Your message dated Thu, 15 Dec 2016 10:37:56 +0100
with message-id <[email protected]>
and subject line Re: 1.3.4 uploaded, please test
has caused the Debian Bug report #803710,
regarding nfs-common: gssd does DNS reverse lookups for servers without -D
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
803710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803710
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nfs-common
Version: 1:1.2.8-9
Severity: normal
Tags: patch, fixed-upstream
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
The man page states for the '-D' option:
| DNS Reverse lookups are not used for determining the server names pass
| to GSSAPI. This option will reverses that and forces the use of DNS
| Reverse resolution of the server's IP address to retrieve the
| server name to use in GSAPI authentication.
However, this is not true for the version packaged in Debian:
# ps auxwwf|grep '[g]ssd'
root 32062 0.0 0.0 34980 2656 ? Ss 22:18 0:00
/usr/sbin/rpc.gssd -vvv
# dig +short fate.yath.de aaaa
2001:4c50:43f:c700:d2bf:9cff:fe46:a724
# dig +short -x 2001:4c50:43f:c700:d2bf:9cff:fe46:a724 ptr
# mount fate.yath.de:/data /mnt -t nfs -o vers=4.0,sec=krb5p
(hangs)
After tens of minutes it aborts with "NFS: nfs4_discover_server_trunking
unhandled error -512. Exiting with error EIO".
Meanwhile in syslog, tons of these:
rpc.gssd[32062]: ERROR: unable to resolve
2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info
rpc.gssd[32062]: ERROR: unable to resolve
2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info
rpc.gssd[32062]: ERROR: unable to resolve
2001:4c50:43f:c700:d2bf:9cff:fe46:a724 to hostname: Name or service not known
rpc.gssd[32062]: ERROR: failed to read service info
This has been fixed in recent upstream versions (#756900). I have
however attached a patch that backports this specific fix from
nfs-utils-1.3.3 to Debian’s 1.2.8.
Sebastian
- -- Package-specific info:
- -- rpcinfo --
- -- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages nfs-common depends on:
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-59.2
ii libc6 2.19-22
ii libcap2 1:2.24-12
ii libcomerr2 1.42.13-1
ii libdevmapper1.02.1 2:1.02.104-1
ii libevent-2.0-5 2.0.21-stable-2
ii libgssapi-krb5-2 1.13.2+dfsg-3
ii libk5crypto3 1.13.2+dfsg-3
ii libkeyutils1 1.5.9-8
ii libkrb5-3 1.13.2+dfsg-3
ii libmount1 2.27-3
ii libnfsidmap2 0.25-5
ii libtirpc1 0.2.5-1
ii libwrap0 7.6.q-25
ii lsb-base 9.20150917
ii rpcbind 0.2.1-6.1
ii ucf 3.0030
Versions of packages nfs-common recommends:
ii python 2.7.9-1
Versions of packages nfs-common suggests:
pn open-iscsi <none>
pn watchdog <none>
- -- Configuration Files:
/etc/default/nfs-common changed [not included]
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVjaEy/hx3EthBlqjAQg8XQ//RcUedQyQXQ42y6qAfUqBmbvv5gWHAm/4
RNu2FgnVg9drztx6V42g9J6YBma9CNrcmq2HU41Sb8OZMugXbJFvnCo8rBYmXNDj
JSIwyXSs/YgtSv6Vro9vLtYlGoKeaBFRCpylmfUdSfdDx0Hw0Ik3Q6wN/LP68ksl
0KnXNUYBQVQpwtDcYRcidRewrhcapdTcjJ2AlPKbsHPu6GAuHm96HyFK8M3I7FNX
0A7SnIY0wT0MvOm/F+dB6v01JGsa1VuqedlqEI+7uJdRv1Re2gmeNhTnwGXawNHh
TVlw+3h/4jfbDkQDb+Q8XVH+d4uRofHwU7+gCLC/p4zMjc1/ad54vVjPT8+GuanJ
y8rWGK5Q66+qSLAzY8Q1N6UQTbBfx1/LJs1RP242yGsbo0UG9ixNjy+Byd0AA8cV
m8u7DD8HJVjPALg9PeokcwBjjRcBXAVRmleEb9FHqNrh0lnXWj5WlsiwfgdO/867
CFu60IacHAoXswOdW1ALqAi5GzcnMOhmCBWe6TTge6uWJLOSggFS6PEjuNNcbc1H
YI/LWd3phEUR5Hiif9JcwBJe1Z3oBDnhLZ9sP98Yr8tqVID6OyfyBG+tgpcRQYx6
lbF1w4L5GYR/SjaLPzBzG2bkFFC3+aQbASOjJXT+CcVvnVbwt9cgzMk3sb/6Z0wp
2ALwOvVxxek=
=0M+G
-----END PGP SIGNATURE-----
--- nfs-utils-1.2.8.orig/utils/gssd/gssd_proc.c 2015-11-01 22:04:38.975460740 +0100
+++ nfs-utils-1.2.8/utils/gssd/gssd_proc.c 2015-11-01 22:10:37.794464626 +0100
@@ -176,23 +176,21 @@
char *hostname;
char hbuf[NI_MAXHOST];
unsigned char buf[sizeof(struct in6_addr)];
- int servername = 0;
- if (avoid_dns) {
+ while (avoid_dns) {
/*
* Determine if this is a server name, or an IP address.
* If it is an IP address, do the DNS lookup otherwise
* skip the DNS lookup.
*/
- servername = 0;
- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
- servername = 1; /* IPv4 */
- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1)
- servername = 1; /* or IPv6 */
+ if (strchr(name, '.') == NULL)
+ break; /* local name */
+ else if (inet_pton(AF_INET, name, buf) == 1)
+ break; /* IPv4 address */
+ else if (inet_pton(AF_INET6, name, buf) == 1)
+ break; /* IPv6 addrss */
- if (servername) {
- return strdup(name);
- }
+ return strdup(name);
}
switch (sa->sa_family) {
--- End Message ---
--- Begin Message ---
Hi Daniel,
On Wed, Dec 14, 2016 at 07:36:46PM +0100, Daniel Pocock wrote:
>
>
> 1.3.4 has been uploaded to sid
Thank you so much. I can confirm that this fixes #803710.
Thanks,
Sebastian
signature.asc
Description: PGP signature
--- End Message ---
