Bug#803710: marked as done (nfs-common: gssd does DNS reverse lookups for servers without -D)

To: Sebastian Schmidt <yath@yath.de>
Subject: Bug#803710: marked as done (nfs-common: gssd does DNS reverse lookups for servers without -D)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 15 Dec 2016 09:39:07 +0000
Message-id: <[🔎] handler.803710.D803710.14817946836362.ackdone@bugs.debian.org>
References: <20161215093756.4nnrqubqj2qd4k4f@moniac.lan.yath.de> <144641352088.31449.11227307020876748032.reportbug@moniac.lan.yath.de>

Your message dated Thu, 15 Dec 2016 10:37:56 +0100
with message-id <20161215093756.4nnrqubqj2qd4k4f@moniac.lan.yath.de>
and subject line Re: 1.3.4 uploaded, please test
has caused the Debian Bug report #803710,
regarding nfs-common: gssd does DNS reverse lookups for servers without -D
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
803710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803710
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: nfs-common: gssd does DNS reverse lookups for servers without -D
From: Sebastian Schmidt <yath@yath.de>
Date: Sun, 01 Nov 2015 22:32:00 +0100
Message-id: <144641352088.31449.11227307020876748032.reportbug@moniac.lan.yath.de>

Package: nfs-common
Version: 1:1.2.8-9
Severity: normal
Tags: patch, fixed-upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

The man page states for the '-D' option:

| DNS Reverse lookups are not used for determining the server names pass
| to GSSAPI. This option will reverses that and forces the use of DNS
| Reverse resolution of the  server's  IP  address  to  retrieve  the
| server name to use in GSAPI authentication.

However, this is not true for the version packaged in Debian:

# ps auxwwf|grep '[g]ssd'
root     32062  0.0  0.0  34980  2656 ?        Ss   22:18   0:00 /usr/sbin/rpc.gssd -vvv
# dig +short fate.yath.de aaaa 
2001:4c50:43f:c700:d2bf:9cff:fe46:a724
# dig +short -x 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 ptr 
# mount fate.yath.de:/data /mnt -t nfs -o vers=4.0,sec=krb5p
(hangs)

After tens of minutes it aborts with "NFS: nfs4_discover_server_trunking
unhandled error -512. Exiting with error EIO".

Meanwhile in syslog, tons of these:

rpc.gssd[32062]: ERROR: unable to resolve 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info
rpc.gssd[32062]: ERROR: unable to resolve 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info
rpc.gssd[32062]: ERROR: unable to resolve 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info

This has been fixed in recent upstream versions (#756900). I have
however attached a patch that backports this specific fix from
nfs-utils-1.3.3 to Debian’s 1.2.8.

Sebastian

- -- Package-specific info:
- -- rpcinfo --

- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nfs-common depends on:
ii  adduser             3.113+nmu3
ii  initscripts         2.88dsf-59.2
ii  libc6               2.19-22
ii  libcap2             1:2.24-12
ii  libcomerr2          1.42.13-1
ii  libdevmapper1.02.1  2:1.02.104-1
ii  libevent-2.0-5      2.0.21-stable-2
ii  libgssapi-krb5-2    1.13.2+dfsg-3
ii  libk5crypto3        1.13.2+dfsg-3
ii  libkeyutils1        1.5.9-8
ii  libkrb5-3           1.13.2+dfsg-3
ii  libmount1           2.27-3
ii  libnfsidmap2        0.25-5
ii  libtirpc1           0.2.5-1
ii  libwrap0            7.6.q-25
ii  lsb-base            9.20150917
ii  rpcbind             0.2.1-6.1
ii  ucf                 3.0030

Versions of packages nfs-common recommends:
ii  python  2.7.9-1

Versions of packages nfs-common suggests:
pn  open-iscsi  <none>
pn  watchdog    <none>

- -- Configuration Files:
/etc/default/nfs-common changed [not included]

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVjaEy/hx3EthBlqjAQg8XQ//RcUedQyQXQ42y6qAfUqBmbvv5gWHAm/4
RNu2FgnVg9drztx6V42g9J6YBma9CNrcmq2HU41Sb8OZMugXbJFvnCo8rBYmXNDj
JSIwyXSs/YgtSv6Vro9vLtYlGoKeaBFRCpylmfUdSfdDx0Hw0Ik3Q6wN/LP68ksl
0KnXNUYBQVQpwtDcYRcidRewrhcapdTcjJ2AlPKbsHPu6GAuHm96HyFK8M3I7FNX
0A7SnIY0wT0MvOm/F+dB6v01JGsa1VuqedlqEI+7uJdRv1Re2gmeNhTnwGXawNHh
TVlw+3h/4jfbDkQDb+Q8XVH+d4uRofHwU7+gCLC/p4zMjc1/ad54vVjPT8+GuanJ
y8rWGK5Q66+qSLAzY8Q1N6UQTbBfx1/LJs1RP242yGsbo0UG9ixNjy+Byd0AA8cV
m8u7DD8HJVjPALg9PeokcwBjjRcBXAVRmleEb9FHqNrh0lnXWj5WlsiwfgdO/867
CFu60IacHAoXswOdW1ALqAi5GzcnMOhmCBWe6TTge6uWJLOSggFS6PEjuNNcbc1H
YI/LWd3phEUR5Hiif9JcwBJe1Z3oBDnhLZ9sP98Yr8tqVID6OyfyBG+tgpcRQYx6
lbF1w4L5GYR/SjaLPzBzG2bkFFC3+aQbASOjJXT+CcVvnVbwt9cgzMk3sb/6Z0wp
2ALwOvVxxek=
=0M+G
-----END PGP SIGNATURE-----

--- nfs-utils-1.2.8.orig/utils/gssd/gssd_proc.c	2015-11-01 22:04:38.975460740 +0100
+++ nfs-utils-1.2.8/utils/gssd/gssd_proc.c	2015-11-01 22:10:37.794464626 +0100
@@ -176,23 +176,21 @@
 	char			*hostname;
 	char			hbuf[NI_MAXHOST];
 	unsigned char		buf[sizeof(struct in6_addr)];
-	int			servername = 0;
 
-	if (avoid_dns) {
+	while (avoid_dns) {
 		/*
 		 * Determine if this is a server name, or an IP address.
 		 * If it is an IP address, do the DNS lookup otherwise
 		 * skip the DNS lookup.
 		 */
-		servername = 0;
-		if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
-			servername = 1; /* IPv4 */
-		else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
-			servername = 1; /* or IPv6 */
+		if (strchr(name, '.') == NULL)
+			break; /* local name */
+		else if (inet_pton(AF_INET, name, buf) == 1)
+			break; /* IPv4 address */
+		else if (inet_pton(AF_INET6, name, buf) == 1)
+			break; /* IPv6 addrss */
 
-		if (servername) {
-			return strdup(name);
-		}
+		return strdup(name);
 	}
 
 	switch (sa->sa_family) {

--- End Message ---

--- Begin Message ---

To: Daniel Pocock <daniel@pocock.pro>, 803710-done@bugs.debian.org

Subject: Re: 1.3.4 uploaded, please test

From: Sebastian Schmidt <yath@yath.de>

Date: Thu, 15 Dec 2016 10:37:56 +0100

Message-id: <20161215093756.4nnrqubqj2qd4k4f@moniac.lan.yath.de>

In-reply-to: <60a6e78f-eba6-9823-7b87-a3cd9fb29e6c@pocock.pro>

References: <60a6e78f-eba6-9823-7b87-a3cd9fb29e6c@pocock.pro>
Hi Daniel,

On Wed, Dec 14, 2016 at 07:36:46PM +0100, Daniel Pocock wrote:
> 
> 
> 1.3.4 has been uploaded to sid

Thank you so much. I can confirm that this fixes #803710.

Thanks,

Sebastian
Attachment: signature.asc
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#847681: packaging repository and sid diverging? Various fixes needed.
Next by Date: Processed: found 836122 in 1.2.7-1.2, reassign 845075 to src:linux, reassign 848138 to wnpp
Previous by thread: Processed: fixed
Next by thread: Processed: found 836122 in 1.2.7-1.2, reassign 845075 to src:linux, reassign 848138 to wnpp
Index(es):
- Date
- Thread