[Bug 1697339] Re: rpc.gssd performs reverse DNS by default (regardless of -D flag)

Ryan McGregor 1697339 at bugs.launchpad.net
Thu Jun 21 21:18:57 UTC 2018 

Has there been any progress on getting this pushed to 16.04.4? If it's
not going to be pushed to the public repos any time soon, is it
available in a testing repo.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1697339

Title:
  rpc.gssd performs reverse DNS by default (regardless of -D flag)

Status in nfs-utils package in Ubuntu:
  Confirmed
Status in nfs-utils package in Debian:
  Fix Released

Bug description:
  Description:	Ubuntu 16.04.2 LTS
  Release:	16.04

  Package: nfs-common 1:1.2.8-9ubuntu12.1.0

  This bug affects all active and proposed versions of nfs-common used
  by ubuntu (as every version is based on nfs-utils_1.2.8) from trusty
  to artful.

  There is a small error in the code for rpc.gssd that causes it to always perform reverse DNS when looking up the server name to pass to GSSAPI. This causes a problem for NFS4 in environments where reverse DNS is incorrectly configured or not configurable by the system administrator. This has been confirmed in Debian and a more recent version of nfs-utils that appears to have fixed this has been pushed to sid:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803710

  However, I do not know if that version of nfs-utils will make it to
  ubuntu soon. Will it?

  If not, the patch to this appears to be rather straightforward.
  The error is an '== 1' instead of an '== 0' in two lines of gssd_proc.c that are evaluated when the -D flag to rpc.gssd is not passed (and thus avoid_dns is true)

  --- utils/gssd/gssd_proc.c	2017-06-11 15:47:35.000000000 -0700
  +++ utils/gssd/gssd_proc_patch.c	2017-06-11 15:48:36.152115792 -0700
  @@ -181,17 +181,17 @@
    if (avoid_dns) {
     /*
      * Determine if this is a server name, or an IP address.
      * If it is an IP address, do the DNS lookup otherwise
      * skip the DNS lookup.
      */
     servername = 0;
  -		if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
  +		if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 0)
      servername = 1; /* IPv4 */
  -		else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
  +		else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 0)
      servername = 1; /* or IPv6 */

     if (servername) {
      return strdup(name);
     }
    }

  Is there any way to get either 1) the updated version of nfs-utils or
  2) this patch applied to xenial (and, hopefully, other versions of
  ubuntu)? Thank you for looking at this!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1697339/+subscriptions

More information about the foundations-bugs mailing list