Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 874029 Details for
Bug 1070927
RPC: AUTH_GSS upcall timed out
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch: gssd: always reply to rpc-pipe requests from kernel
nfs-utils-1.2.3-gssd-always-reply-to-rpc-pipe-requests-from-kernel.patch (text/plain), 3.65 KB, created by
Jeff Layton
on 2014-03-13 15:25:36 UTC
(
hide
)
Description:
patch: gssd: always reply to rpc-pipe requests from kernel
Filename:
MIME Type:
Creator:
Jeff Layton
Created:
2014-03-13 15:25:36 UTC
Size:
3.65 KB
patch
obsolete
>From ad331fdfbd65c6251c2f4c6c1043a2536fa5c85c Mon Sep 17 00:00:00 2001 >From: NeilBrown <neilb@suse.de> >Date: Wed, 20 Nov 2013 12:43:29 -0500 >Subject: [PATCH] gssd: always reply to rpc-pipe requests from kernel. > >Sometimes gssd will open a new rpc-pipe but never read requests from it >or reply to them. This causes the kernel to wait forever for a reply. > >In particular, if a filesystem is mounted by IP, and the IP has no >hostname recorded in /etc/hosts or DNS, then gssd will not listen to >requests and the mount will hang indefinitely. > >The comment in process_clnt_dir() for the "fail_keep_client:" branch >suggests that it is for the case where we couldn't open some >subdirectories. However it is currently also taken if reverse DNS >lookup fails (as well as some other lookup failures). Those failures >should not be treated the same as failure-to-open directories. > >So this patch causes a failure from read_service_info() to *not* be >reported by process_clnt_dir_files. This ensures that >insert_clnt_poll() >will be called and requests will be handled. > >In handle_gssd_upcall, the current error path (taken when the mech is >not "krb5") does not reply to the upcall. This is wrong. A reply is >always appropriate. The only replies which aren't treated as >transient errors are EACCES and EKEYEXPIRED, so we return the former. > >If read_service_info() fails then ->servicename will be NULL which will >cause process_krb5_upcall() (quite reasonably) to become confused. So >in that case we don't even try to process the up-call but just reply >with EACCES. > >As clp->servicename==NULL is no longer treated as fatal, it is not >appropraite to use it to test if read_service_info() has been already >called on a client. Instread test clp->prog. > >Finally, the error path of read_service_info() will close 'fd' if it >isn't -1, so when we close it, we should set fd to -1. > >Acked-by: Jeff Layton <jlayton@redhat.com> >Signed-off-by: NeilBrown <neilb@suse.de> >Signed-off-by: Steve Dickson <steved@redhat.com> >--- > utils/gssd/gssd_proc.c | 21 ++++++++++++--------- > 1 file changed, 12 insertions(+), 9 deletions(-) > >diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c >index c301d467d26c..e596b7881de4 100644 >--- a/utils/gssd/gssd_proc.c >+++ b/utils/gssd/gssd_proc.c >@@ -229,6 +229,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername, > if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1) > goto fail; > close(fd); >+ fd = -1; > buf[nbytes] = '\0'; > > numfields = sscanf(buf,"RPC server: %127s\n" >@@ -382,11 +383,10 @@ process_clnt_dir_files(struct clnt_info * clp) > return -1; > snprintf(info_file_name, sizeof(info_file_name), "%s/info", > clp->dirname); >- if ((clp->servicename == NULL) && >- read_service_info(info_file_name, &clp->servicename, >- &clp->servername, &clp->prog, &clp->vers, >- &clp->protocol, (struct sockaddr *) &clp->addr)) >- return -1; >+ if (clp->prog == 0) >+ read_service_info(info_file_name, &clp->servicename, >+ &clp->servername, &clp->prog, &clp->vers, >+ &clp->protocol, (struct sockaddr *) &clp->addr); > return 0; > } > >@@ -1290,13 +1290,16 @@ handle_gssd_upcall(struct clnt_info *clp) > } > } > >- if (strcmp(mech, "krb5") == 0) >+ if (strcmp(mech, "krb5") == 0 && clp->servername) > process_krb5_upcall(clp, uid, clp->gssd_fd, target, service); > else if (strcmp(mech, "spkm3") == 0) > process_spkm3_upcall(clp, uid, clp->gssd_fd); >- else >- printerr(0, "WARNING: handle_gssd_upcall: " >- "received unknown gss mech '%s'\n", mech); >+ else { >+ if (clp->servername) >+ printerr(0, "WARNING: handle_gssd_upcall: " >+ "received unknown gss mech '%s'\n", mech); >+ do_error_downcall(clp->gssd_fd, uid, -EACCES); >+ } > > out: > free(lbuf); >-- >1.8.5.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=874029">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1070927
: 874029