Date: Tue, 6 Aug 2024 00:41:19 -0400 From: "David E. Cross" <david@crossfamilyweb.com> To: freebsd-hackers@freebsd.org Subject: Multiple Phabricator Reviews open for months/years Message-ID: <8b139b6d-b2ce-76fc-c948-6dd535b19701@crossfamilyweb.com>
next in thread | raw e-mail | index | archive | help
Periodic nudge to move the following along: (3 of them). All 3 of them have been through at least one round of PR, some multiple.. and then they have just sat. https://reviews.freebsd.org/D38047 (opened Jan 2023) What is it? It is a fix to nscd to handle getgroupmembership() via nscd; This is more than an optimization, it fixes (at least) two bugs. (it is also a fantastic optimization). The problem is that if a nsswitch provider DOES provide an implementation of 'getgroupmembership()' (for example nss_ldap, because there is no cache implementation of this it will completely and forever bypass the nscd implementation. Specifically in the case of NSS_LDAP (and perhaps others), you can give extra permissions to the nscd process (via a kerberos keytab as an example) to do lookups without user keys. In the case of nss_ldap, if forced to run as the user, and the user doesn't have network credentials, the requests all fail. The second bug is that the symbol check in the code that nscd uses to signal libc to NOT use caching doesn't work. The symbol is not correctly exported. https://reviews.freebsd.org/D41509 (Opened August 2023) This adds encrypted passwords to lua loader for the boot loader so plaintext passwords aren't sitting on the filesystem in loader.conf (which is default world readable). It uses mostly the same crypt syntax as passwd(5). The big differences are that it doesn't support ALL of the the password hash types in libcrypt(3); because that is a lot of work for me, and it uses a slightly different prefix mechanism to signal to the password check routines that it is crypted/salted/hashed. Finally: https://reviews.freebsd.org/D45056 (opened May 2024) This adds O_DIRECT support to ggatel/ggatec/ggated so that exported files and devices may be optionally shared with the O_DIRECT flag. This primary usecase of this is not wanting your buffer cache destroyed on sharing out image files to other machines on your network. I have been using (and continue to use) all of these in my production environments; I'd really like to get them merged, they should all be generally useful to everyone. Be great to get these into 15.0, and then MFCed for 14.2 and heck .even 13!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8b139b6d-b2ce-76fc-c948-6dd535b19701>