X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=ChangeLog;h=7f98cdfb6f051f8886c4998ac07d4d5ee06206dd;hp=5876522fd840bdc3bb3efe65106d9e006f3679f5;hb=a1b7c0da9e73a607f4bc70ffe3b44b00f5d39938;hpb=74a9c55e518cbd4ece01a2c57104222d9b675fb0 diff --git a/ChangeLog b/ChangeLog index 5876522..7f98cdf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,88 @@ +2005-08-26 Kevin Coffman + Remove the rpcsec_gss code and rely on an external library instead. + +2005-08-26 Kevin Coffman + *utils/mountd/mountd.c: + mountd currently always returns AUTH_NULL and AUTH_SYS as the + allowable flavors in mount replies. We want it to also return gss + flavors when appropriate. For now as a hack we just have it always + return the KRB5 flavors as well. + + *utils/mountd/cache.c: + + When attempting to mount an NFSv4 pseudofilesystem (fsid=0) and the + actual exported directory does not exist on the server, rpc.mountd + doesn't check the directory exists (when fsidtype=1, i.e. using fsid, + but does check for fsidtype=0, i.e. using dev/ino). The non-existent + exported directory path with fsid=0 is written to the kernel via + /proc/net/rpc/nfsd.export/channel, which leads to path_lookup() to + return ENOENT (seems appropriate). Unfortunately, the new_cache + approach ignores errors returned when writing via the channel file so + that particular error is lost and the mount request is silently ignored. + + Assuming it doesn't make sense to revamp the new_cache/up-call method to + not ignore returned errors, it seems appropriate to fix the case where + rpc.mountd doesn't check for the existence of an exported directory with + fsid= semantics. The following patch does this by moving the stat() up + so it is done for both fsidtype's. I'm not certain whether the other + tests need to be executed for fsidtype=1, but it doesn't appear to hurt + [Not exactly true: the comparison of inode numbers caused problems so + now it's kept for fsidtype=0 only]. + + Would it be also desirable to log a warning for every error, if any, + returned by a write to any of the /proc/net/rpc/*/channel files which + would otherwise be ignored (maybe under a debug flag)? + + * gssd/mountd/svcgssd: Changes gssd, svcgssd, and mountd to ignore a + SIGHUP rather than dying. + + * many: Remove the gssapi code and rely on an external library instead. + +2005-08-26 Kevin Coffman + * utils/exportfs/exports.man: Document the "crossmnt" export export option + * utils/gssd/krb5_util.c: + Add better debugging and partially revert the function + check for gss_krb5_ccache_name. + + For MIT Kerberos releases up to and including 1.3.1, we *must* + use the routine gss_krb5_ccache_name to get the K5 gssapi code + to use a different credentials cache. + + For releases 1.3.2 and on, we want to use the KRB5CCNAME + environment variable to tell it what to use. + (A problem was reported where 1.3.5 was being used, our + code was using gss_krb5_ccache_name, but the underlying + code continued to use the first (or default?) credentials + cache. Switching to using the env variable fixed the problem. + I cannot recreate this problem. + + *utils/gssd/krb5_util.c: + Andrew Mahone reported that reiser4 + always has DT_UNKNOWN. He supplied patch to move the check + for regular files after the stat() call to correctly find + ccache files in reiser4 filesystem. + + Also change the name comparison so that the wrong file is + not selected when the substring comparison is done. + + *utils/gssd/krb5_util.c: + Limit the set of encryption types that can be negotiated by + the Kerberos library to those that the kernel code currently + supports. + + This should eventually query the kernel for the list of + supported enctypes. + + *utils/gssd/gss_util.c, utils/svcgssd/svcgssd_main_loop.c: + Print more information in error messages to help debugging failures. + + *utils/svcgssd/svcgssd_proc.c: Increase token buffer size and + update error handling so that a response is always sent. + + *utils/svcgssd/svcgssd_proc.c: Add support to retrieve + supplementary groups. + + 2005-08-26 Kevin Coffman * configure.in etc Consolidate some of the Kerberos checking instead of repeating @@ -6,6 +91,20 @@ (mainly for gssapi.h) Fix svcgssd Makefile so make TOP=../../ works correctly there. Enable running a modern autoheader. + * utils/gssd/gss_oids.c: Use correct OID value for SPKM-3 + * utils/gssd/gss_util.c: Fix build with older MIT releases that do not define GSS_C_NT_HOSTBASED_SERVICE + * utils/gssd/write_bytes.h, support/include/gssapi/gssapi.h: + Length of gss_buffer_desc is a size_t which is 64-bits on a + 64-bit machine. Kernel code expects 32-bit integer for length. + Coerce length value into a 32-bit value when reading from or + writing to the kernel. + Change gssapi.h to use datatype size values obtained from + configure rather than hard-coded values. + * utils/idmapd/idmapd.c: The EV_INIT check here was wrong, and was + causing idmapd to become unresponsive to server requests after + receiving a sighup. + * utils/idmapd/idmapd.c: Idmapd should flush the server id<->name + caches when its started. 2005-04-12 G. Allen Morris III