Bug#803710: nfs-common: gssd does DNS reverse lookups for servers without -D

Sun, 01 Nov 2015 13:36:43 -0800 

Package: nfs-common
Version: 1:1.2.8-9
Severity: normal
Tags: patch, fixed-upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

The man page states for the '-D' option:

| DNS Reverse lookups are not used for determining the server names pass
| to GSSAPI. This option will reverses that and forces the use of DNS
| Reverse resolution of the  server's  IP  address  to  retrieve  the
| server name to use in GSAPI authentication.

However, this is not true for the version packaged in Debian:

# ps auxwwf|grep '[g]ssd'
root     32062  0.0  0.0  34980  2656 ?        Ss   22:18   0:00 
/usr/sbin/rpc.gssd -vvv
# dig +short fate.yath.de aaaa 
2001:4c50:43f:c700:d2bf:9cff:fe46:a724
# dig +short -x 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 ptr 
# mount fate.yath.de:/data /mnt -t nfs -o vers=4.0,sec=krb5p
(hangs)

After tens of minutes it aborts with "NFS: nfs4_discover_server_trunking
unhandled error -512. Exiting with error EIO".

Meanwhile in syslog, tons of these:

rpc.gssd[32062]: ERROR: unable to resolve 
2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info
rpc.gssd[32062]: ERROR: unable to resolve 
2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info
rpc.gssd[32062]: ERROR: unable to resolve 
2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info

This has been fixed in recent upstream versions (#756900). I have
however attached a patch that backports this specific fix from
nfs-utils-1.3.3 to Debian’s 1.2.8.

Sebastian

- -- Package-specific info:
- -- rpcinfo --

- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages nfs-common depends on:
ii  adduser             3.113+nmu3
ii  initscripts         2.88dsf-59.2
ii  libc6               2.19-22
ii  libcap2             1:2.24-12
ii  libcomerr2          1.42.13-1
ii  libdevmapper1.02.1  2:1.02.104-1
ii  libevent-2.0-5      2.0.21-stable-2
ii  libgssapi-krb5-2    1.13.2+dfsg-3
ii  libk5crypto3        1.13.2+dfsg-3
ii  libkeyutils1        1.5.9-8
ii  libkrb5-3           1.13.2+dfsg-3
ii  libmount1           2.27-3
ii  libnfsidmap2        0.25-5
ii  libtirpc1           0.2.5-1
ii  libwrap0            7.6.q-25
ii  lsb-base            9.20150917
ii  rpcbind             0.2.1-6.1
ii  ucf                 3.0030

Versions of packages nfs-common recommends:
ii  python  2.7.9-1

Versions of packages nfs-common suggests:
pn  open-iscsi  <none>
pn  watchdog    <none>

- -- Configuration Files:
/etc/default/nfs-common changed [not included]

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVjaEy/hx3EthBlqjAQg8XQ//RcUedQyQXQ42y6qAfUqBmbvv5gWHAm/4
RNu2FgnVg9drztx6V42g9J6YBma9CNrcmq2HU41Sb8OZMugXbJFvnCo8rBYmXNDj
JSIwyXSs/YgtSv6Vro9vLtYlGoKeaBFRCpylmfUdSfdDx0Hw0Ik3Q6wN/LP68ksl
0KnXNUYBQVQpwtDcYRcidRewrhcapdTcjJ2AlPKbsHPu6GAuHm96HyFK8M3I7FNX
0A7SnIY0wT0MvOm/F+dB6v01JGsa1VuqedlqEI+7uJdRv1Re2gmeNhTnwGXawNHh
TVlw+3h/4jfbDkQDb+Q8XVH+d4uRofHwU7+gCLC/p4zMjc1/ad54vVjPT8+GuanJ
y8rWGK5Q66+qSLAzY8Q1N6UQTbBfx1/LJs1RP242yGsbo0UG9ixNjy+Byd0AA8cV
m8u7DD8HJVjPALg9PeokcwBjjRcBXAVRmleEb9FHqNrh0lnXWj5WlsiwfgdO/867
CFu60IacHAoXswOdW1ALqAi5GzcnMOhmCBWe6TTge6uWJLOSggFS6PEjuNNcbc1H
YI/LWd3phEUR5Hiif9JcwBJe1Z3oBDnhLZ9sP98Yr8tqVID6OyfyBG+tgpcRQYx6
lbF1w4L5GYR/SjaLPzBzG2bkFFC3+aQbASOjJXT+CcVvnVbwt9cgzMk3sb/6Z0wp
2ALwOvVxxek=
=0M+G
-----END PGP SIGNATURE-----

--- nfs-utils-1.2.8.orig/utils/gssd/gssd_proc.c	2015-11-01 22:04:38.975460740 +0100
+++ nfs-utils-1.2.8/utils/gssd/gssd_proc.c	2015-11-01 22:10:37.794464626 +0100
@@ -176,23 +176,21 @@
 	char			*hostname;
 	char			hbuf[NI_MAXHOST];
 	unsigned char		buf[sizeof(struct in6_addr)];
-	int			servername = 0;
 
-	if (avoid_dns) {
+	while (avoid_dns) {
 		/*
 		 * Determine if this is a server name, or an IP address.
 		 * If it is an IP address, do the DNS lookup otherwise
 		 * skip the DNS lookup.
 		 */
-		servername = 0;
-		if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
-			servername = 1; /* IPv4 */
-		else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
-			servername = 1; /* or IPv6 */
+		if (strchr(name, '.') == NULL)
+			break; /* local name */
+		else if (inet_pton(AF_INET, name, buf) == 1)
+			break; /* IPv4 address */
+		else if (inet_pton(AF_INET6, name, buf) == 1)
+			break; /* IPv6 addrss */
 
-		if (servername) {
-			return strdup(name);
-		}
+		return strdup(name);
 	}
 
 	switch (sa->sa_family) {

Reply via email to