Date: Sun, 10 Feb 2019 18:57:18 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 235582] rpc_svc_gss / nfsd kernel panic Message-ID: <bug-235582-3630-ljWZuYePO5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235582-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-235582-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235582 --- Comment #13 from Peter Eriksson <peter.x.eriksson@liu.se> --- I'm running a kernel with your patches now on our test server. With some ad= ded code to print the 'cname' to export_name converted as hexadecimal characters (for non-printable ones). It really looks like som 'struct' ending with the length of the principal as a 4-byte int and then the printable principal na= me. Not many NFS clients connecting to that server so a race condition causing = the "random" characters isn't really likely. Especially not when it's the first call to happening :-) (Machine authentication) rpcsec_gss: svc_rpc_gss_accept_sec_context: cl_cname =3D \x04\x01\x00\x0B\x06\x09*\xFFH\xFF\xFF\x12\x01\x02\x02\x00\x00\x00\x16FILIF= JONKAN$@AD.LIU.SE (41 bytes), cl_sname =3D nfs@filur00.it.liu.se rpcsec_gss: accepted context for (41 bytes) with <mech { 1 2 840 113554 1 = 2 2 }, qop 0, svc 1> (User authentication) rpcsec_gss: svc_rpc_gss_accept_sec_context: cl_cname =3D \x04\x01\x00\x0B\x06\x09*\xFFH\xFF\xFF\x12\x01\x02\x02\x00\x00\x00\x12tesje= 148@AD.LIU.SE (37 bytes), cl_sname =3D nfs@filur00.it.liu.se rpcsec_gss: accepted context for (37 bytes) with <mech { 1 2 840 113554 1 = 2 2 }, qop 0, svc 1> My quick hack to print the export_name: maj_stat =3D gss_export_name(&min_stat, cname, &export_name); if (maj_stat !=3D GSS_S_COMPLETE) { rpc_gss_log_status("gss_export_name", client->cl_mech, maj_stat, min_stat); return (FALSE); } if (1) /* Debug printout */ { gss_buffer_desc tmp; char *src, *dst; int i; OM_uint32 dummy; dst =3D tmp.value =3D mem_alloc(tmp.length =3D export_name.length*4+1); src =3D export_name.value; for (i =3D 0; i < export_name.length; i++) { if (*src < ' ' || *src > '~') { sprintf(dst, "\\x%02X", *src); dst +=3D 4; src++; } else *dst++ =3D *src++; } *dst =3D '\0'; rpc_gss_log_debug("svc_rpc_gss_accept_sec_context: cl_c= name =3D %s (%d bytes), cl_sname =3D %s", tmp.value, export_name.length, client->cl_sname && client->cl_sname->sn_principal ? client->cl_sname->sn_principal : "<null>"); gss_release_buffer(&dummy, &tmp); } client->cl_rawcred.client_principal =3D mem_alloc(sizeof(*client->cl_rawcred.client_principal) + export_name.length); client->cl_rawcred.client_principal->len =3D export_name.length; memcpy(client->cl_rawcred.client_principal->name, export_name.value, export_name.length); gss_release_buffer(&min_stat, &export_name); --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235582-3630-ljWZuYePO5>