>From Soumya <[email protected]>: Soumya has uploaded a new change for review.
https://review.gerrithub.io/274710 Change subject: RPCSEC_GSS: When using kerberos validate principals but not handles ...................................................................... RPCSEC_GSS: When using kerberos validate principals but not handles The original issue and the fix is reported in the below link - - https://github.com/nfs-ganesha/nfs-ganesha/issues/59 As mentioned there, for auth_gss, its not correct to do memcmp for comparing credentials since gss_context_id, which is a handle, shall change. >From RFC 3530, page 67: >>>>> As a security measure, the server MUST NOT cancel a client's leased state if the principal established the state for a given id string is not the same as the principal issuing the SETCLIENTID. ...... ...... Note that if the id string in a SETCLIENTID request is properly constructed, and if the client takes care to use the same principal for each successive use of SETCLIENTID, then, barring an active denial of service attack, NFS4ERR_CLID_INUSE should never be returned. However, client bugs, server bugs, or perhaps a deliberate change of the principal owner of the id string (such as the case of a client that changes security flavors, and under the new flavor, there is no mapping to the previous owner) will in rare cases result in NFS4ERR_CLID_INUSE. <<<< Hence the fix is to compare kerberos princials instead. Author: Alexander Bersenev <[email protected]> Tested-by: Riyas Abdulrasak <[email protected]> BUG: 1269169 Change-Id: Ib1b7fe9daf5917636b7ea891a24be2cd0cfc0327 Signed-off-by: Soumya Koduri <[email protected]> --- M src/support/nfs_creds.c 1 file changed, 41 insertions(+), 0 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/10/274710/1 -- To view, visit https://review.gerrithub.io/274710 To unsubscribe, visit https://review.gerrithub.io/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib1b7fe9daf5917636b7ea891a24be2cd0cfc0327 Gerrit-PatchSet: 1 Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Owner: Soumya <[email protected]> ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Nfs-ganesha-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
