+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Remove the rpcsec_gss code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ *utils/mountd/mountd.c:
+ mountd currently always returns AUTH_NULL and AUTH_SYS as the
+ allowable flavors in mount replies. We want it to also return gss
+ flavors when appropriate. For now as a hack we just have it always
+ return the KRB5 flavors as well.
+
+ *utils/mountd/cache.c:
+
+ When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the
+ actual exported directory does not exist on the server, rpc.mountd
+ doesn't check the directory exists (when fsidtype=1, i.e. using fsid,
+ but does check for fsidtype=0, i.e. using dev/ino). The non-existent
+ exported directory path with fsid=0 is written to the kernel via
+ /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to
+ return ENOENT (seems appropriate). Unfortunately, the new_cache
+ approach ignores errors returned when writing via the channel file so
+ that particular error is lost and the mount request is silently ignored.
+
+ Assuming it doesn't make sense to revamp the new_cache/up-call method to
+ not ignore returned errors, it seems appropriate to fix the case where
+ rpc.mountd doesn't check for the existence of an exported directory with
+ fsid= semantics. The following patch does this by moving the stat() up
+ so it is done for both fsidtype's. I'm not certain whether the other
+ tests need to be executed for fsidtype=1, but it doesn't appear to hurt
+ [Not exactly true: the comparison of inode numbers caused problems so
+ now it's kept for fsidtype=0 only].
+
+ Would it be also desirable to log a warning for every error, if any,
+ returned by a write to any of the /proc/net/rpc/*/channel files which
+ would otherwise be ignored (maybe under a debug flag)?
+
+ * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a
+ SIGHUP rather than dying.
+
+ * many: Remove the gssapi code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * utils/exportfs/exports.man: Document the "crossmnt" export export option
+ * utils/gssd/krb5_util.c:
+ Add better debugging and partially revert the function
+ check for gss_krb5_ccache_name.
+
+ For MIT Kerberos releases up to and including 1.3.1, we *must*
+ use the routine gss_krb5_ccache_name to get the K5 gssapi code
+ to use a different credentials cache.
+
+ For releases 1.3.2 and on, we want to use the KRB5CCNAME
+ environment variable to tell it what to use.
+ (A problem was reported where 1.3.5 was being used, our
+ code was using gss_krb5_ccache_name, but the underlying
+ code continued to use the first (or default?) credentials
+ cache. Switching to using the env variable fixed the problem.
+ I cannot recreate this problem.
+
+ *utils/gssd/krb5_util.c:
+ Andrew Mahone <andrew.mahone@gmail.com> reported that reiser4
+ always has DT_UNKNOWN. He supplied patch to move the check
+ for regular files after the stat() call to correctly find
+ ccache files in reiser4 filesystem.
+
+ Also change the name comparison so that the wrong file is
+ not selected when the substring comparison is done.
+
+ *utils/gssd/krb5_util.c:
+ Limit the set of encryption types that can be negotiated by
+ the Kerberos library to those that the kernel code currently
+ supports.
+
+ This should eventually query the kernel for the list of
+ supported enctypes.
+
+ *utils/gssd/gss_util.c, utils/svcgssd/svcgssd_main_loop.c:
+ Print more information in error messages to help debugging failures.
+
+ *utils/svcgssd/svcgssd_proc.c: Increase token buffer size and
+ update error handling so that a response is always sent.
+
+ *utils/svcgssd/svcgssd_proc.c: Add support to retrieve
+ supplementary groups.
+
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * configure.in etc
+ Consolidate some of the Kerberos checking instead of repeating
+ the same things for MIT and Heimdal.
+ Also adds more checks to distinguish 32-bit from 64-bit
+ (mainly for gssapi.h)
+ Fix svcgssd Makefile so make TOP=../../ works correctly there.
+ Enable running a modern autoheader.
+ * utils/gssd/gss_oids.c: Use correct OID value for SPKM-3
+ * utils/gssd/gss_util.c: Fix build with older MIT releases that do not define GSS_C_NT_HOSTBASED_SERVICE
+ * utils/gssd/write_bytes.h, support/include/gssapi/gssapi.h:
+ Length of gss_buffer_desc is a size_t which is 64-bits on a
+ 64-bit machine. Kernel code expects 32-bit integer for length.
+ Coerce length value into a 32-bit value when reading from or
+ writing to the kernel.
+ Change gssapi.h to use datatype size values obtained from
+ configure rather than hard-coded values.
+ * utils/idmapd/idmapd.c: The EV_INIT check here was wrong, and was
+ causing idmapd to become unresponsive to server requests after
+ receiving a sighup.
+ * utils/idmapd/idmapd.c: Idmapd should flush the server id<->name
+ caches when its started.
+
+2005-04-12 G. Allen Morris III <gam3@gam3.net>
+
+ * All Makefile: added TOP as needed for easier compile.
+
+ * utils/nfsstat/nfsstat.c: added NFS V4 support; added the -m
+ option; Added -2, -3, and -4 options; changed -a option to -v
+ option; added long options; changed default output to not
+ show V2 NFS statistics unless used.
+
+ * utils/nfsstat/nfsstat.man: Documented above changes; changed
+ authors email address; added BUGS section.
+
+2005-04-07 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.7-2.
+
+2005-04-06 Chip Salzenberg <chip@pobox.com>
+
+ * config.guess, config.sub: Update.
+
+ * support/rpc/svc_auth_gss.c (_svcauth_gss): Avoid using a cast as
+ an lvalue, as it is non-portable.
+
+ * support/nfs/exports.c (parseopts): Accept "acl" option to mean
+ ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL.
+ (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL
+ as "acl".
+ * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as
+ "no_acl".
+ * utils/exportfs/exports.man: Document "no_acl".
+
+2005-03-14 NeilBrown <neilb@cse.unsw.edu.au>
+ Denis Vlasenko <vda@ilport.com.ua>
+ * support/export/client.c(client_init and client_gettype):
+ treat N.N.N.N as a special case of MCL_SUBNETWORK instead of
+ MCL_FQDN
+
+2005-03-06 G. Allen Morris III <gam3@gam3.net>
+ * support/nfs/cacheio.c(readline): Could not read lines greater
+ than 128 bytes. [1157791]
+ * utils/exportfs/exports.man: Added a SEE ALSO section and
+ fixed 2 typos. [1018450]
+
+2005-02-28 Trond Myklebust <trond.myklebust@fys.uio.no>
+ * utils/statd/rmtcall.c(statd_get_socket): If a port number is
+ explicitly given, make sure to try to bind to that.
+
+2005-01-11 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.7-1.
+ * debian/nfs-common.default (NEED_IDMAPD, NEED_GSSD):
+ Disable by default, on advice of upstream.
+ * debian/nfs-kernel-server.default (NEED_SVCGSSD):
+ Likewise.
+
+ * utils/svcgssd/Makefile (predep): Symbolically link duplicated
+ source files.
+ (distclean): Remove symlinks to duplicated files.
+
+2004-12-17 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7
+
+ * config.mk, configure.in: update version number, run autoconf
+ * configure.in: require nfsidmap.h if gss is enabled.
+
+2004-12-10 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7-pre2
+
+ * config.mk, configure.in: update version number, run autoconf
+
+2004-12-10 Neil Brown <neilb@cse.unsw.edu.au>
+ * README : note dependancy on kerberos, libevent, and nfsidmap
+ * configure.in : fail if --enable-nfsv4 and libevent or
+ libnfsidmap are missing.
+ * configuyre.in: improve message if krb5 support is missing
+
+2004-12-06 Paul Clements <paul.clements@steeleye.com>
+ * support/include/ha-callout.h: get return status from waitpid
+ correctly.
+ * support/include/ha-callout.h: don't ignore SIGCHLD while waiting
+ for a callout to complete.
+ * utils/statd/statd.c(sigusr): print current start when re-reading
+ notify list due to SIGUSR1
+ * utils/statd/svc_run.c(my_svc_run): call change_state when
+ re-notifying clients.
+
+2004-12-06 Marc Eshel <eshel@almaden.ibm.com>
+ * utils/statd/svc_run.c(my_svc_run): allow loop to exit when in
+ MODE_NOTIFY_ONLY
+ *utils/statd/rmtcall.c(statd_get_socket): if a hostname is given
+ to statd with -n, prefer it's IP address to the default for
+ listening on.
+
+2004-12-06 Bruce Allan <bwa@us.ibm.com>
+ * utils/mountd/auth.c(auth_reload) Clear the "my_client" cache on
+ an auth_reload to avoid old data getting used.
+
+2004-12-03 NeilBrown <neilb@cse.unsw.edu.au>
+ Release 1.0.7-pre1 for testing
+
+ * config.mk, configure.in: update version number, run autoconf
+
+2004-12-03 Trond Myklebust <trond.myklebust@fys.uio.no>
+
+ * utils/statd/statd.c(main): ignore SIGPIPE
+
2004-11-22 "J. Bruce Fields" <bfields@fieldses.org>
* tools/rpcdebug/rpcdebug.c: support aliases "nfsdebug" and
file for the default domain, instead of doing that ourselves.
* utils/gssd/gssd_proc.c: Make sure we get an error when a gssd
downcall fails.
+ * utils/gssd/gssd_proc.c: We were forgetting to restore the euid
+ on certain failures, which meant gssd could get stuck in a state
+ where it didn't have permissions to read the files in rpc_pipefs
+ that it needed to.
+ * utils/gssd/gssd_proc.c: Use libnfsidmapd to map gss principals
+ to uids.
+ * debian/nfs-kernel-server.default: Document the NEED_SVCGSSD
+ variable in /etc/default/nfs-kernel-server.
2004-11-22 NeilBrown <neilb@cse.unsw.edu.au>
projects / nfs-utils.git / blobdiff