Bug 483812 - make rpc.gssd work with IPv6
make rpc.gssd work with IPv6
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nfs-utils (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Jeff Layton
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-03 13:19 EST by Jeff Layton
Modified: 2009-04-17 07:15 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-17 07:15:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch 1 -- make gssd reverse name resolution work with IPv6 (3.44 KB, patch)
2009-02-03 15:23 EST, Jeff Layton
no flags Details | Diff

  None (edit)
Description Jeff Layton 2009-02-03 13:19:32 EST
Chuck Lever asked that I start looking at getting GSSAPI mounts working over IPv6. Opening this bug to track progress on that front...

We don't yet have a fully working IPv6 server on Linux so I've gone ahead and set up an opensolaris server for interop testing. I have it krb5 mounts working with IPv4. I can confirm that IPv6 does not yet work.

When I attempt a mount, I get these errors in the logs:

Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: can't resolve server feed:0000:0000:0000:0000:0000:0000:0023 name
Feb  3 13:17:52 rawhide rpc.gssd[1619]: ERROR: failed to read service info

So it looks like the first step is to get reverse resolution of IPv6 address to server name working.
Comment 1 Jeff Layton 2009-02-03 15:23:13 EST
Created attachment 330770 [details]
patch 1 -- make gssd reverse name resolution work with IPv6

First patch. Make reverse name resolution work with IPv6. This seems to get it past the "can't resolve hostname" errors.
Comment 2 Jeff Layton 2009-02-03 15:25:26 EST
That patch gets it over the initial hump. Now I see a segfault in what looks like nfs-utils-lib functions. I'll poke at those some tomorrow...

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x000000000033bbbf in clnttcp_call (h=0x7ffff826e400, proc=0, xdr_args=0x3367a0 <xdr_rpc_gss_init_args>, args_ptr=0x7fffffffdd30 "\006\002", 
    xdr_results=0x336630 <xdr_rpc_gss_init_res>, results_ptr=0x7fffffffdce0 "", timeout={tv_sec = 25, tv_usec = 0}) at clnt_tcp.c:337
#2  0x0000000000335bda in authgss_refresh (auth=0x7ffff826afa0) at auth_gss.c:513
#3  0x0000000000335ff1 in authgss_create (clnt=0x7ffff826e400, name=0x7ffff8204c20, sec=0x7fffffffe2e0) at auth_gss.c:217
#4  0x0000000000336140 in authgss_create_default (clnt=0x7ffff826e400, service=0x7ffff8206e90 "nfs@opensolaris.poochiereds.net", sec=0x7fffffffe2e0) at auth_gss.c:250
#5  0x00007ffff7ff9818 in create_auth_rpc_client (clp=0x7ffff8204a30, clnt_return=0x7fffffffe3a0, auth_return=0x7fffffffe398, uid=0, authtype=0) at gssd_proc.c:677
#6  0x00007ffff7ffa9ca in handle_krb5_upcall (clp=0x7ffff8204a30) at gssd_proc.c:769
#7  0x00007ffff7ff90fc in scan_poll_results (ret=<value optimized out>) at gssd_main_loop.c:76
#8  gssd_run () at gssd_main_loop.c:146
#9  0x00007ffff7ff8e23 in main (argc=<value optimized out>, argv=0x7fffffffe638) at gssd.c:189
Comment 3 Jeff Layton 2009-03-11 12:53:03 EDT
Ok, after a lot of back and forth we determined that the problem in comment #2 was due to a mixing of legacy (glibc) rpc and libtirpc headers and libraries. In more recent tags in Chuck's nfs-utils git tree he's done a better job of making sure that we have a clean switch between libtirpc and legacy rpc.

I now have a first draft of a patchset to convert gssd to libtirpc and to handle IPv6 correctly. It's based on the latest tag in Chuck's tree. With it, I'm able to successfully mount an OpenSolaris server using NFSv4 + IPv6 + krb5. It also eliminates what I think is an unnecessary DNS lookup on each upcall (working on getting confirmation on this).

I've posted the patchset to upstream linux-nfs@vger.kernel.org and nfsv4@linux-nfs.org lists for comment.

Subject: [PATCH 0/6] nfs-utils: convert gssd to TI-RPC and add IPv6 support (RFC)
Comment 4 Jeff Layton 2009-04-17 07:15:26 EDT
Patches have been committed to nfs-utils upstream. They'll be in rawhide soon if they aren't already.

Note You need to log in before you can comment on or make changes to this bug.