- Updated to latest upstream RC release: nfs-utils-1-2-10-rc3

- gssd: Improve first attempt at acquiring GSS credentials (bz 1055077)
- gssd: set $HOME to prevent recursion (bz 1052902)

Signed-off-by: Steve Dickson <steved@redhat.com>
This commit is contained in:
Steve Dickson 2014-01-22 12:53:18 -05:00
parent 179874980c
commit 9a794c316a
3 changed files with 1405 additions and 1 deletions

1344
nfs-utils-1.2.10-rc3.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,53 @@
commit 2f682f25c642fcfe7c511d04bc9d67e732282348
Author: Jeff Layton <jlayton@redhat.com>
Date: Wed Jan 22 11:17:19 2014 -0500
gssd: set $HOME to prevent recursion when home dirs are on kerberized NFS mount
Some krb5 routines will attempt to access files in the user's home
directory. This is problematic for gssd when the user's homedir is
on a kerberized NFS mount as it will end up deadlocked.
Fix this by setting $HOME unconditionally to "/".
Fixes this Fedora bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1052902
Reported-by: Enrico Scholz <rh-bugzilla@ensc.de>
Reported-by: nmorey <nmorey@kalray.eu>
Tested-by: Michael Young <m.a.young@durham.ac.uk>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index fdad153..611ef1a 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -46,6 +46,7 @@
#include <unistd.h>
#include <err.h>
+#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -161,6 +162,18 @@ main(int argc, char *argv[])
}
}
+ /*
+ * Some krb5 routines try to scrape info out of files in the user's
+ * home directory. This can easily deadlock when that homedir is on a
+ * kerberized NFS mount. By setting $HOME unconditionally to "/", we
+ * prevent this behavior in routines that use $HOME in preference to
+ * the results of getpw*.
+ */
+ if (setenv("HOME", "/", 1)) {
+ printerr(1, "Unable to set $HOME: %s\n", strerror(errno));
+ exit(1);
+ }
+
i = 0;
ccachesearch[i++] = strtok(ccachedir, ":");
do {

View File

@ -36,7 +36,8 @@ Source51: nfs-server.preconfig
Source52: nfs-server.postconfig
%define nfs_configs %{SOURCE50} %{SOURCE51} %{SOURCE52}
Patch001: nfs-utils-1.2.10-rc2.patch
Patch001: nfs-utils-1.2.10-rc3.patch
Patch002: nfs-utils-1.2.9-gssd-home.patch
Patch100: nfs-utils-1.2.1-statdpath-man.patch
Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
@ -95,6 +96,7 @@ This package also contains the mount.nfs and umount.nfs program.
%setup -q
%patch001 -p1
%patch002 -p1
%patch100 -p1
%patch101 -p1
@ -311,6 +313,11 @@ fi
/sbin/umount.nfs4
%changelog
* Wed Jan 22 2014 Steve Dickson <steved@redhat.com> 1.2.9-3.0
- Updated to latest upstream RC release: nfs-utils-1-2-10-rc3
- gssd: Improve first attempt at acquiring GSS credentials (bz 1055077)
- gssd: set $HOME to prevent recursion (bz 1052902)
* Fri Jan 10 2014 Steve Dickson <steved@redhat.com> 1.2.9-2.1
- Fixed typo in nfs-service file. (bz 1047972)