[Bug 1812280] [NEW] Static ID mapping not functional in NFS
Oleg
1812280 at bugs.launchpad.net
Fri Jan 18 00:08:00 UTC 2019
Public bug reported:
Static NFS UID/GID translation doesn't work, even when using with
sec=krb5.
The share is exported with:
/nfs
192.168.0.0/24(rw,sync,crossmnt,no_subtree_check,root_squash,fsid=0,sec=krb5)
Mapping configuration in /etc/idmapd.conf:
...
[Translation]
Method = static
[Static]
sam at home.lan = sam
bob at home.lan = bob
...
Logs from rpc.idmapd:
...
rpc.idmapd[3591]: libnfsidmap: processing 'Method' list
libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for method static
rpc.idmapd[3592]: Expiration time is 600 seconds.
rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.nametoid/channel
rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.idtoname/channel
...
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "1000" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1000" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1003" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "0" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "0" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "1002" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1002" -> name ""
...
As you can see, even though static.so plugin was loaded, ID translation was not performed.
Looking at this issue with GDB shows that static translation plugin is
skipped in these two lines in libnfsidmap.c:
...
if (plgns[i]->trans->funcname == NULL)
continue;
...
The reason that funcname is null is that pointers to name_to_uid,
name_to_gid, uid_to_name, gid_to_name are explicitly initialized to NULL
in the Ubuntu's version of libnfsidmap/static.c:
...
struct trans_func static_trans = {
.name = "static",
.init = NULL,
.name_to_uid = NULL,
.name_to_gid = NULL,
.uid_to_name = NULL,
.gid_to_name = NULL,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
...
Please note, that in original sources of NFS these callbacks are
correctly initialized like so:
...
struct trans_func static_trans = {
.name = "static",
.init = static_init,
.name_to_uid = static_name_to_uid,
.name_to_gid = static_name_to_gid,
.uid_to_name = static_uid_to_name,
.gid_to_name = static_gid_to_name,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
...
I am not sure why in Ubuntu's package the NFS static ID translation was
disabled, but if it was done deliberately it should've been documented
(maybe here https://help.ubuntu.com/community/NFSv4Howto ?).
Side note: nsswitch translation works correctly.
Ubuntu Server 18.04.1 LTS
libnfsidmap2:amd64 0.25-5.1
** Affects: libnfsidmap (Ubuntu)
Importance: Undecided
Status: New
** Tags: nfs
** Package changed: snapd (Ubuntu) => libnfsidmap (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnfsidmap in Ubuntu.
https://bugs.launchpad.net/bugs/1812280
Title:
Static ID mapping not functional in NFS
Status in libnfsidmap package in Ubuntu:
New
Bug description:
Static NFS UID/GID translation doesn't work, even when using with
sec=krb5.
The share is exported with:
/nfs
192.168.0.0/24(rw,sync,crossmnt,no_subtree_check,root_squash,fsid=0,sec=krb5)
Mapping configuration in /etc/idmapd.conf:
...
[Translation]
Method = static
[Static]
sam at home.lan = sam
bob at home.lan = bob
...
Logs from rpc.idmapd:
...
rpc.idmapd[3591]: libnfsidmap: processing 'Method' list
libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for method static
rpc.idmapd[3592]: Expiration time is 600 seconds.
rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.nametoid/channel
rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.idtoname/channel
...
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "1000" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1000" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1003" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "0" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "0" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "1002" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1002" -> name ""
...
As you can see, even though static.so plugin was loaded, ID translation was not performed.
Looking at this issue with GDB shows that static translation plugin is
skipped in these two lines in libnfsidmap.c:
...
if (plgns[i]->trans->funcname == NULL)
continue;
...
The reason that funcname is null is that pointers to name_to_uid,
name_to_gid, uid_to_name, gid_to_name are explicitly initialized to
NULL in the Ubuntu's version of libnfsidmap/static.c:
...
struct trans_func static_trans = {
.name = "static",
.init = NULL,
.name_to_uid = NULL,
.name_to_gid = NULL,
.uid_to_name = NULL,
.gid_to_name = NULL,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
...
Please note, that in original sources of NFS these callbacks are
correctly initialized like so:
...
struct trans_func static_trans = {
.name = "static",
.init = static_init,
.name_to_uid = static_name_to_uid,
.name_to_gid = static_name_to_gid,
.uid_to_name = static_uid_to_name,
.gid_to_name = static_gid_to_name,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
...
I am not sure why in Ubuntu's package the NFS static ID translation
was disabled, but if it was done deliberately it should've been
documented (maybe here https://help.ubuntu.com/community/NFSv4Howto
?).
Side note: nsswitch translation works correctly.
Ubuntu Server 18.04.1 LTS
libnfsidmap2:amd64 0.25-5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1812280/+subscriptions
More information about the foundations-bugs
mailing list