Public bug reported:
Static NFS UID/GID translation doesn't work, even when using with
sec=krb5.
The share is exported with:
/nfs
192.168.0.0/24(rw,sync,crossmnt,no_subtree_check,root_squash,fsid=0,sec=krb5)
Mapping configuration in /etc/idmapd.conf:
...
[Translation]
Method = static
[Static]
s...@home.lan = sam
b...@home.lan = bob
...
Logs from rpc.idmapd:
...
rpc.idmapd[3591]: libnfsidmap: processing 'Method' list
libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for
method static
rpc.idmapd[3592]: Expiration time is 600 seconds.
rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.nametoid/channel
rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.idtoname/channel
...
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "1000" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1000" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1003" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "0" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "0" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user
rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (user) id "1002" -> name ""
rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group
rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0
rpc.idmapd[3592]: Server : (group) id "1002" -> name ""
...
As you can see, even though static.so plugin was loaded, ID translation was not
performed.
Looking at this issue with GDB shows that static translation plugin is
skipped in these two lines in libnfsidmap.c:
...
if (plgns[i]->trans->funcname == NULL)
continue;
...
The reason that funcname is null is that pointers to name_to_uid,
name_to_gid, uid_to_name, gid_to_name are explicitly initialized to NULL
in the Ubuntu's version of libnfsidmap/static.c:
...
struct trans_func static_trans = {
.name = "static",
.init = NULL,
.name_to_uid = NULL,
.name_to_gid = NULL,
.uid_to_name = NULL,
.gid_to_name = NULL,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
...
Please note, that in original sources of NFS these callbacks are
correctly initialized like so:
...
struct trans_func static_trans = {
.name = "static",
.init = static_init,
.name_to_uid = static_name_to_uid,
.name_to_gid = static_name_to_gid,
.uid_to_name = static_uid_to_name,
.gid_to_name = static_gid_to_name,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
...
I am not sure why in Ubuntu's package the NFS static ID translation was
disabled, but if it was done deliberately it should've been documented
(maybe here https://help.ubuntu.com/community/NFSv4Howto ?).
Side note: nsswitch translation works correctly.
Ubuntu Server 18.04.1 LTS
libnfsidmap2:amd64 0.25-5.1
** Affects: libnfsidmap (Ubuntu)
Importance: Undecided
Status: New
** Tags: nfs
** Package changed: snapd (Ubuntu) => libnfsidmap (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1812280
Title:
Static ID mapping not functional in NFS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1812280/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
