Description of problem: The upgrade to nfs-utils-1.3.3-1 breaks formerly working exports that make use of netgroups. Trying to mount such an export ends with 'permission denied' on the client side. Neither the client nor the server show any relevant log information. Content of /etc/exports: /scratch @unix(rw,async) Version-Release number of selected component (if applicable): nfs-utils-1.3.3-1.rc1.fc22.x86_64 How reproducible: always Steps to Reproduce: 1. Create a netgroups file containing entries as follows and export with NIS unix (workstation1,-,) (workstation2,-,) 2. Create an exports file using the netgroup entry over NIS /scratch @unix(rw,async) 3. Try to mount this export on a client mount server1:/scratch /mnt/test Actual results: mount.nfs: access denied by server while mounting server1:/scratch Expected results: working mount. no error. Additional info: NIS is working properly. ypcat -k netgroup shows the relevant entries. Replacing the netgroup entry in exports with an IP range make the mount possible. Downgrading nfs-utils to nfs-utils-1.3.2-4.fc22.x86_64 on the server makes the mount on the client side (which is still using 1.3.3-1) possible.
I wonder if this patch is causing the problem commit 9a92ef6f194926904b1289e0ce1daecb42bd5e8b Author: Frank Sorenson <sorenson> Date: Mon Nov 2 08:31:29 2015 -0500 mountd: fix netgroup lookup for resolvable IP addresses
Yes it is. I removed this patch from nfs-utils-1.3.4-rc1.patch and rebuilt the rpm for Fedora 22 x86_64. Mounting exports that rely on netgroups work again.
I believe the problem is in the placement of the new lines before the "Okay, strip off the domain" section (to test "hostname.domain" as just "hostname"). That section needs the 'hname' unmodified, so changing it in the new IP address check code broke the lookup. I will look into a fix to make both work, most likely using another scratch string in the new IP check so that hname doesn't get blown away.
Created attachment 1105747 [details] patch to fix the regression Commit 9a92ef6f194926904b1289e0ce1daecb42bd5e8b to add netgroup lookup of resolvable IP addresses inadvertently broke the netgroup check for short hostnames by clobbering the 'hname' variable. This patch fixes that breakage by changing the IP address lookup to use a separate variable. The 'hname' variable used in the short hostname lookup is now untouched in the IP lookup code.
Upstream commit commit 4b5bd85481a45957122357feebfcd514550fc219 Author: Frank Sorenson <sorenson> Date: Wed Dec 16 10:12:38 2015 -0500 mountd: fix netgroup lookup for short hostnames Commit 9a92ef6f to add netgroup lookup of resolvable IP addresses inadvertently broke the netgroup check for short hostnames. This patch fixes that breakage by changing the IP address lookup to use a separate variable. Signed-off-by: Frank Sorenson <sorenson> Signed-off-by: Steve Dickson <steved>