To do

From Linux NFS

(Difference between revisions)
Jump to: navigation, search
(mention newpynfs)
(warn about unsafe export cases, etc.)
Line 12: Line 12:
* remove gss code from libnfsidmap: we're doing gss principal-to-uid-mapping in libnfsidmap.  This introduces a problematic dependancy of libnfsidmap on gss.  We should just move that mapping code to svcgssd, which is the only place it's needed.
* remove gss code from libnfsidmap: we're doing gss principal-to-uid-mapping in libnfsidmap.  This introduces a problematic dependancy of libnfsidmap on gss.  We should just move that mapping code to svcgssd, which is the only place it's needed.
* [[printk cleanup]]: make sure the information that goes to the logs is the information we need.
* [[printk cleanup]]: make sure the information that goes to the logs is the information we need.
 +
* [[warn about unsafe exports]]: exporting a subdirectory of a filesystem generally also makes the rest of the filesystem available (all someone need do is guess the root filehandle, which is usually very easy).  It's not clear that users realize this.  Add code to exportfs to warn about suspicious-looking cases.
 +
* [[warn about inconsistent security requirements]]: If you export a subdirectory with more security flavors than the parent, you may confuse clients.  Warn about these cases in exportfs?
More open-ended projects, that will require close collaboration with other developers, and possibly multiple attempts:
More open-ended projects, that will require close collaboration with other developers, and possibly multiple attempts:

Revision as of 18:10, 24 September 2007

Some specific projects; follow links for more details on design requirements and implementation plans. If you intend to work on any of these, please keep in close contact with other developers, using nfsv4@linux-nfs.org.

Projects that are easier or more self-contained:

  • nfs-utils auditing: start by eliminating compile warnings. Then crank up the compile warnings and eliminate the rest. Look into additional static checking. Read the code with special attention to how data from the network is handled.
  • error reporting: It's easier for people to set up nfsv4 and krb5 if we give people informative error messages when something is wrong.
  • nfs-utils unit tests: Implement a unit test infrastructure in the nfs-utils tree.
  • nfs-utils internationalization: Add full support for double-wide character sets, and use message catalogs everywhere. Find translators for the catalogs.
  • client ACL tools: The client ACL utilities need some work
  • wireshark improvements: Wireshark (previously known as ethereal) is useful for debugging NFSv4 problems. But it could be more useful. (Actively being worked on.)
  • krb5-protected v2/v3: most of this is done now. There remains some relatively simple work to do in nfs-utils to properly report supported security flavors in mountd's responses to mount requests. Also, complete implementation of rfc2623 requires some (slightly more involved) kernel work.
  • remove gss code from libnfsidmap: we're doing gss principal-to-uid-mapping in libnfsidmap. This introduces a problematic dependancy of libnfsidmap on gss. We should just move that mapping code to svcgssd, which is the only place it's needed.
  • printk cleanup: make sure the information that goes to the logs is the information we need.
  • warn about unsafe exports: exporting a subdirectory of a filesystem generally also makes the rest of the filesystem available (all someone need do is guess the root filehandle, which is usually very easy). It's not clear that users realize this. Add code to exportfs to warn about suspicious-looking cases.
  • warn about inconsistent security requirements: If you export a subdirectory with more security flavors than the parent, you may confuse clients. Warn about these cases in exportfs?

More open-ended projects, that will require close collaboration with other developers, and possibly multiple attempts:

  • newpynfs bug-chasing: Run latest newpynfs tests, diagnose and fix bugs. Some of this is easy, some is hard, requires knowing what to pay attention to. (E.g.: for now we don't plan to fix utf8 bugs, so ignore those.)
  • pseudofilesystem improvements: The NFSv4 server currently patches together export paths in a way that is inconsistent with NFSv2 and NFSv3 and causes severe problems for automount users.
  • gss callbacks: We currently don't support rpcsec_gss security on the callback channel, which means that if you mount with krb5 then you don't get the benefit of delegations. (Actively being worked on.)

See also (priority lists somewhat out of date):

Personal tools