rpc.gssd performs reverse DNS by default (regardless of -D flag)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nfs-utils (Debian) |
Fix Released
|
Unknown
|
|||
nfs-utils (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Package: nfs-common 1:1.2.8-
This bug affects all active and proposed versions of nfs-common used by ubuntu (as every version is based on nfs-utils_1.2.8) from trusty to artful.
There is a small error in the code for rpc.gssd that causes it to always perform reverse DNS when looking up the server name to pass to GSSAPI. This causes a problem for NFS4 in environments where reverse DNS is incorrectly configured or not configurable by the system administrator. This has been confirmed in Debian and a more recent version of nfs-utils that appears to have fixed this has been pushed to sid:
https:/
However, I do not know if that version of nfs-utils will make it to ubuntu soon. Will it?
If not, the patch to this appears to be rather straightforward.
The error is an '== 1' instead of an '== 0' in two lines of gssd_proc.c that are evaluated when the -D flag to rpc.gssd is not passed (and thus avoid_dns is true)
--- utils/gssd/
+++ utils/gssd/
@@ -181,17 +181,17 @@
if (avoid_dns) {
/*
* Determine if this is a server name, or an IP address.
* If it is an IP address, do the DNS lookup otherwise
* skip the DNS lookup.
*/
servername = 0;
- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
+ if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 0)
servername = 1; /* IPv4 */
- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
+ else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 0)
servername = 1; /* or IPv6 */
if (servername) {
return strdup(name);
}
}
Is there any way to get either 1) the updated version of nfs-utils or 2) this patch applied to xenial (and, hopefully, other versions of ubuntu)? Thank you for looking at this!
description: | updated |
tags: | added: xenial |
Changed in nfs-utils (Debian): | |
status: | Unknown → Fix Released |
Changed in nfs-utils (Ubuntu Xenial): | |
status: | New → Triaged |
importance: | Undecided → Low |
tags: | removed: server-next |
The attachment "patch file of proposed fix (if necessary)" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]