- Fix NTMakefiles in many directories to define WIN32_LEAN_AND_MEAN NOGDI
to avoid macro redefinitions
- update text files
- add "authentication cell" registry value for afscreds.exe
From asanka@mit.edu:
Network provider :
- If the user is logging into an AD domain, then look up the user's
profile path, find out which cell it's in and then authenticate to
that cell instead of the default cell.
- Domain specific registry keys
- A few fixes for handling UNICODE_STRINGs
smb3.c :
- Delete partial security context during negotiation
client_cpa :
- As per the SDK which says we must handle CPL_INQUIRE message, we do.
Also fixes a small bug where the icon isn't properly set when viewing
the Control Panel folder.
loopbackutils.cpp
- Don't bother setting the app data template, because we are setting
it in the MSI anyway.
install/wix/NTMakefile
- Add a configurable symbol AFSDEV_AUXWIXDEFINES which can be used to
customize a build of the msi.
install/wix
- Move afslogon.dll to SYSTEM32 directory
- Add registry keys to support WinLogon notifications.
- Rename afsdcell.ini to CellServDB and move it to the client directory.
- If there's already an afsdcell.ini in the Windows directory, copy
that over to the client directory instead.
- Add descriptions to AFS client and server services
creds.cpp: add support for principal name instances to the Obtain Tokens
function. Previously instances were not parsed.
main.cpp: Fix the -M (renewMaps) option to always call DoMapShare()
mounttab.cpp: When removing a drive mapping, remove the "active" entry
from the afsdsbmt.ini file.
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Add KFW support to afslogon.dll
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Move IP Address Change Monitor into new source files.
Add smbname support to the KFW set token functionality in afscreds.exe
From Skyrope:
The Skyrope work attempted to improve on the end user experience of using
OpenAFS in the following ways:
* Obtain tokens using renewable Kerberos 5 tickets in order to
reduce the need for end users to renew expired tokens
* Monitor the list of IP Addresses in order to detect changes
in the network configuration which might affect the reachability
of cells or the state of the AFS Client Service. When cells
are newly reachable, obtain tokens for the cells. If the AFS
Client Service is not running, start it. If tokens are expiring
attempt to renew them.
* Use KDC probes to detect the accessibility of realms/cells. If
the KDC is not reachable, do not prompt the end user for a
username and password. (fs probe is not implemented on windows)
* Automatically obtain tokens using the Windows Logon Session
Kerberos credentials (if available)
* Allow tokens for multiple cells to be obtained by using the
same Kerberos 5 tickets. (no UI yet implemented)
* Perform drive mapping persistance by tracking it within the
afsdsbmt.ini file instead of relying on the Windows Shell
to persist the state.
* Add new afscreds.exe command line options and change the
default set used when creating the "AFS Credentials" shortcut
in the Start Menu->Programs->Startup folder.
From MIT:
* Auto-detection of loopback adapters. Use "AFS" as the netbios
name when a loopback adapter is installed.
* Support for responding to power management events. Used to
flush the cache when the machine is about to suspend, hibernate,
or shutdown
* Documentation of Registry entries
* Support for Extended SMB Requests
* Beginning of support for true Event Log reporting from a
message database
* Hidden Dot File support (configured via the HideDotFiles
registry option)
* Configurable Max number of Multiplexed Sessions (MaxMpxRequests
registry option)
* Configurable Max MTU size (RxMaxMTU registry option)
* Configurable Jumbogram support (RxNoJumbo registry option)
* Configurable Max number of Virtual Connections per Server
(MaxVCPerServer registry option)
* Win32 DNS API support
* Addition of SMB_ATTR_xxxx defines for use instead of hex numbers
* A variety of heap access and resource deallocation errors corrected
in the SMB code
* Support for recursive directory creation
* Modifications to the en_US version of the client configuration
dialog (need to port to other languages)
Notes on the current check-in:
* The KfW code will always be used when installed on the machine.
This code only supports Krb5 and will not work with Krb4 only
realms. A registry flag indicating whether or not KfW should be
used if found needs to be added.
* afscreds.exe needs to have a registry entry created to control
the parameter list it should be started with. There should be
a dialog to control this in the installer and within afscreds.exe
* The MIT method of auto-assigning the mount-root and the netbios
name is in conflict with the morgan stanley submissions in some
parts of the code. If you are using the loopback adapter with
this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs"
registry options must be specified. This will be fixed in coming
days.
Changes to afscreds to place the obtain tokens dialog into a separate
thread to prevent blocking of the Windows Message queue. Requires
utilization of mutex semaphores to protect credential data structures.
Previous versions of afscreds would set/unset the timer event every
time the program received an event indicating user activity including
dragging the mouse across the systemtray icon. This resulted in
extremely unpredictable behavior. Now the timer event is only turned
off when it must be turned off; and turned on when it must be turned on.
The result is a credential expiration check once a minute.
