Re: [PATCH] SUNRPC: Refactor nfsd4_do_encode_secinfo()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Feb 7, 2013, at 11:55 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:

> On Thu, Feb 07, 2013 at 11:26:43AM -0500, Chuck Lever wrote:
>> 
>> On Feb 7, 2013, at 11:23 AM, "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote:
>> 
>>> On Thu, Feb 07, 2013 at 10:58:25AM -0500, Chuck Lever wrote:
>>>> 
>>>> On Feb 7, 2013, at 10:02 AM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
>>>> 
>>>>> On Fri, Feb 01, 2013 at 05:43:44PM -0500, Chuck Lever wrote:
>>>>>> Clean up.  This matches a similar API for the client side, and
>>>>>> keeps ULP fingers out the of the GSS mech switch.
>>>>>> 
>>>>>> Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
>>>>>> Acked-by: J. Bruce Fields <bfields@xxxxxxxxxx>
>>>>>> ---
>>>>>> 
>>>>>> Bruce-
>>>>>> 
>>>>>> This version of the patch follows the existing logic in
>>>>>> nfsd4_do_encode_secinfo(): If the RPC layer can't find GSS info
>>>>>> that matches an export security flavor, it assumes the flavor is
>>>>>> not a GSS pseudoflavor, and simply puts it on the wire.
>>>>>> 
>>>>>> However, if the below XDR encoding logic is given a legitimate GSS
>>>>>> pseudoflavor but the RPC layer says it does not support that
>>>>>> pseudoflavor for some reason, then we leak GSS pseudoflavor numbers
>>>>>> onto the wire.
>>>>>> 
>>>>>> I confirmed this happens by blacklisting rpcsec_gss_krb5, then
>>>>>> attempted a client transition from the pseudo-fs to a Kerberos-only
>>>>>> share.  The client received a flavor list containing the Kerberos
>>>>>> pseudoflavor numbers, rather than GSS tuples.
>>>>>> 
>>>>>> The encoder logic can check that each pseudoflavor is less than
>>>>>> MAXFLAVOR before writing it into the buffer, to prevent this.  But
>>>>>> after "nflavs" is written into the XDR buffer, the encoder can't
>>>>>> skip writing flavor information into the buffer when it discovers
>>>>>> the RPC layer doesn't support that flavor.
>>>>>> 
>>>>>> Is there some way of writing "nflavs" into the XDR buffer after
>>>>>> the loop that writes the flavor information is complete?
>>>>> 
>>>>> Yes, you can save a pointer and then go back and fill that in--see
>>>>> encode_fattr for an example.
>>>> 
>>>> Thanks, I will submit an additional patch that describes this issue and fixes it.
>>>> 
>>>> I asked David Noveck, as one of the authors of RFC 3530, whether an NFS server should return a zero-length flavor list or an error if SECINFO can't find any flavors a client is allowed to use. His opinion was to return NFS4_OK and a zero-length flavor list.
>>> 
>>> Fine with me for this code.
>> 
>> OK, will go with that.
>> 
>>> (In practice though we should probably be warning somewhere (exportfs?)
>>> if somebody creates an export like that.)
>> 
>> The problem can also arise because gssd isn't running or auth_rpcgss.ko or rpcsec_gss_krb5.ko are not loadable for some reason.  In other words, an empty flavor list might also be the result of a transient server misconfiguration.
> 
> OK.  Do you think the kernel could help by providing a once-only warning
> in such a case?  (Or in the case when we're not able to find support for
> a security flavor set on the export.)

I've thought a little about that.  There is already a logged warning if a gssd upcall times out.  But it's hard to tell inside the kernel why a module doesn't load.  These all look pretty much the same to the RPC layer:

   -  module is blacklisted or not installed?
   -  GSS support wasn't built?
   -  filesystem corruption?
   -  export specifies a security flavor the RPC client doesn't recognize?

I suppose I could add something here, but I wonder about the false alarms.

-- 
Chuck Lever
chuck[dot]lever[at]oracle[dot]com




--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux