upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-03 20:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Rick Macklem b9410313c6 nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 
During recent testing related to the IETF NFSv4 Bakeathon, it was
discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers
(sec=krb5[ip],pnfs mount options) was broken.
The FreeBSD client was using the "service principal" for
the MDS to try and establish a rpcsec_gss credential for a DS,
which is incorrect. (A "service principal" looks like
"nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not
the same as the MDS for most pNFS servers.)

To fix this, the rpcsec_gss code needs to be able to do a
reverse DNS lookup of the DS's IP address.  A new kgssapi upcall
to the gssd(8) daemon is added by this patch to do the reverse DNS
along with a new rpcsec_gss function to generate the "service
principal".

A separate patch to the gssd(8) will be committed, so that this
patch will fix the problem.  Without the gssd(8) patch, the new
upcall fails and current/incorrect behaviour remains.

This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs)
mount using pNFS.

This patch changes the internal KAPI between the kgssapi and
nfscl modules, but since I did a version bump a few days ago,
I will not do one this time.

(cherry picked from commit dd7d42a1fae5a4879b62689a165238082421f343)
2023-12-23 17:03:58 -08:00
..
amd64 makesyscalls: don't make syscall.mk by default 2023-12-13 23:07:06 +00:00
arm arm: Disable the VFP during boot 2023-12-17 21:07:49 -05:00
arm64 arm64: lop off another 24MB of KVA for early device mappings 2023-12-14 18:58:08 -06:00
bsm timerfd: Move implementation from linux compat to sys/kern 2023-08-24 14:28:56 -06:00
cam ctl_ha: don't shutdown threads if scheduler is stopped 2023-12-08 18:02:44 -04:00
cddl boot/zfs: Add some fields to dsl_dir_phys_t 2023-10-25 10:27:26 -04:00
compat sysvipc: Fix 32-bit compat on !i386 2023-12-13 23:10:53 +00:00
conf nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 2023-12-23 17:03:58 -08:00
contrib x86emu: remove localy added __FBSDID 2023-12-13 23:08:51 +00:00
crypto ossl: Fix some bugs in the fallback AES-GCM implementation 2023-12-03 12:48:09 -05:00
ddb ddb: Add sysctl flag CTLFLAG_TUN to loader tunable 2023-10-12 12:08:18 +08:00
dev Use xpt_path_sbuf() in few drivers 2023-12-22 23:36:56 -05:00
dts sys: Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:17 -06:00
fs nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 2023-12-23 17:03:58 -08:00
gdb sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
geom shutdown: audit shutdown_post_sync event callbacks 2023-12-08 18:02:44 -04:00
gnu sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
i386 makesyscalls: don't make syscall.mk by default 2023-12-13 23:07:06 +00:00
isa isa: Postpone removal of the non-PNP driver until 15 2023-10-30 08:55:08 +08:00
kern kthread: Set *newtdp earlier in kthread_add1() 2023-12-17 21:20:13 -05:00
kgssapi nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 2023-12-23 17:03:58 -08:00
libkern sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
modules nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 2023-12-23 17:03:58 -08:00
net if_tun: check device name 2023-12-19 02:28:47 +02:00
net80211 net80211: remove ieee80211_unref_node() 2023-11-30 00:36:58 +00:00
netgraph ng_ksocket: fix accept(2) 2023-11-30 09:01:40 -08:00
netinet tcp: add PRR 6937bis heuristic and retire prr_conservative sysctl 2023-12-15 09:25:07 +01:00
netinet6 Avoid IPv6 source address selection on accepting TCP connections 2023-10-30 20:12:50 +03:00
netipsec sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
netlink netlink: fix potential llentry lock leak in newneigh handler 2023-11-01 10:05:49 +01:00
netpfil pf: fix mem leaks upon vnet destroy 2023-12-06 10:08:25 +01:00
netsmb sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
nfs sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
nfsclient sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
nfsserver sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
nlm sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ofed ibcore: Introduce enum ib_raw_packet_caps from Linux 4.11 2023-11-04 15:22:18 -04:00
opencrypto sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
powerpc powerpc: better handling of shutdown flags 2023-12-08 18:02:44 -04:00
riscv busdma: emit a warning for use of filters 2023-12-06 19:23:14 -04:00
rpc nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers 2023-12-23 17:03:58 -08:00
security veriexec: Simplify the initialization of loader tunable 2023-11-13 11:56:57 +08:00
sys kmsan: Add kmsan_check_uio() 2023-12-14 09:44:38 -05:00
teken teken: fix style in teken_wcwidth.h 2023-10-21 17:28:35 +03:00
tests netlink: move NETLINK define to opt_global.h 2023-10-16 09:42:33 +02:00
tools makesyscalls: don't make syscall.mk by default 2023-12-13 23:07:06 +00:00
ufs ufs: do not leave around empty buffers shadowing disk content 2023-12-20 10:29:55 +02:00
vm uma: Micro-optimize memory trashing 2023-12-08 21:32:43 -05:00
x86 busdma: emit a warning for use of filters 2023-12-06 19:23:14 -04:00
xdr sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
xen sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
Makefile sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
README.md sys/README.md: Add a section for documentation 2023-08-03 11:07:41 -03:00

README.md

FreeBSD Kernel Source:

This directory contains the source files and build glue that make up the FreeBSD kernel and its modules, including both original and contributed software.

Kernel configuration files are located in the conf/ subdirectory of each architecture. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries. LINT is a compile-only configuration used to maximize build coverage and detect regressions.

Documentation:

Source code documentation is maintained in a set of man pages, under section 9. These pages are located in share/man/man9, from the top-level of the src tree. Consult intro(9) for an overview of existing pages.

Some additional high-level documentation of the kernel is maintained in the Architecture Handbook.

Source Roadmap:

Directory Description
amd64 AMD64 (64-bit x86) architecture support
arm 32-bit ARM architecture support
arm64 64-bit ARM (AArch64) architecture support
cam Common Access Method storage subsystem - cam(4) and ctl(4)
cddl CDDL-licensed optional sources such as DTrace
conf kernel build glue
compat Linux compatibility layer, FreeBSD 32-bit compatibility
contrib 3rd-party imported software such as OpenZFS
crypto crypto drivers
ddb interactive kernel debugger - ddb(4)
fs most filesystems, excluding UFS, NFS, and ZFS
dev device drivers and other arch independent code
gdb kernel remote GDB stub - gdb(4)
geom GEOM framework - geom(4)
i386 i386 (32-bit x86) architecture support
kern main part of the kernel
libkern libc-like and other support functions for kernel use
modules kernel module infrastructure
net core networking code
net80211 wireless networking (IEEE 802.11) - net80211(4)
netgraph graph-based networking subsystem - netgraph(4)
netinet IPv4 protocol implementation - inet(4)
netinet6 IPv6 protocol implementation - inet6(4)
netipsec IPsec protocol implementation - ipsec(4)
netpfil packet filters - ipfw(4), pf(4), and ipfilter(4)
opencrypto OpenCrypto framework - crypto(7)
powerpc PowerPC/POWER (32 and 64-bit) architecture support
riscv 64-bit RISC-V architecture support
security security facilities - audit(4) and mac(4)
sys kernel headers
tests kernel unit tests
ufs Unix File System - ffs(7)
vm virtual memory system
x86 code shared by AMD64 and i386 architectures