HCoop / hcoop / debian / openafs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Import Upstream version 1.8.5
[hcoop/debian/openafs.git] / doc / txt / winnotes / afs-changes-since-1.2.txt
CommitLineData
805e021f
CE		 1Since 1.6.0002 (1.6.0b)
2
3 * Correct an error in mount point string construction
4 when the user provides a cell alias to "fs mkmount"
5 instead of the full cell name. Every mount point
6 string must end in a trailing dot.
7
8 * Major improvements to the Explorer Shell Extension.
9
10 * Addition of the AFS Redirector drivers and service
11 interface.
12
13Since 1.6.0001 (1.6.0a)
14
15 * Correct an error in CheckOfflineVolumeState processing
16
17 * Permit NPLogonNotify() to exit immediately if the
18 SetToken error is KTC_NOCM.
19
20Since 1.6.0000 (1.6.0)
21
22 * Avoid a cm_serverLock reference count leak.
23
24Since 1.5.9907 (1.6pre7)
25
26 * Add Shutdown message to the windows event log
27
28 * Check Offline Volume status according to the specified policy
29 not every time the daemon thread runs.
30
31 * if the directory object cannot be found in the tree, return
32 CM_ERROR_PATHNOTFOUND instead of crashing.
33
34 * avoid memoryt leak of cm_GetSpace() allocations
35
36 * improve afs/kfw error message output. Include PT and KTC
37 errors. Impacts afslogon.dll, afscreds.exe and afssrvadm.exe
38
39 * afslogon.dll NPNotifyLogon will now kick start the
40 afsd_service if it is not already in a pending start or
41 started state.
42
43 * properly construct the userrealm in the afskfw library.
44 do not include the '@' in the realm.
45
46 * fix the generation of HTML reference manual pages from
47 POD.
48
49 * No longer send release lock RPCs to a file server for
50 a deleted file. Each attempt will fail with a VNOVNODE
51 abort. Multiple aborts can result in the file server
52 throttling the client.
53
54 * cm_BkgDaemon should not perform the job of cm_SyncOp
55 which already properly serializes operations on the
56 a file.
57
58 * cm_BkgDaemon should not perform queued tasks on deleted
59 objects. Doing so is a waste of resources.
60
61 * Avoid rx nat pings prior to connection attachment.
62
63 * After directory enumeration completes move the directory
64 status object to the most recently used position to avoid
65 it being recycled when the directory contains more objects
66 that the status cache can hold.
67
68 * Reduce memory fragmentation caused by lock order validation
69 checks.
70
71 * When a status object is deleted, move its object to the
72 least recently used position in the queue to promote
73 recycling when the reference count drops to zero.
74
75 * Fix the osi_Log macros so they safe for use in if..else
76 statements by wrapping in do..while(0). Several logged
77 messages were wrong as a result and there may have been
78 other logic errors caused by mismatched if and else
79 statements when braces were not used in the code.
80
81 * Apply interlocked operations to all state and queue fields
82 in the cm_call, cm_volume, cm_scache, and cm_buf objects
83 in order to ensure that operations are atomic. State flag
84 bits were being lost on multi-processor systems under heavy
85 load.
86
87Since 1.5.9906 (1.6pre6)
88 * add support for detection of NTFS symlinks to
89 \\AFS using GetFileInformationByHandleEx which is
90 available on Vista, Server 2008 and beyond.
91
92 * improve thread safety of afs_shl_ext.dll
93
94 * MS11-043 adds response validation for SMB_COM_NEGOTIATE
95 messages received by the SMB Redirector. OpenAFS failed
96 to properly specify a Challenge and DomainName in the
97 response when the security mode is SMB_AUTH_NONE (or share
98 with password). This patchset corrects smb_ReceiveNegotiate()
99 so that it adheres to the protocol specification.
100
101 * smb_T2SearchDirSingle() must not fail directory search requests
102 for the _._AFS_IOCTL_._ file. Although this file does not actually
103 exist, it is successfully processed by CreateFile operations.
104 Therefore, an explicit search for it should return a valid answer.
105
106 * cm_SyncOp/cm_SyncOpDone is used to synchronize the RPC processing
107 to ensure that calls which are in conflict cannot occur at the
108 same time but also to ensure that the ordering of operations
109 is consistent. cm_MergeStatus() was in many cases executed after
110 cm_SyncOpDone() removed the synchronization barrier which in turn
111 permitted status information to be applied out of order. Side
112 effects could have included data loss due to client side file
113 truncation. More commonly two StoreData RPCs would have their
114 status information applied out of order forcing the cache manager
115 to invalidate all of the cached data for the file.
116
117 * cm_NewServer() can result in a call to cm_UpdateVolumeLocation()
118 if a server probe is performed. In order to avoid recursive
119 calls to cm_UpdateVolumeLocation() do not probe new servers from
120 within cm_UpdateVolumeLocation().
121
122 * Numerous Rx improvements.
123
124 * Fix out of order lock acquisition in smb_ReceiveV3LockingX()
125 which occurs if the lock acquisition fails.
126
127Since 1.5.9905 (1.6pre5)
128 * aklog supports dotted Kerberos v5 principal names.
129
130 * afskfw library always attempts afs/cell@USER-REALM
131
132 * afskfw library must test return code from
133 krb5_cc_start_seq_get() or will trigger a null
134 pointer exception when using Heimdal.
135
136 * lock protected fields must be 32-bit in order
137 to avoid memory overwrite races.
138
139Since 1.5.9904 (1.6pre4)
140 * Fix caching of non-existent volumes. The test to
141 trigger an immediate CM_ERROR_NOSUCHVOLUME in
142 cm_UpdateVolumeLocation() was backwards.
143
144 * Prevent the background daemon from checking the
145 status of non-existent volumes. cm_CheckOfflineVolumes()
146 should skip volume groups with the CM_VOLUMEFLAG_NOEXIST
147 flag set.
148
149 * The afskfw library should return an error immediately
150 if the krb5_32.dll library cannot be loaded. Affects
151 afslogon.dll and afscreds.exe.
152
153 * No longer depend on leashw32.dll in afskfw library.
154
155 * NPLogonNotify must provide the user password in all
156 calls to KFW_AFS_get_cred(). It cannot count on a
157 credential cache being preserved between calls. Permits
158 tokens to be acquired for all cells listed in the
159 TheseCells registry value for a domain.
160
161 * Improve the trace logging from NPLogonNotify().
162
163 * Avoid a race when writing the cm_scache_t mountPointString
164 when acquiring mount point or symlink target data via
165 cm_GetData(). The race could result in bogus target
166 data being cached.
167
168 * Permit the use of des-cbc-md5 and des-cbc-md4 enctypes
169 as DES keys in asetkey.exe.
170
171Since 1.5.9903 (1.6pre3)
172 * Fix automatic addition of Freelance cell mount points
173 broken in 1.5.9902.
174
175 * Avoid recursive offline volume checks which could cause
176 a crash due to stack exhaustion.
177
178Since 1.5.9902 (1.6pre2)
179 * rx calls issued on a busy call channel are now specially
180 handled and logged. All calls are automatically retried.
181
182 * The vos support for multi-homed servers was incorrectly
183 implemented. The changes have been reverted.
184
185 * Avoid wasting cm_buf_t objects and associated data buffers
186 for obtaining mountpoint and symlink target strings. Instead
187 read them directly into the cm_scache_t mountPointTarget
188 buffer.
189
190 * Optimize the evaluation of mountpoint and symlink targets
191 by skipping the FetchStatus and a full round-trip if
192 the cache manager does not have valid status information
193 for the object.
194
195 * Fix the abstraction of cm_FreelanceAddMount() by passing
196 in volume names that do not include the trailing dot.
197
198Since 1.5.78
199 [there was no 1.6pre1 for Windows]
200
201 * vos commands now manipulate servers by UUID and can
202 recognize multi-homed servers.
203
204 * afs_config will not longer set the Tray Icon State
205 in the registry if the checkbox is not present in
206 the dialog. [RT 128591]
207
208 * Heimdal's roken utility library has been added
209 as \Program Files\Common\afsroken.dll
210
211 * When probing servers to determine if they are up or down
212 no longer issue an RXAFS_GetTime RPC to servers that indicated
213 that they do not understand the RXAFS_GetCapabilities RPC.
214 Since they responded it is known that they are up.
215
216 * AFS Explorer Shell Extension now works from folder
217 backgrounds. Overlays for mount points and symlinks
218 are present in the dll, but are not registered at present
219 by the installers.
220
221 * Do not use RankServerInterval registry value as the value for
222 PerformanceTuningInterval.
223
224 * CellServDB updated to 13 Dec 2010 release from grand.central.org
225
226 * Add "fs chmod" command and display current mode as part
227 of "fs examine" output.
228
229 * When the data version of a mountpoint or symlink changes,
230 the target string in the cm_scache_t object must be cleared.
231 Otherwise, the new target will not be queried.
232
233 * "fs checkservers" now includes vldb servers in the output
234 and only lists multi-homed servers once. A multi-homed
235 server that has at least one up interface is no longer
236 considered to be down.
237
238 * When asynchronously storing dirty data buffers to the
239 file server ensure that (a) the cm_scache_t object and
240 the cm_buf_t object are for the same File ID so that
241 locking and signalling work properly; and (b) if the
242 FID no longer exists on the file server, do not panic,
243 just discard the buffer.
244
245 * When processing VNOVOL, VMOVED and VOFFLINE errors perform
246 server comparisons by UUID or address and not simply by
247 cm_server_t pointer. Otherwise, server failover may not
248 succeed.
249
250 * Do not preserve status information for cm_scache_t objects
251 when the issuing server is multi-homed.
252
253 * Giving up all callbacks when shutting down or suspending
254 the machine is now significantly faster due to the use
255 of an rx_multi implementation. (This functionality is
256 still off by default and must be activated by a registry
257 value.)
258
259 * Race conditions were possible when updating the state
260 of the cm_volume_t flags and when moving the volumes
261 within the least recently used list.
262
263 * Ensure that the lanahelper library does not perform a
264 NCBRESET of each lan adapter when enumerating the
265 current network bindings. Correcting this permits OpenAFS
266 to work on Windows 7 when the network adapter settings
267 change.
268
269 * Fix creation of mount points and symlinks as \\AFS\xxxx
270
271
272Since 1.5.77
273 * Reimplement FetchData and StoreData operations to make
274 use of rx_Writev and rx_Readv which is faster than than
275 multiple calls to rx_Write and rx_Read. Throughput
276 improvements of up to 20% are possible.
277
278 * Many improvements to the rx rpc stack:
279
280 - RTT measurements
281
282 - Fast recovery is not triggered by packet resend timeouts
283
284 - Socket errors are now detected and reported
285
286 - avoid repetitive memory allocations
287
288 - avoid calling gettimeofday() for every packet
289
290 - reduced dependency on the call->lock
291
292 - When a call receive is completed, ack all of the packets
293 immediately. Do not wait for the first response packet
294 to be sent.
295
296 - Do not hold the call->lock during rx_Write* and rx_Read*
297 operations when the call fields in use can only be accessed
298 by the application thread.
299
300 - Reduce the default window size from 128 back to 32 because
301 the current overhead from walking packet queues in the rx
302 listener thread significantly hampers the ability to
303 process incoming packets from the network.
304
305 - Only backoff the peer timeout once for a series of naks.
306
307 - Release builds are lean and mean. All debugging and
308 packet tracking code is disabled.
309
310 * Version number is logged to the Windows Application Event
311 Log as part of the start pending message.
312
313 * MSI installers now backup and restore configuration
314 data during upgrades.
315
316 * Rx pmtu discovery has been disabled by default. Use
317 HKLM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
318 RxPMTUDiscovery "DWORD"
319 value to re-activate.
320
321 * cm_BkgDaemon event evaluation has been optimized to avoid
322 unnecessary overhead.
323
324 * If a volume is known to be readonly, then locally fail any
325 change request without sending it to the file server. This
326 avoids triggering the file server's abort threshold.
327
328 * Do not leak cm_volume_t objects from the volume LRU queue.
329
330 * Ensure that cm_NameI errors are acted upon promptly.
331 There are many cases in the SMB server where an error from cm_NameI()
332 was either ignored or not acted upon until several other operations
333 are performed that could result in the same error being repeated.
334 This is a mistake which did not have negative side effects until
335 additional checks for callback status were added recently.
336
337 At present, if a CM_ERROR_ACCESS error is returned and ignored,
338 subsequent attempts to operate on the same cm_scache_t will result
339 in additional queries to the file server that will also end in an
340 abort response. This can trigger the file server to delay responses
341 to the client.
342
343 * Fix fs mount point and symlink create operations which were
344 failing due to improper directory separator termination.
345
346 * RXAFS_GetVolumeStatus can return VNOVOL, VMOVED, etc. In
347 order to process them and update volume state a fid must
348 be passed to cm_Analyze(). Use the volume root fid.
349
350 * Negative caching for volume lookups that fail with either
351 VL_NOENT or VL_BADNAME. The expiration time is five minutes.
352 This prevents volume lookup storms.
353
354 * Provide each volume lookup its own two hour lifetime instead
355 of reseting all volume location information every two hours.
356 This prevents the first smb path evaluation after the volume
357 location data has been discarded from potentially causing an
358 smb client timeout.
359
360Since 1.5.76
361 * When the SYSTEM account is in use, the SMB connection is
362 not always established as S-1-5-18. Sometimes it uses an
363 anonymous, S-1-5-7, connection. In both cases the SMB
364 authentication name is the nul string. To better identify
365 when an SMB connection is local system, the smb_username_t
366 is now stored as a SID instead of a user name. When a SID
367 is used, a new flag bit is set SMB_USERNAMEFLAG_SID.
368
369 In smb_SetToken if AFS_PIOCTL_AFSLOGON is set and the user
370 connection is not SYSTEM, the RPC SID is checked. If RPC
371 SID is SYSTEM, that supercedes the SMB authentication.
372
373 * Replace STATUS_IO_TIMEOUT with RPC_NT_SERVER_TOO_BUSY for
374 CM_ERROR_ALLBUSY.
375
376 * Replace STATUS_PATH_NOT_FOUND with RPC_NT_SERVER_UNAVAILABLE
377 for CM_ERROR_ALLOFFLINE and CM_ERROR_ALLBUSY.
378
379 * Optimize behavior of buf_CleanAsyncLocked(). Avoid searching
380 for the cm_scache_t object by FID if it is already known.
381
382 * If the readonly file attribute is set (stored as a unix mode)
383 then a CreateFile operation should fail if the file is opened
384 for DELETE in combination with any other privilege.
385
386 * If the directory buffer contents are garbage we can crash
387 the service. Add some simple validation checks to ensure
388 that cm_dirEntry_t objects have the correct flag value and
389 that the name strings are not too long.
390
391 * If the bulkStat errorCode indicates that a particular object
392 is inaccessible due to a VIO error, we must update the server
393 status appropriately in order to permit failover.
394
395 * An RX_MSGSIZE error is returned by the new PMTU detection
396 code. It is critical that such an error result in a retry of
397 the operation that failed. Otherwise, the PMTU detection can't
398 work and the server will be marked down.
399 Secondly, it is important that such errors not leak to the
400 application layer. Map them to CM_ERROR_RETRY in all cases.
401
402 * Translate RX_RESTARTING to the same cache manager error code
403 for all RPC classes.
404
405 * When logging server volume instance errors to the windows
406 application event log, be sure to log the cell as well.
407 Translating from server ip address is non-trivial. Make it
408 easier for administrators triaging issues to plug the volume
409 and cell info into vos commands.
410
411 * Since unix mode bits are represented in octal in most cases
412 make sure we log them that way.
413
414 * The cm_enforceTrailingDot() function failed if there was a
415 trailing dot followed by white space.
416
417 * Rx: Do not send RX_MSGSIZE if the PMTU size did not change.
418
419Since 1.5.75
420 * A crash could occur if a single letter share name was
421 dynamically evaluated as matching a cell name. This was
422 due to a failure to treat the comparison of two nul
423 strings as identical.
424
425 * Docbook validation is performed by xmllint during builds.
426
427 * Volume package bugs in the file server can result in VOFFLINE
428 being returned to the client instead of VNOVOL or VMOVED. As
429 a result the Unix CM treats VOFFLINE the same as VMOVED and VNOVOL.
430 The Windows client has not. As a result, bugs in the file server
431 can cause the Windows client to lose if the volume has in fact
432 been moved to another server.
433
434 As part of this change, the volume location list is updated prior
435 to the volume status being applied to the server from which the
436 error was received.
437
438 * If the pages to be flushed are from a readonly or backup volume
439 they can't be dirty. In this case there is no need to stabilize
440 the pages before they are locked and recycled.
441 Stablilization is performed on the cm_scache_t object so do not
442 stabilize and unstablize for each cm_buf_t object.
443
444 * Over the years the processing of the Freelance callbacks have
445 added functionality that behaves much more like FetchStatus checks
446 to a file server. If the data version of the object has changed,
447 get the new data. Given that is the case, we can remove much of
448 the original refresh logic that is rather race prone. Say goodbye
449 to cm_fakeGettingCallback and cm_fakeDirCallback.
450
451 * When processing a pioctl path with either smb_ParseIoctlPath or
452 smb_ParseIoctlParent, cm_SyncOp(CM_SCACHESYNC_NEEDCALLBACK|GETSTATUS)
453 must be called on the cm_scache_t object to ensure that it is up
454 to date before we permit cm_Lookup or other operations to be performed
455 on it. Add the cm_SyncOp() call to smb_ParseIoctlPath and
456 smb_ParseIoctlParent to ensure it is done for all pioctl operations.
457
458 * The 32-bit tools installer was displaying client configuration wizard
459 pages. Since, the 32-bit tools share configuration with the AFS
460 service, the 32-bit tools installer should not be attempting to change
461 client configuration. Remove said wizard pages from the 32-bit tools
462 installer.
463
464 * cm_data.rootSCachep is a global pointer to the cm_scache_t that
465 represents the root.afs volume root directory. Throughout the
466 code this cm_scache_t was being used without ensuring that a
467 callback to the volume is in fact valid.
468
469 Under most circumstances this would not be a problem. However,
470 it is possible for a request to fail due to the lack of a callback
471 at a critical moment. Add a new function cm_rootScachep() that
472 attempts to ensure that a callback is present (if possible) prior
473 to use the cm_scache_t object.
474
475 * When the contents of the Freelance root directory changes the fake
476 directory buffers are updated and a fakeDirVersion is incremented.
477 The dataVersion of the cm_scache_t object is supposed to be updated
478 on the next access by performing a fake get callback request.
479 Unfortunately, this did not always occur because of a race. If another
480 Freelance object is updated first, the root directory object would
481 never successfully get a fake callback.
482
483 This patchset ensures that the generation of the fake directory
484 buffer content and the callback are obtained under the same set
485 of locks thereby removing the race.
486
487 * Enforce in afsd_service that tokens can be set for alternate
488 userids only if the SetToken pioctl is called from the
489 Local System account.
490
491Since 1.5.74
492 * Revise SMB QuerySecurityInfo Response for MS10-020
493
494 MS10-020 (http://support.microsoft.com/kb/980232) has caused
495 many problems for implementors of SMB 1.0 servers and applications
496 that call GetFileSecurity() without checking the return code to
497 determine if the call succeeded. The gist of the vulnerability
498 was that the SMB redirector would pass any buffer it received
499 to the application regardless of whether or not it was valid.
500 MS10-020 protects the applications by strictly validating the
501 SMB response data structure and the data in the security descriptor
502 that is returned.
503
504 The problem for SMB 1.0 server implementors is that there have
505 been at least three different protocol descriptions for
506 NT_TRANSACT_QUERY_SECURITY_DESC published over the last decade
507 and all of them are incomplete. Therefore, just about no one but
508 Microsoft has an SMB 1.0 server implementation that produces the
509 exact out that they are expecting to validate.
510
511 The end result is that in an attempt to protect applications from
512 crashing due to invalid input being passed in directly caused
513 dozens of applications to crash by not returning any security
514 descriptor data at all. Even when the applications didn't crash
515 they might not have been able to save their data. Cisco WAAS
516 and NetApp DataOnTap systems were most adversely affected and
517 they have had CIFS protocol licenses for many many years.
518
519 To fix OpenAFS here is what needed to be done:
520
521 1. Instead of returning a security descriptor that gives ownership
522 to the NUL SID, give it to the Everyone SID and set the flag
523 that states that everyone has full access.
524
525 2. Validate the input parameters. In particular, check to ensure
526 that the SMB file descriptor is valid and the file has not
527 been deleted.
528
529 3. Enforce the maximum output data and parameter counts.
530
531 4. Handle buffer overflow and buffertoosmall conditions
532 in the manner that Microsoft expects them to be handled.
533 In particular, note that the parameter data which is returned
534 in the SMB Data Region is not counted in the Data Count.
535 Even if MaxData is 0, we can still return parameters values
536 as long as MaxParm is large enough.
537
538 * Prevent use of AFSCache file contents if mapped to
539 a new address.
540
541 * The Windows version of "fs newcell" did not accept any parameters
542 and behaved quite differently from the Unix version. Instead of
543 permitting new cell information to be added, the Windows version
544 simply forced the existing cell information to be reacquired.
545
546 This update adds a new pioctl, VIOCNEWCELL2, to support the
547 implementation of a Unix-style "fs newcell". The functionality
548 added here differs from the Unix version in the following ways:
549
550 1. "fs newcell" with no arguments is still accepted
551 in order to maintain compatibility with prior Windows
552 behavior.
553
554 2. "fs newcell -cell <cell> -dns" instructs the cache manager
555 to add the new cell but obtain the vldb server info from
556 DNS.
557
558 3. "fs newcell -cell <cell> ... -registry" instructs the cache
559 manager to add the new cell and also save the cell configuration
560 data in the registry for use the next time the service restarts.
561
562 4. The -vlport and -fsport options are accepted although the
563 -fsport value is currently unsupported by the cache manager.
564
565 * New registry value "FreelanceImportCellServDB" instructs Freelance
566 to create a mount point for every cell name listed within the
567 CellServDB.
568
569 * Path MTU discovery for Rx is activated.
570
571 * Rx socket input buffer is converted to a circular buffer.
572
573 * Fix usage of cm_FreeServerList(). Do not set the server list
574 pointer to NULL after calling cm_FreeServerList(). Doing so
575 can result in a memory leak.
576
577 * Only enable Rx NAT pings on a single anonymous connection at a
578 time.
579
580 * Fix cm_IoctlSkipQueryOptions() buffer management. Prevents a
581 potential read beyond end of memory buffer.
582
583 * Reduce requested privileges when reading registry CellServDB
584 to the minimum required.
585
586 * Add support for RPC Pipe Service NetWkstaGetInfo levels
587 101 and 102 which are called on Windows 7 and 2008-R2.
588
589 * Prevent integer overflow during quota percent used calculation
590 in Explorer Shell Extension (RT 126846)
591
592 * Generate a meaningful error if "fs listacls" or "fs setacls"
593 are executed on the Freelance root.afs volume.
594
595 * RXAFS_InlineBulkStat errors must be processed via cm_Analyze.
596 RXAFS_InlineBulkStatus does not return errors such as EACCES,
597 VNOVOL, VNOVNODE, VOFFLINE, VBUSY, VIO, VMOVED, etc. as an RPC return
598 code. Instead they are returned in the status info errorCode field
599 for each file.
600
601 Traditionally, the error associated with the first FID in the query
602 list has been returned to the caller of cm_TryBulkStatRPC().
603 However, the error has never been processed through cm_Analyze()
604 which means that the per-vnode processing for VNOVNODE and the volume
605 global processing for VMOVED, VNOVOL, etc. has never been performed.
606 As a result, failover to other .readonly volume instances cannot occur,
607 volume moves will not be handled, and files that have been deleted
608 are not detected.
609
610 This patchset makes the following changes:
611
612 1. If an inline bulk operation has been performed and the inline
613 errorCode is a volume global error, then that error replaces
614 the RPC return code within the cm_Analyze() processing for
615 the RPC. This will affect whether or not a retry operation
616 is performed.
617
618 2. The variable 'inlinebulk' is reset to 0 at the top of the
619 cm_Analyze() loop in case failover from an inlinebulk capable
620 file to an inlinebulk incapable file server takes place.
621
622 3. The FID that is passed into cm_Analyze() is not a real fid.
623 Instead it consists of the cell and volume but vnode = 0.
624 This ensures that the error (if any) is not applied to the
625 directory object.
626
627 4. If an inline bulk operation was performed, prior to performing
628 the cm_MergeStatus() operation a vnode a check is made to
629 determine if an error was returned for that vnode. If so,
630 cm_Analyze() is called with no connection, a fake cm_req_t,
631 the fid, and the error. This permits cm_Analyze() processing
632 to be performed on the file.
633
634 * Show configuration pages for all types of MSI installations
635
636 The OpenAFS MSI installer wizard used to not show any configuration
637 pages for "Typical" and "Complete" installations. Setting the
638 workstation cell and logon options during installation required
639 selecting the "Custom" option. Many users choose the "Typical" option
640 during installation, and thus would never see the configuration pages.
641 Therefore, for these users, the workstation cell was being set to the
642 default.
643
644 This patch makes the workstation cell and logon option configuration
645 pages visible to all types of installations (except silent
646 installations which show no UI).
647
648 * cm_LookupInternal creates Freelance mount points and symlinks
649 when queries cannot be found in the Freelance root.afs directory.
650 If the search name is a full cell name for which vldb information
651 can be obtained, then a mount point is added. If the search name
652 is a left-most substring or the full cell name with a dot appended
653 to it, then a symlink was created. This approach created a very
654 poluted Freelance name space.
655
656 This patchset makes the following changes:
657
658 1. Do not create symlinks with a dot appended to the cellname
659
660 2. Do not create symlinks where the left-most substring is not
661 a full dot separated component of the cellname.
662
663 3. Permit lookups to succeed when we would have created a
664 symlink in the past without creating the symlink.
665
666 * BPlus tree lookups are much faster than searching through
667 the native directory format on Windows because the case sensitive
668 hash tables cannot be used successfully. Permit BPlus trees
669 to be used except when called with cm_BPlusDirFoo as the action
670 function because cm_BPlusDirFoo is used to build the BPlus trees
671 from the native directory format.
672
673 * Symlinks are ending up in the Freelance root.afs directory that
674 end with a dot. Make sure it cannot happen.
675
676 * cm_FreelanceAddMount and cm_FreelanceAddSymlink is supposed to
677 return the allocated FID of the entry that was added. However,
678 cm_NameI is called to perform the lookup without forcing an update
679 of the Freelance fake directory. As a result the entry may not be
680 found.
681
682 Force an update prior to calling cm_NameI() by using
683 cm_clearLocalMountPointChange() and cm_reInitLocalMountPoints()
684 if required.
685
686 * The Freelance fake root directory buffers were not zero-filled.
687 This results in random behavior that can cause the service to
688 terminate unexpectedly.
689
690 * The validation check for the response from the GetVolumeStatus
691 pioctl is incorrect. The response is not simply a VolumeStatus
692 structure but also several C strings appended to it.
693
694 * When flushing a file, we need to commit the file length changes
695 as well as the dirty buffers. Call cm_FSync instead of buf_CleanVnode
696 which is called by cm_FSync.
697
698 * Prevent rx_rpc_stats global lock from being a bottleneck in the
699 Rx library.
700
701Since 1.5.73
702
703 * Avoid a race when updating cell vldb server lists
704 that can result in a crash.
705
706 * Avoid a deadlock when managing CM_SCACHESYNC_STOREDATA
707 state operations for directory objects.
708
709 * Add new Windows Application Event log messages for
710 VBUSY, VRESTARTING, ALL_BUSY, ALL_OFFLINE, and ALL_DOWN.
711 Include message throttling to prevent the same message
712 from being logged repeatedly within a five second window.
713
714 * Reduce lock contention by waiting for cm_buf_t I/O
715 operations to complete before permitting cm_SetupStoreBIOD
716 to analyze a buffer for inclusion in a BIOD.
717
718 * Split the cm_buf_t flags field to separate the flags
719 that are protected by the cm_buf_t mutex from those
720 protected by the buf_globalLock. This eliminates the need
721 to hold both locks everytime the flags field is accessed.
722 Both locks were not held in the past resulting in race
723 conditions that could result in deadlocks.
724
725 * Add "vos setaddrs" command.
726
727 * Rx library lock contention avoidance between rx_NewCall and
728 rx_EndCall.
729
730 * Rx library races due to inconsistent use of rx_connection
731 conn_data_lock to protect the flags field.
732
733 * Rx library inconsistent use of RX_CALL_TQ_WAIT which could
734 result in deadlocks.
735
736 * Rx library must signal transmit queue waiters when flushing.
737 Otherwise, deadlocks can occur.
738
739 * In cm_UpdateVolumeLocation, avoid searching for a ".readonly"
740 volume on a numeric volume name.
741
742 * File buffer allocations whose offsets are beyond server EOF
743 should be locally allocated and zero filled. The file server
744 should not be issued a FetchData rpc which is guaranteed to
745 fail.
746
747 * Enable integrated logon to work with Windows 7/2008 when
748 user logons are performed with a non-Domain Kerberos principal.
749
750 * Add Protection Error messages to aklog output.
751
752Since 1.5.72
753
754 * Prevent the Explorer Shell extension from crashing if
755 symlink creation failed. (126406)
756
757 * A Rx level NAT ping has been implemented.
758 Add NatPingInterval registry value to
759 HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
760 to permit Nat Ping to be enabled. The default value is 0 seconds.
761
762 * When a re-initialization is taking place, be sure to reset
763 cm_noLocalMountPoints to 0 in case someone deletes the "Freelance"
764 registry key out from underneath the service.
765
766 * Add krb5 error message translation to aklog, afscreds,
767 afslogon.dll, the network identity manager afs provider
768 and translate_et.
769
770 * Mode bits aren't directly exposed by the Win32 API. We were leaving
771 them to default to 0777 when creating new files and directories.
772 This version introduces two configuration parameters;
773 'UnixModeFileDefault' and 'UnixModeDirDefault' which are DWORD
774 registry entries that are used to set the initial mode bits.
775 If the values are set to 0, then the behavior is identical to what we
776 had before.
777
778 * Minidump files are now produced with a timestamp appended
779 to the name.
780
781 * An SMB request debugging monitor has been added. When activated
782 the monitor will automatically turn on trace logging if any SMB
783 request has required longer than 60 seconds to complete and will
784 then create a minidump every 60 seconds thereafter until the
785 request completes.
786
787Since 1.5.71
788
789 * Restore use of DNS AFSDB and SRV records by kaserver clients.
790
791Since 1.5.70
792
793 * Avoid a potential Freelance deadlock during initial execution
794 of afsd_service.exe if the old ini file data has to be
795 imported.
796
797 * Three rx library corrections. (1) Idle data connection
798 processing could timeout if the send window filled and
799 took longer than the idle data timeout period for the
800 transmit window to re-open. (2) The transmit queue
801 could be emptied prematurely. A required check for the
802 queue being in use was forgotten. (3) The function that
803 is supposed to implement a wait for the transmit queue
804 to cease being busy failed to wait.
805
806Since 1.5.69
807 * Restore use of DNS AFSDB and SRV records which were
808 unintentionally disabled in 1.5.69
809
810Since 1.5.68
811 * Add a context menu to the NetIdMgr AFS Provider
812 notification icon.
813
814 * Prevent an empty directory Btree from being created and
815 marked as valid if cm_BPlusDirBuildTree fails.
816
817 * cm_BPlusEnumAlloc should not fail if the enumeration
818 contains zero entries.
819
820 * In cm_BPlusXXX functions, return ENOMEM if malloc() fails.
821
822 * Do not leak the cm_scache_t dirlock if cm_BPlusDirBuildTree
823 fails.
824
825 * fs examine should report owner and group ids as signed values.
826
827 * Protect buffers in smb_WriteData from simultaneous writes.
828
829 * Query network interface MTU values from the registry because
830 the IP Helper GetAdapterAddresses() fails to report a manually
831 configured MTU.
832
833 * Improve performance by not dropping and reacquiring the rx_call
834 lock in rx_WriteProc* and rx_ReadProc*.
835
836 * When configuring the rx library, the network interface MTU
837 must be applied to both the maximum send size as well as the
838 maximum receive size as is done when rx_SetMaxMTU is called
839 by the application.
840
841There was no 1.5.67 release
842
843Since 1.5.66
844 * Convert afsauthent.dll to use the xdr_alloc and xdr_free
845 routines from afsrpc.dll in place of malloc and free.
846 This permits the two libraries to be built with different
847 C runtime libraries without crashing.
848
849 * Set the DOS Readonly attribute on a file/directory
850 whenever the unix mode combined with the mask 0200
851 is true. Previously there was a discrepency between
852 the mask used for testing for readonly behavior and
853 that used for setting the attribute.
854
855 * Disable AFSVolSync based .readonly "whole-volume callback"
856 support because the all file servers prior to 1.5.67
857 (and perhaps 1.4.12) do not properly assign a value to
858 the AFSVolSync structure in bulk status RPC responses.
859
860 * Improve the error output from aklog to output the value
861 from krb5 error_message() if the afs_com_err output
862 indicates an unknown value.
863
864 * Hold a lock on the cm_scache_t object when the smb
865 server is assigning a new clientModTime value.
866
867 * Permit custom build version numbers to be set
868 without modifying the src/config/NTMakefile.<platform>
869 files.
870
871 * Add support for binary code signing with cross-signed
872 certificates and arbitrary versions of signtool.exe.
873
874 * Convert VBUSY and VRESTARTING to CM_ERROR_ALLBUSY and
875 do not permit them to be exposed to the smb redirector.
876
877 * Convert STATUS_TIMEOUT responses to STATUS_IO_TIMEOUT
878 to avoid confusion within the smb redirector.
879
880 * Fix the byte order assigned to port numbers associated
881 with AFSDB record lookups. They must be network byte
882 order not host byte order.
883
884 * Add dynamic server ranking based on RPC round trip
885 time measurements.
886
887Since 1.5.65
888 * Official support for Windows 7 and Server 2008 R2
889
890 * Improved Rx RTT computation following the lessons
891 learned by TCP.
892
893 * Prevent a file server bug (FetchData returning an
894 invalid length instead of zero) from causing an
895 "unexpected network error" when writing to files.
896
897 * Promote DNS SRV records as superior to DNS AFSDB
898 records. Support arbitrary port numbers for vldb
899 servers.
900
901 * Add "fs listacl -cmd" support.
902
903 * Add AFSVolSync based .readonly "whole-volume callback"
904 support. With this functionality, multiple objects from
905 a .readonly volume can have their status validated by
906 issuing a single RXAFS_FetchStatus RPC.
907
908 * Remove drive mapping functionality and service start/stop
909 from afscreds.exe.
910
911 * Remove drive mapping functionality from afs_config.exe.
912
913 * Adjust SMB error return codes to avoid returning
914 STATUS_TIMEOUT which results in the SMB redirector
915 disconnecting.
916
917 * Network Identity Manager OpenAFS Provider now provides its
918 own "AFS lock" notification icon to report the status of
919 "have tokens, have no tokens, service not started, service
920 started but inaccessible". Hovering over the icon lists the
921 cells for which tokens exist (if any) and the OpenAFS version
922 number. Double-clicking executes the Network Identity Manager
923 default action.
924
925 * When merging the current status for an AFS object, ensure
926 that the volume status for that object is set to 'vl_online'.
927
928 * Permit cm_Analyze to request a retry even when the cm_req_t is
929 flagged CM_REQ_NORETRY if the RPC failed due to RX_CALL_DEAD.
930 The retry will force the use of a new connection.
931
932 * Add digital signatures to resource only dlls as required by
933 Windows 7.
934
935 * Prevent pioctl calls from retrying indefinitely when a sharing
936 violation error occurs.
937
938 * Add {HKLM,HKCU}\SOFTWARE\OpenAFS\Client DWORD "ShowMountTab"
939 to restore access to drive mapping functionality in afscreds.exe
940 and afs_config.exe.
941
942 * Permit Rx minimum peer timeout, maximum receive window size and
943 maximum send window size to be configured via the registry.
944
945 * The MSI installer now sets the ARPINSTALLLOCATION as required by
946 Windows 7.
947
948 * DNS lookups set the port numbers in network byte order within
949 the cache manager.
950
951 * Replace use of the 16-bit compatibility API WinExec with
952 ShellExecuteEx in afs_config.exe and afscreds.exe. WinExec
953 is incompatible with Windows 7 / Server 2008 R2 UAC
954 functionality.
955
956Since 1.5.64
957 * Short circuit background volume checks if a shutdown
958 or suspend request is received.
959
960 * Avoid contacting the file server in order to allocate
961 an empty buffer beyond the current length of the file.
962
963 * When a request for streams on a directory or mount
964 point object is received, do not offer a default stream.
965 This was affecting the saving of roaming profiles.
966
967Since 1.5.63
968 * Fix Windows 2000 compatibility. Do not call rand_s()
969 even if it is compatible with the C run time library
970 version.
971
972 * Fix a data consistency error between the output of
973 NetWkstaGetInfo and NetServerGetInfo RPCs, specify the Lan
974 workstation group name "AFS", and report server name as
975 "AFS" instead of "\\AFS" when the caller asks for "\\AFS".
976
977 * Enable executables to be run from \\AFS on Windows 7.
978 Return "Name not found" instead of "File not found" when
979 a directory or file name cannot be found.
980
981 * Prevent cache manager from marking file server "down" when
982 the data returned in response to either RXAFS_FetchData64
983 or RXAFS_StoreData64 is invalid.
984
985 * Add pioctl data validation to the AFS Explorer Shell extension.
986
987Since 1.5.62
988 * After 1.5.62 afslogon.dll would no longer crash but it
989 also would not load "domain" specific configurations.
990 Fixed.
991
992 * An uninitialized variable was present in the symlink
993 recursion detection loop.
994
995 * Reverse addition of unique per file GUID during
996 Create/Open responses. Inclusion of the GUID prevents
997 Cygwin applications (and others) from accessing //afs.
998
999 * Treat "filename::$DATA" as a synonym for "filename".
1000 This addresses the recent report of roaming profiles
1001 failing to save back to the file server.
1002
1003 * When given a choice between an error from rx_Write()
1004 or RXAFS_EndStoreData(), use the rx_Write() error.
1005 This ensures that over quota and access denied errors
1006 are acted upon.
1007
1008 * If an error occurs during RXAFS_StoreData operations,
1009 apply that error to all of the buffers in the BIOD.
1010 This ensures that failures will not be retried if they
1011 will only fail again.
1012
1013 * Do not perform a DNS lookup for a cellname if the
1014 cellname prefix is _._AFS_IOCTL_._. This will avoid
1015 DNS lookups when the query is for
1016 _._AFS_IOCTL_._.F7E5F580200909010061TTTTNT7TT.{10E39A49-4531-4496-A08E-842D4C440D20}.
1017
1018 * Fix Freelance root.afs volume object callback processing.
1019 Object synchronization and status merging bugs.
1020
1021 * Fix Explorer Shell "invalid parameter" bug introduced
1022 in 1.5.62.
1023
1024 * Log RXKAD errors to the trace log.
1025
1026 * Prevent simultaneous pioctl calls from multiple processes
1027 from stepping on each other's data.
1028
1029 * Prevent simultaneous pioctl calls from crashing the
1030 afsd_service.
1031
1032 * Add data validation to pioctl output processing in
1033 ktc_GetToken and ktc_ListTokens.
1034
1035 * Add data validation to pioctl output processing in
1036 fs.exe and symlink.exe.
1037
1038Since 1.5.61
1039 * IMPORTANT: New support for DCE RPC Services: SRVSVC and WKSSVC.
1040 No longer will browsing \\AFS produce truncated share names.
1041
1042 * Registry specified server preferences did not result in
1043 the CM_SERVERFLAG_PREF_SET flag being applied to the
1044 cm_server_t object.
1045
1046 * Avoid unnecessary DNS lookups of share names as cells
1047 when it is known that the name cannot be a cell name.
1048 Any name that does not contain a dot is skipped.
1049
1050 * When processing Dfs Referral requests, do not return an
1051 error if the server is down or busy; if the volume is
1052 offline; the cell vldb cannot be reached; etc.
1053 These paths are still \\AFS paths and so the client
1054 should not be sent to search elsewhere for resolution.
1055
1056 * CRITICAL: Prevent the cm_Daemon thread from terminating when
1057 the machine enters the suspend state. IF the cm_Daemon thread
1058 dies, there is nothing to execute down server checks.
1059
1060 * Prevent use of smb_StartedLock before initialization which
1061 can result in a panic in the lock package.
1062
1063 * Improve error checking in afslogon.dll in order to prevent
1064 NULL pointer dereferences within GetLogonDomainOptions()
1065 if the Lsa operations fail.
1066
1067 * Add support to the build system to automatically update
1068 a Microsoft Symbol Store.
1069
1070 * Do not access the cm_conn_t after executing the cm_Analyze
1071 loops. Doing so can result in an access to memory that has
1072 been freed.
1073
1074 * CRITICAL: If a StoreData request offset is not aligned on the
1075 buffer module blockSize, (offset % blockSize) bytes of dirty
1076 data will not be written to the file server.
1077
1078 * CRITICAL: If a StoreData64 request is sent to a file server
1079 that does not support large files (>2GB) and the client is
1080 unaware that the server has no large file support, the first
1081 chunksize worth of data will not be written to the file server.
1082 This bug was introduced in 1.5.3. It affects all IBM AFS file
1083 servers and all OpenAFS file servers older than 1.4.0.
1084
1085Since 1.5.60
1086 * If a file server becomes inaccessible while the cache manager has
1087 dirty buffers to write, the afsd_service buf_IncrSync thread can
1088 attempt to use 100% of the cpu.
1089
1090 * Fix the locking that protects the cm_cell_t lists
1091 (all, name, id, free).
1092
1093 * Remove cm_cell_t objects from the name and id hash tables before
1094 placing them on the free list.
1095
1096 * Fix "fs newcell" which was broken in 1.5.60.
1097
1098 * Do not attempt to synchronize dirty buffers if the associated
1099 volume is known to be unavailable.
1100
1101 * Log to the Windows Event Log dirty buffers that cannot be written
1102 during the shutdown process.
1103
1104 * Modify behavior of a Freelance mountpoint target that does not
1105 specify a cell. Instead of assuming the target volume is in the
1106 Freelance.Local cell, use the workstation "Cell" specified in the
1107 registry. A mountpoint target of "#root.cell." will now mean the
1108 root.cell volume in the workstation cell for the current session.
1109 If the workstation cell changes from "athena.mit.edu" to
1110 "andrew.cmu.edu", the referenced volume will also change without
1111 requiring that the mount point targets be altered.
1112
1113 * Avoid false infinite loop errors when validating the cm_cell_t
1114 free list during startup.
1115
1116 * Fix two more locations where xdr_free() should be used instead of
1117 free() to permit a checked built of afsd_service.exe to work with
1118 release builds of afsrpc.dll.
1119
1120 * Add cm_FindServerByUuid(). Re-implement RXAFS_InitCallBackState3()
1121 to permit the server Uuid to be used to lookup the server object
1122 and from that determine the cell. This permits callbacks that are
1123 received from alternate addresses to be processed with a known server
1124 object. Previously a request from an unknown server would clear all
1125 callbacks from all cells.
1126
1127 * Fix a bug that prevented optimal performance when using a non-zero
1128 value for 'daemonCheckVolCBInterval'. As a reminder, when
1129 "daemonCheckVolCBInterval" is set to a non-zero value, all .readonly
1130 volume callbacks are automatically renewed 90 minutes before their
1131 expiration.
1132
1133 * Fix automatic ranking of vldb servers whose values are obtained from
1134 the CellServDB file.
1135
1136 * Add logging for RX CALL DEAD errors which are generated if the remote
1137 host is unreachable.
1138
1139 * Add failover for RX CALL TIMEOUT errors when the volume is readonly
1140 or the call is to a vldb server.
1141
1142 * Add registry based cell search functionality to NetIdMgr,
1143 afs_config.exe, and klog.exe.
1144
1145 * afsconf_GetCellInfo() has been modified to perform gethostbyname()
1146 lookups on the host names in the CellServDB instead of using the
1147 specified IP addresses. This provides aklog, pts, vos, etc. the same
1148 CellServDB behavior that the Windows Cache Manager uses.
1149
1150 * Completely a behind the scenes change. The snprintf() routines have
1151 been completely rewritten.
1152
1153 * When updating the stat cache entry callback of a .readonly object
1154 from the volume group object, update the file server reference to
1155 ensure it matches the most update to date callback.
1156
1157 * Add proper support for processing callbacks from multi-homed file
1158 servers. Instead of comparing servers by cm_server_t pointer,
1159 compare them by UUID when the UUID is known.
1160
1161 * During a shutdown short circuit the offline volume check daemon
1162 functionality.
1163
1164 * Properly track link counts during cm_Link and cm_Unlink operations.
1165
1166 * Return the error code of RXAFS_FetchData / RXAFS_StoreData in
1167 preference to an error code reported by rx_EndCall.
1168
1169 * Add "PerFileAccessCheck" registry value to permit testing against
1170 experimental file servers that include per-file acl support. This
1171 value is intentionally undocumented. It is not to be used by
1172 production environment deployments.
1173
1174 * Log a warning to trace log if a volume group is marked as a DFS
1175 File Set. The Windows OpenAFS client does not include DFS support.
1176
1177 * Fix a bug introduced in 1.5.60 that prevents the afs netidmgr
1178 provider from obtaining tokens when referrals are in play.
1179
1180 * Add "fs chown" and "fs chgrp" commands to permit the owner and
1181 group of objects stored in AFS to be set from Windows.
1182
1183 * Avoid performing background daemon operations when the machine is
1184 going into suspend mode.
1185
1186 * Perform offline volume checks in most recently used order.
1187
1188 * Prevent crash when a data version for a cache object goes backwards.
1189
1190 * fs setquota, fs setcachesize, vos setfields, and vos create now
1191 accept human readable orders of magnitude. (K, M, G)
1192
1193 * fs listquota fixed to permit large quota sizes to be displayed.
1194
1195 * rx packet resend and data packets sent counts were incorrect.
1196
1197 * Multi-thread safe library versions are now being generated and used.
1198 mtafsubik.lib, mtafsutil.lib, mtafsvldb.lib, mtafsvol.lib.
1199
1200 * Microsoft SMB Redirector (mrxsmb.sys) support for ExtendedSessTimeout
1201 values are now available on XP through Windows 7. Add functionality
1202 to autodetect if such support is present on the machine. If so,
1203 configure it if necessary and dynamically adjust the AFS Rx timeout
1204 values accordingly.
1205
1206 * Correct another race condition in the Rx library that could result
1207 in an unexpected panic while freeing the Rx call iovq.
1208
1209Since 1.5.59
1210 * A fix to the pioctl library to support drive substitution
1211