[Bug 1728310] Re: libnfsidmap2 fails to obtain username which results in failed translation
Mathew Hodson
mathew.hodson at gmail.com
Sun Nov 25 01:00:38 UTC 2018
** Description changed:
- Environment: IPA + NFSv4 (sec=krb5).
+ [Impact]
+
+ * In a multi-domain environment setup with LDAP or IPA, the username is
+ not parsed correctly, resulting in id mapping issues.
+
+ * As a result, NFSv4 cannot be used in a multi-domain environment at all
+ if the username is of the form user at authentication_domain@idmap_domain
+
+ * The attached patch fixes an almost 10 year old bug in the libnfsidmap
+ library. The patch is included already in a similar form in current RHEL
+ releases.
+
+ * Affects at least libnfsidmap2 0.25-5 on Ubuntu 16.04, 16.10, 17.04,
+ 17.10.
+
+ [Test Case]
+
+ * IPA with 2 different user domains. For example: user1 at domain1 and
+ user2 at domain2.
+
+ * NFSv4 server enrolled into IPA.
+
+ * NFS client enrolled into IPA. User and group names coming from IPA
+ have an '@' in them.
+
+ [Regression Potential]
+
+ * The attached patch has been in production in a major organisation with
+ more than 500 Ubuntu clients for more than a year now and has not shown
+ any issues.
+
+ [Other Info]
+
+ Environment: IPA + NFSv4 (sec=krb5)
nss.c uses wrong '@' sign to detect the NFS domain resulting in "nobody"
ownerships and the following error messages in an IPA environment:
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: key: 0x2c254c26 type: uid value: rns at localdomain@ipa.localdomain timeout 600
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: calling nsswitch->name_to_uid
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns at localdomain@ipa.localdomain' domain 'ipa.localdomain': resulting localname '(null)'
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns at localdomain@ipa.localdomain' does not map into domain 'ipa.localdomain'
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: final return value is -22
-
- Affects at least libnfsidmap2=0.25-5 and 0.25-5.1 on 16.04, 16.10,
- 17.04, 17.10
-
- Corresponding Debian bug report: https://bugs.debian.org/cgi-
- bin/bugreport.cgi?bug=744768
-
- Tested patch attached.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnfsidmap in Ubuntu.
https://bugs.launchpad.net/bugs/1728310
Title:
libnfsidmap2 fails to obtain username which results in failed
translation
Status in libnfsidmap package in Ubuntu:
Confirmed
Status in libnfsidmap package in Debian:
New
Bug description:
[Impact]
* In a multi-domain environment setup with LDAP or IPA, the username
is not parsed correctly, resulting in id mapping issues.
* As a result, NFSv4 cannot be used in a multi-domain environment at
all if the username is of the form
user at authentication_domain@idmap_domain
* The attached patch fixes an almost 10 year old bug in the
libnfsidmap library. The patch is included already in a similar form
in current RHEL releases.
* Affects at least libnfsidmap2 0.25-5 on Ubuntu 16.04, 16.10, 17.04,
17.10.
[Test Case]
* IPA with 2 different user domains. For example: user1 at domain1 and
user2 at domain2.
* NFSv4 server enrolled into IPA.
* NFS client enrolled into IPA. User and group names coming from IPA
have an '@' in them.
[Regression Potential]
* The attached patch has been in production in a major organisation
with more than 500 Ubuntu clients for more than a year now and has not
shown any issues.
[Other Info]
Environment: IPA + NFSv4 (sec=krb5)
nss.c uses wrong '@' sign to detect the NFS domain resulting in
"nobody" ownerships and the following error messages in an IPA
environment:
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: key: 0x2c254c26 type: uid value: rns at localdomain@ipa.localdomain timeout 600
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: calling nsswitch->name_to_uid
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns at localdomain@ipa.localdomain' domain 'ipa.localdomain': resulting localname '(null)'
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns at localdomain@ipa.localdomain' does not map into domain 'ipa.localdomain'
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: final return value is -22
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1728310/+subscriptions
More information about the foundations-bugs
mailing list