Changes in gss_release_name.c

2bd2f267f344c51c66fc18d963df8cec78db34c1 - kgss: remove unnecessary CURVNET_SET() and kgss_gssd_handle checks

Sat, 25 Apr 2026 04:55:50 +0200

kgss: remove unnecessary CURVNET_SET() and kgss_gssd_handle checksThese RPC methods correctly acquire the kgss_gssd_handle later with callto kgss_gssd_client().Reviewed by: rmacklemDifferential Revision: https://reviews.freebsd.org/D56561 List of files: /freebsd/sys/kgssapi/gss_release_name.c

50c5715159f172103f68fa90e5423a45aea2a626 - kgss: remove KGSS_VNET_* macros family

Sat, 25 Apr 2026 04:55:45 +0200

kgss: remove KGSS_VNET_* macros familyThe original idea was that something else than VNET(9) might be used forkgss in jails, but that is very unlikely to happen.Mechanical change done with sed+grep. No functional change.Reviewed by: rmacklemDifferential Revision: https://reviews.freebsd.org/D56560 List of files: /freebsd/sys/kgssapi/gss_release_name.c

fdafd315ad0d0f28a11b9fb4476a9ab059c62b92 - sys: Automated cleanup of cdefs and other formatting

Fri, 24 Nov 2023 21:12:57 +0100

sys: Automated cleanup of cdefs and other formattingApply the following automated changes to try to eliminateno-longer-needed sys/cdefs.h includes as well as now-emptyblank lines in a row.Remove /^#if.*\n#endif.*\n#include\s+.*\n/Remove /\n+#include\s+.*\n+#if.*\n#endif.*\n+/Remove /\n+#if.*\n#endif.*\n+/Remove /^#if.*\n#endif.*\n/Remove /\n+#include\s+\n#include\s+/Remove /\n+#include\s+\n#include\s+/Remove /\n+#include\s+\n#include\s+/Sponsored by: Netflix List of files: /freebsd/sys/kgssapi/gss_release_name.c

685dc743dc3b5645e34836464128e1c0558b404b - sys: Remove $FreeBSD$: one-line .c pattern

Wed, 16 Aug 2023 19:54:36 +0200

sys: Remove $FreeBSD$: one-line .c patternRemove /^[\s*]*__FBSDID$"\$FreeBSD\$"$;?\s*\n/ List of files: /freebsd/sys/kgssapi/gss_release_name.c

4d846d260e2b9a3d4d0a701462568268cbfe7a5b - spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

Wed, 10 May 2023 17:40:58 +0200

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSDThe SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catchup to that fact and revert to their recommended match of BSD-2-Clause.Discussed with: pfgMFC After: 3 daysSponsored by: Netflix List of files: /freebsd/sys/kgssapi/gss_release_name.c

2894c8c96b9b94f35aaa27ee5ef3ac11c276fe3f - kgssapi: Add macros so that gssd(8) can run in vnet prison

Thu, 16 Feb 2023 00:18:46 +0100

kgssapi: Add macros so that gssd(8) can run in vnet prisonCommit 7344856e3a6d added a lot of macros that will front endvnet macros so that nfsd(8) can run in vnet prison.This patch adds similar macros named KGSS_VNETxxx so thatthe gssd(8) daemon can run in a vnet prison, once themacros front end the vnet ones. For now, they are null macros.This is the last commit that adds macros. The next step isto change the macros to front end the vnet ones.MFC after: 3 months List of files: /freebsd/sys/kgssapi/gss_release_name.c

b4a53360398fd9c18d06b8aaf5ff34ccee19f8cd - kgssapi: clean up empty lines in .c and .h files

Wed, 02 Sep 2020 00:15:02 +0200

kgssapi: clean up empty lines in .c and .h files List of files: /freebsd/sys/kgssapi/gss_release_name.c

4de8ade94c36f471c086a50e3af89185abb32041 - sys/kgssapi: general adoption of SPDX licensing ID tags.

Mon, 27 Nov 2017 16:49:00 +0100

sys/kgssapi: general adoption of SPDX licensing ID tags.Mainly focus on files that use BSD 2-Clause license, however the tool Iwas using misidentified many licenses so this was mostly a manual - errorprone - task.The Software Package Data Exchange (SPDX) group provides a specificationto make it easier for automated tools to detect and summarize well knownopensource licenses. We are gradually adopting the specification, notingthat the tags are considered only advisory and do not, in any way,superceed or replace the license texts.No functional change intended. List of files: /freebsd/sys/kgssapi/gss_release_name.c

cfe30d02adda7c3b5c76156ac52d50d8cab325d9 - Merge fresh head.

Wed, 19 Jun 2013 13:36:13 +0200

Merge fresh head. List of files: /freebsd/sys/kgssapi/gss_release_name.c

d241a0e67ff3a44947931bf8c841d9786c59efd7 - IFC @247348.

Tue, 26 Feb 2013 22:16:10 +0100

IFC @247348. List of files: /freebsd/sys/kgssapi/gss_release_name.c

d9a447559bc04121f7c6682e64abe67efa154864 - Sync with HEAD.

Fri, 08 Feb 2013 17:10:16 +0100

Sync with HEAD. List of files: /freebsd/sys/kgssapi/gss_release_name.c

46b1c55d9e896815933f43423ae510193b560892 - IFC @ r244983.

Fri, 04 Jan 2013 20:28:32 +0100

IFC @ r244983. List of files: /freebsd/sys/kgssapi/gss_release_name.c

13870d5d7bf1353a623b5be770d9b64d53f8003d - Piete.Brooks at cl.cam.ac.uk reported via email a crash which was

Tue, 18 Dec 2012 01:25:48 +0100

Piete.Brooks at cl.cam.ac.uk reported via email a crash which wascaused by use of an invalid kgss_gssd_handle during an upcall tothe gssd daemon when it has exited. This patch seems to avoid thecrashes by holding a reference count on the kgss_gssd_handle untilthe upcall is done. It also adds a new mutex kgss_gssd_lock used tomake manipulation of kgss_gssd_handle SMP safe.Tested by: Illias A. Marinos, Herbert PoecklReviewed by: jhbMFC after: 2 weeks List of files: /freebsd/sys/kgssapi/gss_release_name.c

e57c2b130f2cd40967cf20698d376cc5ada95871 - integrate from head@185615

Thu, 04 Dec 2008 19:48:08 +0100

integrate from head@185615 List of files: /freebsd/sys/kgssapi/gss_release_name.c

a9148abd9da5db2f1c682fb17bed791845fc41c9 - Implement support for RPCSEC_GSS authentication to both the NFS client

Mon, 03 Nov 2008 11:38:00 +0100

Implement support for RPCSEC_GSS authentication to both the NFS clientand server. This replaces the RPC implementation of the NFS client andserver with the newer RPC implementation originally developed(actually ported from the userland sunrpc code) to support the NFSLock Manager. I have tested this code extensively and I believe it isstable and that performance is at least equal to the legacy RPCimplementation.The NFS code currently contains support for both the new RPCimplementation and the older legacy implementation inherited from theoriginal NFS codebase. The default is to use the new implementation -add the NFS_LEGACYRPC option to fall back to the old code. When Imerge this support back to RELENG_7, I will probably change this sothat users have to 'opt in' to get the new code.To use RPCSEC_GSS on either client or server, you must build a kernelwhich includes the KGSSAPI option and the crypto device. On theuserland side, you must build at least a new libc, mountd, mount_nfsand gssd. You must install new versions of /etc/rc.d/gssd and/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.As long as gssd is running, you should be able to mount an NFSfilesystem from a server that requires RPCSEC_GSS authentication. Themount itself can happen without any kerberos credentials but allaccess to the filesystem will be denied unless the accessing user hasa valid ticket file in the standard place (/tmp/krb5cc_). Thereis currently no support for situations where the ticket file is in adifferent place, such as when the user logged in via SSH and hasdelegated credentials from that login. This restriction is alsopresent in Solaris and Linux. In theory, we could improve this infuture, possibly using Brooks Davis' implementation of variantsymlinks.Supporting RPCSEC_GSS on a server is nearly as simple. You must createservice creds for the server in the form 'nfs/@' andinstall them in /etc/krb5.keytab. The standard heimdal utility ktutilmakes this fairly easy. After the service creds have been created, youcan add a '-sec=krb5' option to /etc/exports and restart both mountdand nfsd.The only other difference an administrator should notice is that nfsddoesn't fork to create service threads any more. In normal operation,there will be two nfsd processes, one in userland waiting for TCPconnections and one in the kernel handling requests. The latterprocess will create as many kthreads as required - these should bevisible via 'top -H'. The code has some support for varying the numberof service threads according to load but initially at least, nfsd usesa fixed number of threads according to the value supplied to its '-n'option.Sponsored by: Isilon SystemsMFC after: 1 month List of files: /freebsd/sys/kgssapi/gss_release_name.c

a9148abd9da5db2f1c682fb17bed791845fc41c9 - Implement support for RPCSEC_GSS authentication to both the NFS client

Mon, 03 Nov 2008 11:38:00 +0100