X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=ChangeLog;h=aec3014e960b9b083424841880962e16b6b20be3;hp=7f98cdfb6f051f8886c4998ac07d4d5ee06206dd;hb=28a7603b719f8d35bf22fd3018b610b489fec78f;hpb=a1b7c0da9e73a607f4bc70ffe3b44b00f5d39938 diff --git a/ChangeLog b/ChangeLog index 7f98cdf..aec3014 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,723 @@ +commit 49b164d978ee6266df7ba0bd335cb34337e7c381 +Author: Steve Dickson +Date: Mon Jul 3 09:52:00 2006 +1000 + + Allow rpc.nfsd to suppress tcp or udp, and listen on a specific address. + + -T - will suppressing listening for TCP connection. + -U - will suppress UDP + -H host - will only listen on that local address + -p port - will listen on that port. + + This requires kernel patches which will hopefully be in 2.6.19 and possibly some + earlier test and vendor kernels. + +commit fde2ae7794047a698feeaf17963d690a1e660a80 +Author: Steve Dickson +Date: Mon Jun 26 15:23:19 2006 +1000 + + Add support for suppressing different NFS versions. + + e.g. -N 2 + means that NFSv2 won't be supported, just v3 and v4 (if the kernel + supports them). + +commit 0523fd513c6baa8dbf45d1a7afea2044262aeb3d +Author: Neil Brown +Date: Fri Jun 23 17:10:56 2006 +1000 + + Further coverity related cleanups. + + Greg Banks suggested some variations, particularly improved + use of xmalloc/xstrdup functions. Thanks. + +commit 2e075a16da4963f54cd556403ca9e15a68de27fd +Author: Neil Brown +Date: Fri Jun 23 14:38:33 2006 +1000 + + Fix various issues discovered by Coverity + + Thanks to Michael Halcrow for finding them. + +commit ff42180930a444cea7f19e55e2cd2bfe6d3f108b +Author: Neil Brown +Date: Fri Jun 23 14:06:00 2006 +1000 + + Fix comment parsing (again) + + Bruce Fields noticed that I broke comment parsing... + + as xskip() is always called before xgettok(), that is the + best place to put xskipcomment and still maintain proper + semantics of xskip and xgettok. + +commit bec968578d97eabc63ae4a12bdeb2b33f40baec4 +Author: Amit Gud +Date: Thu Jun 22 12:51:04 2006 -0400 + + Change mount configure option to --enable-mount + + Change the configure option from --with-mount to --enable-mount. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +commit ceeffc1f76485b4084b2c61f4ff3c40e4f51c3b8 +Author: Amit Gud +Date: Thu Jun 22 12:49:24 2006 -0400 + + Merge nfsmount.x and mount.x into mount.x + + + Merge utils/mount/nfsmount.x and support/export/mount.x into support/export/mount.x. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +commit c2db41e8abb6ddc9d03a0c91c6db043fa0f85a8f +Author: Neil Brown +Date: Fri Jun 23 13:37:08 2006 +1000 + + Try to make sure that clientid used for NFSv4 is reliable. + + We need to give an IP address to identify this client to the + server. + The current code does a gethostbyname of the hostname. One + some systems this returns 127.0.0.1 or similar, which is not useful. + + Instead, use getsockname of the sock used to connect to the server + to confirm that the server is working. This gives the address on the + interface that was chosen to talk to that server, which is the + best address we can find (if there is a NAT in the way, it might + still not work, but in that case there is nothing we can do). + +commit 11d34d11153df198103a57291937ea9ff8b7356e +Author: Greg Banks +Date: Wed Jun 14 22:48:10 2006 +1000 + + multiple threads for mountd + + + How about the attached patch against nfs-utils tot? It + adds a -t option to set the number of forked workers. + Default is 1 thread, i.e. the old behaviour. + + I've verified that showmount -e, the Ogata mount client, + and a real mount from Linux and IRIX boxes work with and + without the new option. + + I've verified that you can manually kill any of the workers + without the portmap registration going away, that killing + all the workers causes the manager process to wake up and + unregister, and killing the manager process causes the + workers to be killed and portmap unregistered. + + I've verified that all the workers have file descriptors + for the udp socket and the tcp rendezvous socket, that + connections are balanced across all the workers if service + times are sufficiently long, and that performance is + improved by that parallelism, at least for small numbers + of threads. For example, with 60 parallel MOUNT calls + and a testing patch to make DNS lookups take 100 milliseconds + time to perform all mounts (averaged over 5 runs) is: + + num elapsed + threads time (sec) + ------ ---------- + 1 13.125 + 2 6.859 + 3 4.836 + 4 3.841 + 5 3.303 + 6 3.100 + 7 3.078 + 8 3.018 + + Greg. + -- + Greg Banks, R&D Software Engineer, SGI Australian Software Group. + I don't speak for SGI. + +commit db96d056578338dd1bb0371dc84638973c187ec6 +Author: Neil Brown +Date: Fri Jun 16 13:16:09 2006 +1000 + + Remove some temporary files that shouldn't be in 'git'. + + deleted: compile + deleted: config.guess + deleted: config.sub + deleted: depcomp + deleted: install-sh + deleted: ltmain.sh + deleted: missing + +commit 82b53188aaffad0e237461f8f1274794166feb3a +Author: Neil Brown +Date: Fri Jun 16 13:09:26 2006 +1000 + + Add support to auto-generate nfsmount* files for new nfs.mount program + +commit 4e2bae795e5eaf9922f0b966ab5df64994c836a2 +Author: Amit Gud +Date: Mon Jun 12 19:08:27 2006 -0400 + + Move NFS mount code from util-linux to nfs-utils - part 2 + + Adds the support functions needed for mount and umount. This + functionality will someday be available in the form of shared mount + library. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +commit a0520fa1a41bd33815b331b660b4545f2723495c +Author: Amit Gud +Date: Mon Jun 12 19:06:36 2006 -0400 + + Move NFS mount code from util-linux to nfs-utils - part 1 + + Adds the mount directory and the code to mount and umount the NFS file system. + + Signed-off-by: Amit Gud + Signed-off-by: Steve Dickson + +2006-06-05 NeilBrown + - Remove debian/ at request of Debian maintainer "Steinar H. Gunderson" + - fix_exportfs_with_multiple_matches.diff: Fixes a problem with exportfs -o + and multiple entries of the same type for the same patch that matches + a given client. The entire rationale and problem description can be found + at http://bugs.debian.org/245449 (fumihiko kakuma ) + - escape hashes in exports + Makes sure any # signs in the printed-out exports file are + escaped (as with quotes, spaces, etc.), so they won't be treated + as a comment when they're read back in again. + "Steinar H. Gunderson" + - Only treat '#' as starting a comment when at the start of a + token, otherwise '#' in filenames cannot be read. + NeilBrown + - document sync option: + Document the 'sync' option in the exports(5) man page -- ATM + only the 'async' option is documented, which is not very + symmetric. :-) "Steinar H. Gunderson" + - mountd state directory: + Let the user select (via a new parameter) the path to the NFS + state directory for mountd, to match the statd functionality. + "Steinar H. Gunderson" + - fix nhfsrun signal: + nhfsrun is supposed to be able to be signalled with SIGUSR1, but + the signal trapped is number 30, which is something else + entirely (SIGPWR). This patch simply changes it to say "USR1", + which gets it right no matter what the value is. + "Steinar H. Gunderson" + - Minor man page tidy up + +2006-04-12 NeilBrown + Remove **/Makefile.in, aclocal.m4, configure, and + support/include/config.h.in from source control + These are auto autogenerated by + aclocal -I aclocal ; autoheader ; automake ; autoconf + +2006-04-12 NeilBrown + utils/statd/rmtcall.c: use HAVE_IFADDRS_H to control compilation + of code using ifaddrs.h + configure.in: test for present of ifaddrs.h + + Old glibc's don't have ifaddrs.h + +2006-06-12 Amit Gud + Added the mount functionality from util-linux. + Added --without-mount configure option. + +2006-04-12 NeilBrown + Set version to 1.0.8, + aclocal -I aclocal ; autoheader ; automake ; autoconf + +2006-04-10 NeilBrown + Various paranoia checks: + gssd_proc.c: pass max_field sizes to sscanf to avoid buffer + overflow + svcgssd_proc.c: range_check name.length, to ensure name.length+1 + doesn't wrap + idmapd.c(nfsdcb): make sure at least one byte is read before + zeroing the last byte that was read, otherwise memory corruption + is possible. + + Found by SuSE security audit. + +2006-04-10 "Kevin Coffman" + Check for sufficient version of librpcsecgss and libgssapi + in configure.in + +2006-04-10 "Kevin Coffman" + Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and + HAVE_TCP_WRAPPERS as appropriate. + +2006-04-10 NeilBrown + Add checking for innetgr back to configure.in + +2006-04-10 kwc@citi.umich.edu + Update calls to gss_export_lucid_sec_context() + + Change the calls to gss_export_lucid_sec_context() to match the corrected + interface definition in libgssapi-0.9. + +2006-04-10 kwc@citi.umich.edu + Plug memory leaks in svcgssd + + Various memory leaks in the svcgssd context processing are eliminated. + +2006-04-10 kwc@citi.umich.edu + Fix memory leak of the AUTH structure on context negotiations + + Free AUTH structure after completing context negotiation and sending + context information to the kernel. + +2006-04-10 kwc@citi.umich.edu + Fix support/include/config.h.in such as would be done be running autoheader. + +2006-03-28 NeilBrown + 1.0.8-pre3, aclocal/autoconf/automake + +2006-03-28 kwc@citi.umich.edu + Use PKGCONFIG to locate gssapi and rpcsecgss header files + + Instead of having separate copies of the gssapi and rpcsecgss + header files, or depending on the Kerberos gssapi header, + locate the headers now installed with the libgssapi and librpcsecgss + libraries. + + Remove local copies of the gssapi and rpcsecgss header files. + + This depends on the configure_use_autotools patch. + +2006-03-28 kwc@citi.umich.edu + Add debugging to better detect negotiation of enctype not supported by kernel + + Print debugging message indicating the type of encryption keys being sent + down to the kernel. This should make it easier to detect cases where + unsupported encryption types are being negotiated. + (really this time) + +2006-03-28 kwc@citi.umich.edu + + Don't close and reopen all pipes on every DNOTIFY signal. + + From: Vince Busam + Signed-off-by: Kevin Coffman + + Don't unnecessarily close and re-open all pipes after every DNOTIFY + signal. These unnecessary closes were triggering a kernel Oops. + Original patch modified to correct segfault when unmounting last + NFSv4 mount. + +2006-03-28 kwc@citi.umich.edu + Add option to specify directory to search for credentials cache files + + + From: Vince Busam + Signed-off-by: Kevin Coffman + + Add command line option to specify which directory should be searched + to find credentials caches. + (really this time) + +2006-03-28 kwc@citi.umich.edu + Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5 + + We need to get access to the internal krb5 context pointer for + older (pre-1.4) versions of MIT Kerberos. We get a pointer to + the gss glue's context. Get the right pointer before accessing + the context information. + (really this time) + +2006-03-28 kwc@citi.umich.edu + + Remove unused groups variable from get_ids() which was causing a compiler warning. + (really this time) + +2006-03-28 kwc@citi.umich.edu + Update krb5 code to use glue routine lucid context functions + + + + The gssd code should not know about the glue layer's context structure. + A previous patch added gss_export_lucid_sec_context() and + gss_free_lucid_sec_context() functions to the gssapi glue layer. + Use these functions rather than calling directly to the Kerberos + gssapi code (which requires the Kerberos context handle rather + than the glue's context handle). + + (really this time) + +2006-03-28 kwc@citi.umich.edu + + Separate out context handling code for MIT Kerberos and SPKM3 + into their own file. + (Really this time) + +2006-03-28 Kevin Coffman + User-selectable idmapping cache lifetime + + Read and process new configuration option, Cache-Expiration, and use + the value to determine how long idmapping entries are cached. + (Really this time) + +2006-03-27 NeilBrown + 1.0.8-rc3 + +2006-03-27 kwc@citi.umich.edu + Add debugging to better detect negotiation of enctype not supported by kernel + + Print debugging message indicating the type of encryption keys being sent + down to the kernel. This should make it easier to detect cases where + unsupported encryption types are being negotiated. + +2006-03-27 + Don't close and reopen all pipes on every DNOTIFY signal. + + Don't unnecessarily close and re-open all pipes after every DNOTIFY + signal. These unnecessary closes were triggering a kernel Oops. + Original patch modified to correct segfault when unmounting last + NFSv4 mount. + +2006-03-27 + Add option to specify directory to search for credentials cache files + + Add command line option to specify which directory should be searched + to find credentials caches. + +2006-03-27 kwc@citi.umich.edu + Must still use knowledge of the glue context for pre-1.4 versions of MIT krb5 + + We need to get access to the internal krb5 context pointer for + older (pre-1.4) versions of MIT Kerberos. We get a pointer to + the gss glue's context. Get the right pointer before accessing + the context information. + +2006-03-27 Kevin Coffman + Remove unused variable causing compile warning + + Remove unused groups variable from get_ids() which was causing a compiler warning. + +2006-03-27 kwc@citi.umich.edu + Update krb5 code to use glue routine lucid context functions + + The gssd code should not know about the glue layer's context structure. + A previous patch added gss_export_lucid_sec_context() and + gss_free_lucid_sec_context() functions to the gssapi glue layer. + Use these functions rather than calling directly to the Kerberos + gssapi code (which requires the Kerberos context handle rather + than the glue's context handle). + +2006-03-27 Kevin Coffman + Separate out context handling code for MIT Kerberos and SPKM3 + into their own file. + +2006-03-27 Kevin Coffman + Consolidate gssd and svcgssd since they share much code + + Remove directory svcgssd which was only created because the old + build system could not handle building two daemons in the same + directory. This eliminates build complications since gssd and + svcgssd also share many source files. + + This patch effectively removes the utils/svcgssd directory, moving + all its files to the utils/gssd directory. File utils/gssd/Makefile.am + is modified with directions to build both gssd and svcgssd. + +2006-03-27 Kevin Coffman + Use PKGCONFIG to locate gssapi and rpcsecgss header files + + Instead of having separate copies of the gssapi and rpcsecgss + header files, or depending on the Kerberos gssapi header, + locate the headers now installed with the libgssapi and librpcsecgss + libraries. + + Remove local copies of the gssapi and rpcsecgss header files. + + This depends on the configure_use_autotools patch. + +2006-03-27 Kevin Coffman + User-selectable idmapping cache lifetime + + Read and process new configuration option, Cache-Expiration, and use + the value to determine how long idmapping entries are cached. + +2006-03-27 Steve Dickson + Set libnfsidmap library debugging level and logging function. + + This patch adds a call to the new libnfsidmap library function + nfs4_set_debug(), which defines the verbosity level libnfsidmap + should use as well as the logging function. + +2006-03-27 Kevin Coffman + Don't close file descriptor until after calling event_del(). + + Delete event processing for a file descriptor before closing it. + This was causing hangs when used in combination with libevent-1.0b. + +2006-03-27 kwc@citi.umich.edu + Find krb5-config on SuSE 10 + + SuSE 10.0 puts krb5-config in yet another obscure location. + Look for it there and use it if found. + +2006-03-27 Kevin Coffman + Update debian package information. + +2006-03-27 Kevin Coffman + Install /var/lib/nfs files using DESTDIR and add rpcsec headers to distribution + + Add "$(DESTDIR)" to the paths for the "$(statedir)" files so they are + put in the right place when DESTDIR is defined. + + Add the rpcsec header files to EXTRA_DIST list. + +2005-12-21 NeilBrown + *utils/rquotad/rquota_server.c: Detect and handle both old-style + (2.4) and new-style(2.6) quotactl. + *utils/gssd/gss_destroy_cred: remove dependence on "head -1" which + might need to be "head -n 1" + *utils/nhfsstone/nhfsrun: convert "tail -1" to "tail -n 1" + +2005-12-20 Kevin Coffman NeilBrown + Substantial Makefile/configure rewrite. + Run 'autogen.sh' to create "Makefile.in" etc. + + Also add -D_FILE_OFFSET_BITS=64 to CPP_FLAGS so that mountd can + stat and export files larger than 2Gig. + + 1.0.8-rc2 released + +2005-12-20 NeilBrown + support/nfs/exports.c(getexportent): is a null host name is given, + replace it with '*' so we have a non-empty host name for messages + etc. + utils/exportfs/exportfs.man: Correct documentation about default + export options. + +2005-12-20 Kevin Coffman + utils/gssd/gssd_proc.c(create_auth_rpc_client): Use service + portion of clp->servicename rather than hard-coding "nfs". + +2005-12-16 NeilBrown + 1.0.8-rc1 released + +2005-12-16 Kevin Coffman + svcgssd needs -lnfs when using new function closeall(). + + --- + Remove unused argument from nfsdopen() + + After previous changes, the arguement to nfsdopen() has become unused. + Remove it. + + --- + Fix idmapd error reporting after call to mydaemon() + + After call to mydaemon(), calls to err[x] and warn[x] result + in the message going nowhere. Change to using idmapd_* + versions of these routines which write to syslog. + Original problem reported by Vincent Roqueta + with a different patch. + + --- + Don't add @domain to names that cannot be mapped. + + Per rfc3530 section 5.8: when unable to map a uid to a name, don't + add the @domain to the "nobody" name. + + --- + Fix idmapd for systems where sizeof(uid_t)!=4 and sizeof(gid_t)!=4 + + Fix conversion cases where uid_t and gid_t are not 32 bits. + + --- + Don't segfault because mech wasn't filled in because of an error + + From Kevin Coffman + + Initialize mech to null to avoid segfault if an error occurs + and mech is never returned from gss_accept_sec_context. + + --- + Remove use of static buffer in do_downcall + + Signed-off-by: Kevin Coffman + + Dynamically allocate buffer of the correct length rather + than using fixed-length buffer. + + --- + Print better error message if rpc routine clnt_create() fails. + + --- + Print appropriate error messages after gss calls. + + Print gss error messages after calls to gss functions, even if they + are for Kerberos only. + + --- + Update gssd and svcgssd to use the new gss mech glue lucid context calls. + + Signed-off-by: Kevin Coffman + + Update gssd and svcgssd to use a lucid context from SPKM3 to send down + to the kernel. + Update gssd and svcgssd to use the new gss mech glue lucid context calls. + Add configure check to see if spkm3 support is available. + + --- + Add support for CONTINUE_NEEDED return from gss_accept_sec_context. + + Signed-off-by: Kevin Coffman + + Add CONTINUE_INIT handling to svcgssd. Store the partially complete spkm + context handle in the out_handle of CONTINUE_INIT messages so that it is + returned in the in_handle of subsequent messages. + + --- + Replace GSS_C_ANON_FLAG with GSS_C_MUTUAL_FLAG. + + Signed-off-by: Kevin Coffman + + Specify GSS_C_MUTUAL_FLAG rather than GSS_C_ANON_FLAG for + spkm3. + + NOTE: we need a way to pass the appropriate value rather than + hard-coding this flag. + + --- + Increase size of rpc send/receive buffers + + Change the clnt_create() to use routines which allow us to set the + send and receive buffer size. This is needed for larger spkm3 + exchanges including certificate chains. + + This has the side-effect of skipping the portmap call since + we specify the port (by specifying the service) when getting + the server's address information. + + --- + Define _LINUX_QUOTA_VERSION to 1 + + The rquotad code is written against the "old" kernel quota interface. + Fedora Core 4 is the only platform known to check for different + versions, so this should not have any affect on other platforms + and fixes the build for FC4. + + --- + +2005-12-12 Usha Ketineni , NeilBrown + *support/nfs/rpcmisc.c(rpc_init): is stdin is a socket, but + is already connected (as e.g. from ssh), don't assume we + were started by inetd. + +2005-11-03 Steve Dickson NeilBrown + *utils/idmapd/idmaps.c: + + I've recently updated the nfs-utils in rawhide with the + latest patches from the SourceForge CVS tree and the + latest CITI patches (1.0.7-4). + + In testing these patches, I notice that when the server was started + and a SIGHUP was sent to rpc.idmapd to open the nfs4.nametoid/channel + and nfs4.idtoname/channel files, the second open (the nfs4.idtoname one) + failed because the path (i.e. ic->ic_path) was NULL. + + Now the reason the ic_path was NULL was because it was never set + during the call to nfsdopen(). nfsdopen() looks like: + nfsdopen(char *path) + { + return ((nfsdopenone(&nfsd_ic[IC_NAMEID], IC_NAMEID, path) == 0 && + nfsdopenone(&nfsd_ic[IC_IDNAME], IC_IDNAME, path) == 0) ? 0 + : -1); + } + + Note: the call to nfsdopenone() is how the path is set in each nfsd_ic[] + entry and nfsdopen() is only called once. + + So when rpc.idmap comes up and the first call to nfsdopenone() fails + (because the server is not running) the path in nfsd_ic[IC_IDNAME] is + never filled in because the second nfsdopenone() never happen... + + Now there was a CITI patche (idmapd_revert_fix_reopen_on_sighup.dif) + that tried to address this problem but did seem to fix it.. The + attached patch fix the problem by initializing both nfsd_ic[IC_IDNAME] + and nfsd_ic[IC_NAMEID] structures with the needed info... + I figured since there is no way of changing these paths or filenames + by command line args, why not just set them during compile time... + so that's what this patch does. + + This patch also changes how nfsdreopen_one() handles the + case where the event has already been set. Unlike the CITI + patch (idmapd_revert_fix_reopen_on_sighup.dif) which just + just does not register the second event, my patch deletes + the old event and the registers the new one. It just seems like + the right thing to do since a SIGHUP means a new server just + started so we probably should create a new event as well... + + steved. + +2005-10-14 NeilBrown + *utils/mountd/cache.c(nfsd_fh): Understand type 2 and type 3 + filesystem identifiers, which are used with device numbers + That don't fit into 16 bits. + +2005-10-07 Olaf Kirch + * utils/mountd/mountd.c(get_exportlist): Without this patch, + showmount -e would sometimes display host names that should really + have been subsumed under a wildcard entry. + + The problem was that the code in get_exportlist would always + skip the next group entry after removing one FQDN. + +2005-10-06 Steve Dickson NeilBrown + * support/nfs/export.c: don't warn about sync/async for readonly + exports + * support/nfs/closeall.c: new file with function to close all + file descriptors from a give minimum upwards. + * nfsd/mountd/statd/idmapd/gsssvcd: use closeall. + * utils/mountd/mountd.c: Eliminate 3 syslog message that are + logged for successful events. + * utils/mountd/mountd.c: make sure the correct hostname is used in + the SM_NOTIFY message that is sent from a rebooted server which + has multiple network interfaces. (bz 139101) + + Details can be found in: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139101 + + *utils/idmapd/idmapd.c:Fixed subscripting problem in idmapd (bz + 158188) This fixes the following problem: + rpc.idmapd: nfsdreopen: Opening '' failed: errno 2 (No such file or directory) + + Details can be found in: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158188 + + *utils/statd/statd.c(drop_privs): clear st_gid as well as st_uid + of stat fails. + *utils/statd/svc_run.c(my_svc_run): remove usage of undocumented + %m format specifier. + *utils/statd/montor.c(sm_mon_1_svc): as above + *support/nfs/xlog.c(xlog): Changed xlog to use LOG_INFO instead of + LOG_DEBUG so debug messages will appear w/out any config changes + to syslog.conf. + + +2005-09-02 Mike Frysinger + * utils/rquotad/rquota_server.c(getquotainfo): use explicit + struture-member copying rather than memcpy, as the element + sizes are the same on all architectures. + +2005-08-26 Kevin Coffman + Add option to set rpcsec_gss debugging level (if available) + + Changes to allow gssd/svcgssd to build when using Hiemdal Kerberos + libraries. Note that there are still run-time issues preventing + this from working when shared libraries for libgssapi and librpcsecgss + are used. + 2005-08-26 Kevin Coffman Remove the rpcsec_gss code and rely on an external library instead.