From nobody Fri Nov 08 02:53:59 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xl3Rq1QK2z5btpf for ; Fri, 08 Nov 2024 02:53:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Xl3Rp6VM9z4jkW for ; Fri, 8 Nov 2024 02:53:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731034438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4toh+bre/Nu5L9VtbddI3SQJCVX9LfPkyGhhawCJ73Y=; b=e6kp2Jgi+vWi+361UgZWpbm+/bH+iSClrf0SMBaktiy0tRO052qx0glMwuG7aKLTuQ03TZ xnzj/C5fOi0YRgCs5NSfZAU0ZRn7eeoeErv9lJMYeghXZufvGSlPU4ydHa3EgfFyMQVJw1 M2QPTfz5L701gx5yA0fn4wBuxolYLwRgVZfnPwgMDE7U8C973lMwWN0qsHkz1aNYQuCTTY 8JFfTulS+yURiFVNc6IoC2lkgeKLE9sywxVncr0L/DSR0pcJDVejHDbrQ4fbYcAOCSv+kQ pQmPUg1OZboE3qVMGC8tw43WrFZvXdBY7xeCUUhxR5x5txJdOPwKizoBvtVZ8Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731034438; a=rsa-sha256; cv=none; b=qXQfEF2x4BcVYpTQLamyGkPqlC71Osmm2sKU7AuCOZLUriAEDH6bnsGoUF5XAF6a4B/soP 5zpg6JWjVCqgqOAupxV8lkm/ZYNdoZcvUdE+35BvJTq35gRNX1t83hkWHyLUCcYASuQECD NDwEwi7AKJd+mD6RM82dCAfO7bfB8+c6aCiOMDK8bovS3wo5OeSihyx8ZXxJrccHCKScdZ qi1Ab8KZdSIZIqIIRQdJQ5iYFYtCnZ9DMtmYClFBHR5e8YSe+oAZG3qY7WhPmtVuVfSi9N MkTqagpZweLHKyOJSG82yVh+GdCjOINZZ2pWiRuRfno8izvQfviVrYHmo0AKDQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Xl3Rp66bsz1BWj for ; Fri, 8 Nov 2024 02:53:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4A82rwJR029927 for ; Fri, 8 Nov 2024 02:53:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4A82rwqR029926 for bugs@FreeBSD.org; Fri, 8 Nov 2024 02:53:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 282620] NFSv4 user mapping not working Date: Fri, 08 Nov 2024 02:53:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jmmv@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282620 Bug ID: 282620 Summary: NFSv4 user mapping not working Product: Base System Version: 14.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jmmv@FreeBSD.org I've set up a Kerberos domain (the KDC is on a pfSense box) and an NFSv4 se= rver which is on a Synology NAS. I'm mounting the remote share on my FreeBSD 14.2-STABLE client with an entr= y in fstab like this: nas:/volume1/homes /shared nfs rw,nfsv4,gssname=3Dhost,sec=3Dkrb5p,pnfs 0 0 I have gssd and nfsuserd running, but when I list the contents of the directory, I get: $ ls -l /shared total 0 drwxr-xr-x 1 nobody nogroup 0 Sep 27 21:11 admin drwxr-xr-x 1 nobody nogroup 0 Nov 5 19:58 jmmv drwxr-xr-x 1 nobody nogroup 0 Oct 8 16:59 manager The "jmmv" directory should show up as owned by "jmmv", but it shows up as "nobody". When I start nfsuserd with -verbose set, I get: nfsuserd: domain=3Dmeroh.net usermax=3D200 usertimeout=3D60 The domain meroh.net is the correct domain for the machine, and the Kerberos domain name is MEROH.NET. I've added logging statements to nfsuserd and can see that the GETUSER requ= ests from the kernel carry jmmv@MEROH.NET in them, which seems good, but still things don't work. In playing with the code, I modified the nfsuserd code with this: ------ --- a/usr.sbin/nfsuserd/nfsuserd.c +++ b/usr.sbin/nfsuserd/nfsuserd.c @@ -377,8 +377,15 @@ main(int argc, char *argv[]) setgrent(); while (i < nid.nid_usermax && (grp =3D getgrent())) { nid.nid_gid =3D grp->gr_gid; - nid.nid_name =3D grp->gr_name; - nid.nid_namelen =3D strlen(grp->gr_name); + char buf[1024]; + snprintf(buf, sizeof(buf), "%s@%s", grp->gr_name, dnsname); + char *ptr =3D strchr(buf, '@'); + while (*ptr !=3D '\0') { + *ptr =3D toupper(*ptr); + ptr++; + } + nid.nid_name =3D buf; + nid.nid_namelen =3D strlen(nid.nid_name); nid.nid_ngroup =3D 0; nid.nid_grps =3D NULL; nid.nid_flag =3D NFSID_ADDGID; @@ -416,8 +423,15 @@ main(int argc, char *argv[]) continue; check_dups[i - start_uidpos] =3D pwd->pw_uid; nid.nid_uid =3D pwd->pw_uid; - nid.nid_name =3D pwd->pw_name; - nid.nid_namelen =3D strlen(pwd->pw_name); + char buf[1024]; + snprintf(buf, sizeof(buf), "%s@%s", pwd->pw_name, dnsname); + char *ptr =3D strchr(buf, '@'); + while (*ptr !=3D '\0') { + *ptr =3D toupper(*ptr); + ptr++; + } + nid.nid_name =3D buf; + nid.nid_namelen =3D strlen(nid.nid_name); if (manage_gids !=3D 0) { /* Get the group list for this user. */ ngroup =3D NGROUPS; ------ And got the usernames to work properly _after_ mount. This is insufficient = when the cache expires though because the above is only for the daemon initialization, but seems to show that there is some inconsistency between = what nfsuserd thinks the domain should be expressed and what the kernel expects. Note that, in the above, the toupper is important as well. I do not know yet if this is a failure of my configuration or a bug in nfsu= serd / the kernel. Could you assist / confirm? --=20 You are receiving this mail because: You are the assignee for the bug.=