** Description changed: Description: Ubuntu 16.04.2 LTS Release: 16.04 Package: nfs-common 1:1.2.8-9ubuntu12.1.0 This bug affects all active and proposed versions of nfs-common used by ubuntu (as every version is based on nfs-utils_1.2.8) from trusty to artful. - There is a small error in the code for rpc.gssd that causes it to always perform reverse DNS when looking up the server name to pass to GSSAPI. This causes a problem for NFS4 in environments where reverse DNS is correctly configured. This has been confirmed in Debian and a more recent version of nfs-utils that appears to have fixed this has been pushed to sid: + There is a small error in the code for rpc.gssd that causes it to always perform reverse DNS when looking up the server name to pass to GSSAPI. This causes a problem for NFS4 in environments where reverse DNS is incorrectly configured or not configurable by the system administrator. This has been confirmed in Debian and a more recent version of nfs-utils that appears to have fixed this has been pushed to sid: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803710 However, I do not know if that version of nfs-utils will make it to ubuntu soon. Will it? If not, the patch to this appears to be rather straightforward. The error is an '== 1' instead of an '== 0' in two lines of gssd_proc.c that are evaluated when the -D flag to rpc.gssd is not passed (and thus avoid_dns is true) --- utils/gssd/gssd_proc.c 2017-06-11 15:47:35.000000000 -0700 +++ utils/gssd/gssd_proc_patch.c 2017-06-11 15:48:36.152115792 -0700 @@ -181,17 +181,17 @@ - if (avoid_dns) { - /* - * Determine if this is a server name, or an IP address. - * If it is an IP address, do the DNS lookup otherwise - * skip the DNS lookup. - */ - servername = 0; + if (avoid_dns) { + /* + * Determine if this is a server name, or an IP address. + * If it is an IP address, do the DNS lookup otherwise + * skip the DNS lookup. + */ + servername = 0; - if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1) + if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 0) - servername = 1; /* IPv4 */ + servername = 1; /* IPv4 */ - else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 1) + else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) == 0) - servername = 1; /* or IPv6 */ - - if (servername) { - return strdup(name); - } - } + servername = 1; /* or IPv6 */ + + if (servername) { + return strdup(name); + } + } Is there any way to get either 1) the updated version of nfs-utils or 2) this patch applied to xenial (and, hopefully, other versions of ubuntu)? Thank you for looking at this!
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697339 Title: rpc.gssd performs reverse DNS by default (regardless of -D flag) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1697339/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
