rc4-hmac-md5 mount failure
diff mbox

Message ID AANLkTikRJad_vR1qxL1Wr4AO0OfP32oCYj4X0cTnVwv+@mail.gmail.com
State New, archived
Headers show

Commit Message

Olga Kornievskaia March 28, 2011, 8:56 p.m. UTC
None

Comments

Trond Myklebust April 6, 2011, 5:17 p.m. UTC | #1
On Mon, 2011-03-28 at 16:56 -0400, Olga Kornievskaia wrote:
> I apologize I have posted an incomplete problem/solution and possibly
> to the wrong thread.
> 
> Problem: linux client mounting linux server using rc4-hmac-md5
> enctype. gssd fails with create a context after receiving a reply from
> the server.
> 
> Diagnose: putting printout statements in the server kernel and
> kerberos libraries revealed that client and server derived different
> integrity keys.
> 
> Server kernel code was at fault due the the commit
> 
> [aglo@skydive linux-pnfs]$ git show 411b5e05617593efebc06241dbc56f42150f2abe
> commit 411b5e05617593efebc06241dbc56f42150f2abe
> Author: Joe Perches <joe@perches.com>
> Date:   Mon Sep 13 12:48:01 2010 -0700
> 
>    net/sunrpc: Use static const char arrays
> 
>    Signed-off-by: Joe Perches <joe@perches.com>
>    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
> 
> diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_
> index 0326446..8a4d083c 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
> @@ -422,7 +422,7 @@ static int
>  context_derive_keys_rc4(struct krb5_ctx *ctx)
>  {
>        struct crypto_hash *hmac;
> -       char sigkeyconstant[] = "signaturekey";
> +       static const char sigkeyconstant[] = "signaturekey";
>        int slen = strlen(sigkeyconstant) + 1;  /* include null terminator */
>        struct hash_desc desc;
>        struct scatterlist sg[1];
> 
> Solution: if this commit is undone, rc4-based mount works without
> issues. verified with linux and windows clients.

Hi Olga,

Thanks for the report! I'll revert this commit in upstream and the
stable kernels.

Cheers
  Trond
Jim Rees April 6, 2011, 5:36 p.m. UTC | #2
Trond Myklebust wrote:

  > diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_
  > index 0326446..8a4d083c 100644
  > --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
  > +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
  > @@ -422,7 +422,7 @@ static int
  >  context_derive_keys_rc4(struct krb5_ctx *ctx)
  >  {
  >        struct crypto_hash *hmac;
  > -       char sigkeyconstant[] = "signaturekey";
  > +       static const char sigkeyconstant[] = "signaturekey";
  >        int slen = strlen(sigkeyconstant) + 1;  /* include null terminator */
  >        struct hash_desc desc;
  >        struct scatterlist sg[1];
  > 
  > Solution: if this commit is undone, rc4-based mount works without
  > issues. verified with linux and windows clients.
  
  Hi Olga,
  
  Thanks for the report! I'll revert this commit in upstream and the
  stable kernels.

But why does this fix it?
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Tom Haynes April 6, 2011, 7:07 p.m. UTC | #3
On 4/6/11 12:36 PM, Jim Rees wrote:
> Trond Myklebust wrote:
>
>    >  diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_
>    >  index 0326446..8a4d083c 100644
>    >  --- a/net/sunrpc/auth_gss/gss_krb5_mech.c
>    >  +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
>    >  @@ -422,7 +422,7 @@ static int
>    >   context_derive_keys_rc4(struct krb5_ctx *ctx)
>    >   {
>    >         struct crypto_hash *hmac;
>    >  -       char sigkeyconstant[] = "signaturekey";
>    >  +       static const char sigkeyconstant[] = "signaturekey";
>    >         int slen = strlen(sigkeyconstant) + 1;  /* include null terminator */
>    >         struct hash_desc desc;
>    >         struct scatterlist sg[1];
>    >
>    >  Solution: if this commit is undone, rc4-based mount works without
>    >  issues. verified with linux and windows clients.
>
>    Hi Olga,
>
>    Thanks for the report! I'll revert this commit in upstream and the
>    stable kernels.
>
> But why does this fix it?
> --

Because it is no longer on the stack?

If whatever referenced it lived longer than the call to 
context_derive_keys_rc4(),
then it would be referencing garbage.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jim Rees April 6, 2011, 7:36 p.m. UTC | #4
Tom Haynes wrote:

  Because it is no longer on the stack?

Yes, that much is obvious.  What I didn't understand was the part about
virt_to_page().
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_
index 0326446..8a4d083c 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -422,7 +422,7 @@  static int
 context_derive_keys_rc4(struct krb5_ctx *ctx)
 {
       struct crypto_hash *hmac;
-       char sigkeyconstant[] = "signaturekey";
+       static const char sigkeyconstant[] = "signaturekey";
       int slen = strlen(sigkeyconstant) + 1;  /* include null terminator */
       struct hash_desc desc;
       struct scatterlist sg[1];