[Bug 1779962] Re: rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has expired" errors when using kerberos
Johannes Midgren
johannes at midgren.net
Wed Jul 10 21:15:36 UTC 2019
I assume I spotted the exact same error as the reporter using Ubuntu
18.04 on Odroid XU4. For me it fails when using FreeIPA (with high
UIDs/GIDs) and Kerberized NFS4. When applying the patch the problem goes
away, but so far I have not give it more testing than that. Considering
the nature of the patch the risk of side effects seem small though :-)
Does anyone know if there is a chance for this fix to be released in
Bionic as well?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1779962
Title:
rpc.gssd truncates 32-bit UIDs/GIDs to 16 bits, leading to "Key has
expired" errors when using kerberos
Status in nfs-utils package in Ubuntu:
Fix Released
Status in nfs-utils source package in Bionic:
Confirmed
Bug description:
utils/gssd_proc.c uses SYS_setresuid and SYS_setresgid in
change_identity when it should use SYS_setresuid32 and SYS_setresgid32
instead. This causes it to truncate UIDs/GIDs > 65536.
Symptoms: rpc.gssd is unable to read kerberos credentials files after
changing identity, failing with a cryptic error message:
CC 'FILE:/tmp/krb5cc_100001_J5kIrv' is expired or corrupt
(note the UID 100001 here, rpc.gssd was actually using UID 34465 to
access this file, and failing in krb5_util.c when calling
krb5_cc_get_principal)
The attached patch fixes the bug.
I'm using Ubuntu 18.04 LTS on an Odroid XU4 (armhf). This bug does not
exist in Ubuntu 16.04 LTS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779962/+subscriptions
More information about the foundations-bugs
mailing list