+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ Remove the rpcsec_gss code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ *utils/mountd/mountd.c:
+ mountd currently always returns AUTH_NULL and AUTH_SYS as the
+ allowable flavors in mount replies. We want it to also return gss
+ flavors when appropriate. For now as a hack we just have it always
+ return the KRB5 flavors as well.
+
+ *utils/mountd/cache.c:
+
+ When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the
+ actual exported directory does not exist on the server, rpc.mountd
+ doesn't check the directory exists (when fsidtype=1, i.e. using fsid,
+ but does check for fsidtype=0, i.e. using dev/ino). The non-existent
+ exported directory path with fsid=0 is written to the kernel via
+ /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to
+ return ENOENT (seems appropriate). Unfortunately, the new_cache
+ approach ignores errors returned when writing via the channel file so
+ that particular error is lost and the mount request is silently ignored.
+
+ Assuming it doesn't make sense to revamp the new_cache/up-call method to
+ not ignore returned errors, it seems appropriate to fix the case where
+ rpc.mountd doesn't check for the existence of an exported directory with
+ fsid= semantics. The following patch does this by moving the stat() up
+ so it is done for both fsidtype's. I'm not certain whether the other
+ tests need to be executed for fsidtype=1, but it doesn't appear to hurt
+ [Not exactly true: the comparison of inode numbers caused problems so
+ now it's kept for fsidtype=0 only].
+
+ Would it be also desirable to log a warning for every error, if any,
+ returned by a write to any of the /proc/net/rpc/*/channel files which
+ would otherwise be ignored (maybe under a debug flag)?
+
+ * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a
+ SIGHUP rather than dying.
+
+ * many: Remove the gssapi code and rely on an external library instead.
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * utils/exportfs/exports.man: Document the "crossmnt" export export option
+ * utils/gssd/krb5_util.c:
+ Add better debugging and partially revert the function
+ check for gss_krb5_ccache_name.
+
+ For MIT Kerberos releases up to and including 1.3.1, we *must*
+ use the routine gss_krb5_ccache_name to get the K5 gssapi code
+ to use a different credentials cache.
+
+ For releases 1.3.2 and on, we want to use the KRB5CCNAME
+ environment variable to tell it what to use.
+ (A problem was reported where 1.3.5 was being used, our
+ code was using gss_krb5_ccache_name, but the underlying
+ code continued to use the first (or default?) credentials
+ cache. Switching to using the env variable fixed the problem.
+ I cannot recreate this problem.
+
+ *utils/gssd/krb5_util.c:
+ Andrew Mahone <andrew.mahone@gmail.com> reported that reiser4
+ always has DT_UNKNOWN. He supplied patch to move the check
+ for regular files after the stat() call to correctly find
+ ccache files in reiser4 filesystem.
+
+ Also change the name comparison so that the wrong file is
+ not selected when the substring comparison is done.
+
+ *utils/gssd/krb5_util.c:
+ Limit the set of encryption types that can be negotiated by
+ the Kerberos library to those that the kernel code currently
+ supports.
+
+ This should eventually query the kernel for the list of
+ supported enctypes.
+
+ *utils/gssd/gss_util.c, utils/svcgssd/svcgssd_main_loop.c:
+ Print more information in error messages to help debugging failures.
+
+ *utils/svcgssd/svcgssd_proc.c: Increase token buffer size and
+ update error handling so that a response is always sent.
+
+ *utils/svcgssd/svcgssd_proc.c: Add support to retrieve
+ supplementary groups.
+
+
+2005-08-26 Kevin Coffman <kwc@citi.umich.edu>
+ * configure.in etc
+ Consolidate some of the Kerberos checking instead of repeating
+ the same things for MIT and Heimdal.
+ Also adds more checks to distinguish 32-bit from 64-bit
+ (mainly for gssapi.h)
+ Fix svcgssd Makefile so make TOP=../../ works correctly there.
+ Enable running a modern autoheader.
+ * utils/gssd/gss_oids.c: Use correct OID value for SPKM-3
+ * utils/gssd/gss_util.c: Fix build with older MIT releases that do not define GSS_C_NT_HOSTBASED_SERVICE
+ * utils/gssd/write_bytes.h, support/include/gssapi/gssapi.h:
+ Length of gss_buffer_desc is a size_t which is 64-bits on a
+ 64-bit machine. Kernel code expects 32-bit integer for length.
+ Coerce length value into a 32-bit value when reading from or
+ writing to the kernel.
+ Change gssapi.h to use datatype size values obtained from
+ configure rather than hard-coded values.
+ * utils/idmapd/idmapd.c: The EV_INIT check here was wrong, and was
+ causing idmapd to become unresponsive to server requests after
+ receiving a sighup.
+ * utils/idmapd/idmapd.c: Idmapd should flush the server id<->name
+ caches when its started.
+
+2005-04-12 G. Allen Morris III <gam3@gam3.net>
+
+ * All Makefile: added TOP as needed for easier compile.
+
+ * utils/nfsstat/nfsstat.c: added NFS V4 support; added the -m
+ option; Added -2, -3, and -4 options; changed -a option to -v
+ option; added long options; changed default output to not
+ show V2 NFS statistics unless used.
+
+ * utils/nfsstat/nfsstat.man: Documented above changes; changed
+ authors email address; added BUGS section.
+
+2005-04-07 Chip Salzenberg <chip@pobox.com>
+
+ * debian/changelog: Version 1.0.7-2.
+
2005-04-06 Chip Salzenberg <chip@pobox.com>
+ * config.guess, config.sub: Update.
+
* support/rpc/svc_auth_gss.c (_svcauth_gss): Avoid using a cast as
an lvalue, as it is non-portable.
projects / nfs-utils.git / blobdiff