X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=ChangeLog;h=1a9e642d33c7df87608b4a589f52eab82199b746;hp=dd490b115c449f46a731b233ed263cebf72e86db;hb=14e6ec262e58e962c2d7e9161ca9c56529de3170;hpb=6b7bfb3b630ad704424ac967cd9695f5a1d63534 diff --git a/ChangeLog b/ChangeLog index dd490b1..1a9e642 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,1350 @@ +Author: Steinar H. Gunderson +Date: Wed Sep 13 22:23:23 CEST 2006 + + Fix -n option to mountd + + The getopt_long() option string in mountd was having a spurious + colon after the 'n', leading to the short form of --no-tcp not + being usable (expecting a parameter, contrary to the long form + and the documentation). Fix. + +Author: Steinar H. Gunderson +Date: Wed Sep 13 22:19:39 CEST 2006 + + Document sensitive gids + + The exports(8) man page already mentions that some non-root users, + such as bin, might be just as sensitive as root, and that root_squash + thus might not be as effective as one could hope for. Update the + documentation to also mention that this could be the case for non-root + groups, such as staff. + +Author: NeilBrown +Date: Mon Aug 7 16:35:03 AEST 2006 + + Set version to 1.0.10 + Note: 1.0.10 should be used in preference to + 1.0.9 especially with kernels 2.6.18 and later + otherwise 'rpc.nfsd N' won't work to change the + number of threads after nfsd has been started. + +Author: NeilBrown +Date: Mon Aug 7 16:35:03 AEST 2006 + + support/nfs/nfssvc.c: if any ports are already open, + don't try to open any more. + This means that once nfsd is running + rpc.nfsd X + will just change the number of threads, not the + ports in use. + +Author: NeilBrown +Date: Mon Aug 7 14:01:35 AEST 2006 + + Remove warning if neither 'sync' or 'async' present. + Add warning of neither 'subtree_check' or 'no_subtree_check' present. + +commit 7194d7d6320736c14f40d31c3738d40f3119ead5 +Author: Kevin Coffman +Date: Sat Jul 8 10:01:40 2006 +1000 + + Use uid/gid of -1 to indicate the export's anonuid/anongid should be used + + Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the + value -1 and defaults the credential's fsuid/fsgid to the + correct anonuid/anongid values for the given export. We should + be passing this value (-1) down when a name mapping cannot be found. + Thanks to J. Bruce Fields for the reference. + + Signed-off-by: Kevin Coffman + Acked-by: J. Bruce Fields + +commit b0604c623f7a98c6061dff19988722d3ae848bd7 +Author: Kevin Coffman +Date: Sat Jul 8 09:58:03 2006 +1000 + + Change svcgssd_LDFLAGS to match gssd_LDFLAGS + +commit 99414bd3eecf93f23c378d3bb3d45bc98f364abc +Author: Neil Brown +Date: Sat Jul 8 09:41:58 2006 +1000 + + Disable building/installing mount.nfs by default. + + mount.nfs does not yet support 'user' option and some others. + To make it support this we need to make it setuid-root, and + some security isses need to be resolved before that can be done + safely. + +commit b0c3cbfee702c019dab0a22557bbf38e24dfcee1 +Author: Steve Dickson +Date: Sat Jul 8 09:35:02 2006 +1000 + + Call nfssvc_versbits before nfssvc_setfds + + nfssvc_versbits() has to be called before nfssvc_setfds() + for the version processing to work correctly + +commit 26fff911b21943f20e3937ae3f2d29a1572d2309 +Author: Neil Brown +Date: Thu Jul 6 13:05:11 2006 +1000 + + Only use -rpath for Kerberos libs when actually needed. + + Avoid usage of -rpath is generally safer, and is required by Debian policy. + +commit 28a7603b719f8d35bf22fd3018b610b489fec78f +Author: Neil Brown +Date: Thu Jul 6 12:28:33 2006 +1000 + + Use 65534 instead of -2 in svcgssd_proc.c + + as this is more consistant across achitectures. + +commit 904de920ea4da3ad5604c417f0d784fcda83ed2a +Author: Shankar Anand +Date: Tue Jul 4 08:50:56 2006 -0600 + + This patch adds code to nfsstat to read /proc/net/rpc/nfsd for nfsv4 server statistics and print them. + + Submitted by: Shankar Anand + +commit 2179c112b9a386ca3d51d0e19390ddfadd745030 +Author: Steinar H. Gunderson +Date: Wed Jul 5 15:55:45 2006 +1000 + + Fix typos in various man pages. + +commit 3419e37500dfd19cb2c246260dbd2bc0ee4704d4 +Author: Steinar H. Gunderson +Date: Wed Jul 5 15:51:30 2006 +1000 + + Use 65534 for anon uid/gid rather than -2 + + This is more consistant across platforms. + +commit 65735eef8a9441901245f6047edafc50f2d97c97 +Author: Greg Banks +Date: Wed Jul 5 13:37:21 2006 +1000 + + Update rpcdebug to know about new 2.6 debug flags. Added + a manpage and installed rpcdebug (in sbindir). + +commit 23b3a9d0284d78cb6bf96b8cd44e9a4662ff60ae +Author: Greg Banks +Date: Wed Jul 5 12:22:45 2006 +1000 + + Ignore new generated files. + +commit 89053f3f440b629911cb994a293d5be73bb79bf9 +Author: Greg Banks +Date: Wed Jul 5 12:20:20 2006 +1000 + + Add rquota.h to BUILT_SOURCES so rquotad builds on the first try. + +commit 66f9d8251c92124e46a209c47e5c0f7d3a0c4e6e +Author: Neil Brown +Date: Wed Jul 5 11:06:09 2006 +1000 + + Generate rquota_xdr.c and rquota.h from rquota.x + + rquota_svc.c is still by-hand as it contains alot of extras. + These should really be moved to rquota_server.c + +commit 9f5b40b7a68fe0a2648565ecbd4b08bf60287130 +Author: Neil Brown +Date: Wed Jul 5 10:41:03 2006 +1000 + + Remove some files that old, unused, unneeded. + + deleted: support/export/keys.c + deleted: support/include/rpcdispatch.h + deleted: support/include/rpcsec.h + deleted: support/include/version.h + deleted: support/include/ypupdate.h + deleted: support/nfs/clients.c + deleted: support/nfs/keytab.c + deleted: support/nfs/ypupdate_xdr.c + deleted: support/rpc/include/Makefile.am + deleted: tools/rpcdebug/neat_idea.c + deleted: utils/mountd/mount_xdr.c + deleted: utils/rquotad/pathnames.h + +commit fbb1602bbd34cbe89dd55ca6eaaa19432237db1d +Author: Neil Brown +Date: Wed Jul 5 10:30:51 2006 +1000 + + Avoid error creating an existing symlink + + Just remove the link first. + +commit 0bc710a5a2b695039613a917e009dba3552ab1cc +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:33:54 2006 -0400 + + Don't depend on Kerberos headers when checking librpcsecgss in configure + + Signed-off-by: Kevin Coffman + + Older versions of MIT Kerberos are missing an OID definition, causing + the configure checks for librpcsecgss to fail. We shouldn't be depending + on their libraries during the configure. + +commit 5bfa10c94c44f082dc211a5fb431e2202ea9bb35 +Author: Greg Banks +Date: Tue Jul 4 18:33:56 2006 +1000 + + Eliminate warnings from code generated by rpcgen + + - unused variable 'buf' + - emit a declaration for `buf' on demand. + - unused variable 'i' + - declare i immediately before use + - unused value from IXDR_PUT_ + - cast to (void) + - type-punned pointer reference + - cast to (void*) first :-( + +commit acae444246635ec2ca8990d53e685c9062d73091 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:43 2006 -0400 + + Handle mapping failure from get_ids. + + Signed-off-by: Kevin Coffman + + Temporary patch to do default mapping if we get an error while trying to + map a gss principal to the appropriate uid/gid. This currently returns + hardcoded values. This may be correct, or we may need to try and figure + out the correct values to match the anonuid/anongid for the export. + +commit 1f1b05a65ef3dc6597c7bc1e2a38f38ae95bf230 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:38 2006 -0400 + + Properly report errors in readline() function + + Signed-off-by: Kevin Coffman + + Change message priorities for errors and debug messages. + +commit ee664fd246d77010af13fb557407c612752a5ea8 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:33 2006 -0400 + + Change default buffer size increment for readline() + + Signed-off-by: Kevin Coffman + + The readline routine expects much smaller messages than we are passing. + Change the default initial allocation and increment value from 128 + to 2048. This saves many calls to realloc(). + +commit 3da69ce5c4fac5677e91aa20e60750ab8de2ab97 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:27 2006 -0400 + + Clean up the printerr() logging function. + + Signed-off-by: Kevin Coffman + + Update the printerr() function to: + + 1) Determine whether we'll print the message before going to all the + work of formatting it. + 2) Don't just toss away messages that are too long for the buffer. + Print what we can and give an indication of the truncation with + "..." at the end. + 3) Use a single buffer rather than two. + 4) Messages either go to syslog (with level ERR) or stderr. Don't + send some messages to syslog level DEBUG. + +commit 0b2a5b574c7ffd99aa3226d36e1d261826405625 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:21 2006 -0400 + + Use setfsuid() rather than seteuid() while creating contexts + + Signed-off-by: Kevin Coffman + + As suggested by Olaf Kirch , use setfsuid() rather than + seteuid() when creating a gss context. This prevents users from using + credentials that do not belong to them, while also preventing them from + doing things like killing, renicing, or changing the priority of the + gssd process while it is processing the context creation. + +commit 0f899e6d862994ffb437ae73e087c4a21ab59723 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:16 2006 -0400 + + Limit acquire_cred call to to Kerberos only + + Signed-off-by: Kevin Coffman + + Specify that the acquire_cred call should only be concerned with returning + Kerberos credentials since this is Kerberos-only functionality. + +commit 3829bb90e764cd72c0009cb32a8b39d0fab89d81 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:10 2006 -0400 + + Check that the gssapi library is usable early on. + + Signed-off-by: Kevin Coffman + + Do a call to determine mechanisms supported by the gssapi library early. + This allows us to discover early in case the gssapi library is somehow + misconfigured. We can bail out early and give a meaningful message + rather than getting errors on each attempt at a context negotiation. + +commit 119c3e9aafe84c0f7c2846c46ad5e6f5eeece0da +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:34:05 2006 -0400 + + Fix problems with 64-bit big-endian machines + + Signed-off-by: Kevin Coffman + + Correct the definition of mech_used in the gss context to use gss_OID_desc. + This fixes problems on 64-bit machines when referencing the OID. + + Also updates write_buffer function to use u_int rather than size_t when + doing calculations. + +commit c3f05548d7b3d586e7eebbdde9339617e88530f3 +Author: kwc@citi.umich.edu +Date: Mon Jul 3 18:33:59 2006 -0400 + + Define CFLAGS for gss_clnt_send_err compile + + Signed-off-by: Kevin Coffman + + Add CFLAGS to make sure we find and use the correct gssapi.h when + building gss_clnt_send_err + +commit 4e9ed06f8f8a0cd9f34a6830c0ff14344a528042 +Author: Greg Banks +Date: Mon Jul 3 15:59:54 2006 +1000 + + Use socklen_t some more to avoid warnings. + +commit 6c40236820fda8960af891f41aa9d53f8bbe50a2 +Author: Greg Banks +Date: Mon Jul 3 15:39:41 2006 +1000 + + Fix warning about pointer signedness differing. + +commit 3bf702b1a914b3867117b74d519c55fa68f4dc28 +Author: Greg Banks +Date: Mon Jul 3 15:17:34 2006 +1000 + + Include the right header to get xmalloc() declaration. + +commit 940c7c304d4a43c00c27529cdddc7c87db6eef87 +Merge: b90d201... a503848... +Author: Greg Banks +Date: Mon Jul 3 14:21:48 2006 +1000 + + Merge branch 'master' of git://linux-nfs.org/nfs-utils + +commit b90d201551aaa712c011c3d5de900fad714a26a6 +Author: Greg Banks +Date: Tue Jun 27 21:30:18 2006 +1000 + + Comment out unused variable. + +commit 33beb42d3d2cd13a82ddbbdc4275d2a048030ae3 +Author: Greg Banks +Date: Tue Jun 27 21:22:59 2006 +1000 + + Comment out the decades-old SCCS id strings from the original Sun + distribution. They cause compile warnings, there is no longer any + reason to try to build them into the binaries, and gcc seems to be + eliding some of them anyway. + +commit 3172063ead6b99611d049a59938808a6358f48a4 +Author: Greg Banks +Date: Tue Jun 27 20:55:07 2006 +1000 + + Detect if glibc provides socklen_t and use that instead + of int in those cases which generate compile warnings, + e.g. the last argument of recvfrom(). + +commit a09eeb36c2c45151b9bb89f5015da0c584799716 +Author: Greg Banks +Date: Tue Jun 27 20:28:02 2006 +1000 + + Replace the deprecated sigblock() with more modern + signal functions to avoid compile warnings. + +commit 93608a52655abf5ac23404c4b5cc05fe575a9c04 +Author: Greg Banks +Date: Thu Jun 22 18:01:10 2006 +1000 + + Fix a number of the easier compile warnings: unused variables, + unused labels, constness, signedness. + +commit a07343ee0da4f0974a23b673ae1b0d482c7426a1 +Author: Greg Banks +Date: Thu Jun 22 17:31:24 2006 +1000 + + Detect presence of nfs4_set_debug() in libnfsidmap and + don't bother calling it if it's missing. + +commit dcfcb677b39443b6392db3234fd50498bc158507 +Author: Greg Banks +Date: Thu Jun 22 17:19:17 2006 +1000 + + Remove useless m4 quoting around args to PKG_CHECK_MODULES(). + +commit 24d303ffae686192bda0a5996e8590219dcc82e7 +Author: Greg Banks +Date: Thu Jun 22 17:16:19 2006 +1000 + + Do m4 quoting of AC_MSG_ERROR() and AC_MSG_WARN() as + the autoconf people intended. This avoids errors in + autoconf on SLES10. + +commit 66a699d953727d3a992cc09ed5304b83d661a737 +Author: Greg Banks +Date: Thu Jun 22 16:51:44 2006 +1000 + + Add a .gitignore file to suppress the files generated + during autogen, configure and build. +commit 49b164d978ee6266df7ba0bd335cb34337e7c381 +Author: Steve Dickson +Date: Mon Jul 3 09:52:00 2006 +1000 + + Allow rpc.nfsd to suppress tcp or udp, and listen on a specific address. + + -T - will suppressing listening for TCP connection. + -U - will suppress UDP + -H host - will only listen on that local address + -p port - will listen on that port. + + This requires kernel patches which will hopefully be in 2.6.19 and possibly some + earlier test and vendor kernels. + +commit fde2ae7794047a698feeaf17963d690a1e660a80 +Author: Steve Dickson +Date: Mon Jun 26 15:23:19 2006 +1000 + + Add support for suppressing different NFS versions. + + e.g. -N 2 + means that NFSv2 won't be supported, just v3 and v4 (if the kernel + supports them). + +commit 0523fd513c6baa8dbf45d1a7afea2044262aeb3d +Author: Neil Brown +Date: Fri Jun 23 17:10:56 2006 +1000 + + Further coverity related cleanups. + + Greg Banks suggested some variations, particularly improved + use of xmalloc/xstrdup functions. Thanks. + +commit 2e075a16da4963f54cd556403ca9e15a68de27fd +Author: Neil Brown +Date: Fri Jun 23 14:38:33 2006 +1000 + + Fix various issues discovered by Coverity + + Thanks to Michael Halcrow for finding them. + +commit ff42180930a444cea7f19e55e2cd2bfe6d3f108b +Author: Neil Brown +Date: Fri Jun 23 14:06:00 2006 +1000 + + Fix comment parsing (again) + + Bruce Fields noticed that I broke comment parsing... + + as xskip() is always called before xgettok(), that is the + best place to put xskipcomment and still maintain proper + semantics of xskip and xgettok. + +commit bec968578d97eabc63ae4a12bdeb2b33f40baec4 +Author: Amit Gud +Date: Thu Jun 22 12:51:04 2006 -0400 + + Change mount configure option to --enable-mount + + Change the configure option from --with-mount to --enable-mount. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +commit ceeffc1f76485b4084b2c61f4ff3c40e4f51c3b8 +Author: Amit Gud +Date: Thu Jun 22 12:49:24 2006 -0400 + + Merge nfsmount.x and mount.x into mount.x + + + Merge utils/mount/nfsmount.x and support/export/mount.x into support/export/mount.x. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +commit c2db41e8abb6ddc9d03a0c91c6db043fa0f85a8f +Author: Neil Brown +Date: Fri Jun 23 13:37:08 2006 +1000 + + Try to make sure that clientid used for NFSv4 is reliable. + + We need to give an IP address to identify this client to the + server. + The current code does a gethostbyname of the hostname. One + some systems this returns 127.0.0.1 or similar, which is not useful. + + Instead, use getsockname of the sock used to connect to the server + to confirm that the server is working. This gives the address on the + interface that was chosen to talk to that server, which is the + best address we can find (if there is a NAT in the way, it might + still not work, but in that case there is nothing we can do). + +commit 11d34d11153df198103a57291937ea9ff8b7356e +Author: Greg Banks +Date: Wed Jun 14 22:48:10 2006 +1000 + + multiple threads for mountd + + + How about the attached patch against nfs-utils tot? It + adds a -t option to set the number of forked workers. + Default is 1 thread, i.e. the old behaviour. + + I've verified that showmount -e, the Ogata mount client, + and a real mount from Linux and IRIX boxes work with and + without the new option. + + I've verified that you can manually kill any of the workers + without the portmap registration going away, that killing + all the workers causes the manager process to wake up and + unregister, and killing the manager process causes the + workers to be killed and portmap unregistered. + + I've verified that all the workers have file descriptors + for the udp socket and the tcp rendezvous socket, that + connections are balanced across all the workers if service + times are sufficiently long, and that performance is + improved by that parallelism, at least for small numbers + of threads. For example, with 60 parallel MOUNT calls + and a testing patch to make DNS lookups take 100 milliseconds + time to perform all mounts (averaged over 5 runs) is: + + num elapsed + threads time (sec) + ------ ---------- + 1 13.125 + 2 6.859 + 3 4.836 + 4 3.841 + 5 3.303 + 6 3.100 + 7 3.078 + 8 3.018 + + Greg. + -- + Greg Banks, R&D Software Engineer, SGI Australian Software Group. + I don't speak for SGI. + +commit db96d056578338dd1bb0371dc84638973c187ec6 +Author: Neil Brown +Date: Fri Jun 16 13:16:09 2006 +1000 + + Remove some temporary files that shouldn't be in 'git'. + + deleted: compile + deleted: config.guess + deleted: config.sub + deleted: depcomp + deleted: install-sh + deleted: ltmain.sh + deleted: missing + +commit 82b53188aaffad0e237461f8f1274794166feb3a +Author: Neil Brown +Date: Fri Jun 16 13:09:26 2006 +1000 + + Add support to auto-generate nfsmount* files for new nfs.mount program + +commit 4e2bae795e5eaf9922f0b966ab5df64994c836a2 +Author: Amit Gud +Date: Mon Jun 12 19:08:27 2006 -0400 + + Move NFS mount code from util-linux to nfs-utils - part 2 + + Adds the support functions needed for mount and umount. This + functionality will someday be available in the form of shared mount + library. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +commit a0520fa1a41bd33815b331b660b4545f2723495c +Author: Amit Gud +Date: Mon Jun 12 19:06:36 2006 -0400 + + Move NFS mount code from util-linux to nfs-utils - part 1 + + Adds the mount directory and the code to mount and umount the NFS file system. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +2006-06-05 NeilBrown + - Remove debian/ at request of Debian maintainer "Steinar H. Gunderson" + - fix_exportfs_with_multiple_matches.diff: Fixes a problem with exportfs -o + and multiple entries of the same type for the same patch that matches + a given client. The entire rationale and problem description can be found + at http://bugs.debian.org/245449 (fumihiko kakuma ) + - escape hashes in exports + Makes sure any # signs in the printed-out exports file are + escaped (as with quotes, spaces, etc.), so they won't be treated + as a comment when they're read back in again. + "Steinar H. Gunderson" + - Only treat '#' as starting a comment when at the start of a + token, otherwise '#' in filenames cannot be read. + NeilBrown + - document sync option: + Document the 'sync' option in the exports(5) man page -- ATM + only the 'async' option is documented, which is not very + symmetric. :-) "Steinar H. Gunderson" + - mountd state directory: + Let the user select (via a new parameter) the path to the NFS + state directory for mountd, to match the statd functionality. + "Steinar H. Gunderson" + - fix nhfsrun signal: + nhfsrun is supposed to be able to be signalled with SIGUSR1, but + the signal trapped is number 30, which is something else + entirely (SIGPWR). This patch simply changes it to say "USR1", + which gets it right no matter what the value is. + "Steinar H. Gunderson" + - Minor man page tidy up + +2006-04-12 NeilBrown + Remove **/Makefile.in, aclocal.m4, configure, and + support/include/config.h.in from source control + These are auto autogenerated by + aclocal -I aclocal ; autoheader ; automake ; autoconf + +2006-04-12 NeilBrown + utils/statd/rmtcall.c: use HAVE_IFADDRS_H to control compilation + of code using ifaddrs.h + configure.in: test for present of ifaddrs.h + + Old glibc's don't have ifaddrs.h + +2006-06-12 Amit Gud + Added the mount functionality from util-linux. + Added --without-mount configure option. + +2006-04-12 NeilBrown + Set version to 1.0.8, + aclocal -I aclocal ; autoheader ; automake ; autoconf + +2006-04-10 NeilBrown + Various paranoia checks: + gssd_proc.c: pass max_field sizes to sscanf to avoid buffer + overflow + svcgssd_proc.c: range_check name.length, to ensure name.length+1 + doesn't wrap + idmapd.c(nfsdcb): make sure at least one byte is read before + zeroing the last byte that was read, otherwise memory corruption + is possible. + + Found by SuSE security audit. + +2006-04-10 "Kevin Coffman" + Check for sufficient version of librpcsecgss and libgssapi + in configure.in + +2006-04-10 "Kevin Coffman" + Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and + HAVE_TCP_WRAPPERS as appropriate. + +2006-04-10 NeilBrown + Add checking for innetgr back to configure.in + +2006-04-10 kwc@citi.umich.edu + Update calls to gss_export_lucid_sec_context() + + Change the calls to gss_export_lucid_sec_context() to match the corrected + interface definition in libgssapi-0.9. + +2006-04-10 kwc@citi.umich.edu + Plug memory leaks in svcgssd + + Various memory leaks in the svcgssd context processing are eliminated. + +2006-04-10 kwc@citi.umich.edu + Fix memory leak of the AUTH structure on context negotiations + + Free AUTH structure after completing context negotiation and sending + context information to the kernel. + +2006-04-10 kwc@citi.umich.edu + Fix support/include/config.h.in such as would be done be running autoheader. + +2006-03-28 NeilBrown + 1.0.8-pre3, aclocal/autoconf/automake + +2006-03-28 kwc@citi.umich.edu + Use PKGCONFIG to locate gssapi and rpcsecgss header files + + Instead of having separate copies of the gssapi and rpcsecgss + header files, or depending on the Kerberos gssapi header, + locate the headers now installed with the libgssapi and librpcsecgss + libraries. + + Remove local copies of the gssapi and rpcsecgss header files. + + This depends on the configure_use_autotools patch. + +2006-03-28 kwc@citi.umich.edu + Add debugging to better detect negotiation of enctype not supported by kernel + + Print debugging message indicating the type of encryption keys being sent + down to the kernel. This should make it easier to detect cases where + unsupported encryption types are being negotiated. + (really this time) + +2006-03-28 kwc@citi.umich.edu + + Don't close and reopen all pipes on every DNOTIFY signal. + + From: Vince Busam + Signed-off-by: Kevin Coffman + + Don't unnecessarily close and re-open all pipes after every DNOTIFY + signal. These unnecessary closes were triggering a kernel Oops. + Original patch modified to correct segfault when unmounting last + NFSv4 mount. + +2006-03-28 kwc@citi.umich.edu + Add option to specify directory to search for credentials cache files + + + From: Vince Busam + Signed-off-by: Kevin Coffman + + Add command line option to specify which directory should be searched + to find credentials caches. + (really this time) + +2006-03-28 kwc@citi.umich.edu + Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5 + + We need to get access to the internal krb5 context pointer for + older (pre-1.4) versions of MIT Kerberos. We get a pointer to + the gss glue's context. Get the right pointer before accessing + the context information. + (really this time) + +2006-03-28 kwc@citi.umich.edu + + Remove unused groups variable from get_ids() which was causing a compiler warning. + (really this time) + +2006-03-28 kwc@citi.umich.edu + Update krb5 code to use glue routine lucid context functions + + + + The gssd code should not know about the glue layer's context structure. + A previous patch added gss_export_lucid_sec_context() and + gss_free_lucid_sec_context() functions to the gssapi glue layer. + Use these functions rather than calling directly to the Kerberos + gssapi code (which requires the Kerberos context handle rather + than the glue's context handle). + + (really this time) + +2006-03-28 kwc@citi.umich.edu + + Separate out context handling code for MIT Kerberos and SPKM3 + into their own file. + (Really this time) + +2006-03-28 Kevin Coffman + User-selectable idmapping cache lifetime + + Read and process new configuration option, Cache-Expiration, and use + the value to determine how long idmapping entries are cached. + (Really this time) + +2006-03-27 NeilBrown + 1.0.8-rc3 + +2006-03-27 kwc@citi.umich.edu + Add debugging to better detect negotiation of enctype not supported by kernel + + Print debugging message indicating the type of encryption keys being sent + down to the kernel. This should make it easier to detect cases where + unsupported encryption types are being negotiated. + +2006-03-27 + Don't close and reopen all pipes on every DNOTIFY signal. + + Don't unnecessarily close and re-open all pipes after every DNOTIFY + signal. These unnecessary closes were triggering a kernel Oops. + Original patch modified to correct segfault when unmounting last + NFSv4 mount. + +2006-03-27 + Add option to specify directory to search for credentials cache files + + Add command line option to specify which directory should be searched + to find credentials caches. + +2006-03-27 kwc@citi.umich.edu + Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5 + + We need to get access to the internal krb5 context pointer for + older (pre-1.4) versions of MIT Kerberos. We get a pointer to + the gss glue's context. Get the right pointer before accessing + the context information. + +2006-03-27 Kevin Coffman + Remove unused variable causing compile warning + + Remove unused groups variable from get_ids() which was causing a compiler warning. + +2006-03-27 kwc@citi.umich.edu + Update krb5 code to use glue routine lucid context functions + + The gssd code should not know about the glue layer's context structure. + A previous patch added gss_export_lucid_sec_context() and + gss_free_lucid_sec_context() functions to the gssapi glue layer. + Use these functions rather than calling directly to the Kerberos + gssapi code (which requires the Kerberos context handle rather + than the glue's context handle). + +2006-03-27 Kevin Coffman + Separate out context handling code for MIT Kerberos and SPKM3 + into their own file. + +2006-03-27 Kevin Coffman + Consolidate gssd and svcgssd since they share much code + + Remove directory svcgssd which was only created because the old + build system could not handle building two daemons in the same + directory. This eliminates build complications since gssd and + svcgssd also share many source files. + + This patch effectively removes the utils/svcgssd directory, moving + all its files to the utils/gssd directory. File utils/gssd/Makefile.am + is modified with directions to build both gssd and svcgssd. + +2006-03-27 Kevin Coffman + Use PKGCONFIG to locate gssapi and rpcsecgss header files + + Instead of having separate copies of the gssapi and rpcsecgss + header files, or depending on the Kerberos gssapi header, + locate the headers now installed with the libgssapi and librpcsecgss + libraries. + + Remove local copies of the gssapi and rpcsecgss header files. + + This depends on the configure_use_autotools patch. + +2006-03-27 Kevin Coffman + User-selectable idmapping cache lifetime + + Read and process new configuration option, Cache-Expiration, and use + the value to determine how long idmapping entries are cached. + +2006-03-27 Steve Dickson + Set libnfsidmap library debugging level and logging function. + + This patch adds a call to the new libnfsidmap library function + nfs4_set_debug(), which defines the verbosity level libnfsidmap + should use as well as the logging function. + +2006-03-27 Kevin Coffman + Don't close file descriptor until after calling event_del(). + + Delete event processing for a file descriptor before closing it. + This was causing hangs when used in combination with libevent-1.0b. + +2006-03-27 kwc@citi.umich.edu + Find krb5-config on SuSE 10 + + SuSE 10.0 puts krb5-config in yet another obscure location. + Look for it there and use it if found. + +2006-03-27 Kevin Coffman + Update debian package information. + +2006-03-27 Kevin Coffman + Install /var/lib/nfs files using DESTDIR and add rpcsec headers to distribution + + Add "$(DESTDIR)" to the paths for the "$(statedir)" files so they are + put in the right place when DESTDIR is defined. + + Add the rpcsec header files to EXTRA_DIST list. + +2005-12-21 NeilBrown + *utils/rquotad/rquota_server.c: Detect and handle both old-style + (2.4) and new-style(2.6) quotactl. + *utils/gssd/gss_destroy_cred: remove dependence on "head -1" which + might need to be "head -n 1" + *utils/nhfsstone/nhfsrun: convert "tail -1" to "tail -n 1" + +2005-12-20 Kevin Coffman NeilBrown + Substantial Makefile/configure rewrite. + Run 'autogen.sh' to create "Makefile.in" etc. + + Also add -D_FILE_OFFSET_BITS=64 to CPP_FLAGS so that mountd can + stat and export files larger than 2Gig. + + 1.0.8-rc2 released + +2005-12-20 NeilBrown + support/nfs/exports.c(getexportent): is a null host name is given, + replace it with '*' so we have a non-empty host name for messages + etc. + utils/exportfs/exportfs.man: Correct documentation about default + export options. + +2005-12-20 Kevin Coffman + utils/gssd/gssd_proc.c(create_auth_rpc_client): Use service + portion of clp->servicename rather than hard-coding "nfs". + +2005-12-16 NeilBrown + 1.0.8-rc1 released + +2005-12-16 Kevin Coffman + svcgssd needs -lnfs when using new function closeall(). + + --- + Remove unused argument from nfsdopen() + + After previous changes, the arguement to nfsdopen() has become unused. + Remove it. + + --- + Fix idmapd error reporting after call to mydaemon() + + After call to mydaemon(), calls to err[x] and warn[x] result + in the message going nowhere. Change to using idmapd_* + versions of these routines which write to syslog. + Original problem reported by Vincent Roqueta + with a different patch. + + --- + Don't add @domain to names that cannot be mapped. + + Per rfc3530 section 5.8: when unable to map a uid to a name, don't + add the @domain to the "nobody" name. + + --- + Fix idmapd for systems where sizeof(uid_t)!=4 and sizeof(gid_t)!=4 + + Fix conversion cases where uid_t and gid_t are not 32 bits. + + --- + Don't segfault because mech wasn't filled in because of an error + + From Kevin Coffman + + Initialize mech to null to avoid segfault if an error occurs + and mech is never returned from gss_accept_sec_context. + + --- + Remove use of static buffer in do_downcall + + Signed-off-by: Kevin Coffman + + Dynamically allocate buffer of the correct length rather + than using fixed-length buffer. + + --- + Print better error message if rpc routine clnt_create() fails. + + --- + Print appropriate error messages after gss calls. + + Print gss error messages after calls to gss functions, even if they + are for Kerberos only. + + --- + Update gssd and svcgssd to use the new gss mech glue lucid context calls. + + Signed-off-by: Kevin Coffman + + Update gssd and svcgssd to use a lucid context from SPKM3 to send down + to the kernel. + Update gssd and svcgssd to use the new gss mech glue lucid context calls. + Add configure check to see if spkm3 support is available. + + --- + Add support for CONTINUE_NEEDED return from gss_accept_sec_context. + + Signed-off-by: Kevin Coffman + + Add CONTINUE_INIT handling to svcgssd. Store the partially complete spkm + context handle in the out_handle of CONTINUE_INIT messages so that it is + returned in the in_handle of subsequent messages. + + --- + Replace GSS_C_ANON_FLAG with GSS_C_MUTUAL_FLAG. + + Signed-off-by: Kevin Coffman + + Specify GSS_C_MUTUAL_FLAG rather than GSS_C_ANON_FLAG for + spkm3. + + NOTE: we need a way to pass the appropriate value rather than + hard-coding this flag. + + --- + Increase size of rpc send/receive buffers + + Change the clnt_create() to use routines which allow us to set the + send and receive buffer size. This is needed for larger spkm3 + exchanges including certificate chains. + + This has the side-effect of skipping the portmap call since + we specify the port (by specifying the service) when getting + the server's address information. + + --- + Define _LINUX_QUOTA_VERSION to 1 + + The rquotad code is written against the "old" kernel quota interface. + Fedora Core 4 is the only platform known to check for different + versions, so this should not have any affect on other platforms + and fixes the build for FC4. + + --- + +2005-12-12 Usha Ketineni , NeilBrown + *support/nfs/rpcmisc.c(rpc_init): is stdin is a socket, but + is already connected (as e.g. from ssh), don't assume we + were started by inetd. + +2005-11-03 Steve Dickson NeilBrown + *utils/idmapd/idmaps.c: + + I've recently updated the nfs-utils in rawhide with the + latest patches from the SourceForge CVS tree and the + latest CITI patches (1.0.7-4). + + In testing these patches, I notice that when the server was started + and a SIGHUP was sent to rpc.idmapd to open the nfs4.nametoid/channel + and nfs4.idtoname/channel files, the second open (the nfs4.idtoname one) + failed because the path (i.e. ic->ic_path) was NULL. + + Now the reason the ic_path was NULL was because it was never set + during the call to nfsdopen(). nfsdopen() looks like: + nfsdopen(char *path) + { + return ((nfsdopenone(&nfsd_ic[IC_NAMEID], IC_NAMEID, path) == 0 && + nfsdopenone(&nfsd_ic[IC_IDNAME], IC_IDNAME, path) == 0) ? 0 + : -1); + } + + Note: the call to nfsdopenone() is how the path is set in each nfsd_ic[] + entry and nfsdopen() is only called once. + + So when rpc.idmap comes up and the first call to nfsdopenone() fails + (because the server is not running) the path in nfsd_ic[IC_IDNAME] is + never filled in because the second nfsdopenone() never happen... + + Now there was a CITI patche (idmapd_revert_fix_reopen_on_sighup.dif) + that tried to address this problem but did seem to fix it.. The + attached patch fix the problem by initializing both nfsd_ic[IC_IDNAME] + and nfsd_ic[IC_NAMEID] structures with the needed info... + I figured since there is no way of changing these paths or filenames + by command line args, why not just set them during compile time... + so that's what this patch does. + + This patch also changes how nfsdreopen_one() handles the + case where the event has already been set. Unlike the CITI + patch (idmapd_revert_fix_reopen_on_sighup.dif) which just + just does not register the second event, my patch deletes + the old event and the registers the new one. It just seems like + the right thing to do since a SIGHUP means a new server just + started so we probably should create a new event as well... + + steved. + +2005-10-14 NeilBrown + *utils/mountd/cache.c(nfsd_fh): Understand type 2 and type 3 + filesystem identifiers, which are used with device numbers + That don't fit into 16 bits. + +2005-10-07 Olaf Kirch + * utils/mountd/mountd.c(get_exportlist): Without this patch, + showmount -e would sometimes display host names that should really + have been subsumed under a wildcard entry. + + The problem was that the code in get_exportlist would always + skip the next group entry after removing one FQDN. + +2005-10-06 Steve Dickson NeilBrown + * support/nfs/export.c: don't warn about sync/async for readonly + exports + * support/nfs/closeall.c: new file with function to close all + file descriptors from a give minimum upwards. + * nfsd/mountd/statd/idmapd/gsssvcd: use closeall. + * utils/mountd/mountd.c: Eliminate 3 syslog message that are + logged for successful events. + * utils/mountd/mountd.c: make sure the correct hostname is used in + the SM_NOTIFY message that is sent from a rebooted server which + has multiple network interfaces. (bz 139101) + + Details can be found in: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139101 + + *utils/idmapd/idmapd.c:Fixed subscripting problem in idmapd (bz + 158188) This fixes the following problem: + rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory) + + Details can be found in: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158188 + + *utils/statd/statd.c(drop_privs): clear st_gid as well as st_uid + of stat fails. + *utils/statd/svc_run.c(my_svc_run): remove usage of undocumented + %m format specifier. + *utils/statd/montor.c(sm_mon_1_svc): as above + *support/nfs/xlog.c(xlog): Changed xlog to use LOG_INFO instead of + LOG_DEBUG so debug messages will appear w/out any config changes + to syslog.conf. + + +2005-09-02 Mike Frysinger + * utils/rquotad/rquota_server.c(getquotainfo): use explicit + struture-member copying rather than memcpy, as the element + sizes are the same on all architectures. + +2005-08-26 Kevin Coffman + Add option to set rpcsec_gss debugging level (if available) + + Changes to allow gssd/svcgssd to build when using Hiemdal Kerberos + libraries. Note that there are still run-time issues preventing + this from working when shared libraries for libgssapi and librpcsecgss + are used. + +2005-08-26 Kevin Coffman + Remove the rpcsec_gss code and rely on an external library instead. + +2005-08-26 Kevin Coffman + *utils/mountd/mountd.c: + mountd currently always returns AUTH_NULL and AUTH_SYS as the + allowable flavors in mount replies. We want it to also return gss + flavors when appropriate. For now as a hack we just have it always + return the KRB5 flavors as well. + + *utils/mountd/cache.c: + + When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the + actual exported directory does not exist on the server, rpc.mountd + doesn't check the directory exists (when fsidtype=1, i.e. using fsid, + but does check for fsidtype=0, i.e. using dev/ino). The non-existent + exported directory path with fsid=0 is written to the kernel via + /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to + return ENOENT (seems appropriate). Unfortunately, the new_cache + approach ignores errors returned when writing via the channel file so + that particular error is lost and the mount request is silently ignored. + + Assuming it doesn't make sense to revamp the new_cache/up-call method to + not ignore returned errors, it seems appropriate to fix the case where + rpc.mountd doesn't check for the existence of an exported directory with + fsid= semantics. The following patch does this by moving the stat() up + so it is done for both fsidtype's. I'm not certain whether the other + tests need to be executed for fsidtype=1, but it doesn't appear to hurt + [Not exactly true: the comparison of inode numbers caused problems so + now it's kept for fsidtype=0 only]. + + Would it be also desirable to log a warning for every error, if any, + returned by a write to any of the /proc/net/rpc/*/channel files which + would otherwise be ignored (maybe under a debug flag)? + + * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a + SIGHUP rather than dying. + + * many: Remove the gssapi code and rely on an external library instead. + +2005-08-26 Kevin Coffman + * utils/exportfs/exports.man: Document the "crossmnt" export export option + * utils/gssd/krb5_util.c: + Add better debugging and partially revert the function + check for gss_krb5_ccache_name. + + For MIT Kerberos releases up to and including 1.3.1, we *must* + use the routine gss_krb5_ccache_name to get the K5 gssapi code + to use a different credentials cache. + + For releases 1.3.2 and on, we want to use the KRB5CCNAME + environment variable to tell it what to use. + (A problem was reported where 1.3.5 was being used, our + code was using gss_krb5_ccache_name, but the underlying + code continued to use the first (or default?) credentials + cache. Switching to using the env variable fixed the problem. + I cannot recreate this problem. + + *utils/gssd/krb5_util.c: + Andrew Mahone reported that reiser4 + always has DT_UNKNOWN. He supplied patch to move the check + for regular files after the stat() call to correctly find + ccache files in reiser4 filesystem. + + Also change the name comparison so that the wrong file is + not selected when the substring comparison is done. + + *utils/gssd/krb5_util.c: + Limit the set of encryption types that can be negotiated by + the Kerberos library to those that the kernel code currently + supports. + + This should eventually query the kernel for the list of + supported enctypes. + + *utils/gssd/gss_util.c, utils/svcgssd/svcgssd_main_loop.c: + Print more information in error messages to help debugging failures. + + *utils/svcgssd/svcgssd_proc.c: Increase token buffer size and + update error handling so that a response is always sent. + + *utils/svcgssd/svcgssd_proc.c: Add support to retrieve + supplementary groups. + + +2005-08-26 Kevin Coffman + * configure.in etc + Consolidate some of the Kerberos checking instead of repeating + the same things for MIT and Heimdal. + Also adds more checks to distinguish 32-bit from 64-bit + (mainly for gssapi.h) + Fix svcgssd Makefile so make TOP=../../ works correctly there. + Enable running a modern autoheader. + * utils/gssd/gss_oids.c: Use correct OID value for SPKM-3 + * utils/gssd/gss_util.c: Fix build with older MIT releases that do not define GSS_C_NT_HOSTBASED_SERVICE + * utils/gssd/write_bytes.h, support/include/gssapi/gssapi.h: + Length of gss_buffer_desc is a size_t which is 64-bits on a + 64-bit machine. Kernel code expects 32-bit integer for length. + Coerce length value into a 32-bit value when reading from or + writing to the kernel. + Change gssapi.h to use datatype size values obtained from + configure rather than hard-coded values. + * utils/idmapd/idmapd.c: The EV_INIT check here was wrong, and was + causing idmapd to become unresponsive to server requests after + receiving a sighup. + * utils/idmapd/idmapd.c: Idmapd should flush the server id<->name + caches when its started. + +2005-04-12 G. Allen Morris III + + * All Makefile: added TOP as needed for easier compile. + + * utils/nfsstat/nfsstat.c: added NFS V4 support; added the -m + option; Added -2, -3, and -4 options; changed -a option to -v + option; added long options; changed default output to not + show V2 NFS statistics unless used. + + * utils/nfsstat/nfsstat.man: Documented above changes; changed + authors email address; added BUGS section. + +2005-04-07 Chip Salzenberg + + * debian/changelog: Version 1.0.7-2. + +2005-04-06 Chip Salzenberg + + * config.guess, config.sub: Update. + + * support/rpc/svc_auth_gss.c (_svcauth_gss): Avoid using a cast as + an lvalue, as it is non-portable. + + * support/nfs/exports.c (parseopts): Accept "acl" option to mean + ~NFSEXP_NOACL, and "no_acl" to mean NFSEXP_NOACL. + (putexportent): Report NFSEXP_NOACL as "no_acl", and ~NFSEXP_NOACL + as "acl". + * utils/exportfs/exportfs.c (dump): Report NFSEXP_NOACL as + "no_acl". + * utils/exportfs/exports.man: Document "no_acl". + +2005-03-14 NeilBrown + Denis Vlasenko + * support/export/client.c(client_init and client_gettype): + treat N.N.N.N as a special case of MCL_SUBNETWORK instead of + MCL_FQDN + +2005-03-06 G. Allen Morris III + * support/nfs/cacheio.c(readline): Could not read lines greater + than 128 bytes. [1157791] + * utils/exportfs/exports.man: Added a SEE ALSO section and + fixed 2 typos. [1018450] + +2005-02-28 Trond Myklebust + * utils/statd/rmtcall.c(statd_get_socket): If a port number is + explicitly given, make sure to try to bind to that. + +2005-01-11 Chip Salzenberg + + * debian/changelog: Version 1.0.7-1. + * debian/nfs-common.default (NEED_IDMAPD, NEED_GSSD): + Disable by default, on advice of upstream. + * debian/nfs-kernel-server.default (NEED_SVCGSSD): + Likewise. + + * utils/svcgssd/Makefile (predep): Symbolically link duplicated + source files. + (distclean): Remove symlinks to duplicated files. + +2004-12-17 NeilBrown + Release 1.0.7 + + * config.mk, configure.in: update version number, run autoconf + * configure.in: require nfsidmap.h if gss is enabled. + +2004-12-10 NeilBrown + Release 1.0.7-pre2 + + * config.mk, configure.in: update version number, run autoconf + +2004-12-10 Neil Brown + * README : note dependancy on kerberos, libevent, and nfsidmap + * configure.in : fail if --enable-nfsv4 and libevent or + libnfsidmap are missing. + * configuyre.in: improve message if krb5 support is missing + +2004-12-06 Paul Clements + * support/include/ha-callout.h: get return status from waitpid + correctly. + * support/include/ha-callout.h: don't ignore SIGCHLD while waiting + for a callout to complete. + * utils/statd/statd.c(sigusr): print current start when re-reading + notify list due to SIGUSR1 + * utils/statd/svc_run.c(my_svc_run): call change_state when + re-notifying clients. + +2004-12-06 Marc Eshel + * utils/statd/svc_run.c(my_svc_run): allow loop to exit when in + MODE_NOTIFY_ONLY + *utils/statd/rmtcall.c(statd_get_socket): if a hostname is given + to statd with -n, prefer it's IP address to the default for + listening on. + +2004-12-06 Bruce Allan + * utils/mountd/auth.c(auth_reload) Clear the "my_client" cache on + an auth_reload to avoid old data getting used. + +2004-12-03 NeilBrown + Release 1.0.7-pre1 for testing + + * config.mk, configure.in: update version number, run autoconf + +2004-12-03 Trond Myklebust + + * utils/statd/statd.c(main): ignore SIGPIPE + 2004-11-22 "J. Bruce Fields" * tools/rpcdebug/rpcdebug.c: support aliases "nfsdebug" and @@ -21,6 +1368,16 @@ using a pipe. * utils/idmapd/idmapd.c: Let libnfsidmapd parse the idmapd.conf file for the default domain, instead of doing that ourselves. + * utils/gssd/gssd_proc.c: Make sure we get an error when a gssd + downcall fails. + * utils/gssd/gssd_proc.c: We were forgetting to restore the euid + on certain failures, which meant gssd could get stuck in a state + where it didn't have permissions to read the files in rpc_pipefs + that it needed to. + * utils/gssd/gssd_proc.c: Use libnfsidmapd to map gss principals + to uids. + * debian/nfs-kernel-server.default: Document the NEED_SVCGSSD + variable in /etc/default/nfs-kernel-server. 2004-11-22 NeilBrown