Bug 1262430

Summary: nsupdate exits on first GSSAPI error instead of processing other commands
Product: [Fedora] Fedora Reporter: Tomáš Hozza <thozza>
Component: bindAssignee: Tomáš Hozza <thozza>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: medium    
Version: rawhideCC: dlavu, drieden, grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, nsoman, pbrezina, preichl, psimerda, pspacek, sgoveas, thozza, vonsch
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1261155 Environment:
Last Closed: 2015-11-04 16:43:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch changing the behavior based on upstream git master branch none

Description Tomáš Hozza 2015-09-11 16:02:15 UTC 
Fedora placeholder, since in the end I created patch that seems to work. I'll send it to upstream, so the behavior can be changed at least there.


+++ This bug was initially created as a clone of Bug #1261155 +++

...
--- Additional comment from Petr Spacek on 2015-09-10 14:10:31 CEST ---

Okay then, in that case we have to fix a bug in nsupdate.

nsupdate apparently exists on GSSAPI failure when called with option -g and does not process other command blocks (separated by 'send' command).

This is different than behavior for other errors where nsupdate just skips the block which failed and continues with the next block of commands.

...
--- Additional comment from Petr Spacek on 2015-09-10 14:58:10 CEST ---

Reproducer:

Store this in a file called "upd":

update add nsupdate.test.redhat.com 666 IN A 192.0.2.1
send
update add nsupdate.test.redhat.com 666 IN TXT "HELLo!"
send

And compare output from following commands:
$ nsupdate /tmp/upd 
update failed: REFUSED
update failed: REFUSED

$ nsupdate -g /tmp/upd 
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Server DNS/xxx not found in Kerberos database.

You can see that first run without GSSAPI tried both command blocks but the second run with GSSAPI failed on first command block and did not continue.
Comment 1 Tomáš Hozza 2015-09-11 16:49:28 UTC 
Created attachment 1072610 [details]
patch changing the behavior based on upstream git master branch
Comment 2 Tomáš Hozza 2015-09-11 16:54:52 UTC 
patch sent to the upstream:

[ISC-Bugs #40685] nsupdate: Don't exit on first GSSAPI error
Comment 5 Tomáš Hozza 2015-09-21 06:56:10 UTC 
merged to 9.9.9,9.9.9(sub),9.10.4,9.11.0:

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=ff55c577ba8a95f763b8982b7ab5e4a980209a09
Comment 6 Tomáš Hozza 2015-11-04 16:43:06 UTC 
I'm not going to backport the change, it will be available in next upstream release. Closing UPSTREAM