories. The directory
tree would look as follows:
Base from %AFSROOT% environment variable
%AFSROOT%\src\... - all source and generated source
%AFSROOT%\obj\checked\... objects from a checked build
%AFSROOT%\obj\free\... objects from a free build
%AFSROOT%\obj\dest\checked\... DEST folder from a checked build
%AFSROOT%\obj\dest\free\.... DEST folder from a free build
Before you start the build, you must build an object tree by issuing the
following:
nmake -f NTMAKEFILE mkdir
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
support for V6.0 and .Net complier, compile from either NT4.0 or XP
Source and object are separated into different directories. The directory
tree would look as follows:
"1. The default Open AFS is set to normal security (doesn't generate random
user names).
If you are installing over a previous version (before 1.2.2b) it's default
is
high security; therefore, if you want the normal security, you should
uninstall the previous version (1.2.2a or earlier) and select to 'Not
Preserve previous settings'.
To manually change security you need to set the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemond\NetworkProvider
LogonOptions = 1 - Integrated Logon
LogonOptions = 2 - High Security options, Random User name generation
LogonOptions = 3 - both
3. Windows 2000/NT, Win9x - First time installations will create necessary
directories when user decides to download CellServDB
4. Windows 2000/NT, Global Drive working.
5. Windows XP - Drive mapping via GUI working.
6. Rename pthread.dll to afspthread.dll"
Windows 95/98 port from IBM Almaden
documentation and build support
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Windows 95/98 port from IBM Almaden
changes to cache manager
====================
Windows 95/98 port from IBM Almaden
makefile changes
====================
Windows 95/98 port from IBM Almaden
osi changes to support 95/98
====================
Windows 95/98 port from IBM Almaden
installer for 95/98 client
====================
Windows 95/98 port from IBM Almaden
win95/98 panel app
====================
Windows 95/98 port from IBM Almaden
win95/98 panel app help
====================
Windows 95/98 port from IBM Almaden
makefile changes plus dns implementation
====================
Windows 95/98 port from IBM Almaden
makefile changes plus changes for compat with dos line conventions
====================
Windows 95/98 port from IBM Almaden
config for 95/98
====================
Windows 95/98 port from IBM Almaden
makefile changes plus support for 95/98 env
====================
Windows 95/98 port from IBM Almaden
ms compiler changes
====================
Windows 95/98 port from IBM Almaden
makefile changes
====================
Windows 95/98 port from IBM Almaden
lwp changes
to support 95/98 port
====================
Windows 95/98 port from IBM Almaden
rx changes to support 95/98 port
