Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Add KFW support to afslogon.dll
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Move IP Address Change Monitor into new source files.
Add smbname support to the KFW set token functionality in afscreds.exe
* at my request Asanka Hearth of MIT ripped out all of the code used
the compute the Netbios Name of the SMB Server and the mountRoot
and constructed one commonly used library called lanahelper.lib.
This library is now constructed in the WINNT/afsd directory and
used throughout the tree. At least we now have consistency if
nothing else.
From Skyrope:
The Skyrope work attempted to improve on the end user experience of using
OpenAFS in the following ways:
* Obtain tokens using renewable Kerberos 5 tickets in order to
reduce the need for end users to renew expired tokens
* Monitor the list of IP Addresses in order to detect changes
in the network configuration which might affect the reachability
of cells or the state of the AFS Client Service. When cells
are newly reachable, obtain tokens for the cells. If the AFS
Client Service is not running, start it. If tokens are expiring
attempt to renew them.
* Use KDC probes to detect the accessibility of realms/cells. If
the KDC is not reachable, do not prompt the end user for a
username and password. (fs probe is not implemented on windows)
* Automatically obtain tokens using the Windows Logon Session
Kerberos credentials (if available)
* Allow tokens for multiple cells to be obtained by using the
same Kerberos 5 tickets. (no UI yet implemented)
* Perform drive mapping persistance by tracking it within the
afsdsbmt.ini file instead of relying on the Windows Shell
to persist the state.
* Add new afscreds.exe command line options and change the
default set used when creating the "AFS Credentials" shortcut
in the Start Menu->Programs->Startup folder.
From MIT:
* Auto-detection of loopback adapters. Use "AFS" as the netbios
name when a loopback adapter is installed.
* Support for responding to power management events. Used to
flush the cache when the machine is about to suspend, hibernate,
or shutdown
* Documentation of Registry entries
* Support for Extended SMB Requests
* Beginning of support for true Event Log reporting from a
message database
* Hidden Dot File support (configured via the HideDotFiles
registry option)
* Configurable Max number of Multiplexed Sessions (MaxMpxRequests
registry option)
* Configurable Max MTU size (RxMaxMTU registry option)
* Configurable Jumbogram support (RxNoJumbo registry option)
* Configurable Max number of Virtual Connections per Server
(MaxVCPerServer registry option)
* Win32 DNS API support
* Addition of SMB_ATTR_xxxx defines for use instead of hex numbers
* A variety of heap access and resource deallocation errors corrected
in the SMB code
* Support for recursive directory creation
* Modifications to the en_US version of the client configuration
dialog (need to port to other languages)
Notes on the current check-in:
* The KfW code will always be used when installed on the machine.
This code only supports Krb5 and will not work with Krb4 only
realms. A registry flag indicating whether or not KfW should be
used if found needs to be added.
* afscreds.exe needs to have a registry entry created to control
the parameter list it should be started with. There should be
a dialog to control this in the installer and within afscreds.exe
* The MIT method of auto-assigning the mount-root and the netbios
name is in conflict with the morgan stanley submissions in some
parts of the code. If you are using the loopback adapter with
this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs"
registry options must be specified. This will be fixed in coming
days.
This massive patch contains changes in several significant areas for Windows:
- the ability to specify the mount point to be something other than /afs
- functionality to assist debugging of the NT Services
- support for languages other than English (NTLang.bat)
- revisions to the Build system to support separate trees for src, obj,
dest and free or checked; allow any MS compiler to be used
- updates to NSIS installer build
- mutex locking added to critical locations
- updates to IS5 directory tree creation
- update to afswsNetscape_config.sh
support for V6.0 and .Net complier, compile from either NT4.0 or XP
Source and object are separated into different directories. The directory
tree would look as follows:
Base from %AFSROOT% environment variable
%AFSROOT%\src\... - all source and generated source
%AFSROOT%\obj\checked\... objects from a checked build
%AFSROOT%\obj\free\... objects from a free build
%AFSROOT%\obj\dest\checked\... DEST folder from a checked build
%AFSROOT%\obj\dest\free\.... DEST folder from a free build
Before you start the build, you must build an object tree by issuing the
following:
nmake -f NTMAKEFILE mkdir
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
support for V6.0 and .Net complier, compile from either NT4.0 or XP
Source and object are separated into different directories. The directory
tree would look as follows:
"1. The default Open AFS is set to normal security (doesn't generate random
user names).
If you are installing over a previous version (before 1.2.2b) it's default
is
high security; therefore, if you want the normal security, you should
uninstall the previous version (1.2.2a or earlier) and select to 'Not
Preserve previous settings'.
To manually change security you need to set the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemond\NetworkProvider
LogonOptions = 1 - Integrated Logon
LogonOptions = 2 - High Security options, Random User name generation
LogonOptions = 3 - both
3. Windows 2000/NT, Win9x - First time installations will create necessary
directories when user decides to download CellServDB
4. Windows 2000/NT, Global Drive working.
5. Windows XP - Drive mapping via GUI working.
6. Rename pthread.dll to afspthread.dll"
