src/sys/kgssapi, branch releng/11.0 FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F11.0 2016-05-03T22:05:03Z kgssapi: insignificant spelling fix. 2016-05-03T22:05:03Z Pedro F. Giffuni pfg@FreeBSD.org 2016-05-03T22:05:03Z urn:sha1:696efc839c323ab3198b6449031e7a61663e5376 No functional change. kgssapi: Don't leak memory in error cases 2016-04-26T18:11:45Z Conrad Meyer cem@FreeBSD.org 2016-04-26T18:11:45Z urn:sha1:be0edef16363eb4e1c92b35cd54d89ef8f695eb0 Reported by: Coverity CIDs: 1007046, 1007047, 1007048 Sponsored by: EMC / Isilon Storage Division sys: extend use of the howmany() macro when available. 2016-04-26T15:38:17Z Pedro F. Giffuni pfg@FreeBSD.org 2016-04-26T15:38:17Z urn:sha1:55e0987aea18d0b97fc0444c7678cbca1c7761d0 We have a howmany() macro in the <sys/param.h> header that is convenient to re-use as it makes things easier to read. kgssapi(4): Don't allow user-provided arguments to overrun stack buffer 2016-04-20T05:02:13Z Conrad Meyer cem@FreeBSD.org 2016-04-20T05:02:13Z urn:sha1:9d77679a40beb77abbb5c17a01d14577a3e24c59 An over-long path argument to gssd_syscall could overrun the stack sockaddr_un buffer. Fix gssd_syscall to not permit that. If an over-long path is provided, gssd_syscall now returns EINVAL. It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that this is likely only triggerable by root. Reported by: Coverity CID: 1006751 Sponsored by: EMC / Isilon Storage Division Cleanup unnecessary semicolons from the kernel. 2016-04-10T23:07:00Z Pedro F. Giffuni pfg@FreeBSD.org 2016-04-10T23:07:00Z urn:sha1:74b8d63dcc17c07d8cb21e13f6db517698efd49f Found with devel/coccinelle. kcrypto_aes: Use separate sessions for AES and SHA1 2016-02-02T00:14:51Z Conrad Meyer cem@FreeBSD.org 2016-02-02T00:14:51Z urn:sha1:92deafc3a3a9fb9221c49e574db99571b8080a9f Some hardware supports AES acceleration but not SHA1, e.g., AES-NI extensions. It is useful to have accelerated AES even if SHA1 must be software. Suggested by: asomers Reviewed by: asomers, dfr Sponsored by: EMC / Isilon Storage Division Differential Revision: https://reviews.freebsd.org/D5146 Unset the gss kernel state when gssd exits 2016-01-01T17:06:16Z Josh Paetzel jpaetzel@FreeBSD.org 2016-01-01T17:06:16Z urn:sha1:21d7e927b51f507d8deb1dce3ae05b1bb19dbb04 When gssd exits it leaves the kernel state set by gssd_syscall(). nfsd sees this and waits endlessly in an unkillable state for gssd to come back. If you had acidentally started gssd then stopped it, then started nfsd you'd be in a bad way until you either restarted gssd or rebooted the system. This change fixes that by setting the kernel state to "" when gssd exits. Reviewed by: rmacklem MFC after: 1 week Sponsored by: iXsystems Avoid dynamic syscall overhead for statically compiled modules. 2014-10-26T19:42:44Z Mateusz Guzik mjg@FreeBSD.org 2014-10-26T19:42:44Z urn:sha1:e015b1ab0a428e65297e44471d257d7eb589b383 The kernel tracks syscall users so that modules can safely unregister them. But if the module is not unloadable or was compiled into the kernel, there is no need to do this. Achieve this by adding SY_THR_STATIC_KLD macro which expands to SY_THR_STATIC during kernel build and 0 otherwise. Reviewed by: kib (previous version) MFC after: 2 weeks Add support for host-based (Kerberos 5 service principal) initiator 2013-07-09T01:05:28Z Rick Macklem rmacklem@FreeBSD.org 2013-07-09T01:05:28Z urn:sha1:88a2437a65c25b7a03a75dca3c5f9ceb648bf6c8 credentials to the kernel rpc. Modify the NFSv4 client to add support for the gssname and allgssname mount options to use this capability. Requires the gssd daemon to be running with the "-h" option. Reviewed by: jhb Isilon reported that sec=krb5p NFS mounts had a problem when m_len == 0 2013-05-01T22:07:55Z Rick Macklem rmacklem@FreeBSD.org 2013-05-01T22:07:55Z urn:sha1:58217793a290b3de9c742e3c1ac22f14b9ccbd6f for the last mbuf of the list with an encrypted message. This patch replaces the KASSERT() with code that handles this case. Reported by: john.gemignani@isilon.com Reviewed by: jhb MFC after: 2 weeks