Your message dated Wed, 10 Feb 2021 16:19:23 +0000 with message-id <[email protected]> and subject line Bug#581199: fixed in libnfsidmap 0.25-6 has caused the Debian Bug report #581199, regarding libnfsidmap2: Virtual domains/users handling with at sign in idmap to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 581199: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581199 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libnfsidmap2 Version: 0.20-1 Severity: normal Tags: patch Idmap fails to map uid to localname or vice versa in case an 'at' ( @ ) sign is included in the localname. This is particularly the case of virtual domains username where a user@virtual_domain is in fact the username and its @ sign conflicts with username@idmap_domain format used by idmap to handle uid/localname conversions. Where username = user@virtual_domain. Idmap is still able to map uid/localname correctly when the username does not include an @ sign. Both NFS Server and Client are PAM/NSS clients of an OpenLDAP Server that handles users & groups. NFSv4 is used and without kerberos and "nsswitch" Translation method is used rather than umich_ldap. Idmap looks for the first occurrence of and @ sign in the name string and assumes that the @ sign is the one of user@virtual_domain rather than using the one of username@idmap_domain (user@virtual_domain@idmap_domain). The function "strip_domain" is defined in nss.c file and uses "strchr" function on line 138 to find the first occurrence of an @ sign from the name string. As the name string includes 2 occurrences, the domain resulting from that (virtual_domain@idmap_domain) fails to match with the configured idmap domain (idmap_domain) and this causes idmap returning a null value. Switching from "strchr" to "strrchr" simply fix the problem as it would look for the last occurrence rather than the first one and therefore has a resulting domain that matched the idmap one. This obviously makes sense as a URI should be read from right to left and not from left to right when handling domains. The idmap domain is this way the root domain and all virtual domains included in the username it handles will not conflicts with it. A patch is included here below : libnfsidmap_0.20-1_fix_at_sign_user_with_domain.diff ////////////////////////////////////////////////////////////////// --- libnfsidmap-0.20.orig/nss.c 2007-02-05 17:13:05.000000000 +0100 +++ libnfsidmap-0.20/nss.c 2010-05-11 14:35:55.000000000 +0200 @@ -135,7 +135,7 @@ char *l = NULL; int len; - c = strchr(name, '@'); + c = strrchr(name, '@'); if (c == NULL && domain != NULL) goto out; if (c == NULL && domain == NULL) { ////////////////////////////////////////////////////////////////// The patch applies to all archs from oldstable to unstable packages. Versions checked : 0.18-0 (oldstable) 0.20-1 (stable) 0.23-2 (testing,unstable) -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libnfsidmap2 depends on: ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libldap-2.4-2 2.4.11-1+lenny1 OpenLDAP libraries libnfsidmap2 recommends no packages. libnfsidmap2 suggests no packages. -- no debconf information--- libnfsidmap-0.20.orig/nss.c 2007-02-05 17:13:05.000000000 +0100 +++ libnfsidmap-0.20/nss.c 2010-05-11 14:35:55.000000000 +0200 @@ -135,7 +135,7 @@ char *l = NULL; int len; - c = strchr(name, '@'); + c = strrchr(name, '@'); if (c == NULL && domain != NULL) goto out; if (c == NULL && domain == NULL) {
--- End Message ---
--- Begin Message ---Source: libnfsidmap Source-Version: 0.25-6 Done: Adrian Bunk <[email protected]> We believe that the bug you reported is fixed in the latest version of libnfsidmap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <[email protected]> (supplier of updated libnfsidmap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 10 Feb 2021 17:51:15 +0200 Source: libnfsidmap Architecture: source Version: 0.25-6 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <[email protected]> Changed-By: Adrian Bunk <[email protected]> Closes: 581199 865185 924425 Changes: libnfsidmap (0.25-6) unstable; urgency=medium . * QA upload. * Set Maintainer to Debian QA Group. (see #925022) * Build depend on automake instead of automake1.11. (Closes: #865185) . [ Andreas Hasenack ] * d/p/03-uid-map-krb5.patch: fix uid mapping when sec=krb5 is used (Closes: #581199, #924425) Checksums-Sha1: b21a6b2c34d31cd182237218e0871f40f50b0ad5 1907 libnfsidmap_0.25-6.dsc 996a59e6e3c25d04b01bb6c7543f5d3a1b1ebda3 6940 libnfsidmap_0.25-6.debian.tar.xz Checksums-Sha256: 2c7c2e46197677844e380e7f8115eee58bbad4ecad36c5440b5c0e08909c7a50 1907 libnfsidmap_0.25-6.dsc 60489d5953c1563bbcfe8b0d40536c6fa577f919850124a3e3297a543bff6d54 6940 libnfsidmap_0.25-6.debian.tar.xz Files: c09cd0beb7fe0f80c88bd1fda49c692e 1907 libs optional libnfsidmap_0.25-6.dsc 153477f7d3a108bc75b8381822dc57c5 6940 libs optional libnfsidmap_0.25-6.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmAkA4gACgkQiNJCh6LY mLGI/BAAnShBGBpEPJg96KzTgb+37HAPTM/XajiCF0/8vrLUlyjeYaV9hRVJKo6q K1eTt8r13r6wqtWqFPa8P2UNJmswocXr2GLax7ZzijK/Zg4/f9pNqfkdcIrLaLXq GXgk5UZYydFmiDKTmf0piMOrPjJBAxa3TdfBwXjSv6TmwXZGAUMIXHEmXHuinVZq MDhFSqPPzUItjGN8FDnZjRkDAn3hf24WcjXg9XDdHTPTeSDulEJQeMizM7VRGp1L cQfIX6S+vRWWQOEoMaeQVbvt5L4/dMMeVf3XD4z+huH8jM0i2SuMCC6ykEBAoWTu oia9yWAMoZcUcFtj5MM/S5CwlnBBlgtp8x0kdGLV/bFcHhzbu11i2owv96w/T3Lc IzOcUjzpf6y60ALnwT5XERHM/UOwQIEjpTIun+Ljc+tMUMbHOhTAcfYhdr6Bv8RB ftEGyNmPzVFaK3nUrhi1n30WAM5uaMRp+xsUz77b1l4G/ybgNi6fRkC9SvXl4TwJ yO1Tq6qAmqy9aEXqbX5WXfzYYL7hyCSQ2/wIz24+BYT7nntDcli1kauuslivCDMW LmxpinvVygJfXtf0JDK1LkTMdTRAJYRbGdYF+kiAjPI/WVIgaS9SEAv/NWRJqMDt VN7SQEassQgSTtBpMFHSEXuAKf3Br1vtdWoYaV3sHKf5IsOQaIY= =axwj -----END PGP SIGNATURE-----
--- End Message ---
