rpc: warn and truncate grouplist if RPC/AUTH can not hold everything

The GlusterFS protocol currently uses AUTH_GLUSTERFS_V2 in the RPC/AUTH header. This header contains the uid, gid and auxiliary groups of the user/process that accesses the Gluster Volume. The AUTH_GLUSTERFS_V2 structure allows up to 65535 auxiliary groups to be passed on. Unfortunately, the RPC/AUTH header is limited to 400 bytes by the RPC specification: http://tools.ietf.org/html/rfc5531#section-8.2 In order to not cause complete failures on the client-side when trying to encode a AUTH_GLUSTERFS_V2 that would result in more than 400 bytes, we can calculate the expected size of the other elements: 1 | pid 1 | uid 1 | gid 1 | groups_len XX | groups_val (GF_MAX_AUX_GROUPS=65535) 1 | lk_owner_len YY | lk_owner_val (GF_MAX_LOCK_OWNER_LEN=1024) ----+------------------------------------------- 5 | total xdr-units one XDR-unit is defined as BYTES_PER_XDR_UNIT = 4 bytes MAX_AUTH_BYTES = 400 is the maximum, this is 100 xdr-units. XX + YY can be 95 to fill the 100 xdr-units. Note that the on-wire protocol has tighter requirements than the internal structures. It is possible for xlators to use more groups and a bigger lk_owner than that can be sent by a GlusterFS-client. This change prevents overflows when allocating the RPC/AUTH header. Two new macros are introduced to calculate the number of groups that fit in the RPC/AUTH header, when taking the size of the lk_owner in account. In case the list of groups exceeds the maximum possible, only the first groups are passed over the RPC/GlusterFS protocol to the bricks. A warning is added to the logs, so that most system administrators will get informed. The reducing of the number of groups is not a new inventions. The RPC/AUTH header (AUTH_SYS or AUTH_UNIX) that NFS uses has a limit of 16 groups. Most, if not all, NFS-clients will reduce any bigger number of groups to 16. (nfs.server-aux-gids can be used to workaround the limit of 16 groups, but the Gluster NFS-server will be limited to a maximum of 93 groups, or fewer in case the lk_owner structure contains more items.) Change-Id: I8410e59d0fd246d601b54b961d3ae9cb5a858c10 BUG: 1053579 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/7202 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Harshavardhana <harsha@harshavardhana.net> Reviewed-by: Santosh Pradhan <spradhan@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
author: Niels de Vos <ndevos@redhat.com> 2014-03-20 18:13:49 +0100
committer: Vijay Bellur <vbellur@redhat.com> 2014-04-08 10:50:52 -0700
commit: 8235de189845986a535d676b1fd2c894b9c02e52 (patch)
tree: 6f5ea06d6b0b9b3f8091e0b9e7b34a7158afe3d1 /rpc/rpc-lib/src/auth-glusterfs.c
parent: 07df69edc8165d875edd42a4080a494e09b98de5 (diff)
1 files changed, 15 insertions, 7 deletions
diff --git a/rpc/rpc-lib/src/auth-glusterfs.c b/rpc/rpc-lib/src/auth-glusterfs.c
index 7bafa82fb..c3fc166b7 100644
--- a/rpc/rpc-lib/src/auth-glusterfs.c
+++ b/rpc/rpc-lib/src/auth-glusterfs.c
@@ -171,8 +171,10 @@ auth_glusterfs_v2_request_init (rpcsvc_request_t *req, void *priv)
 int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv)
 {
         struct auth_glusterfs_parms_v2  au = {0,};
-        int ret = RPCSVC_AUTH_REJECT;
-        int i   = 0;
+        int ret                            = RPCSVC_AUTH_REJECT;
+        int i                              = 0;
+        int max_groups                     = 0;
+        int max_lk_owner_len               = 0;
 
         if (!req)
                 return ret;
@@ -191,17 +193,23 @@ int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv)
         req->lk_owner.len = au.lk_owner.lk_owner_len;
         req->auxgidcount = au.groups.groups_len;
 
-        if (req->auxgidcount > GF_MAX_AUX_GROUPS) {
+        /* the number of groups and size of lk_owner depend on each other */
+        max_groups = GF_AUTH_GLUSTERFS_MAX_GROUPS (req->lk_owner.len);
+        max_lk_owner_len = GF_AUTH_GLUSTERFS_MAX_LKOWNER (req->auxgidcount);
+
+        if (req->auxgidcount > max_groups) {
                 gf_log ("", GF_LOG_WARNING,
                         "more than max aux gids found (%d) , truncating it "
                         "to %d and continuing", au.groups.groups_len,
-                        GF_MAX_AUX_GROUPS);
-                req->auxgidcount = GF_MAX_AUX_GROUPS;
+                        max_groups);
+                req->auxgidcount = max_groups;
         }
 
-        if (req->lk_owner.len > GF_MAX_LOCK_OWNER_LEN) {
+        if (req->lk_owner.len > max_lk_owner_len) {
                 gf_log ("", GF_LOG_WARNING,
-                        "lkowner field > 1k, failing authentication");
+                        "lkowner field to big (%d), depends on the number of "
+                        "groups (%d), failing authentication",
+                        req->lk_owner.len, req->auxgidcount);
                 ret = RPCSVC_AUTH_REJECT;
                 goto err;
         }
author	Niels de Vos <ndevos@redhat.com>	2014-03-20 18:13:49 +0100
committer	Vijay Bellur <vbellur@redhat.com>	2014-04-08 10:50:52 -0700
commit	8235de189845986a535d676b1fd2c894b9c02e52 (patch)
tree	6f5ea06d6b0b9b3f8091e0b9e7b34a7158afe3d1 /rpc/rpc-lib/src/auth-glusterfs.c
parent	07df69edc8165d875edd42a4080a494e09b98de5 (diff)