Linux Kernel BitKeeper History https://git.stealer.net/cgit.cgi/user/sven/linux-bitkeeper.git/atom?h=master 2004-02-26T14:51:34Z 2004-02-26T14:51:34Z Andrew Morton akpm@osdl.org 2004-02-26T14:51:34Z urn:sha1:255e9f8076c70ea86ac12e7478bc5a49f5227e12 From: NeilBrown <neilb@cse.unsw.edu.au> make sure sunrpc init routines called before gss init routines. 2003-02-03T10:19:47Z Kai Germaschewski kai@tp1.ruhr-uni-bochum.de 2003-02-03T10:19:47Z urn:sha1:4612452845903c0af785fe507758004f15ee4b2c One of the goals of the whole new modversions implementation: export-objs is gone for good! 2003-01-13T05:41:33Z Trond Myklebust trond.myklebust@fys.uio.no 2003-01-13T05:41:33Z urn:sha1:8d188768b6a1b5692994c02539c801aad888b555 This patch provides the basic framework for RPCSEC_GSS authentication in the RPC client. The protocol is fully described in RFC-2203. Sun has supported it in their commercial NFSv3 and v2 implementations for quite some time, and it has been specified in RFC3010 as being mandatory for NFSv4. - Update the mount_data struct for NFSv2 and v3 in order to allow them to pass an RPCSEC_GSS security flavour. Compatibility with existing versions of the 'mount' program is ensured by requiring that RPCSEC support be enabled using the new flag NFS_MOUNT_SECFLAVOUR. - Provide secure authentication, and later data encryption on a per-user basis. A later patch will an provide an implementation of the Kerberos 5 security mechanism. SPKM and LIPKEY are still being planned. - Security context negotiation and initialization are all assumed to be done in userland. A later patch will provide the actual upcall mechanisms to allow for this. 2003-01-13T05:41:19Z Trond Myklebust trond.myklebust@fys.uio.no 2003-01-13T05:41:19Z urn:sha1:af2f003391786fb632889c02142c941b212ba4ff This patch provides the upcall mechanism that will be used for communicating with the RPCSEC client user daemons. It sets up a 'ramfs' style filesystem (rpc_pipefs) that is populated with named pipes. Each time the kernel initializes a new NFS, lockd, statd or portmapper client, a directory automatically gets set up in this fs. The directory is initially only populated with a single file "info" that provides information such as the server IP address, the port number and the RPC service for the benefit of the user daemon. When an RPCSEC_GSS mechanism needs to communicate with the daemon, it is provided with a toolkit for setting up a named pipe in the same directory. It can then perform upcalls/downcalls in order to talk to the daemon in much the same way as is done by CODA. The NFSv4 client will also need to use this same filesystem to communicate with its user daemon in order to do name-to-uid/name-from-uid and name-to-gid/name-from-gid translation. 2002-12-15T03:41:56Z Brian Gerst bgerst@didntduck.org 2002-12-15T03:41:56Z urn:sha1:0b319ed0ada2e2bd43f38c65a1ce5b1492a40b6d Makefiles no longer need to include Rules.make, which is currently an empty file. This patch removes it from the remaining Makefiles, and removes the empty Rules.make file. 2002-10-23T16:59:59Z Kai Germaschewski kai@tp1.ruhr-uni-bochum.de 2002-10-23T16:59:59Z urn:sha1:1752729653ae35381ace4aa664c868e6e263db97 Traditionally, the individual components of a multipart module are listed in <mod>-objs. Allow for using <mod>-y as well, as that turns out to simplify declaring optional parts of multi-part modules, see the converted examples in net/*/Makefile. This change is backwards-compatible, i.e. not converted Makefiles still work just fine. 2002-10-11T12:39:25Z Neil Brown neilb@cse.unsw.edu.au 2002-10-11T12:39:25Z urn:sha1:624361e43a7f518101fe4b5277aa1ad7a1fe6028 This patch introduces two caches using the new infrastucture, and the concept of a 'domain'. A 'domain' refers to a collection of clients that all have the same view of the nfs server, and all have the same access rights (modulo different users on the clients). For AUTH_UNIX (and AUTH_NULL), the domain is determined from the IP address. For other authentication styles, the domain might be determined directly from the credentials. Each auth flavour knows how to allocate and free it's domain-specific infomation. auth_domain_cache maps a name to a domain which is owned by an auth flavour. ip_map_cache is a cache specific to AUTH_UNIX which maps IP address to domain. With this patch, svcauth_unix.c is created to store all auth_unix related code. The IP address lookup code is removed from nfsd/exports.c sunrpc module initilisation is moved out of stats.c into sunrpc_syms which seemed to be the most central .c file. It now registers these two caches. Now that the caches are being used, nfsd needs to call cache_clean periodically. 2002-10-11T12:39:19Z Neil Brown neilb@cse.unsw.edu.au 2002-10-11T12:39:19Z urn:sha1:f00a9f4d31b5a540d865ee2c779d6fac32e9aafb This patch provides a "virtual class" for defining caches that make user-space information available in the kernel It is intended for RPC services or clients that need user-space support for authentication. As yet, support for userspace interaction isn't included as I want that to be able to have separate review. 2002-07-16T08:53:29Z Trond Myklebust trond.myklebust@fys.uio.no 2002-07-16T08:53:29Z urn:sha1:77d7903022dbd92040f4afdfb5e05d9005a88a7f Implement the basic round trip timing algorithm in order to adapt the timeout values for the most common NFS operations to the server's rate of response. Algorithm is described in Van Jacobson's paper 1998 paper on http://www-nrg.ee.lbl.gov/nrg-papers.html, and is the same as is used for most TCP stacks. Following the *BSD code, we implement separate rtt timers for GETATTR, LOOKUP, READ/READDIR/READLINK, and WRITE. In addition to this, there is one extra timer for the COMMIT operation. All the remaining RPC calls use the current system in which a fixed timeout value gets set by the 'timeo' mount option. In case of a timeout, the current exponential backoff algoritm is implemented. Subsequent patches will improve this... 2002-05-24T13:33:48Z Kai Germaschewski kai@tp1.ruhr-uni-bochum.de 2002-05-24T13:33:48Z urn:sha1:a56ea9ffd6393817f18bd4c075cfb80872c6a3d1