[Bug 1697339] Re: rpc.gssd performs reverse DNS by default (regardless of -D flag)
Andreas Hasenack
andreas at canonical.com
Fri Apr 26 18:00:56 UTC 2019
Oh, hm, I was mislead, this is using systemd already, it's just shipping
the upstart files along for the ride.
So:
/lib/systemd/system/rpc-gssd.service reads /run/sysconfig/nfs-utils, which is generated by /lib/systemd/system/nfs-config.service by calling /usr/lib/systemd/scripts/nfs-utils_env.sh.
That wrapper /usr/lib/systemd/scripts/nfs-utils_env.sh sources
/etc/default/nfs-common and /etc/default/nfs-kernel-server, but doesn't
handle rpc.gssd options. In fact, it has this comment:
# the following are supported by the systemd units, but not exposed in default files
...
# echo RPCGSSDARGS=\"$RPCGSSDARGS\"
So even if you define RPCGSSDARGS in one of those /etc/default/nfs* files, it won't be passed along to the systemd service. Why was it decided like that? No idea :/
I guess the answer to my question in #10 is "use a systemd service
override and add the -D option there"?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1697339
Title:
rpc.gssd performs reverse DNS by default (regardless of -D flag)
Status in nfs-utils package in Ubuntu:
Fix Released
Status in nfs-utils source package in Xenial:
New
Status in nfs-utils package in Debian:
Fix Released
Bug description:
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Package: nfs-common 1:1.2.8-9ubuntu12.1.0
This bug affects all active and proposed versions of nfs-common used
by ubuntu (as every version is based on nfs-utils_1.2.8) from trusty
to artful.
There is a small error in the code for rpc.gssd that causes it to always perform reverse DNS when looking up the server name to pass to GSSAPI. This causes a problem for NFS4 in environments where reverse DNS is incorrectly configured or not configurable by the system administrator. This has been confirmed in Debian and a more recent version of nfs-utils that appears to have fixed this has been pushed to sid:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803710
However, I do not know if that version of nfs-utils will make it to
ubuntu soon. Will it?
If not, the patch to this appears to be rather straightforward.
The error is an '== 1' instead of an '== 0' in two lines of gssd_proc.c that are evaluated when the -D flag to rpc.gssd is not passed (and thus avoid_dns is true)
--- utils/gssd/gssd_proc.c 2017-06-11 15:47:35.000000000 -0700
+++ utils/gssd/gssd_proc_patch.c 2017-06-11 15:48:36.152115792 -0700
@@ -181,17 +181,17 @@
if (avoid_dns) {
/*
* Determine if this is a server name, or an IP address.
* If it is an IP address, do the DNS lookup otherwise
* skip the DNS lookup.
*/
servername = 0;
- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
+ if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 0)
servername = 1; /* IPv4 */
- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
+ else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 0)
servername = 1; /* or IPv6 */
if (servername) {
return strdup(name);
}
}
Is there any way to get either 1) the updated version of nfs-utils or
2) this patch applied to xenial (and, hopefully, other versions of
ubuntu)? Thank you for looking at this!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1697339/+subscriptions
More information about the foundations-bugs
mailing list