Your message dated Thu, 15 Dec 2016 10:37:56 +0100 with message-id <20161215093756.4nnrqubqj2qd4k4f@moniac.lan.yath.de> and subject line Re: 1.3.4 uploaded, please test has caused the Debian Bug report #803710, regarding nfs-common: gssd does DNS reverse lookups for servers without -D to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 803710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803710 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: nfs-common: gssd does DNS reverse lookups for servers without -D
- From: Sebastian Schmidt <yath@yath.de>
- Date: Sun, 01 Nov 2015 22:32:00 +0100
- Message-id: <144641352088.31449.11227307020876748032.reportbug@moniac.lan.yath.de>
Package: nfs-common Version: 1:1.2.8-9 Severity: normal Tags: patch, fixed-upstream -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, The man page states for the '-D' option: | DNS Reverse lookups are not used for determining the server names pass | to GSSAPI. This option will reverses that and forces the use of DNS | Reverse resolution of the server's IP address to retrieve the | server name to use in GSAPI authentication. However, this is not true for the version packaged in Debian: # ps auxwwf|grep '[g]ssd' root 32062 0.0 0.0 34980 2656 ? Ss 22:18 0:00 /usr/sbin/rpc.gssd -vvv # dig +short fate.yath.de aaaa 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 # dig +short -x 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 ptr # mount fate.yath.de:/data /mnt -t nfs -o vers=4.0,sec=krb5p (hangs) After tens of minutes it aborts with "NFS: nfs4_discover_server_trunking unhandled error -512. Exiting with error EIO". Meanwhile in syslog, tons of these: rpc.gssd[32062]: ERROR: unable to resolve 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known rpc.gssd[32062]: ERROR: failed to read service info rpc.gssd[32062]: ERROR: unable to resolve 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known rpc.gssd[32062]: ERROR: failed to read service info rpc.gssd[32062]: ERROR: unable to resolve 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known rpc.gssd[32062]: ERROR: failed to read service info This has been fixed in recent upstream versions (#756900). I have however attached a patch that backports this specific fix from nfs-utils-1.3.3 to Debian’s 1.2.8. Sebastian - -- Package-specific info: - -- rpcinfo -- - -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages nfs-common depends on: ii adduser 3.113+nmu3 ii initscripts 2.88dsf-59.2 ii libc6 2.19-22 ii libcap2 1:2.24-12 ii libcomerr2 1.42.13-1 ii libdevmapper1.02.1 2:1.02.104-1 ii libevent-2.0-5 2.0.21-stable-2 ii libgssapi-krb5-2 1.13.2+dfsg-3 ii libk5crypto3 1.13.2+dfsg-3 ii libkeyutils1 1.5.9-8 ii libkrb5-3 1.13.2+dfsg-3 ii libmount1 2.27-3 ii libnfsidmap2 0.25-5 ii libtirpc1 0.2.5-1 ii libwrap0 7.6.q-25 ii lsb-base 9.20150917 ii rpcbind 0.2.1-6.1 ii ucf 3.0030 Versions of packages nfs-common recommends: ii python 2.7.9-1 Versions of packages nfs-common suggests: pn open-iscsi <none> pn watchdog <none> - -- Configuration Files: /etc/default/nfs-common changed [not included] - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVjaEy/hx3EthBlqjAQg8XQ//RcUedQyQXQ42y6qAfUqBmbvv5gWHAm/4 RNu2FgnVg9drztx6V42g9J6YBma9CNrcmq2HU41Sb8OZMugXbJFvnCo8rBYmXNDj JSIwyXSs/YgtSv6Vro9vLtYlGoKeaBFRCpylmfUdSfdDx0Hw0Ik3Q6wN/LP68ksl 0KnXNUYBQVQpwtDcYRcidRewrhcapdTcjJ2AlPKbsHPu6GAuHm96HyFK8M3I7FNX 0A7SnIY0wT0MvOm/F+dB6v01JGsa1VuqedlqEI+7uJdRv1Re2gmeNhTnwGXawNHh TVlw+3h/4jfbDkQDb+Q8XVH+d4uRofHwU7+gCLC/p4zMjc1/ad54vVjPT8+GuanJ y8rWGK5Q66+qSLAzY8Q1N6UQTbBfx1/LJs1RP242yGsbo0UG9ixNjy+Byd0AA8cV m8u7DD8HJVjPALg9PeokcwBjjRcBXAVRmleEb9FHqNrh0lnXWj5WlsiwfgdO/867 CFu60IacHAoXswOdW1ALqAi5GzcnMOhmCBWe6TTge6uWJLOSggFS6PEjuNNcbc1H YI/LWd3phEUR5Hiif9JcwBJe1Z3oBDnhLZ9sP98Yr8tqVID6OyfyBG+tgpcRQYx6 lbF1w4L5GYR/SjaLPzBzG2bkFFC3+aQbASOjJXT+CcVvnVbwt9cgzMk3sb/6Z0wp 2ALwOvVxxek= =0M+G -----END PGP SIGNATURE-------- nfs-utils-1.2.8.orig/utils/gssd/gssd_proc.c 2015-11-01 22:04:38.975460740 +0100 +++ nfs-utils-1.2.8/utils/gssd/gssd_proc.c 2015-11-01 22:10:37.794464626 +0100 @@ -176,23 +176,21 @@ char *hostname; char hbuf[NI_MAXHOST]; unsigned char buf[sizeof(struct in6_addr)]; - int servername = 0; - if (avoid_dns) { + while (avoid_dns) { /* * Determine if this is a server name, or an IP address. * If it is an IP address, do the DNS lookup otherwise * skip the DNS lookup. */ - servername = 0; - if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1) - servername = 1; /* IPv4 */ - else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1) - servername = 1; /* or IPv6 */ + if (strchr(name, '.') == NULL) + break; /* local name */ + else if (inet_pton(AF_INET, name, buf) == 1) + break; /* IPv4 address */ + else if (inet_pton(AF_INET6, name, buf) == 1) + break; /* IPv6 addrss */ - if (servername) { - return strdup(name); - } + return strdup(name); } switch (sa->sa_family) {
--- End Message ---
--- Begin Message ---
- To: Daniel Pocock <daniel@pocock.pro>, 803710-done@bugs.debian.org
- Subject: Re: 1.3.4 uploaded, please test
- From: Sebastian Schmidt <yath@yath.de>
- Date: Thu, 15 Dec 2016 10:37:56 +0100
- Message-id: <20161215093756.4nnrqubqj2qd4k4f@moniac.lan.yath.de>
- In-reply-to: <60a6e78f-eba6-9823-7b87-a3cd9fb29e6c@pocock.pro>
- References: <60a6e78f-eba6-9823-7b87-a3cd9fb29e6c@pocock.pro>
Hi Daniel, On Wed, Dec 14, 2016 at 07:36:46PM +0100, Daniel Pocock wrote: > > > 1.3.4 has been uploaded to sid Thank you so much. I can confirm that this fixes #803710. Thanks, SebastianAttachment: signature.asc
Description: PGP signature
--- End Message ---