LU-17015 gss: support large kerberos token on client

If the current Kerberos setup is using large token, like
when PAC feature is enabled for Kerberos, client can crash.

Return an error instead of asserting to avoid the crash
and increase the default buffer size to 4kB instead of 1kB.
This will only increase the SEC_CTX_INIT request size, and
the buffer is shrunk before being sent over the wire.

This will allow security token up to 2kB to be properly
handled by Lustre. Above that size, a different issue will
happen on server side that will require another patch.

Lustre-change: https://review.whamcloud.com/51946
Lustre-commit: TBD (from 374417f3f7c1e74e402a01ae9737ff01334d1dd4)

Test-Parameters: trivial kerberos=true testlist=sanity-krb5
Signed-off-by: Aurelien Degremont <adegremont@nvidia.com>
Change-Id: I9ce30ee7f8c95bfe41525c49986ffac45ffac97c
Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/51951
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>

diff --git a/lustre/ptlrpc/gss/gss_cli_upcall.c b/lustre/ptlrpc/gss/gss_cli_upcall.c
index 88aabf3..74d81e5 100644 (file)
--- a/lustre/ptlrpc/gss/gss_cli_upcall.c
+++ b/lustre/ptlrpc/gss/gss_cli_upcall.c
@@ -66,12 +66,13 @@ int ctx_init_pack_request(struct obd_import *imp,
                          long token_size,
                          char __user *token)
 {
-       struct lustre_msg       *msg = req->rq_reqbuf;
-       struct gss_sec          *gsec;
-       struct gss_header       *ghdr;
+       struct lustre_msg *msg = req->rq_reqbuf;
+       struct gss_sec *gsec;
+       struct gss_header *ghdr;
        struct ptlrpc_user_desc *pud;
-       __u32                   *p, size, offset = 2;
-       rawobj_t                 obj;
+       __u32 total_size;
+       __u32 *p, size, offset = 2;
+       rawobj_t obj;
 
        LASSERT(msg->lm_bufcount <= 4);
        LASSERT(req->rq_cli_ctx);
@@ -128,16 +129,23 @@ int ctx_init_pack_request(struct obd_import *imp,
                LBUG();
 
        /* 4. now the token */
-       LASSERT(size >= (sizeof(__u32) + token_size));
+       total_size = sizeof(__u32) + token_size;
+       if (size < total_size) {
+               CERROR("%s: security token is too large (%d > %d): rc = %d\n",
+                      imp->imp_obd->obd_name, total_size, size, -E2BIG);
+               return -E2BIG;
+       }
        *p++ = cpu_to_le32(((__u32) token_size));
        if (copy_from_user(p, token, token_size)) {
                CERROR("can't copy token\n");
                return -EFAULT;
        }
-       size -= sizeof(__u32) + cfs_size_round4(token_size);
 
-       req->rq_reqdata_len = lustre_shrink_msg(req->rq_reqbuf, offset,
+       if (size > sizeof(__u32) + cfs_size_round4(token_size)) {
+               size -= sizeof(__u32) + cfs_size_round4(token_size);
+               req->rq_reqdata_len = lustre_shrink_msg(req->rq_reqbuf, offset,
                                             msg->lm_buflens[offset] - size, 0);
+       }
        return 0;
 }
 

diff --git a/lustre/ptlrpc/gss/gss_internal.h b/lustre/ptlrpc/gss/gss_internal.h
index d8302ba..5b0eab4 100644 (file)
--- a/lustre/ptlrpc/gss/gss_internal.h
+++ b/lustre/ptlrpc/gss/gss_internal.h
@@ -299,7 +299,7 @@ static inline struct gss_sec_keyring *sec2gsec_keyring(struct ptlrpc_sec *sec)
 # define cache_read_unlock(cdetail) read_unlock(&((cdetail)->hash_lock))
 #endif
 
-#define GSS_CTX_INIT_MAX_LEN            (1024)
+#define GSS_CTX_INIT_MAX_LEN            (4096)
 
 /*
  * This only guaranteed be enough for current krb5 des-cbc-crc . We might