[Bug 1977745] Re: nfs-utils/nfs-kernel-server (rpc.svcgssd) ignored /etc/nfs.conf settings

Launchpad Bug Tracker 1977745 at bugs.launchpad.net
Thu Jun 30 10:04:31 UTC 2022 

This bug was fixed in the package nfs-utils - 1:2.6.1-2ubuntu1

---------------
nfs-utils (1:2.6.1-2ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1974233). Remaining changes:
    - d/control: don't provide libnfsidmap2 in libnfsidmap1. This
      package contains not only plugins, but an actual shared library,
      with a different soname.
    - Don't install the regex module, as it's built by
      src:libnfsidmap-regex which is in Universe (MIR: #1960824)
      + d/control: don't conflict/break/etc with libnfsidmap-regex
      + d/libnfsidmap1.install: don't install regex.so
      + d/not-installed: mark files we knowingly don't include in the
        packaging
      + d/p/remove-regex-from-docs.patch: remove the regex section from
        the idmapd.conf(5) manpage, as we are not building that plugin in
        this package
    - Update README file:
      + d/README.Ubuntu: new /etc/nfs.conf config structure
      + d/libnfsidmap1.docs, d/nfs-common.docs: install README.Ubuntu
    - d/nfs-common.postrm: also purge /etc/nfs.conf.d/local.conf
    - d/nfs-common.dirs: we also own /etc/nfs.conf.d
    - New apport hook (LP #1961058):
      + d/source.apport: apport hook for nfs-utils
      + d/control: build-depend dh-apport
      + d/rules: build with apport, and install the hook in the
        nfs-common package which is installed on both client and servers
    - Add more DEP8 tests (LP #1960828):
      + d/t/{control,kerberos-mount,util}: test NFSv4 krb5p mounts
      + d/t/{control, v3-moun}t: specific NFSv3 mount test
  * Dropped:
    - d/nfsconvert.py: add short "u" option for mountd's no-udp
      [Included in 1:2.6.1-2]
    - d/NEWS: explain some of the major changes in 2.6.x
      [Obsoleted by Debian's update to the per-package NEWS files]
    - d/nfs-*.bug-script: update to also include /etc/nfs.conf and
      /etc/nfs.conf.d/*.conf
      [Included in 1:2.6.1-2]
  * Added changes:
    - New binary package libnfsidmap-regex (LP: #1974067):
      + d/control: new package
      + d/libnfsidmap-regex.install: install the plugin file
      + d/not-installed: remove the plugin from the not-installed list
      + d/p/remove-regex-from-docs.patch: deleted
      + d/p/ubuntu-idmapd-manpage-update-regex-other-package.patch:
        note that the regex plugin is in another package
    - rpc.svcgssd fixes and improvements (LP: #1977745):
      + d/p/svcgssd-fix-use-after-free.patch: fix use-after-free which was
        preventing svcgssd options set in /etc/nfs.conf from being used
      + d/p/svcgssd-display-principal-if-set.patch: improve logging,
        showing the expected principal name if it was set in the config
      + d/p/svcgssd-document-missing-options.patch: add missing options to
        the svcgssd manpage
      + d/p/nfs-conf-manpage-missing-svcgssd-options.patch: also
        document the missing svcgssd options to the nfs.conf(5) manpage
    - d/README.Ubuntu: updated with the content of the previous d/NEWS
      file
    - d/rules: re-add hardening option lost from the src:libnfsidmap to
      src:nfs-utils transition (LP: #1980095)

 -- Andreas Hasenack <andreas at canonical.com>  Tue, 28 Jun 2022 10:59:36
-0300

** Changed in: nfs-utils (Ubuntu Kinetic)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1977745

Title:
  nfs-utils/nfs-kernel-server (rpc.svcgssd) ignored /etc/nfs.conf
  settings

Status in nfs-utils package in Ubuntu:
  Fix Released
Status in nfs-utils source package in Jammy:
  Triaged
Status in nfs-utils source package in Kinetic:
  Fix Released

Bug description:
  Tested on:
   Ubuntu 22.04 (x86_64)
   Package: nfs-kernel-server 1:2.6.1-1ubuntu1

  Set config options in /etc/nfs.conf are ignored by rpc.svcgssd
  (required for krb5 NFSv4).

  I was trying to set the principal name like:

  [svcgssd]
  principal=nfs/myhost.mydomain.de at MYDOMAIN.DE

  but rpc.svcgssd refused to start. When specified on command line
  (using the -p option) things started working.

  After having a look at the code (nfs-
  utils-2.6.1/utils/gssd/svcgssd.c), the problem seems to be

          /* We don't need the config anymore */
          conf_cleanup();

  which is called too early. So at the point where gssd_acquire_cred()
  is called the variable "principal" does no longer contain the data
  read from the config file.

  Moving conf_cleanup() to the end of the code helps.

  I also tried to get into contact with the nfs-utils developer
  themselves - but I hope someone at Ubuntu has a better way to contact
  them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1977745/+subscriptions

More information about the foundations-bugs mailing list