Bug 1284079 - nfs-utils 1.3.3-1 breaks exports using netgroups
nfs-utils 1.3.3-1 breaks exports using netgroups
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: nfs-utils (Show other bugs)
22
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Frank Sorenson
Fedora Extras Quality Assurance
: Patch, Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-20 13:12 EST by Richard Neuboeck
Modified: 2016-03-17 08:15 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-17 08:15:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix the regression (1.76 KB, patch)
2015-12-14 17:35 EST, Frank Sorenson
no flags Details | Diff

  None (edit)
Description Richard Neuboeck 2015-11-20 13:12:27 EST
Description of problem:

The upgrade to nfs-utils-1.3.3-1 breaks formerly working exports that make use of netgroups. Trying to mount such an export ends with 'permission denied' on the client side. Neither the client nor the server show any relevant log information.

Content of /etc/exports:

/scratch @unix(rw,async)


Version-Release number of selected component (if applicable):

nfs-utils-1.3.3-1.rc1.fc22.x86_64


How reproducible:

always


Steps to Reproduce:
1. Create a netgroups file containing entries as follows and export with NIS
unix (workstation1,-,) (workstation2,-,)

2. Create an exports file using the netgroup entry over NIS
/scratch @unix(rw,async)

3. Try to mount this export on a client
mount server1:/scratch /mnt/test


Actual results:

mount.nfs: access denied by server while mounting server1:/scratch


Expected results:

working mount. no error.


Additional info:

NIS is working properly. ypcat -k netgroup shows the relevant entries.
Replacing the netgroup entry in exports with an IP range make the mount possible.
Downgrading nfs-utils to nfs-utils-1.3.2-4.fc22.x86_64 on the server makes the mount on the client side (which is still using 1.3.3-1) possible.
Comment 1 Steve Dickson 2015-11-20 13:56:56 EST
I wonder if this patch is causing the problem

commit 9a92ef6f194926904b1289e0ce1daecb42bd5e8b
Author: Frank Sorenson <sorenson@redhat.com>
Date:   Mon Nov 2 08:31:29 2015 -0500

    mountd: fix netgroup lookup for resolvable IP addresses
Comment 2 Richard Neuboeck 2015-11-23 04:03:27 EST
Yes it is.

I removed this patch from nfs-utils-1.3.4-rc1.patch and rebuilt the rpm for Fedora 22 x86_64. Mounting exports that rely on netgroups work again.
Comment 3 Frank Sorenson 2015-11-26 18:23:57 EST
I believe the problem is in the placement of the new lines before the "Okay, strip off the domain" section (to test "hostname.domain" as just "hostname").  That section needs the 'hname' unmodified, so changing it in the new IP address check code broke the lookup.

I will look into a fix to make both work, most likely using another scratch string in the new IP check so that hname doesn't get blown away.
Comment 5 Frank Sorenson 2015-12-14 17:35 EST
Created attachment 1105747 [details]
patch to fix the regression

Commit 9a92ef6f194926904b1289e0ce1daecb42bd5e8b to add netgroup
lookup of resolvable IP addresses inadvertently broke the
netgroup check for short hostnames by clobbering the 'hname'
variable.

This patch fixes that breakage by changing the IP address
lookup to use a separate variable.  The 'hname' variable
used in the short hostname lookup is now untouched in
the IP lookup code.
Comment 6 Steve Dickson 2015-12-16 10:19:26 EST
Upstream commit

commit 4b5bd85481a45957122357feebfcd514550fc219
Author: Frank Sorenson <sorenson@redhat.com>
Date:   Wed Dec 16 10:12:38 2015 -0500

    mountd: fix netgroup lookup for short hostnames
    
    Commit 9a92ef6f to add netgroup lookup of resolvable
    IP addresses inadvertently broke the netgroup
    check for short hostnames.
    
    This patch fixes that breakage by changing the IP address
    lookup to use a separate variable.
    
    Signed-off-by: Frank Sorenson <sorenson@redhat.com>
    Signed-off-by: Steve Dickson <steved@redhat.com>

Note You need to log in before you can comment on or make changes to this bug.