[Bug 1779962] Re: rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has expired" errors when using kerberos

Steve Dickson 1779962 at bugs.launchpad.net
Wed Jul 18 15:41:28 UTC 2018 

The upstream patch

commit 2a6b8307fa4243a7921270aedf8ce6506e31569a (HEAD -> master, origin/master, origin/HEAD)
Author: Steve Dickson <steved at redhat.com>
Date:   Tue Jul 17 15:09:37 2018 -0400

    rpc.gssd: truncates 32-bit UIDs/GIDs to 16 bits architectures.
    
    utils/gssd_proc.c uses SYS_setresuid and SYS_setresgid in
    change_identity when it should use SYS_setresuid32 and
    SYS_setresgid32 instead. This causes it to truncate
    UIDs/GIDs > 65536.
    
    Fixes: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779962
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1595927
    
    Tested-by: James Ettle <theholyettlz at googlemail.com>
    Tested-by: Sree <Sree at gmail.com>
    Signed-off-by: Steve Dickson <steved at redhat.com>


** Bug watch added: Red Hat Bugzilla #1595927
   https://bugzilla.redhat.com/show_bug.cgi?id=1595927

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1779962

Title:
  rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has
  expired" errors when using kerberos

Status in nfs-utils package in Ubuntu:
  Confirmed

Bug description:
  utils/gssd_proc.c uses SYS_setresuid and SYS_setresgid in
  change_identity when it should use SYS_setresuid32 and SYS_setresgid32
  instead. This causes it to truncate UIDs/GIDs > 65536.

  Symptoms: rpc.gssd is unable to read kerberos credentials files after
  changing identity, failing with a cryptic error message:

  CC 'FILE:/tmp/krb5cc_100001_J5kIrv' is expired or corrupt

  (note the UID 100001 here, rpc.gssd was actually using UID 34465 to
  access this file, and failing in krb5_util.c when calling
  krb5_cc_get_principal)

  The attached patch fixes the bug.

  I'm using Ubuntu 18.04 LTS on an Odroid XU4 (armhf). This bug does not
  exist in Ubuntu 16.04 LTS.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779962/+subscriptions

More information about the foundations-bugs mailing list