daily builds please do so:
http://web.mit.edu/~jaltman/Public/OpenAFS/ /afs/athena.mit.edu/user/j/a/jaltman/Public/OpenAFS/ \\AFS\athena.mit.edu\user\j\a\jaltman\Public\OpenAFS\
These binaries are digitally signed with Secure Endpoints Inc. certificate.
The changes since 1.3.74 include:
* Shutdown all SMB threads in a synchronized manner when stopping the service.
* There is currently a maximum cache size of 1.3GB. The limit is
imposed by the largest contiguous block of unused memory within the
2GB process space which can be assigned to the memory mapped file.
Unfortunately, when the executable digital signature verification
code is activated Windows sees fit to further segment the process
memory which in turn reduces the size of the maximum cache file to
less then 800MB. If larger cache sizes are desired, a new registry
value should be set:HKLM\SOFTWARE\OpenAFS\Client (DWORD) "VerifyServiceSignature" = 0x0
Setting this value will disable the runtime verification of digital
signatures on afsd_service.exe and the afs dlls which it loads. It
will not disable the the version number check on those same files.
The signature verification is not a security messure and is only
meant to enhance the ability to afsd_service.exe to detect potential
destablizing mixtures of DLLs from incompatible distributions. Added code to auto-disable the signature verification check if
the desired cache size is greater then 700MB. * Windows' WinTrustVerify(WIN_SPUB_ACTION_PUBLISHED_SOFTWARE) is
used to verify the validity of the afsd_service.exe binary
as well as each of the AFS DLLs loaded by the service. Not only
must the digital signature be valid but the signatures of the
DLL must be signed by the same entity as the service. * Implement new functions: cm_freelanceMountPointExists and
cm_freelanceSymlinkExists. Use them along with other validity
checks in cm_freelanceAddMount and cm_freelanceAddSymlink to
ensure that name collisions do not occur and that empty strings
are not valid file names. A symlink may not have a name which would resolve to a valid
cell name. Doing so would prevent access to the cell. * Add missing cm_HoldSCacheNoLock call to the Freelance mount point
re-initialization code. The reference counts of the fake root.afs
volume scache object(s) would become invalid when the mount point
or symlink lists were altered. * Add registry entries to provide mappings from the afsdsbmt.ini
to the new locations for applications which count on the use
of the old Profile file APIs. These apps are likely to fail
if the user does not have administrator privileges and the
registry is locked down. * The afs_config.exe submounts dialog had two errors.
First, attempts to remove entries failed because the registry
key was being opened without KEY_WRITE privileges.
Second, when editing a submount entry, changing the name
would add a new key and leave the original one in place.
Now the original submount will be removed if its name is
changed. * In recent months there have been several incidents in which
users have experienced problems starting or accessing
afsd_service.exe and after significant effort has been spent
it has turned out that they have two versions of AFS on the
machine or an inconsistent set of DLLs. Code has now been added to afsd_service.exe which will walk
the list of modules loaded by afsd_service.exe and validate
that the version of the AFS DLLs matches the version of the
afsd_service.exe executable. If they do not match the service
will not start. * When Freelance mode is enabled and there is no registry
key HKLM\SOFTWARE\OpenAFS\Client\Freelance, afsd_service.exe
will attempt to import the afs_freelance.ini file contents.
If the file does not exist, it was creating a dummy file
with a r/o and r/w entry for the default cell and then
importing those values. This process has been changed. The temporary file is no
longer created. Also, both the OpenAFS Client install
directory as well as %WINDIR% are checked for previous
afs_freelance.ini files. * Added support for VL_GetEntryByNameN(). Still need to add
support for VL_GetEntryByNameU() for multi-homed support. * Fix a deadlock situation in afscreds.exe when canceling an
auto-generated Obtain Tokens dialog
smime.p7s
Description: S/MIME Cryptographic Signature
