From nobody@FreeBSD.org  Fri Nov 16 10:10:52 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 065DBB95
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 16 Nov 2012 10:10:52 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id C82878FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 16 Nov 2012 10:10:51 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id qAGAAou0034340
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 16 Nov 2012 10:10:50 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id qAGAAoPL034339;
	Fri, 16 Nov 2012 10:10:50 GMT
	(envelope-from nobody)
Message-Id: <201211161010.qAGAAoPL034339@red.freebsd.org>
Date: Fri, 16 Nov 2012 10:10:50 GMT
From: Alex <tomefrom@list.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: strange UID map with nfsuserd
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         173657
>Category:       kern
>Synopsis:       [nfs] strange UID map with nfsuserd
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-fs
>State:          feedback
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 16 10:20:00 UTC 2012
>Closed-Date:    
>Last-Modified:  Thu Dec 27 20:05:48 UTC 2012
>Originator:     Alex
>Release:        9.0-RELEASE-p4
>Organization:
>Environment:
FreeBSD storage.dns.local 9.0-RELEASE-p4 FreeBSD 9.0-RELEASE-p4 #0: Thu Nov  8 15:55:51 2012     user@storage.dns.local:/usr/obj/usr/src/sys/ST_KERNEL  amd64

>Description:
I use nfsv4 with nfsuserd. My /etc/exports

/storage/backup_pool/ports/ports -mapall=nobody -ro -network 10.10.100.0 -mask 255.255.255.0
#/storage/backup_pool/ports/distfiles -mapall=nobody -network 10.10.100.0 -mask 255.255.255.0
/storage/backup_pool/ports/distfiles 	-maproot=root	 -network 10.10.100.0 -mask 255.255.255.0
V4: /storage/backup_pool/ports -sec=sys		-network 10.10.100.0 -mask 255.255.255.0

Domain was set to dns.local on both client and server
Stopping nfsuserd.
Waiting for PIDS: 1491.
Starting nfsuserd.
nfsuserd: domain=dns.local usermax=200 usertimeout=60

Users u1 and u2 exist on the client (with UID 3071 and 3072 respectively), but don`t on the server.

On the client I do
[client:/var/distfiles]#chown u1 test
No name and/or group mapping for uid,gid:(3071,-1)
chown: test: Operation not permitted
[client:/var/distfiles]#chown u1 test
[client:/var/distfiles]#chown u2 test

In messages on client
Nov 16 09:59:01 drweb nfsuserd:[1061]: Added gid=0 name=wheel
Nov 16 09:59:01 drweb nfsuserd:[1059]: Added uid=3071 name=nobody
Nov 16 09:59:01 drweb kernel: No name and/or group mapping for uid,gid:(3071,-1)
Nov 16 09:59:15 drweb nfsuserd:[1060]: Added uid=3071 name=u1
Nov 16 09:59:20 drweb nfsuserd:[1061]: Added uid=3072 name=u2

In messages on server
Nov 16 09:59:01 storage nfsuserd:[1053]: Added uid=32767 name=nobody
Nov 16 09:59:01 storage nfsuserd:[1055]: Added gid=0 name=wheel
Nov 16 09:59:15 storage nfsuserd:[1054]: Added uid=32767 name=u1
Nov 16 09:59:20 storage nfsuserd:[1052]: Added uid=32767 name=u2

If user does not exists on the server, it mapped to  32767 UID on the server. Then I add users u1 and u2 to the server with the same UID. Mapping works correctly. Server log:
Nov 16 10:11:50 storage nfsuserd:[1432]: Added uid=3072 name=u2
Nov 16 10:12:07 storage nfsuserd:[1433]: Added uid=3071 name=u1

The same problem with the client. If user does not exists on the client but exists on the server, it maps to UID   32767 on the client (I do chown on the server). 
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-amd64->freebsd-fs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Nov 16 19:36:41 UTC 2012 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=173657 
State-Changed-From-To: open->feedback 
State-Changed-By: rmacklem 
State-Changed-When: Thu Dec 27 20:03:29 UTC 2012 
State-Changed-Why:  

I have emailed the reporter, asking them if they can 
test the patch: 
http://people.freebsd.org/~rmacklem/setattr-nfsuserd.patch 
which I think fixes the reported problem. 

It basically marks the "default" mappings to nobody for 
cases where there isn't a valid name<->uid mapping and 
doesn't allow Setattr to be done using those "default" 
mappings. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=173657 
>Unformatted:
