git://git.whamcloud.com - fs/lustre-release.git/commit

author	Aurelien Degremont <adegremont@nvidia.com>
	Tue, 15 Aug 2023 14:03:07 +0000 (16:03 +0200)
committer	Oleg Drokin <green@whamcloud.com>
	Thu, 31 Aug 2023 06:38:49 +0000 (06:38 +0000)
commit	9758129177f11515d1f11cffc1e45f659ffd28a2
tree	bd161a6ede3475bbf23c36c540c133c9d46faa38	tree \| snapshot
parent	7f60b2b5580f67ca55e53a78dbaf7d50b5b7ab47	commit \| diff

LU-17015 gss: support large kerberos token on client

If the current Kerberos setup is using large token, like
when PAC feature is enabled for Kerberos, client can crash.

Return an error instead of asserting to avoid the crash
and increase the default buffer size to 4kB instead of 1kB.
This will only increase the SEC_CTX_INIT request size, and
the buffer is shrunk before being sent over the wire.

This will allow security token up to 2kB to be properly
handled by Lustre. Above that size, a different issue will
happen on server side that will require another patch.

Test-Parameters: trivial kerberos=true testlist=sanity-krb5
Signed-off-by: Aurelien Degremont <adegremont@nvidia.com>
Change-Id: I9ce30ee7f8c95bfe41525c49986ffac45ffac97c
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/51946
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>

lustre/ptlrpc/gss/gss_cli_upcall.c		diff \| blob \| history
lustre/ptlrpc/gss/gss_internal.h		diff \| blob \| history