Bug 765524 (GLUSTER-3792)
| Summary: | secondary group owner limited to 16 groups | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | hurdmann <yves> | ||||
| Component: | access-control | Assignee: | shishir gowda <sgowda> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3.2.4 | CC: | amarts, ashetty, gluster-bugs, nsathyan | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | glusterfs-3.4.0 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-07-24 17:09:24 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 817967 | ||||||
| Attachments: |
|
||||||
Hi Hurdmann, That is a known limitation of supporting upto 16 aux groups with release 3.1/3.2. We plan to bump it up in the later releases. Changing severity of the bug to major from blocker. Hi, thanks for your response, i'm writing a patch to add a #define to src code, i'll post it here after some tests ;) regards hm Hello, i use gluster with an apache server who have a lot of secondary group (one per website) for security reason (one user / one scp / one website ). I have upgraded from 3.2.3 to 3.2.4 to get the patch on rpc/rpc-lib/src/rpc-clnt.c from : 1221 memcpy (au.groups, call_frame->root->groups, 16); to : 1221 memcpy (au.groups, call_frame->root->groups, sizeof (au.groups)); But after some test, the 16 first group are ok but not the over ( 17 , 18 ...). The error and the log are like before the patch. Any idea or patch ? i'm on irc for questions ;) thanks, hm There's a lot of duplicate, constant , number 16 for the same thing : like : RPCSVC_MAX_AUTH_BYTES GF_REQUEST_MAXGROUPS NGRPS 16 into [] and into for. so i need help to complete my patch because i fall in something like that : [2011-11-08 15:23:23.961992] I [server-resolve.c:571:server_resolve] 0-test-volume-server: pure path resolution for �q`O�(����}��ㅷ`O���! (OPENDIR) probably a buffer overflow. Created attachment 719 [details]
Stack trace of the coredump
Hi,
i see that there's a commit on rpc/rpc-lib/src/auth-glusterfs.c
to had a limit :
+ if (req->auxgidcount > 16) {
+ ret = RPCSVC_AUTH_REJECT;
+ goto err;
+ }
+
So it's more bad than only take 16, isn't it ?
I have tried a lot of modification in rpc/fuse and other src. But i ever get my gid array going into my path ... So, i need help, or perhaps a deadline for a patch ? http://review.gluster.com/779 increases the max count of aux gid to 500 from current 16. Try that patch on master branch, and it should work for you. If this patch gets upstream, then you can expect a release in sometime in feb/march 2012. currently its just 200 Aux GIDs on wire.. if we hit this limit, then we will consider extending the protocol. 32 Aux GIDs is the limit. This limitation is tracked through another bug, Bz 789961. So moving this bug to verified for release-3.3. |
I probably have found the source of the number 16 : struct auth_glusterfs_parms { uint64_t lk_owner; u_int pid; u_int uid; u_int gid; u_int ngrps; u_int groups[16]; } __attribute__((packed)); typedef struct auth_glusterfs_parms auth_glusterfs_parms; into : xdr-common.h:64. I try to change it to 64 to test...