Package: nfs-common Version: 1:1.2.2-4squeeze2 Severity: normal Tags: patch
gssd ignores a preferred_realm specified via the -R command line option. The attached patch fixes this problem and has already been sent to linux-nfs upstream. This problem affects all Debian suites. Will there be a fix for Squeeze and Wheezy? -- System Information: Debian Release: 6.0.7 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nfs-common depends on: ii adduser 3.112+nmu2 add and remove users and groups ii initscripts 2.88dsf-13.1+squeeze1 scripts for initializing and shutt ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libcomerr2 1.41.12-4stable1 common error description library ii libevent-1.4-2 1.4.13-stable-1 An asynchronous event notification ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries - k ii libgssglue1 0.1-4 mechanism-switch gssapi library ii libk5crypto3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries ii libnfsidmap2 0.23-2 An nfs idmapping library ii librpcsecgss3 0.19-2 allows secure rpc communication us ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii netbase 4.45 Basic TCP/IP networking system ii portmap 6.0.0-2 RPC port mapper ii ucf 3.0025+nmu1 Update Configuration File: preserv nfs-common recommends no packages. nfs-common suggests no packages. -- no debconf information
commit 722bd62d1e6a9d38db57e919d914a371e67d804d Author: Maximilian Wilhelm <[email protected]> Date: Fri May 24 14:46:41 2013 +0200 Fix handling of preferred realm command line option. The current implementation ignores any preferred realm specified on the command line. Fix this behaviour and make sure the preferred realm is used as first realm when trying to acquire a keytab entry. Signed-off-by: Maximilian Wilhelm <[email protected]> Signed-off-by: Frederik Moellers <[email protected]> diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 6275dd8..fb706a8 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -852,11 +852,18 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, } /* - * Try the "appropriate" realm first, and if nothing found for that - * realm, try the default realm (if it hasn't already been tried). + * Make sure the preferred_realm (which may have been explicitly set + * on the command line, is tried first. If nothing is found go on with + * the host and local default realm (if that hasn't already been tried). */ i = 0; realm = realmnames[i]; + + if (strcmp (realm, preferred_realm) != 0) { + realm = preferred_realm; + i = -1; + } + while (1) { if (realm == NULL) { tried_all = 1;
