1256469 – rpc.gssd: Replace exit(0) by return in process_krb5_upcall to avoid new TKT per upcall

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1256469 - rpc.gssd: Replace exit(0) by return in process_krb5_upcall to avoid new TKT per upcall

Summary: rpc.gssd: Replace exit(0) by return in process_krb5_upcall to avoid new TKT p...

Keywords:
Status:	CLOSED DUPLICATE of bug 1264999
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	nfs-utils
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Steve Dickson
QA Contact:	Yongcheng Yang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1257669
TreeView+	depends on / blocked

Reported:	2015-08-24 16:27 UTC by Andy Adamson
Modified:	2015-09-29 23:36 UTC (History)
CC List:	3 users (show)
Fixed In Version:	nfs-utils-1.3.0-0.18.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1257669 (view as bug list)
Environment:
Last Closed:	2015-09-29 23:36:00 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Andy Adamson 2015-08-24 16:27:33 UTC

Description of problem:
exit(0) silenty reaps the gssd_k5_kt_princ struct, the in-memory
rpc.gssd cache which means that rpc.gssd will get a new TGT and TGS for
each upcall, ignoring a valid TGT in the kerberos credential cache.

Version-Release number of selected component (if applicable):


How reproducible:100%


Steps to Reproduce:
1.Export sec=krb5 share
2.mount NFSv4.1 kerberos krb5 share - the client will first use krb51 (for the EXCHANGE_ID) then krb5 for the mount point.
3.

Actual results: 
Each upcall contacts the KDC for a new TGT (AS-REQ) even though there is a valid TKT in the Kerberos credential cache. You will never see more than one TGS per TKT.

Expected results: rpc.gssd will re-use a valid TKT


Additional info:

This patch, submitted Aug 19, 2015 to Steve Dickson and linux-nfs.org fixes this problem.

rpc.gssd: Replace exit(0) by return in process_krb5_upcall

From: Andy Adamson <andros>

exit(0) silenty reaps the gssd_k5_kt_princ struct, the in-memory
rpc.gssd cache which means that rpc.gssd will get a new TGT and TGS for
each upcall, ignoring a valid TGT in the kerberos credential cache.

Signed-off-by: Andy Adamson <andros>
---
 utils/gssd/gssd_proc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 03afc8b..3fc7bba 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -684,7 +684,7 @@ out:
                AUTH_DESTROY(auth);
        if (rpc_clnt)
                clnt_destroy(rpc_clnt);
-       exit(0);
+       return;

 out_return_error:
        do_error_downcall(fd, uid, downcall_err);

Comment 3 Steve Dickson 2015-08-24 17:18:48 UTC

From: Andy Adamson <andros>

exit(0) silenty reaps the gssd_k5_kt_princ struct, the in-memory
rpc.gssd cache which means that rpc.gssd will get a new TGT and TGS for
each upcall, ignoring a valid TGT in the kerberos credential cache.

Signed-off-by: Andy Adamson <andros>
---
 utils/gssd/gssd_proc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 03afc8b..3fc7bba 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -684,7 +684,7 @@ out:
 		AUTH_DESTROY(auth);
 	if (rpc_clnt)
 		clnt_destroy(rpc_clnt);
-	exit(0);
+	return;
 
 out_return_error:
 	do_error_downcall(fd, uid, downcall_err);
--

Comment 4 Steve Dickson 2015-08-24 17:52:41 UTC

Thie upstream commit... 

commit 21f10369965bb183d1a72df1da0c2811cd2b1d5c
Author: Andy Adamson <andros>
Date:   Mon Aug 24 13:50:09 2015 -0400

    rpc.gssd: Replace exit(0) by return in process_krb5_upcall

Comment 10 Steve Dickson 2015-09-29 23:36:00 UTC


*** This bug has been marked as a duplicate of bug 1264999 ***

Note You need to log in before you can comment on or make changes to this bug.