[OpenAFS-win32-devel] OpenAFS for Windows - 1.3.72 release and Outstanding Projects Report

Jeffrey Altman jaltman@columbia.edu
Mon, 18 Oct 2004 12:02:52 -0400


This is a cryptographically signed message in MIME format.

--------------ms000404040503050106030605
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

1.3.72 was announced early this morning:

   http://lists.openafs.org/pipermail/openafs-announce/2004/000084.html

Although it was intended that there would not be another release for
the Windows platform until first quarter 2006 the Gatekeepers believed 
that the seriousness of the bugs fixed by the 1.3.72 release warranted 
the change in plans.

The most serious bugs fixed by the release include:

  * the "use once and discard" rpc connection bug.  This bug could
    cause the Windows client to negotiate thousands of new rpc
    connections an hour with the AFS file servers.  The rate
    of new rpc connections can crash all OpenAFS file servers
    prior to 1.2.12/1.3.72.

  * fix a thread safety issue related to the use of rpc connections.
    The rapid creation and destruction of rpc connection objects
    tickled a bug caused by a failure to properly reference count
    the rpc connections objects.  This is a similar bug to the one
    which causes the afs file servers to crash.  This was the cause
    of the crashes on Hyperthreaded and SMP systems.

  * a leak of handles to datagram sockets resulting from the thread
    safety issue.

  * the "delayed write errors" produced when writing to AFS from
    applications, including Microsoft Office, which use overlapped
    writes.

Both the degree of harm the Windows clients were inflicting on the
AFS file servers plus the level of inconvenience experienced by the
end user forced the release of this new stable version.  All users
of OpenAFS for Windows are strongly encouraged to upgrade to this
new release.

In addition, several other bug fixes and changes were implemented
in this release:

  * afscreds.exe and aklog.exe will now produce errors when a Kerberos
    5 principal is used which contains a dot in the first component
    name.  This is to provide early warning to the end user that the
    resulting tokens would not be accepted by the ptserver.

  * the local machine SYSTEM account is always considered to be a
    member of the "AFS Client Admins" group.

  * the NSIS based installer did not properly create the "AFS Client
    Admins" group.  This will be done upon upgrading to 1.3.72.

  * the @sys alias now supports an ordered list of potential names to
    match.  This is equivalent to the behavior on Unix.

  * aklog.exe has a new command line option "-m" which can be used to
    force the use of the krb524 daemon.

  * the pattern matching algorithm will not properly match patterns
    ending with a "*".

  * support for walking soft symlinks was fixed and support for the
    creation and deletion of hard symlinks was added.

  * Submount strings are now treated as strings which may include
    Environment variables.

  * The HKLM instance of the "EnableKFW" value (see registry.txt) is
    now properly enforced.

  * Modifications were made to the automatic flushing of cache data
    upon receipt of a Suspend or Hibernate request.  The goal is to
    avoid a long delay if it is possible to determine that the afs
    fileservers are unreachable.

Thanks to Derrick Brashear, Asanka Herath, Rodney Dyer, MIT, Sine Nomine 
Associates, Secure Endpoints, Morgan Stanley for their assistance with 
this release.

The current list of outstanding project items include:

    1. No longer use AFS Client Service "cell" as the default cell for
       individual users
    2. Re-write afsd_service.exe to perform synchronized thread startup
       and shutdown.  Currently there is no synchronization of thread
       creation which results in timing conflicts; and there is no
       attempt to cleanly shutdown the service which causes problems when
       restarting and prevents the implementation of a persistent cache
    3. Implement a persistent cache (requires item 2)
    4. Prevent panic situation when the root.afs volume is not reachable
       and the AFS Client Server is not using Freelance mode
    5. Prevent panic situation when the IP address to which the SMB
       server is bound is removed from the local machine's network
       configuration
    6. Add support for Named Pipes within the afs filesystem
       (This is not currently a supported feature of AFS; it will require
       changes to the servers as well as the clients.)
    7. Re-write afscreds.exe to support:
          1. choosing between Kerberos 5 and Kerberos 4 on a per
             principal basis
          2. providing users with the ability to map multiple cells to a
             single principal
          3. providing change password functionality on a per principal
             basis
          4. no longer include drive mapping
          5. configuration of afscreds startup options in shortcut
    8. Re-write afs_config.exe to be only "per user" functionality which
       does not require admin privileges
          1. default cell and principal for the user
          2. drive mappings
          3. visibility of afs creds and setting of afs creds startup
             options
    9. Create new afs_admin.exe tool to be installed in the administrator
       folder (or use MMS) which contains
          1. afs client service cell name
          2. integrated logon configuration
          3. Gateway configuration
          4. start/stop service
          5. global drive mapping
          6. submount management
          7. file/volume server preferences
          8. afs cells
          9. cache configuration
         10. diagnostics
         11. network configuration
         12. miscellaneous
         13. need to add support for all of the new registry values since
             1.2.8
   10. Identify why 16-bit DOS applications executed out of AFS fail
   11. Add support for configurable Icon file representing AFS folders
       within the Explorer Shell
   12. Documentation Documentation Documentation
   13. Large File support (> 2GB)
   14. Integrate KFW installation into the NSIS and MSI installers
   15. Add support for record locking to AFS (requires changes to the
       servers)
   16. Unicode enable the SMB/CIFS server.  OEM Code Pages:
       1. prevent the use of interoperable file names
       2. force the use of paths no longer than 256 characters
       3. force share names to be no longer than 13 characters
       4. restrict authentication to ASCII only names and passwords
   17. Complete implementation of CIFS Remote Administration Protocol
   19. Add support for SMB/CIFS Digital Signatures
   19. Development of afsmap.exe tool to provide AFS aware NET USE
       functionality:
       afsmap.exe <drive> <afs-path> [/PERSISTENT]
       afsmap.exe <drive> <unc-path> [/PERSISTENT]
       afsmap.exe <drive> /DELETE
   20. Missing SMB/CIFS functions:
         Find
         FindUnique
         FindClose
         ReadBulk
         WriteBulk
         WriteBulkData
         Tran2::SessionSetup
   21. StoreBehind mode is not implemented.  Or more correctly, all data
       is written directly to the server and is not cached.  Writes
       invalidate the local cache entries which are then read back from
       the server.
   22. The Power Management Flush Cache code does not work on Terminal
       Server nor does it always successfully flush all of the dirty
       buffers to the AFS servers before suspend/hibernate operations
       occur.
   23. Develop an optional Installable File System replacement for the
       SMB/CIFS Server.
   24. Add support for storing Extended Attributes on files
   25. Add support for storing Windows ACLs on files


As always I encourage all organizations and individuals who wish to 
support the development of OpenAFS for Windows to contact me.  Financial 
contributions as well as in kind assistance are seriously appreciated.
Tax deductible donations may be made via the OpenAFS account within 
Usenix (a 501c3 corporation.)

Jeffrey Altman
OpenAFS for Windows Gatekeeper


--------------ms000404040503050106030605
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPzCC
AvowggJjoAMCAQICAwxk8TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI3MTc1ODU4WhcNMDUwNTI3MTc1ODU4
WjBrMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5l
ZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc3JqO5AsZrozd+mJ2mPuCTYo2
+nJ9Qq6jtUYtp7YTMW4d2Q6GLhNaHb1l9m74SxuY4f5vP6JtZjr6p9+LCCxD0w0NVLKRgUDp
z+tKFitbkJe9BSCxCURRvY3vdWA71gSCUvZAN3346hHb4oGVqgdpmfFJXYAHWpC46wiL72N9
WxySzY17/0eU0c8+r9dNoLpPQeL43O66O80jCl1qnXMaXaakZPsfm+5W90MYXhpQ1WIQpv02
lBn3BH5YE8xwbsNrw5AF4v7pjMuW85GI6FrDmfbpJX473Rpl5rmv3TpXkJ+7UsIIO1puyS8r
1o7kjDZ5EUYJxxglTGR6XL/RNzqHAgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29s
dW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAZYeVFCMP0iV+UVa0
eFoXkzMVl61CNAVY2YQ9/QQazO3G4qNiif35ArrnjPRDRj5M7WTeOCFqPVuvCttyJRiDKsEe
L4Yah22mRA3mR7x52j2FquPYZ9qCr1IhrNGzsMk+gopX5G0fTHZb6+uDu5SeMPNNcIznGA7M
CMpXAJ2PcKgwggL6MIICY6ADAgECAgMMZPEwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDUyNzE3NTg1OFoXDTA1
MDUyNzE3NTg1OFowazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMx
HDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRtYW5A
Y29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NyajuQLGa6M
3fpidpj7gk2KNvpyfUKuo7VGLae2EzFuHdkOhi4TWh29ZfZu+EsbmOH+bz+ibWY6+qffiwgs
Q9MNDVSykYFA6c/rShYrW5CXvQUgsQlEUb2N73VgO9YEglL2QDd9+OoR2+KBlaoHaZnxSV2A
B1qQuOsIi+9jfVscks2Ne/9HlNHPPq/XTaC6T0Hi+NzuujvNIwpdap1zGl2mpGT7H5vuVvdD
GF4aUNViEKb9NpQZ9wR+WBPMcG7Da8OQBeL+6YzLlvORiOhaw5n26SV+O90aZea5r906V5Cf
u1LCCDtabskvK9aO5Iw2eRFGCccYJUxkely/0Tc6hwIDAQABozEwLzAfBgNVHREEGDAWgRRq
YWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAGWH
lRQjD9IlflFWtHhaF5MzFZetQjQFWNmEPf0EGsztxuKjYon9+QK654z0Q0Y+TO1k3jghaj1b
rwrbciUYgyrBHi+GGodtpkQN5ke8edo9harj2Gfagq9SIazRs7DJPoKKV+RtH0x2W+vrg7uU
njDzTXCM5xgOzAjKVwCdj3CoMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENB
MSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcx
NzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnK
mVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8
YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5j
cmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwy
LTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4
Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowg
T2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzswggM3AgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMZPEw
CQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMDQxMDE4MTYwMjUyWjAjBgkqhkiG9w0BCQQxFgQUlw0SWz3T5hdExFIctpBRupHmB6ww
UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxk8TB6BgsqhkiG9w0B
CRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMMZPEwDQYJKoZIhvcNAQEBBQAEggEA2/E3e79nAMr1Y5Ge7MU8bfHAdmJxxF1AHYI/7LnR
Zj4c57Ae4At5eV0BObgzJz8yWxjjVOAV645J1oCk6ANxCzHfen7a1/ASY4Pkel9fW2RgdTL2
oWCwXOex4Y3YgDGgJrBMkskaEBy/CKXsIQkFmgbY5D6CVOWEoX5DvEWU7F8e8LfZmvKeZ5eA
ySTOq7hFmc+VKlYzHyjc0TV3BRADZw87Y/Hq1O/mtgYHtuE2HY0VykH/39QFnxc+JyBrSGVt
3LS9c8nkieTMQGQS7PrbZmQQWfBkjLKtQ/Sm6Od8Y+YinI1XdMdu7JDp3DehnfecRx2757tC
qiGdJjbF6TWkwAAAAAAAAA==
--------------ms000404040503050106030605--