- Updated to latest upstream RC release: nfs-utils-1-2-10-rc3

- gssd: Improve first attempt at acquiring GSS credentials (bz 1055077) - gssd: set $HOME to prevent recursion (bz 1052902) Signed-off-by: Steve Dickson <steved@redhat.com>
2014-01-22 12:53:18 -05:00 · 2014-01-22 12:53:18 -05:00 · 9a794c316a
commit 9a794c316a
parent 179874980c
3 changed files with 1405 additions and 1 deletions
--- a/nfs-utils-1.2.10-rc3.patch
+++ b/nfs-utils-1.2.10-rc3.patch
--- a/nfs-utils-1.2.9-gssd-home.patch
+++ b/nfs-utils-1.2.9-gssd-home.patch
@ -0,0 +1,53 @@
+commit 2f682f25c642fcfe7c511d04bc9d67e732282348
+Author: Jeff Layton <jlayton@redhat.com>
+Date:   Wed Jan 22 11:17:19 2014 -0500
+
+    gssd: set $HOME to prevent recursion when home dirs are on kerberized NFS mount
+    
+    Some krb5 routines will attempt to access files in the user's home
+    directory. This is problematic for gssd when the user's homedir is
+    on a kerberized NFS mount as it will end up deadlocked.
+    
+    Fix this by setting $HOME unconditionally to "/".
+    
+    Fixes this Fedora bug:
+    
+        https://bugzilla.redhat.com/show_bug.cgi?id=1052902
+    
+    Reported-by: Enrico Scholz <rh-bugzilla@ensc.de>
+    Reported-by: nmorey <nmorey@kalray.eu>
+    Tested-by: Michael Young <m.a.young@durham.ac.uk>
+    Signed-off-by: Jeff Layton <jlayton@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
+index fdad153..611ef1a 100644
+--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
+@@ -46,6 +46,7 @@
+ 
+ #include <unistd.h>
+ #include <err.h>
+#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -161,6 +162,18 @@ main(int argc, char *argv[])
+ 		}
+ 	}
+ 
+	/*
+	 * Some krb5 routines try to scrape info out of files in the user's
+	 * home directory. This can easily deadlock when that homedir is on a
+	 * kerberized NFS mount. By setting $HOME unconditionally to "/", we
+	 * prevent this behavior in routines that use $HOME in preference to
+	 * the results of getpw*.
+	 */
+	if (setenv("HOME", "/", 1)) {
+		printerr(1, "Unable to set $HOME: %s\n", strerror(errno));
+		exit(1);
+	}
+
+ 	i = 0;
+ 	ccachesearch[i++] = strtok(ccachedir, ":");
+ 	do {
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@ -36,7 +36,8 @@ Source51: nfs-server.preconfig
 Source52: nfs-server.postconfig
 %define nfs_configs %{SOURCE50} %{SOURCE51} %{SOURCE52} 

-Patch001: nfs-utils-1.2.10-rc2.patch
+Patch001: nfs-utils-1.2.10-rc3.patch
+Patch002: nfs-utils-1.2.9-gssd-home.patch

 Patch100: nfs-utils-1.2.1-statdpath-man.patch
 Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
@ -95,6 +96,7 @@ This package also contains the mount.nfs and umount.nfs program.
 %setup -q

 %patch001 -p1
+%patch002 -p1

 %patch100 -p1
 %patch101 -p1
@ -311,6 +313,11 @@ fi
 /sbin/umount.nfs4

 %changelog
+* Wed Jan 22 2014 Steve Dickson <steved@redhat.com> 1.2.9-3.0
+- Updated to latest upstream RC release: nfs-utils-1-2-10-rc3
+  - gssd: Improve first attempt at acquiring GSS credentials (bz 1055077)
+- gssd: set $HOME to prevent recursion (bz 1052902)
+
 * Fri Jan 10 2014 Steve Dickson <steved@redhat.com> 1.2.9-2.1
 - Fixed typo in nfs-service file. (bz 1047972)