+2005-11-03 Steve Dickson <SteveD@redhat.com> NeilBrown <neilb@suse.de>
+ *utils/idmapd/idmaps.c:
+
+ I've recently updated the nfs-utils in rawhide with the
+ latest patches from the SourceForge CVS tree and the
+ latest CITI patches (1.0.7-4).
+
+ In testing these patches, I notice that when the server was started
+ and a SIGHUP was sent to rpc.idmapd to open the nfs4.nametoid/channel
+ and nfs4.idtoname/channel files, the second open (the nfs4.idtoname one)
+ failed because the path (i.e. ic->ic_path) was NULL.
+
+ Now the reason the ic_path was NULL was because it was never set
+ during the call to nfsdopen(). nfsdopen() looks like:
+ nfsdopen(char *path)
+ {
+ return ((nfsdopenone(&nfsd_ic[IC_NAMEID], IC_NAMEID, path) == 0 &&
+ nfsdopenone(&nfsd_ic[IC_IDNAME], IC_IDNAME, path) == 0) ? 0
+ : -1);
+ }
+
+ Note: the call to nfsdopenone() is how the path is set in each nfsd_ic[]
+ entry and nfsdopen() is only called once.
+
+ So when rpc.idmap comes up and the first call to nfsdopenone() fails
+ (because the server is not running) the path in nfsd_ic[IC_IDNAME] is
+ never filled in because the second nfsdopenone() never happen...
+
+ Now there was a CITI patche (idmapd_revert_fix_reopen_on_sighup.dif)
+ that tried to address this problem but did seem to fix it.. The
+ attached patch fix the problem by initializing both nfsd_ic[IC_IDNAME]
+ and nfsd_ic[IC_NAMEID] structures with the needed info...
+ I figured since there is no way of changing these paths or filenames
+ by command line args, why not just set them during compile time...
+ so that's what this patch does.
+
+ This patch also changes how nfsdreopen_one() handles the
+ case where the event has already been set. Unlike the CITI
+ patch (idmapd_revert_fix_reopen_on_sighup.dif) which just
+ just does not register the second event, my patch deletes
+ the old event and the registers the new one. It just seems like
+ the right thing to do since a SIGHUP means a new server just
+ started so we probably should create a new event as well...
+
+ steved.
+
+2005-10-14 NeilBrown <neilb@suse.de>
+ *utils/mountd/cache.c(nfsd_fh): Understand type 2 and type 3
+ filesystem identifiers, which are used with device numbers
+ That don't fit into 16 bits.
+
+2005-10-07 Olaf Kirch <okir@suse.de>
+ * utils/mountd/mountd.c(get_exportlist): Without this patch,
+ showmount -e would sometimes display host names that should really
+ have been subsumed under a wildcard entry.
+
+ The problem was that the code in get_exportlist would always
+ skip the next group entry after removing one FQDN.
+
+2005-10-06 Steve Dickson <SteveD@redhat.com> NeilBrown <neilb@suse.de>
+ * support/nfs/export.c: don't warn about sync/async for readonly
+ exports
+ * support/nfs/closeall.c: new file with function to close all
+ file descriptors from a give minimum upwards.
+ * nfsd/mountd/statd/idmapd/gsssvcd: use closeall.
+ * utils/mountd/mountd.c: Eliminate 3 syslog message that are
+ logged for successful events.
+ * utils/mountd/mountd.c: make sure the correct hostname is used in
+ the SM_NOTIFY message that is sent from a rebooted server which
+ has multiple network interfaces. (bz 139101)
+
+ Details can be found in:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139101
+
+ *utils/idmapd/idmapd.c:Fixed subscripting problem in idmapd (bz
+ 158188) This fixes the following problem:
+ rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory)
+
+ Details can be found in:
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158188
+
+ *utils/statd/statd.c(drop_privs): clear st_gid as well as st_uid
+ of stat fails.
+ *utils/statd/svc_run.c(my_svc_run): remove usage of undocumented
+ %m format specifier.
+ *utils/statd/montor.c(sm_mon_1_svc): as above
+ *support/nfs/xlog.c(xlog): Changed xlog to use LOG_INFO instead of
+ LOG_DEBUG so debug messages will appear w/out any config changes
+ to syslog.conf.
+
+
+2005-09-02 Mike Frysinger <vapier@gentoo.org>
+ * utils/rquotad/rquota_server.c(getquotainfo): use explicit
+ struture-member copying rather than memcpy, as the element
+ sizes are the same on all architectures.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Add option to set rpcsec_gss debugging level (if available)
+
+ Changes to allow gssd/svcgssd to build when using Hiemdal Kerberos
+ libraries. Note that there are still run-time issues preventing
+ this from working when shared libraries for libgssapi and librpcsecgss
+ are used.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Remove the rpcsec_gss code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ *utils/mountd/mountd.c:
+ mountd currently always returns AUTH_NULL and AUTH_SYS as the
+ allowable flavors in mount replies. We want it to also return gss
+ flavors when appropriate. For now as a hack we just have it always
+ return the KRB5 flavors as well.
+
+ *utils/mountd/cache.c:
+
+ When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the
+ actual exported directory does not exist on the server, rpc.mountd
+ doesn't check the directory exists (when fsidtype=1, i.e. using fsid,
+ but does check for fsidtype=0, i.e. using dev/ino). The non-existent
+ exported directory path with fsid=0 is written to the kernel via
+ /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to
+ return ENOENT (seems appropriate). Unfortunately, the new_cache
+ approach ignores errors returned when writing via the channel file so
+ that particular error is lost and the mount request is silently ignored.
+
+ Assuming it doesn't make sense to revamp the new_cache/up-call method to
+ not ignore returned errors, it seems appropriate to fix the case where
+ rpc.mountd doesn't check for the existence of an exported directory with
+ fsid= semantics. The following patch does this by moving the stat() up
+ so it is done for both fsidtype's. I'm not certain whether the other
+ tests need to be executed for fsidtype=1, but it doesn't appear to hurt
+ [Not exactly true: the comparison of inode numbers caused problems so
+ now it's kept for fsidtype=0 only].
+
+ Would it be also desirable to log a warning for every error, if any,
+ returned by a write to any of the /proc/net/rpc/*/channel files which
+ would otherwise be ignored (maybe under a debug flag)?
+
+ * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a
+ SIGHUP rather than dying.
+
+ * many: Remove the gssapi code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * utils/exportfs/exports.man: Document the "crossmnt" export export option
+ * utils/gssd/krb5_util.c:
+ Add better debugging and partially revert the function
+ check for gss_krb5_ccache_name.
+
+ For MIT Kerberos releases up to and including 1.3.1, we *must*
+ use the routine gss_krb5_ccache_name to get the K5 gssapi code
+ to use a different credentials cache.
+
+ For releases 1.3.2 and on, we want to use the KRB5CCNAME
+ environment variable to tell it what to use.
+ (A problem was reported where 1.3.5 was being used, our
+ code was using gss_krb5_ccache_name, but the underlying
+ code continued to use the first (or default?) credentials
+ cache. Switching to using the env variable fixed the problem.
+ I cannot recreate this problem.
+
+ *utils/gssd/krb5_util.c:
+ Andrew Mahone <andrew.mahone@gmail.com> reported that reiser4
+ always has DT_UNKNOWN. He supplied patch to move the check
+ for regular files after the stat() call to correctly find
+ ccache files in reiser4 filesystem.
+
+ Also change the name comparison so that the wrong file is
+ not selected when the substring comparison is done.
+
+ *utils/gssd/krb5_util.c:
+ Limit the set of encryption types that can be negotiated by
+ the Kerberos library to those that the kernel code currently
+ supports.
+
+ This should eventually query the kernel for the list of
+ supported enctypes.
+
+ *utils/gssd/gss_util.c, utils/svcgssd/svcgssd_main_loop.c:
+ Print more information in error messages to help debugging failures.
+
+ *utils/svcgssd/svcgssd_proc.c: Increase token buffer size and
+ update error handling so that a response is always sent.
+
+ *utils/svcgssd/svcgssd_proc.c: Add support to retrieve
+ supplementary groups.
+
+
2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
* configure.in etc
Consolidate some of the Kerberos checking instead of repeating