Bug 186071 - NFSD fails SETCLIENTID_CONFIRM
NFSD fails SETCLIENTID_CONFIRM
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Steve Dickson
Brian Brock
:
Depends On:
Blocks: 181409
  Show dependency treegraph
 
Reported: 2006-03-21 09:39 EST by Steve Dickson
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0575
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-10 18:50:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch 1 of 2 that fixes the problem (3.15 KB, patch)
2006-03-21 09:39 EST, Steve Dickson
no flags Details | Diff
Patch 2 of 2 that fixes the problem (828 bytes, patch)
2006-03-21 09:40 EST, Steve Dickson
no flags Details | Diff

  None (edit)
Description Steve Dickson 2006-03-21 09:39:23 EST
Created attachment 126400 [details]
Patch 1 of 2 that fixes the problem
Comment 1 Steve Dickson 2006-03-21 09:39:23 EST
Description of problem:
nfsd_setuser() sets both the rqstp->cred and the current tasks uid, gid, and 
groups according to an exports squash rules (all_squash, root_squash). 
nfsd_setuser() is called in fh_verify() to correctly set the current's threads 
access to an export's directories and files.

setting the rqstp->cred is problematic for SETCLIENTID which is required to 
store the principal used for it's call, and whcih has client-wide scope, 
not export wide scope. under the current scheme, the rqstp->cred could
be set by nfsd_setuser or not, depending on the other previous NFSv4
operatios in the SETCLIENTID compound.
in order to pass confirmation of a clientid, SETCLIENTID_CONFIRM compares
the rqstp->cred with the credentials stored by SETCLIENTID. again, setting
the rqstp->cred with nfsd_user() is probelmatic.


Version-Release number of selected component (if applicable):


How reproducible:
Mount a newer Solaris, AIX or HP server

Steps to Reproduce:
1.
2.
3.
  
Actual results:
The mount fails

Expected results:
The mount should work

Additional info:
This was found at this year's Connectathon
Comment 2 Steve Dickson 2006-03-21 09:40:37 EST
Created attachment 126401 [details]
Patch 2 of 2 that fixes the problem
Comment 3 Jason Baron 2006-04-25 22:41:23 EDT
committed in stream U4 build 34.24. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/
Comment 7 Red Hat Bugzilla 2006-08-10 18:51:07 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0575.html

Note You need to log in before you can comment on or make changes to this bug.