+2006-06-05 NeilBrown <neilb@suse.de>
+ - Remove debian/ at request of Debian maintainer "Steinar H. Gunderson" <sesse@debian.org>
+ - fix_exportfs_with_multiple_matches.diff: Fixes a problem with exportfs -o
+ and multiple entries of the same type for the same patch that matches
+ a given client. The entire rationale and problem description can be found
+ at http://bugs.debian.org/245449 (fumihiko kakuma <kakmy@mvh.biglobe.ne.jp>)
+ - escape hashes in exports
+ Makes sure any # signs in the printed-out exports file are
+ escaped (as with quotes, spaces, etc.), so they won't be treated
+ as a comment when they're read back in again.
+ "Steinar H. Gunderson" <sesse@debian.org>
+ - Only treat '#' as starting a comment when at the start of a
+ token, otherwise '#' in filenames cannot be read.
+ NeilBrown
+ - document sync option:
+ Document the 'sync' option in the exports(5) man page -- ATM
+ only the 'async' option is documented, which is not very
+ symmetric. :-) "Steinar H. Gunderson" <sesse@debian.org>
+ - mountd state directory:
+ Let the user select (via a new parameter) the path to the NFS
+ state directory for mountd, to match the statd functionality.
+ "Steinar H. Gunderson" <sesse@debian.org>
+ - fix nhfsrun signal:
+ nhfsrun is supposed to be able to be signalled with SIGUSR1, but
+ the signal trapped is number 30, which is something else
+ entirely (SIGPWR). This patch simply changes it to say "USR1",
+ which gets it right no matter what the value is.
+ "Steinar H. Gunderson" <sesse@debian.org>
+ - Minor man page tidy up
+
+2006-04-12 NeilBrown <neilb@suse.de>
+ Remove **/Makefile.in, aclocal.m4, configure, and
+ support/include/config.h.in from source control
+ These are auto autogenerated by
+ aclocal -I aclocal ; autoheader ; automake ; autoconf
+
+2006-04-12 NeilBrown <neilb@suse.de>
+ utils/statd/rmtcall.c: use HAVE_IFADDRS_H to control compilation
+ of code using ifaddrs.h
+ configure.in: test for present of ifaddrs.h
+
+ Old glibc's don't have ifaddrs.h
+
+2006-06-12 Amit Gud <agud@redhat.com>
+ Added the mount functionality from util-linux.
+ Added --without-mount configure option.
+
+2006-04-12 NeilBrown <neilb@suse.de>
+ Set version to 1.0.8,
+ aclocal -I aclocal ; autoheader ; automake ; autoconf
+
+2006-04-10 NeilBrown <neilb@suse.de>
+ Various paranoia checks:
+ gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
+ overflow
+ svcgssd_proc.c: range_check name.length, to ensure name.length+1
+ doesn't wrap
+ idmapd.c(nfsdcb): make sure at least one byte is read before
+ zeroing the last byte that was read, otherwise memory corruption
+ is possible.
+
+ Found by SuSE security audit.
+
+2006-04-10 "Kevin Coffman" <kwc@citi.umich.edu>
+ Check for sufficient version of librpcsecgss and libgssapi
+ in configure.in
+
+2006-04-10 "Kevin Coffman" <kwc@citi.umich.edu>
+ Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
+ HAVE_TCP_WRAPPERS as appropriate.
+
+2006-04-10 NeilBrown <neilb@suse.de>
+ Add checking for innetgr back to configure.in
+
+2006-04-10 kwc@citi.umich.edu
+ Update calls to gss_export_lucid_sec_context()
+
+ Change the calls to gss_export_lucid_sec_context() to match the corrected
+ interface definition in libgssapi-0.9.
+
+2006-04-10 kwc@citi.umich.edu
+ Plug memory leaks in svcgssd
+
+ Various memory leaks in the svcgssd context processing are eliminated.
+
+2006-04-10 kwc@citi.umich.edu
+ Fix memory leak of the AUTH structure on context negotiations
+
+ Free AUTH structure after completing context negotiation and sending
+ context information to the kernel.
+
+2006-04-10 kwc@citi.umich.edu
+ Fix support/include/config.h.in such as would be done be running autoheader.
+
+2006-03-28 NeilBrown <neilb@suse.de>
+ 1.0.8-pre3, aclocal/autoconf/automake
+
+2006-03-28 kwc@citi.umich.edu
+ Use PKGCONFIG to locate gssapi and rpcsecgss header files
+
+ Instead of having separate copies of the gssapi and rpcsecgss
+ header files, or depending on the Kerberos gssapi header,
+ locate the headers now installed with the libgssapi and librpcsecgss
+ libraries.
+
+ Remove local copies of the gssapi and rpcsecgss header files.
+
+ This depends on the configure_use_autotools patch.
+
+2006-03-28 kwc@citi.umich.edu
+ Add debugging to better detect negotiation of enctype not supported by kernel
+
+ Print debugging message indicating the type of encryption keys being sent
+ down to the kernel. This should make it easier to detect cases where
+ unsupported encryption types are being negotiated.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Don't close and reopen all pipes on every DNOTIFY signal.
+
+ From: Vince Busam <vbusam@google.com>
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Don't unnecessarily close and re-open all pipes after every DNOTIFY
+ signal. These unnecessary closes were triggering a kernel Oops.
+ Original patch modified to correct segfault when unmounting last
+ NFSv4 mount.
+
+2006-03-28 kwc@citi.umich.edu
+ Add option to specify directory to search for credentials cache files
+
+
+ From: Vince Busam <vbusam@google.com>
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Add command line option to specify which directory should be searched
+ to find credentials caches.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+ Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
+
+ We need to get access to the internal krb5 context pointer for
+ older (pre-1.4) versions of MIT Kerberos. We get a pointer to
+ the gss glue's context. Get the right pointer before accessing
+ the context information.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Remove unused groups variable from get_ids() which was causing a compiler warning.
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+ Update krb5 code to use glue routine lucid context functions
+
+
+
+ The gssd code should not know about the glue layer's context structure.
+ A previous patch added gss_export_lucid_sec_context() and
+ gss_free_lucid_sec_context() functions to the gssapi glue layer.
+ Use these functions rather than calling directly to the Kerberos
+ gssapi code (which requires the Kerberos context handle rather
+ than the glue's context handle).
+
+ (really this time)
+
+2006-03-28 kwc@citi.umich.edu
+
+ Separate out context handling code for MIT Kerberos and SPKM3
+ into their own file.
+ (Really this time)
+
+2006-03-28 Kevin Coffman <kwc@citi.umich.edu>
+ User-selectable idmapping cache lifetime
+
+ Read and process new configuration option, Cache-Expiration, and use
+ the value to determine how long idmapping entries are cached.
+ (Really this time)
+
+2006-03-27 NeilBrown <neilb@suse.de>
+ 1.0.8-rc3
+
+2006-03-27 kwc@citi.umich.edu
+ Add debugging to better detect negotiation of enctype not supported by kernel
+
+ Print debugging message indicating the type of encryption keys being sent
+ down to the kernel. This should make it easier to detect cases where
+ unsupported encryption types are being negotiated.
+
+2006-03-27
+ Don't close and reopen all pipes on every DNOTIFY signal.
+
+ Don't unnecessarily close and re-open all pipes after every DNOTIFY
+ signal. These unnecessary closes were triggering a kernel Oops.
+ Original patch modified to correct segfault when unmounting last
+ NFSv4 mount.
+
+2006-03-27
+ Add option to specify directory to search for credentials cache files
+
+ Add command line option to specify which directory should be searched
+ to find credentials caches.
+
+2006-03-27 kwc@citi.umich.edu
+ Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5
+
+ We need to get access to the internal krb5 context pointer for
+ older (pre-1.4) versions of MIT Kerberos. We get a pointer to
+ the gss glue's context. Get the right pointer before accessing
+ the context information.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Remove unused variable causing compile warning
+
+ Remove unused groups variable from get_ids() which was causing a compiler warning.
+
+2006-03-27 kwc@citi.umich.edu
+ Update krb5 code to use glue routine lucid context functions
+
+ The gssd code should not know about the glue layer's context structure.
+ A previous patch added gss_export_lucid_sec_context() and
+ gss_free_lucid_sec_context() functions to the gssapi glue layer.
+ Use these functions rather than calling directly to the Kerberos
+ gssapi code (which requires the Kerberos context handle rather
+ than the glue's context handle).
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Separate out context handling code for MIT Kerberos and SPKM3
+ into their own file.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Consolidate gssd and svcgssd since they share much code
+
+ Remove directory svcgssd which was only created because the old
+ build system could not handle building two daemons in the same
+ directory. This eliminates build complications since gssd and
+ svcgssd also share many source files.
+
+ This patch effectively removes the utils/svcgssd directory, moving
+ all its files to the utils/gssd directory. File utils/gssd/Makefile.am
+ is modified with directions to build both gssd and svcgssd.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Use PKGCONFIG to locate gssapi and rpcsecgss header files
+
+ Instead of having separate copies of the gssapi and rpcsecgss
+ header files, or depending on the Kerberos gssapi header,
+ locate the headers now installed with the libgssapi and librpcsecgss
+ libraries.
+
+ Remove local copies of the gssapi and rpcsecgss header files.
+
+ This depends on the configure_use_autotools patch.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ User-selectable idmapping cache lifetime
+
+ Read and process new configuration option, Cache-Expiration, and use
+ the value to determine how long idmapping entries are cached.
+
+2006-03-27 Steve Dickson <steved@redhat.com>
+ Set libnfsidmap library debugging level and logging function.
+
+ This patch adds a call to the new libnfsidmap library function
+ nfs4_set_debug(), which defines the verbosity level libnfsidmap
+ should use as well as the logging function.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Don't close file descriptor until after calling event_del().
+
+ Delete event processing for a file descriptor before closing it.
+ This was causing hangs when used in combination with libevent-1.0b.
+
+2006-03-27 kwc@citi.umich.edu
+ Find krb5-config on SuSE 10
+
+ SuSE 10.0 puts krb5-config in yet another obscure location.
+ Look for it there and use it if found.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Update debian package information.
+
+2006-03-27 Kevin Coffman <kwc@citi.umich.edu>
+ Install /var/lib/nfs files using DESTDIR and add rpcsec headers to distribution
+
+ Add "$(DESTDIR)" to the paths for the "$(statedir)" files so they are
+ put in the right place when DESTDIR is defined.
+
+ Add the rpcsec header files to EXTRA_DIST list.
+
+2005-12-21 NeilBrown <neilb@suse.de>
+ *utils/rquotad/rquota_server.c: Detect and handle both old-style
+ (2.4) and new-style(2.6) quotactl.
+ *utils/gssd/gss_destroy_cred: remove dependence on "head -1" which
+ might need to be "head -n 1"
+ *utils/nhfsstone/nhfsrun: convert "tail -1" to "tail -n 1"
+
+2005-12-20 Kevin Coffman <kwc@citi.umich.edu> NeilBrown <neilb@suse.de>
+ Substantial Makefile/configure rewrite.
+ Run 'autogen.sh' to create "Makefile.in" etc.
+
+ Also add -D_FILE_OFFSET_BITS=64 to CPP_FLAGS so that mountd can
+ stat and export files larger than 2Gig.
+
+ 1.0.8-rc2 released
+
+2005-12-20 NeilBrown <neilb@suse.de>
+ support/nfs/exports.c(getexportent): is a null host name is given,
+ replace it with '*' so we have a non-empty host name for messages
+ etc.
+ utils/exportfs/exportfs.man: Correct documentation about default
+ export options.
+
+2005-12-20 Kevin Coffman <kwc@citi.umich.edu>
+ utils/gssd/gssd_proc.c(create_auth_rpc_client): Use service
+ portion of clp->servicename rather than hard-coding "nfs".
+
+2005-12-16 NeilBrown <neilb@suse.de>
+ 1.0.8-rc1 released
+
+2005-12-16 Kevin Coffman <kwc@citi.umich.edu>
+ svcgssd needs -lnfs when using new function closeall().
+
+ ---
+ Remove unused argument from nfsdopen()
+
+ After previous changes, the arguement to nfsdopen() has become unused.
+ Remove it.
+
+ ---
+ Fix idmapd error reporting after call to mydaemon()
+
+ After call to mydaemon(), calls to err[x] and warn[x] result
+ in the message going nowhere. Change to using idmapd_*
+ versions of these routines which write to syslog.
+ Original problem reported by Vincent Roqueta <vincent.roqueta@ext.bull.net>
+ with a different patch.
+
+ ---
+ Don't add @domain to names that cannot be mapped.
+
+ Per rfc3530 section 5.8: when unable to map a uid to a name, don't
+ add the @domain to the "nobody" name.
+
+ ---
+ Fix idmapd for systems where sizeof(uid_t)!=4 and sizeof(gid_t)!=4
+
+ Fix conversion cases where uid_t and gid_t are not 32 bits.
+
+ ---
+ Don't segfault because mech wasn't filled in because of an error
+
+ From Kevin Coffman <kwc@citi.umich.edu>
+
+ Initialize mech to null to avoid segfault if an error occurs
+ and mech is never returned from gss_accept_sec_context.
+
+ ---
+ Remove use of static buffer in do_downcall
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Dynamically allocate buffer of the correct length rather
+ than using fixed-length buffer.
+
+ ---
+ Print better error message if rpc routine clnt_create() fails.
+
+ ---
+ Print appropriate error messages after gss calls.
+
+ Print gss error messages after calls to gss functions, even if they
+ are for Kerberos only.
+
+ ---
+ Update gssd and svcgssd to use the new gss mech glue lucid context calls.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Update gssd and svcgssd to use a lucid context from SPKM3 to send down
+ to the kernel.
+ Update gssd and svcgssd to use the new gss mech glue lucid context calls.
+ Add configure check to see if spkm3 support is available.
+
+ ---
+ Add support for CONTINUE_NEEDED return from gss_accept_sec_context.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Add CONTINUE_INIT handling to svcgssd. Store the partially complete spkm
+ context handle in the out_handle of CONTINUE_INIT messages so that it is
+ returned in the in_handle of subsequent messages.
+
+ ---
+ Replace GSS_C_ANON_FLAG with GSS_C_MUTUAL_FLAG.
+
+ Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
+
+ Specify GSS_C_MUTUAL_FLAG rather than GSS_C_ANON_FLAG for
+ spkm3.
+
+ NOTE: we need a way to pass the appropriate value rather than
+ hard-coding this flag.
+
+ ---
+ Increase size of rpc send/receive buffers
+
+ Change the clnt_create() to use routines which allow us to set the
+ send and receive buffer size. This is needed for larger spkm3
+ exchanges including certificate chains.
+
+ This has the side-effect of skipping the portmap call since
+ we specify the port (by specifying the service) when getting
+ the server's address information.
+
+ ---
+ Define _LINUX_QUOTA_VERSION to 1
+
+ The rquotad code is written against the "old" kernel quota interface.
+ Fedora Core 4 is the only platform known to check for different
+ versions, so this should not have any affect on other platforms
+ and fixes the build for FC4.
+
+ ---
+
+2005-12-12 Usha Ketineni <ketineni@us.ibm.com>, NeilBrown <neilb@suse.de>
+ *support/nfs/rpcmisc.c(rpc_init): is stdin is a socket, but
+ is already connected (as e.g. from ssh), don't assume we
+ were started by inetd.
+
+2005-11-03 Steve Dickson <SteveD@redhat.com> NeilBrown <neilb@suse.de>
+ *utils/idmapd/idmaps.c:
+
+ I've recently updated the nfs-utils in rawhide with the
+ latest patches from the SourceForge CVS tree and the
+ latest CITI patches (1.0.7-4).
+
+ In testing these patches, I notice that when the server was started
+ and a SIGHUP was sent to rpc.idmapd to open the nfs4.nametoid/channel
+ and nfs4.idtoname/channel files, the second open (the nfs4.idtoname one)
+ failed because the path (i.e. ic->ic_path) was NULL.
+
+ Now the reason the ic_path was NULL was because it was never set
+ during the call to nfsdopen(). nfsdopen() looks like:
+ nfsdopen(char *path)
+ {
+ return ((nfsdopenone(&nfsd_ic[IC_NAMEID], IC_NAMEID, path) == 0 &&
+ nfsdopenone(&nfsd_ic[IC_IDNAME], IC_IDNAME, path) == 0) ? 0
+ : -1);
+ }
+
+ Note: the call to nfsdopenone() is how the path is set in each nfsd_ic[]
+ entry and nfsdopen() is only called once.
+
+ So when rpc.idmap comes up and the first call to nfsdopenone() fails
+ (because the server is not running) the path in nfsd_ic[IC_IDNAME] is
+ never filled in because the second nfsdopenone() never happen...
+
+ Now there was a CITI patche (idmapd_revert_fix_reopen_on_sighup.dif)
+ that tried to address this problem but did seem to fix it.. The
+ attached patch fix the problem by initializing both nfsd_ic[IC_IDNAME]
+ and nfsd_ic[IC_NAMEID] structures with the needed info...
+ I figured since there is no way of changing these paths or filenames
+ by command line args, why not just set them during compile time...
+ so that's what this patch does.
+
+ This patch also changes how nfsdreopen_one() handles the
+ case where the event has already been set. Unlike the CITI
+ patch (idmapd_revert_fix_reopen_on_sighup.dif) which just
+ just does not register the second event, my patch deletes
+ the old event and the registers the new one. It just seems like
+ the right thing to do since a SIGHUP means a new server just
+ started so we probably should create a new event as well...
+
+ steved.
+
+2005-10-14 NeilBrown <neilb@suse.de>
+ *utils/mountd/cache.c(nfsd_fh): Understand type 2 and type 3
+ filesystem identifiers, which are used with device numbers
+ That don't fit into 16 bits.
+
+2005-10-07 Olaf Kirch <okir@suse.de>
+ * utils/mountd/mountd.c(get_exportlist): Without this patch,
+ showmount -e would sometimes display host names that should really
+ have been subsumed under a wildcard entry.
+
+ The problem was that the code in get_exportlist would always
+ skip the next group entry after removing one FQDN.
+
+2005-10-06 Steve Dickson <SteveD@redhat.com> NeilBrown <neilb@suse.de>
+ * support/nfs/export.c: don't warn about sync/async for readonly
+ exports
+ * support/nfs/closeall.c: new file with function to close all
+ file descriptors from a give minimum upwards.
+ * nfsd/mountd/statd/idmapd/gsssvcd: use closeall.
+ * utils/mountd/mountd.c: Eliminate 3 syslog message that are
+ logged for successful events.
+ * utils/mountd/mountd.c: make sure the correct hostname is used in
+ the SM_NOTIFY message that is sent from a rebooted server which
+ has multiple network interfaces. (bz 139101)
+
+ Details can be found in:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139101
+
+ *utils/idmapd/idmapd.c:Fixed subscripting problem in idmapd (bz
+ 158188) This fixes the following problem:
+ rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
+
+ Details can be found in:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158188
+
+ *utils/statd/statd.c(drop_privs): clear st_gid as well as st_uid
+ of stat fails.
+ *utils/statd/svc_run.c(my_svc_run): remove usage of undocumented
+ %m format specifier.
+ *utils/statd/montor.c(sm_mon_1_svc): as above
+ *support/nfs/xlog.c(xlog): Changed xlog to use LOG_INFO instead of
+ LOG_DEBUG so debug messages will appear w/out any config changes
+ to syslog.conf.
+
+
+2005-09-02 Mike Frysinger <vapier@gentoo.org>
+ * utils/rquotad/rquota_server.c(getquotainfo): use explicit
+ struture-member copying rather than memcpy, as the element
+ sizes are the same on all architectures.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Add option to set rpcsec_gss debugging level (if available)
+
+ Changes to allow gssd/svcgssd to build when using Hiemdal Kerberos
+ libraries. Note that there are still run-time issues preventing
+ this from working when shared libraries for libgssapi and librpcsecgss
+ are used.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Remove the rpcsec_gss code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ *utils/mountd/mountd.c:
+ mountd currently always returns AUTH_NULL and AUTH_SYS as the
+ allowable flavors in mount replies. We want it to also return gss
+ flavors when appropriate. For now as a hack we just have it always
+ return the KRB5 flavors as well.
+
+ *utils/mountd/cache.c:
+
+ When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the
+ actual exported directory does not exist on the server, rpc.mountd
+ doesn't check the directory exists (when fsidtype=1, i.e. using fsid,
+ but does check for fsidtype=0, i.e. using dev/ino). The non-existent
+ exported directory path with fsid=0 is written to the kernel via
+ /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to
+ return ENOENT (seems appropriate). Unfortunately, the new_cache
+ approach ignores errors returned when writing via the channel file so
+ that particular error is lost and the mount request is silently ignored.
+
+ Assuming it doesn't make sense to revamp the new_cache/up-call method to
+ not ignore returned errors, it seems appropriate to fix the case where
+ rpc.mountd doesn't check for the existence of an exported directory with
+ fsid= semantics. The following patch does this by moving the stat() up
+ so it is done for both fsidtype's. I'm not certain whether the other
+ tests need to be executed for fsidtype=1, but it doesn't appear to hurt
+ [Not exactly true: the comparison of inode numbers caused problems so
+ now it's kept for fsidtype=0 only].
+
+ Would it be also desirable to log a warning for every error, if any,
+ returned by a write to any of the /proc/net/rpc/*/channel files which
+ would otherwise be ignored (maybe under a debug flag)?
+
+ * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a
+ SIGHUP rather than dying.
+
+ * many: Remove the gssapi code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * utils/exportfs/exports.man: Document the "crossmnt" export export option
+ * utils/gssd/krb5_util.c:
+ Add better debugging and partially revert the function
+ check for gss_krb5_ccache_name.
+
+ For MIT Kerberos releases up to and including 1.3.1, we *must*
+ use the routine gss_krb5_ccache_name to get the K5 gssapi code
+ to use a different credentials cache.
+
+ For releases 1.3.2 and on, we want to use the KRB5CCNAME
+ environment variable to tell it what to use.
+ (A problem was reported where 1.3.5 was being used, our
+ code was using gss_krb5_ccache_name, but the underlying
+ code continued to use the first (or default?) credentials
+ cache. Switching to using the env variable fixed the problem.
+ I cannot recreate this problem.
+
+ *utils/gssd/krb5_util.c:
+ Andrew Mahone <andrew.mahone@gmail.com> reported that reiser4
+ always has DT_UNKNOWN. He supplied patch to move the check
+ for regular files after the stat() call to correctly find
+ ccache files in reiser4 filesystem.
+
+ Also change the name comparison so that the wrong file is
+ not selected when the substring comparison is done.
+
+ *utils/gssd/krb5_util.c:
+ Limit the set of encryption types that can be negotiated by
+ the Kerberos library to those that the kernel code currently
+ supports.
+
+ This should eventually query the kernel for the list of
+ supported enctypes.
+
+ *utils/gssd/gss_util.c, utils/svcgssd/svcgssd_main_loop.c:
+ Print more information in error messages to help debugging failures.
+
+ *utils/svcgssd/svcgssd_proc.c: Increase token buffer size and
+ update error handling so that a response is always sent.
+
+ *utils/svcgssd/svcgssd_proc.c: Add support to retrieve
+ supplementary groups.
+
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * configure.in etc
+ Consolidate some of the Kerberos checking instead of repeating
+ the same things for MIT and Heimdal.
+ Also adds more checks to distinguish 32-bit from 64-bit
+ (mainly for gssapi.h)
+ Fix svcgssd Makefile so make TOP=../../ works correctly there.
+ Enable running a modern autoheader.
+ * utils/gssd/gss_oids.c: Use correct OID value for SPKM-3
+ * utils/gssd/gss_util.c: Fix build with older MIT releases that do not define GSS_C_NT_HOSTBASED_SERVICE
+ * utils/gssd/write_bytes.h, support/include/gssapi/gssapi.h:
+ Length of gss_buffer_desc is a size_t which is 64-bits on a
+ 64-bit machine. Kernel code expects 32-bit integer for length.
+ Coerce length value into a 32-bit value when reading from or
+ writing to the kernel.
+ Change gssapi.h to use datatype size values obtained from
+ configure rather than hard-coded values.
+ * utils/idmapd/idmapd.c: The EV_INIT check here was wrong, and was
+ causing idmapd to become unresponsive to server requests after
+ receiving a sighup.
+ * utils/idmapd/idmapd.c: Idmapd should flush the server id<->name
+ caches when its started.
+
+2005-04-12 G. Allen Morris III <gam3@gam3.net>
+
+ * All Makefile: added TOP as needed for easier compile.
+
+ * utils/nfsstat/nfsstat.c: added NFS V4 support; added the -m
+ option; Added -2, -3, and -4 options; changed -a option to -v
+ option; added long options; changed default output to not
+ show V2 NFS statistics unless used.
+
+ * utils/nfsstat/nfsstat.man: Documented above changes; changed
+ authors email address; added BUGS section.
+
+2005-04-07 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.7-2.
+
+2005-04-06 Chip Salzenberg <chip@pobox.com>
+
+ * config.guess, config.sub: Update.
+
+ * support/rpc/svc_auth_gss.c (_svcauth_gss): Avoid using a cast as
+ an lvalue, as it is non-portable.
+
+ * support/nfs/exports.c (parseopts): Accept "acl" option to mean
+ ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL.
+ (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL
+ as "acl".
+ * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as
+ "no_acl".
+ * utils/exportfs/exports.man: Document "no_acl".
+
+2005-03-14 NeilBrown <neilb@cse.unsw.edu.au>
+ Denis Vlasenko <vda@ilport.com.ua>
+ * support/export/client.c(client_init and client_gettype):
+ treat N.N.N.N as a special case of MCL_SUBNETWORK instead of
+ MCL_FQDN
+
+2005-03-06 G. Allen Morris III <gam3@gam3.net>
+ * support/nfs/cacheio.c(readline): Could not read lines greater
+ than 128 bytes. [1157791]
+ * utils/exportfs/exports.man: Added a SEE ALSO section and
+ fixed 2 typos. [1018450]
+
+2005-02-28 Trond Myklebust <trond.myklebust@fys.uio.no>
+ * utils/statd/rmtcall.c(statd_get_socket): If a port number is
+ explicitly given, make sure to try to bind to that.
+
+2005-01-11 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.7-1.
+ * debian/nfs-common.default (NEED_IDMAPD, NEED_GSSD):
+ Disable by default, on advice of upstream.
+ * debian/nfs-kernel-server.default (NEED_SVCGSSD):
+ Likewise.
+
+ * utils/svcgssd/Makefile (predep): Symbolically link duplicated
+ source files.
+ (distclean): Remove symlinks to duplicated files.
+
+2004-12-17 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7
+
+ * config.mk, configure.in: update version number, run autoconf
+ * configure.in: require nfsidmap.h if gss is enabled.
+
+2004-12-10 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7-pre2
+
+ * config.mk, configure.in: update version number, run autoconf
+
+2004-12-10 Neil Brown <neilb@cse.unsw.edu.au>
+ * README : note dependancy on kerberos, libevent, and nfsidmap
+ * configure.in : fail if --enable-nfsv4 and libevent or
+ libnfsidmap are missing.
+ * configuyre.in: improve message if krb5 support is missing
+
+2004-12-06 Paul Clements <paul.clements@steeleye.com>
+ * support/include/ha-callout.h: get return status from waitpid
+ correctly.
+ * support/include/ha-callout.h: don't ignore SIGCHLD while waiting
+ for a callout to complete.
+ * utils/statd/statd.c(sigusr): print current start when re-reading
+ notify list due to SIGUSR1
+ * utils/statd/svc_run.c(my_svc_run): call change_state when
+ re-notifying clients.
+
+2004-12-06 Marc Eshel <eshel@almaden.ibm.com>
+ * utils/statd/svc_run.c(my_svc_run): allow loop to exit when in
+ MODE_NOTIFY_ONLY
+ *utils/statd/rmtcall.c(statd_get_socket): if a hostname is given
+ to statd with -n, prefer it's IP address to the default for
+ listening on.
+
+2004-12-06 Bruce Allan <bwa@us.ibm.com>
+ * utils/mountd/auth.c(auth_reload) Clear the "my_client" cache on
+ an auth_reload to avoid old data getting used.
+
+2004-12-03 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7-pre1 for testing
+
+ * config.mk, configure.in: update version number, run autoconf
+
+2004-12-03 Trond Myklebust <trond.myklebust@fys.uio.no>
+
+ * utils/statd/statd.c(main): ignore SIGPIPE
+
+2004-11-22 "J. Bruce Fields" <bfields@fieldses.org>
+
+ * tools/rpcdebug/rpcdebug.c: support aliases "nfsdebug" and
+ "nfsddebug" and update flag names.
+ * configure.in, nodist/* redhat/* nfs-utils.spec*: remove redhat
+ specific files (as no-one actually uses them, especially not
+ redhat), and the nodist /etc files (as they drift out-of-date, and
+ the debian directory provides a suitable example.
+ * utils/svcgssd_proc.c(get_ids): fix memory leak
+ * utils/svcgssd/svcgssd_proc.c: Rely on count of the number of
+ groups instead of using a special guard value to identify the end
+ of the list.
+ * utils/idmapd/idmapd.c: don't allow Default domain and anon-uid
+ or -gid to be specified on command line.
+ * utils/idmapd/idmapd.c: improve error messages
+ * utils/idmapd/idmapd.c: Reopen nfsd files on sighup. Allows us
+ to start up client side only (even when nfsd module not loaded),
+ and then sighup later after insmodding nfsd module.
+ * utils/idmapd/idmapd.c: Make sure we catch all errors on
+ daemonizing by waiting for child to report succesfull startup
+ using a pipe.
+ * utils/idmapd/idmapd.c: Let libnfsidmapd parse the idmapd.conf
+ file for the default domain, instead of doing that ourselves.
+ * utils/gssd/gssd_proc.c: Make sure we get an error when a gssd
+ downcall fails.
+ * utils/gssd/gssd_proc.c: We were forgetting to restore the euid
+ on certain failures, which meant gssd could get stuck in a state
+ where it didn't have permissions to read the files in rpc_pipefs
+ that it needed to.
+ * utils/gssd/gssd_proc.c: Use libnfsidmapd to map gss principals
+ to uids.
+ * debian/nfs-kernel-server.default: Document the NEED_SVCGSSD
+ variable in /etc/default/nfs-kernel-server.
+
+
+2004-11-22 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * utils/exportfs/nfsd.man: corrected typo in .BR macro usage -
+ reported by Eric Raymond
+
+2004-10-19 "J. Bruce Fields" <bfields@fieldses.org>
+
+ * support/gssapi/* support/rpc/* utils/gssd/* utils/svcgssd/* etc
+ initial support for GSSAPI authentication
+
+2004-09-15 Neil Brown <neilb@cse.unsw.edu.au>
+
+ * utils/statd/monitor.c(sm_unmon_1_svc): is RESTRICTED_STATD, then
+ check IP address and force my_name to 127.0.0.1 to match
+ what happens in sm_mon_1_svc. This avoid spurious "erroneous
+ SM_UNMON" messages.
+ * utils/statd.monitor.c(sm_unmon_all_1_svc): likewise
+
+2004-09-15 "J. Bruce Fields" <bfields@fieldses.org>
+
+ * Assorted changes to support "gss/*" style authentication
+ * utils/idmapd: new idmapd daemon for nfsv4 username lookup
+
+2004-09-06 Trond Myklebust <trond.myklebust@fys.uio.no>
+ Neil Brown <neilb@cse.unsw.edu.au>
+
+ * utils/mountd/auth.c(auth_authenticate_internal): fix
+ uninitialsed variable problem (causes bad error messages).
+
+2004-09-06 Paul Clements <paul.clements@steeleye.com>
+ Neil Brown <neilb@cse.unsw.edu.au>
+
+ * utils/mountd/mountd.c(main): support --ha-callout (-H) for
+ specifying a callout program
+ * utils/mountd/rmtab.c: Call ha_callout on mount/unmount
+ * utils/statd/monitor.c: Call ha_callout on add/del client
+ * utils/statd/rmtcall.c: as above
+ * utils/statd/statd.c: handle --ha-callout (-H)
+ * utils/statd/svc_run.c: call notify_hosts is we have received a
+ sighup
+ * support/include/ha-callout.h: define ha_callout function
+
+
+2004-08-31 NeilBrown <neilb@cse.unsw.edu.au>
+ * utils/mountd/cache.c(cache_process_req): clear fd after
+ processing so as not to confused libc/sunrpc into thinking
+ it need to do something with that fd.
+
+2004-08-31 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * debian/nfs-kernel-server.init(start,stop) mount the nfsd
+ filesystem, if available, before starting nfs services, and
+ unmount it afterwards.
+ * etc/nodist/nfs-server: ditto
+ * etc/redhat/nfs.init: likewise
+ * etc/redhat/nfs: add "MOUNT_NFSD" flag to control above.
+
+2004-06-08 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * utils/exportfs/exportfs.c: Don't rmtab_read if new_cache, it
+ isn't necessary.
+ * support/nfs/cacheio.c(cache_flush): Change order in which caches
+ are flushed so that dependancies don't keep things in the cache
+ too long.
+
+2004-03-18 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.6-2.
+
+2004-02-24 NeilBrown <neilb@cse.unsw.edu.au>
+ from "J. Bruce Fields" <bfields@fieldses.org>
+
+ * utils/mountd/cache.c: call auth_reload to make sure auth data is
+ current before responding to kernel upcall.
+
+2004-02-24 NeilBrown <neilb@cse.unsw.edu.au>
+ Based on patch from Greg Banks <gnb@melbourne.sgi.com>
+
+ * utils/exportfs/exports.man: Document fsid= option.
+
+2003-09-15 NeilBrown <neilb@cse.unsw.edu.au>
+
+ Release 1.0.6
+
+ * rules.mk: Add dep: rule when no OBJS, so "make dep" works in
+ support/include, and depend in "predep"
+ * support/export/Makefile, tools/rpcgen/Makefile,
+ utils/statd/Makefile: add "predep" rule so that "make dep" works.
+ * Makefile: allow a simple "make" to run ./configure and "make dep"
+ if needed.
+ * configure.in, nfs-utils.spec: Update version to 1.0.6
+ * run autoconf
+
+2003-09-12 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.6-1.
+
+2003-09-12 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * utils/mountd/mountd.c(main): Impose FD_SETSIZE as an upper limit
+ for RLIMIT_NOFILE
+ * utils/statd/statd.c(main): Ditto.
+
+ michael <michael@newdream.net> discovered that svc_setreqsize
+ in glibc can segfault if RLIMIT_NOFILE is bigger than
+ FD_SETSIZE, so a simple solution is to impose a hard limit.
+
+2003-09-09 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.5-3.
+ * support/export/hostname.c (get_reliable_hostbyaddr): Fix crash
+ on invalid reverse DNS.
+ * utils/showmount/showmount.c (main): Fix inet_ntoa() parameter.
+ * tools/rpcgen/rpc_cout.c (print_header): Remove unused vars.
+ * tools/rpcgen/rpc_parse.c (def_union): Likewise.
+
+2003-08-22 Chip Salzenberg <chip@pobox.com>
+
+ * utils/statd/{log.h,log.c}: Rename log() to note() and L_* to
+ N_*, to avoid conflict with ISO C built-in log() function.
+ * utils/statd/*.c: Use note().
+
+2003-08-20 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.5-2.
+
+2003-08-11 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * utils/mountd/cache.c(cache_get_filehandle): close the filehandle
+ before returning.
+
+2003-08-04 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * support/include/nfs/export.h, support/nfs/exports.c,
+ utils/exportfs/exports.c, utils/mountd/mountd.c: change
+ NFSEXP_CROSSMNT to NFSEXP_CROSSMOUNT to avoid confusion with older
+ meaning. Also remove meaningless
+ NFSEXP_{UIDMAP,KERBEROS,SUNSECURE}
+
+2003-08-04 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * support/export/xtab.c, support/include/nfslib.h,
+ support/nfs/cacheio.c, support/nfs/nfssvc.c,
+ utils/exportfs/exportfs.c, utils/exportfs/exportfs.man,
+ utils/exportfs/nfsd.man, utils/mountd/cache.c: support
+ /proc/fs/nfsd/* as a perferred alternate to /proc/fs/nfs/*
+ (nfs-utils-1.0.5-post2)
+
+2003-08-04 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * support/nfs/nfsexport.c: open channel file O_WRONLY when
+ only writing.
+ * utils/mountd/cache.c: maintain mountlist when new_cache is
+ active. Also use O_WRONLY for channel files.
+ * utils/mountd/mountd.h: mountlist_{del,add} now take a host name
+ rather than an nfs_export.
+ * utils/mountd/rmtab.c: ditto.
+ (nfs-utils-1.5.0-post1)
+
+2003-07-24 Chip Salzenberg <chip@pobox.com>
+
+ * support/nfs/xlog.c (xlog): Revise buffer-overflow fix to
+ use Debian security team's cleaner approach.
+ * debian/changelog: Version 1.0.5-1.
+ * debian/nfs-kernel-server.init: Cosmetic changes.
+
+2003-07-18 NeilBrown <neilb@cse.unsw.edu.au>
+
+ Release 1.0.5:
+ 1.0.4 was a bit of a brown-paper-bag-release because of the extra
+ 'free' in auth.c. So I'm releasing this just a few days later.
+
+ * support/nfs/cacheio.c(cache_flush): Correct test for 'open
+ failed'
+ * utils/exportfs/exportfs.c(main): If "-f" given as lone option,
+ check if new_cache is enabled, error if not, flush and exit if it
+ is.
+ * utils/exportfs/exportfs.man: Explain -f option and explain the
+ two different modes that exportfs can work in.
+ * utils/mountd/mountd.c: Do not change RLIMIT_NOFILE if the -o
+ option wasn't given.
+ * utils/mountd/mountd.man: Record the change if default behaviour
+ for RLIMIT_NOFILE.
+ * configure.in, nfs-utils.spec: update version to 1.0.5 and
+ run autoconf
+
+2003-07-15 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * utils/mountd/mountd.c(main): getopt string fix for 'o'
+ * utils/mountd/auth.c(auth_authenticate): remove extra 'free'
+ * utils/exportfs/exportfs.c(main): make 'exportfs -f' just flush
+ the caches.
+ * support/include/nfs/export.h: Reserve a bit for possible ACL
+ related use.
+
+2003-07-03 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * utils/exportfs/nfsd.man: new man page for nfsd filesystem. Also
+ assorted changed to cope with section 7 of the manual.
+ * configure.in, nfs-utils.spec: Update version to 1.0.4
+ * run autoconf
+
+ This is a 'pre-release' for 1.1.0 Hopefully 1.1.0 will be the
+ baseline for 2.6 and 2.8. I.e. it should continue to work right
+ through the 2.8 (or 3.0) kernel series. Previous releases wont.
+
+2003-07-04 NeilBrown <neilb@cse.unsw.edu.au>
+ Steve Dickson <SteveD@redhat.com>
+
+ statd cleanup:
+ * utils/statd/statd.c: create a pidfile with pid of statd, and
+ truncate it when statd exists.
+ * utils/statd/statd.c: drop privs by setuid to owner of SM_DIR,
+ and warn if this is root.
+ * utils/statd/statd.c: when statd forks, connect child to parent
+ with a pipe, and send a byte down the pipe once the child is
+ working properly.
+ * Makefile: create and chown sm, sm.bak, state when "make install"
+ * configure.in: add --with-statduser= option which defaults to
+ "rpcuser" or "nobody"
+ * config.mk.in: pass "statduser" through to Makefile
+
+2003-07-03 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * support/include/nfs/nfs.h: Make sure correct __kernel_dev_t is
+ used as the size was changed somewhere in 2.5.60-2.5.70. Without
+ this nfs-utils compiles against 2.6 headers will not work on a
+ 2.4 kernel.
+
+2003-07-03 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * support/nfs/nfssvc.c(nfssvc): If /proc/fs/nfs/threads exists,
+ set number of threads by writing to there. This means it will
+ still work when the syscall interface goes away in 2.7.
+
+2003-07-03 NeilBrown <neilb@cse.unsw.edu.au>
+ fumihiko kakuma <kakmy@mvh.biglobe.ne.jp>
+
+ * utils/exportfs/exportfs.c(unexportfs): improve host comparison
+ so as to only export the wildcard exports that were asked for.
+ * support/export/export.c(export_allowed): changed to return the
+ nfs_export rather than a "struct exportent", as m_changed is
+ needed by called
+ * support/export/rmtab.c(rmtab_read): modified to deal with
+ interface change for export_allowed(), and enhanced to preserve
+ m_changed flag when a wild-card export causes the creation of
+ a non-wildcard export.
+
+2003-07-02 NeilBrown <neilb@cse.unsw.edu.au>
+ Steve Dickson <SteveD@redhat.com>
+
+ * utils/mountd/mountd.man: Add valid kinds of debugging.
+ * utils/mountd/mountd.c(main): ignore SIGPIPE
+ * utils/nfsstat/nfsstat.c: fine-tune printing of warning so
+ we don't get warnings about unavailable stats that weren't asked
+ for.
+
+2003-06-24 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * support/nfs/nfsexport.c(exp_unexp): When unexporting filesystems
+ via /rpc/net/rpc/nfsd*/channel, set the expiry date to 1, not
+ 'forever', so things disappear out of the cache rather than just
+ be ignored.
+
+2003-06-16 "J. Bruce Fields" <bfields@fieldses.org>
+
+ * utils/mountd/cache.c(nfsd_fh): don't export the export_ent
+ if it wasn't found.
+
+2003-06-16 NeilBrown <neilb@cse.unsw.edu.au>
+
+ * debian/nfs-kernel-server.init,etc/nodist/nfs-server,
+ etc/redhat/nfs.init: when checking if V3 is supported, make sure
+ nfs server 'knows' about 127.0.0.1 first.
+
+2003-06-10 Chip Salzenberg <chip@pobox.com>
+
+ * support/nfs/xlog.c (xlog): Fix off-by-one buffer overflow bug.
+ * debian/changelog: Version 1.0.3-2.
+
2003-05-30 Michael Griffith <grif@michaelgriffith.com>
NeilBrown <neilb@cse.unsw.edu.au>