Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.13.2.9 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.13.2.14 *** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.13.2.9 Fri Nov 5 14:21:38 2004 --- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt Tue Dec 7 07:48:57 2004 *************** *** 1,3 **** --- 1,100 ---- + Since 1.3.74: + * Added a new registry value, "StoreAnsiFilenames", which can be used + to force the use of ANSI character sets instead of OEM Code Pages. + This feature is useful when users require the ability to create + filenames with 8-bit characters and need to access the files from + both Latin-1 based Unix systems as well as from Windows. + + Activation of this feature will prevent access to files stored with + 8-bit OEM characters. + + * Shutdown all SMB threads in a synchronized manner when stopping the + service. + + * There is currently a maximum cache size of 1.3GB. The limit is imposed + by the largest contiguous block of unused memory within the 2GB process + space which can be assigned to the memory mapped file. Unfortunately, + when the executable digital signature verification code is activated + Windows sees fit to further segment the process memory which in turn + reduces the size of the maximum cache file to less then 800MB. If + larger cache sizes are desired, a new registry value should be set: + + HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0 + + Setting this value will disable the runtime verification of digital + signatures on afsd_service.exe and the afs dlls which it loads. It + will not disable the the version number check on those same files. + The signature verification is not a security messure and is only meant + to enhance the ability to afsd_service.exe to detect potential + destablizing mixtures of DLLs from incompatible distributions. + + Added code to auto-disable the signature verification check if + the desired cache size is greater then 700MB. + + * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is + used to verify the validity of the afsd_service.exe binary + as well as each of the AFS DLLs loaded by the service. Not only + must the digital signature be valid but the signatures of the + DLL must be signed by the same entity as the service. + + * Implement new functions: cm_freelanceMountPointExists and + cm_freelanceSymlinkExists. Use them along with other validity + checks in cm_freelanceAddMount and cm_freelanceAddSymlink to + ensure that name collisions do not occur and that empty strings + are not valid file names. + + A symlink may not have a name which would resolve to a valid + cell name. Doing so would prevent access to the cell. + + * Add missing cm_HoldSCacheNoLock call to Freelance mount point + re-initialization code. The reference counts of the fake root.afs + volume scache object(s) would become invalid when the mount point + or symlink lists were altered. + + * Add registry entries to provide mappings from the afsdsbmt.ini + to the new locations for applications which count on the use + of the old Profile file APIs. These apps are likely to fail + if the user does not have administrator privileges and the + registry is locked down. + + * The afs_config.exe submounts dialog had two errors. + First, attempts to remove entries failed because the registry + key was being opened without KEY_WRITE privileges. + Second, when editing a submount entry, changing the name + would add a new key and leave the original one in place. + Now the original submount will be removed if its name is + changed. + + * In recent months there have been several incidents in which + users have experienced problems starting or accessing + afsd_service.exe and after significant effort has been spent + it has turned out that they have two versions of AFS on the + machine or an inconsistent set of DLLs. + + Code has now been added to afsd_service.exe which will walk + the list of modules loaded by afsd_service.exe and validate + that the version of the AFS DLLs matches the version of the + afsd_service.exe executable. If they do not match the service + will not start. + + * When Freelance mode is enabled and there is no registry + key HKLM\SOFTWARE\OpenAFS\Client\Freelance, afsd_service.exe + will attempt to import the afs_freelance.ini file contents. + If the file does not exist, it was creating a dummy file + with a r/o and r/w entry for the default cell and then + importing those values. + + This process has been changed. The temporary file is no + longer created. Also, both the OpenAFS Client install + directory as well as %WINDIR% are checked for previous + afs_freelance.ini files. + + * Added support for VL_GetEntryByNameN(). Still need to add + support for VL_GetEntryByNameU() for multi-homed support. + + * Fix a deadlock situation in afscreds.exe when canceling an + auto-generated Obtain Tokens dialog + Since 1.3.72/73: * Fix the locking of objects during Directory Searches in the SMB/CIFS server. The failure to properly lock the reference Index: openafs/doc/txt/winnotes/afs-install-notes.txt diff -c openafs/doc/txt/winnotes/afs-install-notes.txt:1.11.2.5 openafs/doc/txt/winnotes/afs-install-notes.txt:1.11.2.8 *** openafs/doc/txt/winnotes/afs-install-notes.txt:1.11.2.5 Fri Nov 5 14:21:38 2004 --- openafs/doc/txt/winnotes/afs-install-notes.txt Tue Dec 7 07:48:57 2004 *************** *** 386,391 **** --- 386,470 ---- those entries which are used are allocated. + 26. "Netbios over TCP/IP" must be active on the machine in order for + communication with the AFS Client Service to succeed. If "Netbios over + TCP/IP" is disabled on the machine, then communication with the AFS Client + Service will be impossible. + + + 27. The AFS Client Service and related binaries are digitally signed by + "Secure Endpoints Inc." beginning with the 1.3.7400 release of OpenAFS + for Windows. Starting in the 1.3.7500 release, the AFS Client Service + will perform a run-time verification check to ensure that all AFS related + DLLs loaded by the service match the same file version number and were + signed by the same entity. This check has been added to prevent the + stability problems caused by more then one version of AFS being installed + on a machine at the same time. Many hours of support time have been wasted + tracking down problems caused by the mixture of files from different + releases. + + The registry.txt file documents the "VerifyServiceSignature" registry + value which can be used to disable the signature check. The file version + check cannot be disabled. + + + 28. The maximum cache size is approximately 1.3GB. This is the largest + contiguous block of memory in the 2GB process address space which can be + used for the memory mapped file. Due to fragmentation of the process + spaced caused by the digital signature verification code, any attempt to + specify a cache size greater then 700MB will result in the automatic + disabling of the signature check. + + + 29. OpenAFS for Windows implements an SMB server which is used as a + gateway to the AFS filesystem. Because of the use of SMB, Windows + stores all files into AFS using the OEM code pages such as CP437 (United + States) or CP850 (Western Europe). These code pages are incompatible + with the ISO Latin-1 character set typically used as a default on Unix + systems in both the United States and Western Europe. Filenames stored + by OpenAFS for Windows are therefore unreadable on Unix systems if they + include any of the following characters: + + [Ç] 128 08/00 200 80 C cedilla + [ü] 129 08/01 201 81 u diaeresis + [é] 130 08/02 202 82 e acute + [â] 131 08/03 203 83 a circumflex + [ä] 132 08/04 204 84 a diaeresis + [à] 133 08/05 205 85 a grave + [å] 134 08/06 206 86 a ring + [ç] 135 08/07 207 87 c cedilla + [ê] 136 08/08 210 88 e circumflex + [ë] 137 08/09 211 89 e diaeresis + [è] 138 08/10 212 8A e grave + [ï] 139 08/11 213 8B i diaeresis + [î] 140 08/12 214 8C i circumflex + [ì] 141 08/13 215 8D i grave + [Ä] 142 08/14 216 8E A diaeresis + [Å] 143 08/15 217 8F A ring + [É] 144 09/00 220 90 E acute + [æ] 145 09/01 221 91 ae diphthong + [Æ] 146 09/02 222 92 AE diphthong + [ô] 147 09/03 223 93 o circumflex + [ö] 148 09/04 224 94 o diaeresis + [ò] 149 09/05 225 95 o grave + [û] 150 09/06 226 96 u circumflex + [ù] 151 09/07 227 97 u grave + [ÿ] 152 09/08 230 98 y diaeresis + [Ö] 153 09/09 231 99 O diaeresis + [Ü] 154 09/10 232 9A U diaeresis + [ø] 155 09/11 233 9B o slash + [£] 156 09/12 234 9C Pound sterling sign + [Ø] 157 09/13 235 9D O slash + [×] 158 09/14 236 9E Multiplication sign + [ƒ] 159 09/15 237 9F Florin sign + + As of 1.3.75, a new registry value, HKLM\SOFTWARE\OpenAFS\Client + "StoreAnsiFilenames" can be set to instruct OpenAFS for Windows to store + filenames using the ANSI Code Page instead of the OEM Code Page. The ANSI + Code Page is a compatible superset of Latin-1. This setting is not the + default setting because making this change would prevent OpenAFS for Windows + from being able to access filenames containing the above characters. + ------------------------------------------------------------------------ Reporting Bugs: Index: openafs/doc/txt/winnotes/afs-issues.txt diff -c openafs/doc/txt/winnotes/afs-issues.txt:1.8.2.7 openafs/doc/txt/winnotes/afs-issues.txt:1.8.2.9 *** openafs/doc/txt/winnotes/afs-issues.txt:1.8.2.7 Fri Nov 5 14:21:39 2004 --- openafs/doc/txt/winnotes/afs-issues.txt Tue Dec 7 01:03:14 2004 *************** *** 29,64 **** and RX protocol operations. There was also an issue with large numbers of page faults which have since been fixed. ! (7) There appear to be directory locking problems associated with renaming ! directories. ! (8) File termination differences between Win9x and nt/w2k/xp (Jim Peterson) ! (9) How to silence "Explorer" when the mapped drive is not available? ! (10) Convert to IFS!!!!!! ! ! (11) Kerberos 5 integration: ! (11f) allow arbitrary cell to realm mappings ! (11g) modify UI to allow user to choose whether to authenticate using Kerberos or AFS ! (11h) modify UI to allow user to select an existing principal to be used to request AFS tokens ! (11i) modify UI to display Kerberos 5 ticket info (principal, ticket lifetimes, etc) ! (12) Default cell is system global just like everything else. Different users logging in via Integrated Logon or using afscreds.exe cannot be automatically prompted for different cells ! (13) AFS Integrated Logon: ! (13b) If using Kerberos, need to figure out a means of passing credentials into the user space until such time as I finish the new credential cache service. ! (13c) If network is not available must store the username and password somewhere until such time as the network starts. ! (14) Loopback adapter is not always installed with bindings to "File and Printer Sharing for Microsoft Networks" or "Client for Microsoft Networks". If these are not bound then SMB names will successfully be published to a list of zero which causes the AFS not to function. --- 29,61 ---- and RX protocol operations. There was also an issue with large numbers of page faults which have since been fixed. ! (7) File termination differences between Win9x and nt/w2k/xp (Jim Peterson) ! (8) How to silence "Explorer" when the mapped drive is not available? ! (9) Convert to IFS!!!!!! ! (10) Kerberos 5 integration: ! (10f) allow arbitrary cell to realm mappings ! (10g) modify UI to allow user to choose whether to authenticate using Kerberos or AFS ! (10h) modify UI to allow user to select an existing principal to be used to request AFS tokens ! (10i) modify UI to display Kerberos 5 ticket info (principal, ticket lifetimes, etc) ! (11) Default cell is system global just like everything else. Different users logging in via Integrated Logon or using afscreds.exe cannot be automatically prompted for different cells ! (12) AFS Integrated Logon: ! (12b) If using Kerberos, need to figure out a means of passing credentials into the user space until such time as I finish the new credential cache service. ! (12c) If network is not available must store the username and password somewhere until such time as the network starts. ! (13) Loopback adapter is not always installed with bindings to "File and Printer Sharing for Microsoft Networks" or "Client for Microsoft Networks". If these are not bound then SMB names will successfully be published to a list of zero which causes the AFS not to function. *************** *** 67,73 **** the bindings on Win2000 the loopback adapter frequently fails to publish SMB names. Of course, the error messages report nothing. ! (15) If a drive mapping is "in use", then afscreds cannot be used to Modify or Delete the Mapping. If a map to "H:" to \afs\cell\foo" with description "home" is modified to point to \afs\cell\bar, then the description must be unique. "home" cannot be reused. We need a way --- 64,70 ---- the bindings on Win2000 the loopback adapter frequently fails to publish SMB names. Of course, the error messages report nothing. ! (14) If a drive mapping is "in use", then afscreds cannot be used to Modify or Delete the Mapping. If a map to "H:" to \afs\cell\foo" with description "home" is modified to point to \afs\cell\bar, then the description must be unique. "home" cannot be reused. We need a way *************** *** 75,131 **** [Actually, an end user should not be able to modify the submount list] ! (16) WinAFS configuration values are still stored in old style INI files ! instead of using the Registry. This is especially important for ! per-user values such as drive mappings ! ! (17) Drive mappings are lost on WinXP after return from Standby. (This could be because the AFS Client Service fails OR because the RX protocol is temporarily unable to access the Cell due to network restore timing issues.) ! (18) No support for Unicode CIFS/SMB data structures. OEM Code Pages prevent the use of interoperable file names; force the use of paths no longer than 256 characters; force share names to be no longer than 13 characters; restrict authentication to ASCII only names and passwords; etc. ! (19) No auto-restart on service failure ! (20) Better EventLog handling ! (21) Named Pipes Support [requires modifications to AFS servers to support] ! (22) Memory Mapped File support ! (23) Large file support [both SMB/CIFS and AFS] ! (24) Implement persistent disk based cache which survives restarts ! (25) NSIS Installer issues (a) integration with KFW install script (b) Optional removal of AFS Server volumes ! (26) The User Interface needs to be re-designed to separate the per-user and per-machine settings. All of the new registry items need to be added to the UI ! (27) Thread initialization versus Global Drive Mapping. There is no mechanism in the afsd_init.c to ensure that all of the threads complete initializing in the correct sequence. In the case of Global Drive Maps this is a problem because the Global Drive Maps can be executed prior to the completion of the SMB registration and service thread initialization. ! (28) CIFS Remote Administration Protocol implementation is incomplete. Notifications are not made to requestors when the view of a file or folder changes due to token acquisition; token expiration; or token destruction ! (29) The Cache Manager Flush routines do not return or check error codes. ! (30) Remove submount creation as a side effect of AFS drive mapping. The AFS Submount is effectively a server side alias for a path located in the AFS space. This alias is exported by the AFS --- 72,124 ---- [Actually, an end user should not be able to modify the submount list] ! (15) Drive mappings are lost on WinXP after return from Standby. (This could be because the AFS Client Service fails OR because the RX protocol is temporarily unable to access the Cell due to network restore timing issues.) ! (16) No support for Unicode CIFS/SMB data structures. OEM Code Pages prevent the use of interoperable file names; force the use of paths no longer than 256 characters; force share names to be no longer than 13 characters; restrict authentication to ASCII only names and passwords; etc. ! (17) No auto-restart on service failure ! (18) Better EventLog handling ! (19) Named Pipes Support [requires modifications to AFS servers to support] ! (20) Memory Mapped File support ! (21) Large file support [both SMB/CIFS and AFS] ! (22) Implement persistent disk based cache which survives restarts ! (23) NSIS Installer issues (a) integration with KFW install script (b) Optional removal of AFS Server volumes ! (24) The User Interface needs to be re-designed to separate the per-user and per-machine settings. All of the new registry items need to be added to the UI ! (25) Thread initialization versus Global Drive Mapping. There is no mechanism in the afsd_init.c to ensure that all of the threads complete initializing in the correct sequence. In the case of Global Drive Maps this is a problem because the Global Drive Maps can be executed prior to the completion of the SMB registration and service thread initialization. ! (26) CIFS Remote Administration Protocol implementation is incomplete. Notifications are not made to requestors when the view of a file or folder changes due to token acquisition; token expiration; or token destruction ! (27) The Cache Manager Flush routines do not return or check error codes. ! (28) Remove submount creation as a side effect of AFS drive mapping. The AFS Submount is effectively a server side alias for a path located in the AFS space. This alias is exported by the AFS *************** *** 142,147 **** --- 135,143 ---- or by the new AFS Client Service Administration tool when executed by an authorized user. + (29) Add support for multi-homed servers + + ------------------------------------------------------------------------- List of unfunded projects: *************** *** 187,193 **** 10. Identify why 16-bit DOS applications executed out of AFS fail 11. Add support for configurable Icon file representing AFS folders within the Explorer Shell 12. Documentation Documentation Documentation ! 13. Large File support (> 2GB) 14. Integrate KFW installation into the NSIS and MSI installers 15. Add support for record locking to AFS (requires changes to the servers) 16. Unicode enable the SMB/CIFS server. OEM Code Pages: --- 183,189 ---- 10. Identify why 16-bit DOS applications executed out of AFS fail 11. Add support for configurable Icon file representing AFS folders within the Explorer Shell 12. Documentation Documentation Documentation ! 13. Large File support (> 2GB) in SMB/CIFS client 14. Integrate KFW installation into the NSIS and MSI installers 15. Add support for record locking to AFS (requires changes to the servers) 16. Unicode enable the SMB/CIFS server. OEM Code Pages: *************** *** 220,222 **** --- 216,220 ---- 24. Add support for storing Extended Attributes on files 25. Add support for storing Windows ACLs on files 26. Remove submount creation as a side effect of drive creation + 27. Finish conversion from string.h to strsafe.h for VS.NET 2005 + 28. Add support for multi-homed servers Index: openafs/doc/txt/winnotes/afsdb-freelance-notes diff -c openafs/doc/txt/winnotes/afsdb-freelance-notes:1.1 openafs/doc/txt/winnotes/afsdb-freelance-notes:1.1.10.1 *** openafs/doc/txt/winnotes/afsdb-freelance-notes:1.1 Wed Nov 21 13:29:16 2001 --- openafs/doc/txt/winnotes/afsdb-freelance-notes Tue Dec 7 01:14:18 2004 *************** *** 1,6 **** --- 1,12 ---- New features for the Windows Clients ------------------------------------ + NOTE: This file is very out of date. It does not describe the DNS conversion + to the use of the Windows DNSAPI nor does it describe the modifications to + Freelance to support r/w mount points, symlinks, and correct stability issues. + INI files are no longer used and there are new registry keys. See registry.txt. + + This file describes new features that have been added to the Windows AFS clients. Index: openafs/doc/txt/winnotes/msi-deployment-guide.txt diff -c openafs/doc/txt/winnotes/msi-deployment-guide.txt:1.2 openafs/doc/txt/winnotes/msi-deployment-guide.txt:1.2.2.1 *** openafs/doc/txt/winnotes/msi-deployment-guide.txt:1.2 Wed Aug 4 12:36:10 2004 --- openafs/doc/txt/winnotes/msi-deployment-guide.txt Wed Dec 8 04:58:49 2004 *************** *** 83,88 **** --- 83,91 ---- (Network provider): [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider] + (OpenAFS Client): + [HKLM\SOFTWARE\OpenAFS\Client] + The configurable properties are as follows: AFSCACHEPATH *************** *** 211,216 **** --- 214,225 ---- Registry value : SMBAuthType Valid values : '0','1' or '2' + STOREANSIFILENAMES + + Registry key : (OpenAFS Client) + Registry value : StoreAnsiFilenames + Valid values : '0' or '1' + USEDNS Registry key : (Service parameters) *************** *** 391,394 **** (Q/A's will be added here as needed) ---------------------------------------------------------------------- ! $Id: msi-deployment-guide.txt,v 1.2 2004/08/04 16:36:10 jaltman Exp $ --- 400,403 ---- (Q/A's will be added here as needed) ---------------------------------------------------------------------- ! $Id: msi-deployment-guide.txt,v 1.2.2.1 2004/12/08 09:58:49 jaltman Exp $ Index: openafs/doc/txt/winnotes/registry.txt diff -c openafs/doc/txt/winnotes/registry.txt:1.18.2.4 openafs/doc/txt/winnotes/registry.txt:1.18.2.7 *** openafs/doc/txt/winnotes/registry.txt:1.18.2.4 Fri Nov 5 14:21:39 2004 --- openafs/doc/txt/winnotes/registry.txt Tue Dec 7 07:48:57 2004 *************** *** 434,439 **** --- 434,481 ---- directory is used. + Value : VerifyServiceSignature + Type : REG_DWORD + Default : 0x1 + + This value can be used to disable the runtime verification of + the digital signatures applied to afsd_service.exe and the + OpenAFS DLLs it loads. This test is performed to verify that + the DLLs which are loaded by afsd_service.exe are from the + same distribution as afsd_service.exe. This is to prevent + random errors caused when DLLs from one distribution of AFS + are loaded by another one. This is not a security test. The + reason for disabling this test is to free up additional memory + which can be used for a large cache size. + + + Value : IoctlDebug + Type : REG_DWORD + Default : 0x0 + + This value can be used to debug the cause of pioctl() failures. + Set a non-zero value and the pioctl() library will output status + information to stdout. Executing command line tools such as + tokens.exe, fs.exe, etc can then be used to determine why the + pioctl() call is failing. + + + Value : StoreAnsiFilenames + Type : REG_DWORD + Default : 0x0 + + This value can be used to force the AFS Client Service to + store filenames using the Windows system's ANSI character set + instead of the OEM Code Page character set which has traditionally + been used by SMB file systems. + + Note: The use of ANSI characters will render access to files + with 8-bit OEM file names unaccessible from Windows. This option + is of use primarily when you wish to allow file names produced + on Windows to be accessible from Latin-1 Unix systems and vice + versa. + + 2.1 Domain specific configuration keys for the Network Provider ---------------------------------------------------------------