This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1262430 - nsupdate exits on first GSSAPI error instead of processing other commands
nsupdate exits on first GSSAPI error instead of processing other commands
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
rawhide
Unspecified Unspecified
medium Severity unspecified
: ---
: ---
Assigned To: Tomáš Hozza
Fedora Extras Quality Assurance
: Patch
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-11 12:02 EDT by Tomáš Hozza
Modified: 2015-11-04 11:43 EST (History)
16 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1261155
Environment:
Last Closed: 2015-11-04 11:43:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch changing the behavior based on upstream git master branch (2.26 KB, patch)
2015-09-11 12:49 EDT, Tomáš Hozza
no flags Details | Diff

  None (edit)
Description Tomáš Hozza 2015-09-11 12:02:15 EDT
Fedora placeholder, since in the end I created patch that seems to work. I'll send it to upstream, so the behavior can be changed at least there.


+++ This bug was initially created as a clone of Bug #1261155 +++

...
--- Additional comment from Petr Spacek on 2015-09-10 14:10:31 CEST ---

Okay then, in that case we have to fix a bug in nsupdate.

nsupdate apparently exists on GSSAPI failure when called with option -g and does not process other command blocks (separated by 'send' command).

This is different than behavior for other errors where nsupdate just skips the block which failed and continues with the next block of commands.

...
--- Additional comment from Petr Spacek on 2015-09-10 14:58:10 CEST ---

Reproducer:

Store this in a file called "upd":

update add nsupdate.test.redhat.com 666 IN A 192.0.2.1
send
update add nsupdate.test.redhat.com 666 IN TXT "HELLo!"
send

And compare output from following commands:
$ nsupdate /tmp/upd 
update failed: REFUSED
update failed: REFUSED

$ nsupdate -g /tmp/upd 
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Server DNS/xxx@REDHAT.COM not found in Kerberos database.

You can see that first run without GSSAPI tried both command blocks but the second run with GSSAPI failed on first command block and did not continue.
Comment 1 Tomáš Hozza 2015-09-11 12:49:28 EDT
Created attachment 1072610 [details]
patch changing the behavior based on upstream git master branch
Comment 2 Tomáš Hozza 2015-09-11 12:54:52 EDT
patch sent to the upstream:

[ISC-Bugs #40685] nsupdate: Don't exit on first GSSAPI error
Comment 5 Tomáš Hozza 2015-09-21 02:56:10 EDT
merged to 9.9.9,9.9.9(sub),9.10.4,9.11.0:

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=ff55c577ba8a95f763b8982b7ab5e4a980209a09
Comment 6 Tomáš Hozza 2015-11-04 11:43:06 EST
I'm not going to backport the change, it will be available in next upstream release. Closing UPSTREAM

Note You need to log in before you can comment on or make changes to this bug.