* The variable used to determine whether a file or virtual memory
mapped cache is used was not properly initialized to a default
value. If the registry setting "NonPersistentCaching" was not
set, the choice would be random. Properly initialized to be
"file".
* The memory mapped view was never unmapped before closing the file
at service shutdown. This is now properly cleaned up.
* Default location of Cache file is now %TEMP%\AFSCache
(cherry picked from commit d3d4af7795dd7371750bfdb9612b6419561cf32b)
Provide option to users to allow file names to be stored using Windows
ANSI code pages (similar to ISO Latin character sets) instead of the
traditional OEM code pages
Fix the version info data stored in the resource block to
use the same language identifier as is advertised.
(cherry picked from commit 487bf88c403cbe0ae93b92556623913962b4b871)
Fix the registry query in afskfw.lib to read the HKLM machine value
even if the HKCU key is present.
Update text in the install notes to better describe the krb524
issues
(cherry picked from commit d69e6641e5fc423b41fcfc9345a6f917ec958f37)
Update text files for 1.3.71 and describe the new Windows Authorization
Group "AFS Client Admins"
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Add support for "AFS Client Admins" windows authortization group
(cherry picked from commit 40d2f5f7c02e28cf471d284e5be9fb97c91d145a)
Restore the installation of afslogon.dll as a winlogon event handler.
Microsoft identified the problem as being a newly added restriction
on the behavior of DllMain entry points. Network operations such
as bind() may no longer be called. The ICF blocks them but does not
cause an error to be returned.
(cherry picked from commit 2e8a3050d39ead364cad038647f0049b5c03b119)
Disable the installation of the WinLogon Event Handlers to avoid
problems with XP SP2 Final Release booting and profiles being released
on logoff.
Update version to 1.3.7000
Add VS8 entries to the build system
document new freelance functionality and update install notes
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
more updates
Updates winnotes with current info
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
summary of changes performed this week for 1.3.70
* update winnotes
* add osi trace log entries to help diagnose issues with overlapped writes
from CIFS client
* fix osi trace log entries for freelance add mount to use osi_SaveLogString
* fix afscreds "Start Service" to automatically obtain tokens if kerberos
tickets are available
* update afscreds systray menu to use "..." after Remove Icon
* remove extra "." in wix installer resource
Update the install notes to describe conflicts between SMB Authentication
and Windows machines configured with non-Windows Kerberos authentication
used to map to local accounts.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
More updates to smb auth vs external kerberos login
* Update Windows Notes files
* Modify logoff procedure to use a pioctl to check if an arbitrary path
exists within AFS
* Add a new registry value HKLM\Software\OpenAFS\Client CellServDBDir
which can be used to locate the CellServDB file in an arbitrary directory
Over last several years significant efforts have been made to work around
the inability to protect user tokens from use by inappropriate entities.
The tokens are associated with a given userid and session by a combination
of an SMB based ioctl and an authenticated/encrypted RPC. This has opened
the door for tokens to be borrowed by other users if they could connect
to the same SMB server with the identical userid. This was trivially
possible because the SMB connections were unauthenticated.
This patch adds two forms of authenticated SMB connections: NTLM and
Extended Security (aka GSS SPNEGO). By default Extended Security mode
is used. This patch has been tested on 2000 workstation, 2000 server,
XP SP1, and 2003 Server, and XP SP2 RC2. The Extended Security works on
all platforms except for XP SP2 RC2 regards of whether or not the machine
is part of a domain or not; and whether or not a local or domain account
is used.
On XP SP2 RC2, attempts to use negotiate Extended Security result in a
Logon Denied error from AcceptSecurityContext() and a substatus code of
0x7C90486A is logged to the Security Event log via the NTLM SSP.
The SMB AUTH NTLM mode succeeds on XP SP2 RC2.
Disabling SMB Authentication or specifying the use of NTLM mode may be done
via the registry.
Value : smbAuthType
Type : DWORD {0..2}
Default : 2
If this value is specified, it defines the type of SMB authentication
which must be present in order for the Windows SMB client to connect
to the AFS Client Service's SMB server. The values are:
0 = No authentication required
1 = NTLM authentication required
2 = Extended (GSS SPNEGO) authentication required
The default is Extended authentication
