[Bug 1779962] Re: rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has expired" errors when using kerberos
Adam Conrad
adconrad at 0c3.net
Tue Oct 16 13:16:10 UTC 2018
** Changed in: nfs-utils (Ubuntu)
Status: Confirmed => Fix Committed
** Changed in: nfs-utils (Ubuntu)
Assignee: (unassigned) => Adam Conrad (adconrad)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1779962
Title:
rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has
expired" errors when using kerberos
Status in nfs-utils package in Ubuntu:
Fix Committed
Status in nfs-utils source package in Bionic:
New
Bug description:
utils/gssd_proc.c uses SYS_setresuid and SYS_setresgid in
change_identity when it should use SYS_setresuid32 and SYS_setresgid32
instead. This causes it to truncate UIDs/GIDs > 65536.
Symptoms: rpc.gssd is unable to read kerberos credentials files after
changing identity, failing with a cryptic error message:
CC 'FILE:/tmp/krb5cc_100001_J5kIrv' is expired or corrupt
(note the UID 100001 here, rpc.gssd was actually using UID 34465 to
access this file, and failing in krb5_util.c when calling
krb5_cc_get_principal)
The attached patch fixes the bug.
I'm using Ubuntu 18.04 LTS on an Odroid XU4 (armhf). This bug does not
exist in Ubuntu 16.04 LTS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779962/+subscriptions
More information about the foundations-bugs
mailing list