[Bug 1728310] Re: libnfsidmap2 fails to obtain username which results in failed translation

Uli ulrich.felzmann at gmail.com
Fri Aug 17 06:18:49 UTC 2018 

[Impact]

 * In a multi-domain environment setup with LDAP or IPA, the username is
not parsed correctly, resulting in id mapping issues.

 * As a result, NFSv4 cannot be used in a multi-domain environment at
all if the username is of the form
user at authentication_domain@idmap_domain

 * The attached patch fixes an almost 10 year old bug in the libnfsidmap
library. The patch is included already in a similar form in current RHEL
releases.


[Test Case]

 * IPA with 2 different user domains. For example: user1 at domain1 and
user2 at domain2.

 * NFSv4 server enrolled into IPA

 * NFS client enrolled into IPA. User and group names coming from IPA
have an '@' in them.


[Regression Potential] 

 * The attached patch has been in production in a major organisation
with more than 500 Ubuntu clients for more than a year now and has not
shown any issues.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnfsidmap in Ubuntu.
https://bugs.launchpad.net/bugs/1728310

Title:
  libnfsidmap2 fails to obtain username which results in failed
  translation

Status in libnfsidmap package in Ubuntu:
  Confirmed
Status in libnfsidmap package in Debian:
  New

Bug description:
  Environment: IPA + NFSv4 (sec=krb5).

  nss.c uses wrong '@' sign to detect the NFS domain resulting in
  "nobody" ownerships and the following error messages in an IPA
  environment:

  Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: key: 0x2c254c26 type: uid value: rns at localdomain@ipa.localdomain timeout 600
  Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: calling nsswitch->name_to_uid
  Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns at localdomain@ipa.localdomain' domain 'ipa.localdomain': resulting localname '(null)'
  Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns at localdomain@ipa.localdomain' does not map into domain 'ipa.localdomain'
  Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22
  Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: final return value is -22

  Affects at least libnfsidmap2=0.25-5 and 0.25-5.1 on 16.04, 16.10,
  17.04, 17.10

  Corresponding Debian bug report: https://bugs.debian.org/cgi-
  bin/bugreport.cgi?bug=744768

  Tested patch attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1728310/+subscriptions

More information about the foundations-bugs mailing list