#
fdafd315 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
dd7d42a1 |
|
23-Oct-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers During recent testing related to the IETF NFSv4 Bakeathon, it was discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers (sec=krb5[ip],pnfs mount options) was broken. The FreeBSD client was using the "service principal" for the MDS to try and establish a rpcsec_gss credential for a DS, which is incorrect. (A "service principal" looks like "nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not the same as the MDS for most pNFS servers.) To fix this, the rpcsec_gss code needs to be able to do a reverse DNS lookup of the DS's IP address. A new kgssapi upcall to the gssd(8) daemon is added by this patch to do the reverse DNS along with a new rpcsec_gss function to generate the "service principal". A separate patch to the gssd(8) will be committed, so that this patch will fix the problem. Without the gssd(8) patch, the new upcall fails and current/incorrect behaviour remains. This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs) mount using pNFS. This patch changes the internal KAPI between the kgssapi and nfscl modules, but since I did a version bump a few days ago, I will not do one this time. MFC after: 1 month
|
#
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
2894c8c9 |
|
15-Feb-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
kgssapi: Add macros so that gssd(8) can run in vnet prison Commit 7344856e3a6d added a lot of macros that will front end vnet macros so that nfsd(8) can run in vnet prison. This patch adds similar macros named KGSS_VNETxxx so that the gssd(8) daemon can run in a vnet prison, once the macros front end the vnet ones. For now, they are null macros. This is the last commit that adds macros. The next step is to change the macros to front end the vnet ones. MFC after: 3 months
|
#
e3c26ce5 |
|
11-Jan-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
kgssapi: Increase timeout for kernel to gssd(8) upcalls It turns out that the underlying problem that caused a Kerberized NFS mount with the "gssname" option to fail was that the kernel upcall to the gssd(8) daemon would time out prematurely after 25 seconds. The gss_acquire_cred() GSSAPI library call takes about 27 seconds for the case where a desired_name argument is specified. A similarly long delay occurs when the gss_init_sec_context() call is made and the user principal's TGT has expired. Once the upcall timed out, the kernel code assumed that the gssd(8) daemon had died and closed the socket. Ironically, closing the socket did cause the gssd(8) daemon to terminate via a SIGPIPE signal. This patch increases the timeout to 5 minutes. Since a timeout should only occur when the gssd(8) daemon has died, a long timeout should be ok and seems to fix this problem. I still think that commit c33509d49a should remain in the system, since it allows the mount to complete quickly and not take nearly 30 seconds. PR: 268823 MFC after: 2 weeks
|
#
294c24b1 |
|
17-Sep-2020 |
Konstantin Belousov <kib@FreeBSD.org> |
State kgssapi dependency on xdr. Submitted by: Dmitry Afanasiev PR: 249378 MFC after: 3 days
|
#
c6da8eb2 |
|
20-Feb-2019 |
Sean Eric Fagan <sef@FreeBSD.org> |
* Handle SIGPIPE in gssd We've got some cases where the other end of gssd's AF_LOCAL socket gets closed, resulting in an error (and SIGPIPE) when it tries to do I/O to it. Closing without cleaning up means the next time nfsd starts up, it hangs, unkillably; this allows gssd to handle that particular error. * Limit the retry cound in gssd_syscall to 5. The default is INT_MAX, which effectively means forever. And it's an uninterruptable RPC call, so it will never stop. The two changes mitigate the problem. Reviewed by: macklem MFC after: 2 weeks Sponsored by: iXsystems Inc. Differential Revision: https://reviews.freebsd.org/D19153
|
#
a4f2dfa6 |
|
13-Feb-2018 |
Conrad Meyer <cem@FreeBSD.org> |
kgssapi: Remove trivial deadcode CID: 1385956 Reported by: Coverity Sponsored by: Dell EMC Isilon
|
#
ad704a34 |
|
11-Feb-2018 |
Brooks Davis <brooks@FreeBSD.org> |
Use syscall_helper_register(9) rather than syscall_register(). The usage is simpler, documented, and more common. Reviewed by: cem Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14227
|
#
4de8ade9 |
|
27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys/kgssapi: general adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended.
|
#
9d77679a |
|
19-Apr-2016 |
Conrad Meyer <cem@FreeBSD.org> |
kgssapi(4): Don't allow user-provided arguments to overrun stack buffer An over-long path argument to gssd_syscall could overrun the stack sockaddr_un buffer. Fix gssd_syscall to not permit that. If an over-long path is provided, gssd_syscall now returns EINVAL. It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that this is likely only triggerable by root. Reported by: Coverity CID: 1006751 Sponsored by: EMC / Isilon Storage Division
|
#
74b8d63d |
|
10-Apr-2016 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
Cleanup unnecessary semicolons from the kernel. Found with devel/coccinelle.
|
#
21d7e927 |
|
01-Jan-2016 |
Josh Paetzel <jpaetzel@FreeBSD.org> |
Unset the gss kernel state when gssd exits When gssd exits it leaves the kernel state set by gssd_syscall(). nfsd sees this and waits endlessly in an unkillable state for gssd to come back. If you had acidentally started gssd then stopped it, then started nfsd you'd be in a bad way until you either restarted gssd or rebooted the system. This change fixes that by setting the kernel state to "" when gssd exits. Reviewed by: rmacklem MFC after: 1 week Sponsored by: iXsystems
|
#
e015b1ab |
|
26-Oct-2014 |
Mateusz Guzik <mjg@FreeBSD.org> |
Avoid dynamic syscall overhead for statically compiled modules. The kernel tracks syscall users so that modules can safely unregister them. But if the module is not unloadable or was compiled into the kernel, there is no need to do this. Achieve this by adding SY_THR_STATIC_KLD macro which expands to SY_THR_STATIC during kernel build and 0 otherwise. Reviewed by: kib (previous version) MFC after: 2 weeks
|
#
88a2437a |
|
08-Jul-2013 |
Rick Macklem <rmacklem@FreeBSD.org> |
Add support for host-based (Kerberos 5 service principal) initiator credentials to the kernel rpc. Modify the NFSv4 client to add support for the gssname and allgssname mount options to use this capability. Requires the gssd daemon to be running with the "-h" option. Reviewed by: jhb
|
#
13870d5d |
|
17-Dec-2012 |
Rick Macklem <rmacklem@FreeBSD.org> |
Piete.Brooks at cl.cam.ac.uk reported via email a crash which was caused by use of an invalid kgss_gssd_handle during an upcall to the gssd daemon when it has exited. This patch seems to avoid the crashes by holding a reference count on the kgss_gssd_handle until the upcall is done. It also adds a new mutex kgss_gssd_lock used to make manipulation of kgss_gssd_handle SMP safe. Tested by: Illias A. Marinos, Herbert Poeckl Reviewed by: jhb MFC after: 2 weeks
|
#
8451d0dd |
|
16-Sep-2011 |
Kip Macy <kmacy@FreeBSD.org> |
In order to maximize the re-usability of kernel code in user space this patch modifies makesyscalls.sh to prefix all of the non-compatibility calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel entry points and all places in the code that use them. It also fixes an additional name space collision between the kernel function psignal and the libc function of the same name by renaming the kernel psignal kern_psignal(). By introducing this change now we will ease future MFCs that change syscalls. Reviewed by: rwatson Approved by: re (bz)
|
#
dcded131 |
|
16-Jul-2011 |
Zack Kirsch <zack@FreeBSD.org> |
Add a small comment about unloading the kgsappi module. Reviewed by: rmacklem Approved by: zml (mentor) MFC after: 2 weeks
|
#
7e7fd7d1 |
|
19-Jun-2011 |
Rick Macklem <rmacklem@FreeBSD.org> |
Fix the kgssapi so that it can be loaded as a module. Currently the NFS subsystems use five of the rpcsec_gss/kgssapi entry points, but since it was not obvious which others might be useful, all nineteen were included. Basically the nineteen entry points are set in a structure called rpc_gss_entries and inline functions defined in sys/rpc/rpcsec_gss.h check for the entry points being non-NULL and then call them. A default value is returned otherwise. Requested by rwatson. Reviewed by: jhb MFC after: 2 weeks
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
a9148abd |
|
03-Nov-2008 |
Doug Rabson <dfr@FreeBSD.org> |
Implement support for RPCSEC_GSS authentication to both the NFS client and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
|