| Summary: | Users Belonging To Many Groups Cannot Access Mounted Volume | |||
|---|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | Neil Stoddard <neil.stoddard> | |
| Component: | rpc | Assignee: | GlusterFS Bugs list <gluster-bugs> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | ||
| Severity: | high | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 3.4.0 | CC: | aavati, gluster-bugs, ndevos | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | glusterfs-3.4.3 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1000957 (view as bug list) | Environment: | ||
| Last Closed: | 2014-04-17 13:14:02 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 1000957 | |||
|
Description
Neil Stoddard
2013-08-22 19:07:42 UTC
Rebuilding glibc with MAX_AUTH_BYTES set to 1024 (may be excessive) allows users to access a mounted gluster volume. REVIEW: http://review.gluster.org/5695 (rpc: fix typo which refers glibc macro) posted (#1) for review on master by Anand Avati (avati) Hah! turns out to be a long standing bug.. This was a harmless typo initially when we used RPCSVC_MAX_AUTH_DATA everywhere else and that value was also 400. When we replaced RPCSVC_MAX_AUTH_DATA with GF_MAX_AUTH_DATA as 2048, this location was left out (sed does not detect typos!), and the harmless typo became harmful :-) Please test the patch http://review.gluster.org/5695 and vote on it. Thanks. COMMIT: http://review.gluster.org/5695 committed in master by Vijay Bellur (vbellur) ------ commit d64df6a92c2492812ef7c23cc133f5d7a113ec42 Author: Anand Avati <avati> Date: Thu Aug 22 14:14:22 2013 -0700 rpc: fix typo which refers glibc macro A typo which read MAX_AUTH_BYTES instead of GF_MAX_AUTH_BYTES was picking the value 400 instead of the larger 2048. This causes failures when number of aux group ids is a large number. Change-Id: Idb8d59aee2690fd53e24c2e09f58a16fe387ef27 BUG: 1000131 Signed-off-by: Anand Avati <avati> Reviewed-on: http://review.gluster.org/5695 Tested-by: Gluster Build System <jenkins.com> Reviewed-by: Amar Tumballi <amarts> Reviewed-by: Vijay Bellur <vbellur> You folks rock! I didn't expect such a fast response on this issue.
Unfortunately the patch doesn't fix the problem.
(The fix you made looked like it was also wrong, but not this specific issue).
I'm a novice with the gluster code base but if I'm reading things right in rpc/rpc-lib/src/rpc-clnt.c you make the following call on line 1232:
xdr_size = xdr_sizeof ((xdrproc_t)xdr_callmsg, &request);
xdr_callmsg is defined in glibc in sunrpc/rpc_cmsg.c (grep of gluster didn't find any redefinition). It looks like xdr_sizeof builds up a list of operations to perform and then calls the passed in function (xdr_callmsg). The source for this in turn does:
if (cmsg->rm_call.cb_cred.oa_length > MAX_AUTH_BYTES)
{
return (FALSE);
}
if (cmsg->rm_call.cb_verf.oa_length > MAX_AUTH_BYTES)
{
return (FALSE);
}
This causes xdr_sizeof to return 0.
And there goes my problem. So even though you use GF_MAX_AUTH_BYTES in gluster code, a glibc function gets called that uses MAX_AUTH_BYTES. I may totally be reading this wrong, since I just started looking at this code for the first time the day before last, but that is where I believe the problem lies.
Sorry, I misspoke. The fix you made was RIGHT (not wrong), that code was originally incorrect too, but the patch does not fix my issue. REVIEW: http://review.gluster.org/5854 (rpc: fix typo which refers glibc macro) posted (#1) for review on release-3.4 by Anand Avati (avati) REVIEW: http://review.gluster.org/5854 (rpc: fix typo which refers glibc macro) posted (#2) for review on release-3.4 by Anand Avati (avati) REVIEW: http://review.gluster.org/5854 (rpc: fix typo which refers glibc macro) posted (#3) for review on release-3.4 by Anand Avati (avati) COMMIT: http://review.gluster.org/5854 committed in release-3.4 by Vijay Bellur (vbellur) ------ commit f43a223ad1e53041f46b351aa260203ea0685613 Author: Anand Avati <avati> Date: Thu Aug 22 14:14:22 2013 -0700 rpc: fix typo which refers glibc macro A typo which read MAX_AUTH_BYTES instead of GF_MAX_AUTH_BYTES was picking the value 400 instead of the larger 2048. This causes failures when number of aux group ids is a large number. Change-Id: Idb8d59aee2690fd53e24c2e09f58a16fe387ef27 BUG: 1000131 Signed-off-by: Anand Avati <avati> Reviewed-on: http://review.gluster.org/5854 Tested-by: Gluster Build System <jenkins.com> Reviewed-by: Vijay Bellur <vbellur> This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.4.3, please reopen this bug report. glusterfs-3.4.3 has been announced on the Gluster Developers mailinglist [1], packages for several distributions should already be or become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. The fix for this bug likely to be included in all future GlusterFS releases i.e. release > 3.4.3. In the same line the recent release i.e. glusterfs-3.5.0 [3] likely to have the fix. You can verify this by reading the comments in this bug report and checking for comments mentioning "committed in release-3.5". [1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/5978 [2] http://news.gmane.org/gmane.comp.file-systems.gluster.user [3] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/6137 |