Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Aug 2024 00:41:19 -0400
From:      "David E. Cross" <david@crossfamilyweb.com>
To:        freebsd-hackers@freebsd.org
Subject:   Multiple Phabricator Reviews open for months/years
Message-ID:  <8b139b6d-b2ce-76fc-c948-6dd535b19701@crossfamilyweb.com>

next in thread | raw e-mail | index | archive | help
Periodic nudge to move the following along: (3 of them).  All 3 of them 
have been through at least one round of PR, some multiple.. and then 
they have just sat.


https://reviews.freebsd.org/D38047 (opened Jan 2023)

What is it?  It is a fix to nscd to handle getgroupmembership() via 
nscd;  This is more than an optimization, it fixes (at least) two bugs. 
(it is also a fantastic optimization).  The problem is that if a 
nsswitch provider DOES provide an implementation of 
'getgroupmembership()' (for example nss_ldap, because there is no cache 
implementation of this it will completely and forever bypass the nscd 
implementation.  Specifically in the case of NSS_LDAP (and perhaps 
others), you can give extra permissions to the nscd process (via a 
kerberos keytab as an example) to do lookups without user keys.  In the 
case of nss_ldap, if forced to run as the user, and the user doesn't 
have network credentials, the requests all fail.


The second bug is that the symbol check in the code that nscd uses to 
signal libc to NOT use caching doesn't work.  The symbol is not 
correctly exported.


https://reviews.freebsd.org/D41509 (Opened August 2023)

This adds encrypted passwords to lua loader for the boot loader so 
plaintext passwords aren't sitting on the filesystem in loader.conf 
(which is default world readable).  It uses mostly the same crypt syntax 
as passwd(5).  The big differences are that it doesn't support ALL of 
the the password hash types in libcrypt(3); because that is a lot of 
work for me, and it uses a slightly different prefix mechanism to signal 
to the password check routines that it is crypted/salted/hashed.


Finally:

https://reviews.freebsd.org/D45056 (opened May 2024)

This adds O_DIRECT support to ggatel/ggatec/ggated so that exported 
files and devices may be optionally shared with the O_DIRECT flag.  This 
primary usecase of this is not wanting your buffer cache destroyed on 
sharing out image files to other machines on your network.


I have been using (and continue to use) all of these in my production 
environments; I'd really like to get them merged, they should all be 
generally useful to everyone.

Be great to get these into 15.0, and then MFCed for 14.2 and heck .even 13!





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8b139b6d-b2ce-76fc-c948-6dd535b19701>