Bug 1262430 - nsupdate exits on first GSSAPI error instead of processing other commands
Summary: nsupdate exits on first GSSAPI error instead of processing other commands
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: rawhide
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
Assignee: Tomáš Hozza
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-11 16:02 UTC by Tomáš Hozza
Modified: 2015-11-04 16:43 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1261155
Environment:
Last Closed: 2015-11-04 16:43:06 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
patch changing the behavior based on upstream git master branch (2.26 KB, patch)
2015-09-11 16:49 UTC, Tomáš Hozza
no flags Details | Diff

Description Tomáš Hozza 2015-09-11 16:02:15 UTC
Fedora placeholder, since in the end I created patch that seems to work. I'll send it to upstream, so the behavior can be changed at least there.


+++ This bug was initially created as a clone of Bug #1261155 +++

...
--- Additional comment from Petr Spacek on 2015-09-10 14:10:31 CEST ---

Okay then, in that case we have to fix a bug in nsupdate.

nsupdate apparently exists on GSSAPI failure when called with option -g and does not process other command blocks (separated by 'send' command).

This is different than behavior for other errors where nsupdate just skips the block which failed and continues with the next block of commands.

...
--- Additional comment from Petr Spacek on 2015-09-10 14:58:10 CEST ---

Reproducer:

Store this in a file called "upd":

update add nsupdate.test.redhat.com 666 IN A 192.0.2.1
send
update add nsupdate.test.redhat.com 666 IN TXT "HELLo!"
send

And compare output from following commands:
$ nsupdate /tmp/upd 
update failed: REFUSED
update failed: REFUSED

$ nsupdate -g /tmp/upd 
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Server DNS/xxx not found in Kerberos database.

You can see that first run without GSSAPI tried both command blocks but the second run with GSSAPI failed on first command block and did not continue.

Comment 1 Tomáš Hozza 2015-09-11 16:49:28 UTC
Created attachment 1072610 [details]
patch changing the behavior based on upstream git master branch

Comment 2 Tomáš Hozza 2015-09-11 16:54:52 UTC
patch sent to the upstream:

[ISC-Bugs #40685] nsupdate: Don't exit on first GSSAPI error

Comment 5 Tomáš Hozza 2015-09-21 06:56:10 UTC
merged to 9.9.9,9.9.9(sub),9.10.4,9.11.0:

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=ff55c577ba8a95f763b8982b7ab5e4a980209a09

Comment 6 Tomáš Hozza 2015-11-04 16:43:06 UTC
I'm not going to backport the change, it will be available in next upstream release. Closing UPSTREAM


Note You need to log in before you can comment on or make changes to this bug.