[OpenAFS-devel] 1.3.75 is soon to be released

Jeffrey Altman jaltman@columbia.edu
Tue, 07 Dec 2004 11:20:26 +0100


This is a cryptographically signed message in MIME format.

--------------ms000909040507040608050100
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Changes to the Unix sources are going to result in a 1.3.75 release in 
the either today or tomorrow.  If you have a chance to test the latest
daily builds please do so:


    http://web.mit.edu/~jaltman/Public/OpenAFS/
    /afs/athena.mit.edu/user/j/a/jaltman/Public/OpenAFS/
    \\AFS\athena.mit.edu\user\j\a\jaltman\Public\OpenAFS\


These binaries are digitally signed with Secure Endpoints Inc. certificate.

The changes since 1.3.74 include:


   * Shutdown all SMB threads in a synchronized manner when stopping the
     service.

   * There is currently a maximum cache size of 1.3GB.  The limit is
     imposed by the largest contiguous block of unused memory within the
     2GB process space which can be assigned to the memory mapped file.
     Unfortunately, when the executable digital signature verification
     code is activated Windows sees fit to further segment the process
     memory which in turn reduces the size of the maximum cache file to
     less then 800MB.  If larger cache sizes are desired, a new registry
     value should be set:

     HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0

     Setting this value will disable the runtime verification of digital
     signatures on afsd_service.exe and the afs dlls which it loads.  It
     will not disable the the version number check on those same files.
     The signature verification is not a security messure and is only
     meant to enhance the ability to afsd_service.exe to detect potential
     destablizing mixtures of DLLs from incompatible distributions.

     Added code to auto-disable the signature verification check if
     the desired cache size is greater then 700MB.

   * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is
     used to verify the validity of the afsd_service.exe binary
     as well as each of the AFS DLLs loaded by the service.  Not only
     must the digital signature be valid but the signatures of the
     DLL must be signed by the same entity as the service.

   * Implement new functions: cm_freelanceMountPointExists and
     cm_freelanceSymlinkExists.  Use them along with other validity
     checks in cm_freelanceAddMount and cm_freelanceAddSymlink to
     ensure that name collisions do not occur and that empty strings
     are not valid file names.

     A symlink may not have a name which would resolve to a valid
     cell name.  Doing so would prevent access to the cell.

   * Add missing cm_HoldSCacheNoLock call to the Freelance mount point
     re-initialization code.  The reference counts of the fake root.afs
     volume scache object(s) would become invalid when the mount point
     or symlink lists were altered.

   * Add registry entries to provide mappings from the afsdsbmt.ini
     to the new locations for applications which count on the use
     of the old Profile file APIs.  These apps are likely to fail
     if the user does not have administrator privileges and the
     registry is locked down.

   * The afs_config.exe submounts dialog had two errors.
     First, attempts to remove entries failed because the registry
     key was being opened without KEY_WRITE privileges.
     Second, when editing a submount entry, changing the name
     would add a new key and leave the original one in place.
     Now the original submount will be removed if its name is
     changed.

   * In recent months there have been several incidents in which
     users have experienced problems starting or accessing
     afsd_service.exe and after significant effort has been spent
     it has turned out that they have two versions of AFS on the
     machine or an inconsistent set of DLLs.

     Code has now been added to afsd_service.exe which will walk
     the list of modules loaded by afsd_service.exe and validate
     that the version of the AFS DLLs matches the version of the
     afsd_service.exe executable.  If they do not match the service
     will not start.

   * When Freelance mode is enabled and there is no registry
     key HKLM\SOFTWARE\OpenAFS\Client\Freelance, afsd_service.exe
     will attempt to import the afs_freelance.ini file contents.
     If the file does not exist, it was creating a dummy file
     with a r/o and r/w entry for the default cell and then
     importing those values.

     This process has been changed.  The temporary file is no
     longer created.   Also, both the OpenAFS Client install
     directory as well as %WINDIR% are checked for previous
     afs_freelance.ini files.

   * Added support for VL_GetEntryByNameN().  Still need to add
     support for VL_GetEntryByNameU() for multi-homed support.

   * Fix a deadlock situation in afscreds.exe when canceling an
     auto-generated Obtain Tokens dialog



--------------ms000909040507040608050100
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPzCC
AvowggJjoAMCAQICAwxk8TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI3MTc1ODU4WhcNMDUwNTI3MTc1ODU4
WjBrMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5l
ZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc3JqO5AsZrozd+mJ2mPuCTYo2
+nJ9Qq6jtUYtp7YTMW4d2Q6GLhNaHb1l9m74SxuY4f5vP6JtZjr6p9+LCCxD0w0NVLKRgUDp
z+tKFitbkJe9BSCxCURRvY3vdWA71gSCUvZAN3346hHb4oGVqgdpmfFJXYAHWpC46wiL72N9
WxySzY17/0eU0c8+r9dNoLpPQeL43O66O80jCl1qnXMaXaakZPsfm+5W90MYXhpQ1WIQpv02
lBn3BH5YE8xwbsNrw5AF4v7pjMuW85GI6FrDmfbpJX473Rpl5rmv3TpXkJ+7UsIIO1puyS8r
1o7kjDZ5EUYJxxglTGR6XL/RNzqHAgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29s
dW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAZYeVFCMP0iV+UVa0
eFoXkzMVl61CNAVY2YQ9/QQazO3G4qNiif35ArrnjPRDRj5M7WTeOCFqPVuvCttyJRiDKsEe
L4Yah22mRA3mR7x52j2FquPYZ9qCr1IhrNGzsMk+gopX5G0fTHZb6+uDu5SeMPNNcIznGA7M
CMpXAJ2PcKgwggL6MIICY6ADAgECAgMMZPEwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDUyNzE3NTg1OFoXDTA1
MDUyNzE3NTg1OFowazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMx
HDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRtYW5A
Y29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NyajuQLGa6M
3fpidpj7gk2KNvpyfUKuo7VGLae2EzFuHdkOhi4TWh29ZfZu+EsbmOH+bz+ibWY6+qffiwgs
Q9MNDVSykYFA6c/rShYrW5CXvQUgsQlEUb2N73VgO9YEglL2QDd9+OoR2+KBlaoHaZnxSV2A
B1qQuOsIi+9jfVscks2Ne/9HlNHPPq/XTaC6T0Hi+NzuujvNIwpdap1zGl2mpGT7H5vuVvdD
GF4aUNViEKb9NpQZ9wR+WBPMcG7Da8OQBeL+6YzLlvORiOhaw5n26SV+O90aZea5r906V5Cf
u1LCCDtabskvK9aO5Iw2eRFGCccYJUxkely/0Tc6hwIDAQABozEwLzAfBgNVHREEGDAWgRRq
YWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAGWH
lRQjD9IlflFWtHhaF5MzFZetQjQFWNmEPf0EGsztxuKjYon9+QK654z0Q0Y+TO1k3jghaj1b
rwrbciUYgyrBHi+GGodtpkQN5ke8edo9harj2Gfagq9SIazRs7DJPoKKV+RtH0x2W+vrg7uU
njDzTXCM5xgOzAjKVwCdj3CoMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENB
MSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcx
NzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnK
mVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8
YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5j
cmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwy
LTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4
Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowg
T2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzswggM3AgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMZPEw
CQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMDQxMjA3MTAyMDI2WjAjBgkqhkiG9w0BCQQxFgQUlnnG3nIST6vzLcewyzzQh/wDoeYw
UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxk8TB6BgsqhkiG9w0B
CRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMMZPEwDQYJKoZIhvcNAQEBBQAEggEAM5b8DaW2mo4FOCX0XC5HeO7WNshi0zXE26QOEyII
z2FKGouVNVnlahKD6zLakcX55Opv4iKu+IxQIZiQGL9o8f02wQjpRWcN011vT1nLJqavXkhg
bZ4sXCY9zo0FN+5lhafukyrT95t+sAwQiSMimZBChNVFb/zTVmlNj3fn5StjdnD8o13NcNH0
8VesUdm4S2DCQIAsSzM8ReZ/i7SbDPck1czPANrmhumpZ4mauJaGVwGF1qbpb64/4Fq4LYaz
ipIvo7MlXi8AYiHWgh0ljslbeBh3dD2GFa+BNsX7u4B7ZtHo7IuoOLNwfQs/4XjXo2b7bGF7
7g3NQCCRMQkRvAAAAAAAAA==
--------------ms000909040507040608050100--