[Bug 1779962] Re: rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has expired" errors when using kerberos

[Ubuntu Foundations Team Bug Bot]

The attachment "Changes the syscalls to use the 32-bit variants." seems
to be a patch.  If it isn't, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1779962

Title:
  rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has
  expired" errors when using kerberos

Status in nfs-utils package in Ubuntu:
  New

Bug description:
  utils/gssd_proc.c uses SYS_setresuid and SYS_setresgid in
  change_identity when it should use SYS_setresuid32 and SYS_setresgid32
  instead. This causes it to truncate UIDs/GIDs > 65536.

  Symptoms: rpc.gssd is unable to read kerberos credentials files after
  changing identity, failing with a cryptic error message:

  CC 'FILE:/tmp/krb5cc_100001_J5kIrv' is expired or corrupt

  (note the UID 100001 here, rpc.gssd was actually using UID 34465 to
  access this file, and failing in krb5_util.c when calling
  krb5_cc_get_principal)

  The attached patch fixes the bug.

  I'm using Ubuntu 18.04 LTS on an Odroid XU4 (armhf). This bug does not
  exist in Ubuntu 16.04 LTS.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779962/+subscriptions