From 374417f3f7c1e74e402a01ae9737ff01334d1dd4 Mon Sep 17 00:00:00 2001 From: Aurelien Degremont Date: Tue, 15 Aug 2023 16:03:07 +0200 Subject: [PATCH] LU-17015 gss: support large kerberos token on client side If the current Kerberos setup is using large token, like when MS-PAC feature is enabled, client can crash. Instead of asserting, return E2BIG to avoid the crash and increase the default buffer size to 4kB instead of 1kB. This will only increase the SEC_CTX_INIT RPC size accordingly as the buffer is shrunk before being sent over the wire. Up to 2kB security token will be properly handled by Lustre. But, above that size, a different issue will happen on server side that will require an other patch. Test-Parameters: kerberos=true testlist=sanity-krb5 Signed-off-by: Aurelien Degremont Change-Id: I9ce30ee7f8c95bfe41525c49986ffac45ffac97c --- lustre/ptlrpc/gss/gss_cli_upcall.c | 24 ++++++++++++++++-------- lustre/ptlrpc/gss/gss_internal.h | 2 +- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/lustre/ptlrpc/gss/gss_cli_upcall.c b/lustre/ptlrpc/gss/gss_cli_upcall.c index 94be1ed..18dabd6 100644 --- a/lustre/ptlrpc/gss/gss_cli_upcall.c +++ b/lustre/ptlrpc/gss/gss_cli_upcall.c @@ -65,12 +65,13 @@ int ctx_init_pack_request(struct obd_import *imp, long token_size, char __user *token) { - struct lustre_msg *msg = req->rq_reqbuf; - struct gss_sec *gsec; - struct gss_header *ghdr; + struct lustre_msg *msg = req->rq_reqbuf; + struct gss_sec *gsec; + struct gss_header *ghdr; struct ptlrpc_user_desc *pud; - __u32 *p, size, offset = 2; - rawobj_t obj; + __u32 total_size; + __u32 *p, size, offset = 2; + rawobj_t obj; LASSERT(msg->lm_bufcount <= 4); LASSERT(req->rq_cli_ctx); @@ -127,16 +128,23 @@ int ctx_init_pack_request(struct obd_import *imp, LBUG(); /* 4. now the token */ - LASSERT(size >= (sizeof(__u32) + token_size)); + total_size = sizeof(__u32) + token_size; + if (size < total_size) { + CERROR("%s: security token is too large (%d > %d): rc = %d\n", + imp->imp_obd->obd_name, total_size, size, -E2BIG); + return -E2BIG; + } *p++ = cpu_to_le32(((__u32) token_size)); if (copy_from_user(p, token, token_size)) { CERROR("can't copy token\n"); return -EFAULT; } - size -= sizeof(__u32) + round_up(token_size, 4); - req->rq_reqdata_len = lustre_shrink_msg(req->rq_reqbuf, offset, + if (size > sizeof(__u32) + round_up(token_size, 4)) { + size -= sizeof(__u32) + round_up(token_size, 4); + req->rq_reqdata_len = lustre_shrink_msg(req->rq_reqbuf, offset, msg->lm_buflens[offset] - size, 0); + } return 0; } diff --git a/lustre/ptlrpc/gss/gss_internal.h b/lustre/ptlrpc/gss/gss_internal.h index f27779f..8fc39e8 100644 --- a/lustre/ptlrpc/gss/gss_internal.h +++ b/lustre/ptlrpc/gss/gss_internal.h @@ -281,7 +281,7 @@ static inline struct gss_sec_keyring *sec2gsec_keyring(struct ptlrpc_sec *sec) # define cache_read_unlock(cdetail) read_unlock(&((cdetail)->hash_lock)) #endif -#define GSS_CTX_INIT_MAX_LEN (1024) +#define GSS_CTX_INIT_MAX_LEN (4096) /* * This only guaranteed be enough for current krb5 des-cbc-crc . We might -- 1.8.3.1