[#LU-11414] 'read on open' breaks GSS integrity check

[LU-11414] 'read on open' breaks GSS integrity check Created: 21/Sep/18 Updated: 06/Oct/18 Resolved: 06/Oct/18
Status:	Resolved
Project:	Lustre
Component/s:	None
Affects Version/s:	Lustre 2.12.0
Fix Version/s:	Lustre 2.12.0

Type:

Bug

Priority:

Critical

Reporter:

Sebastien Buisson

Assignee:

Mikhail Pershin

Resolution:

Fixed

Votes:

Labels:

DoM2, gss

Severity:

Rank (Obsolete):

9223372036854775807

Description

Feature 'read on open for DoM files' breaks GSS integrity check.

Indeed, when ski or krb5i flavors are selected, GSS integrity mechanism signs requests on client side before they are sent, and then checks signature on server side upon receiving.
So it is not possible to alter the request content once signature is calculated.

However, with the patch implementing 'read on open for DoM files' (https://review.whamcloud.com/23011), the value of request->rq_reqmsg->lm_repsize is changed after the request has been wrapped. And this field is included in request->rq_reqbuf on which the signature is calculated.
So the signature calculated on the received request on server side does not match the signature calculated on client side.

Consequence is that it is not possible to use Kerberos or Shared Key with integrity protection flavors (and possible full encryption flavors as well).

Comments

Comment by Joseph Gmitter (Inactive) [ 21/Sep/18 ]

Hi Mike,

Can you please take a look at this?

Thanks.

Joe

Comment by Mikhail Pershin [ 22/Sep/18 ]

Sebastien, what is the simple way to check that problem?

Comment by Sebastien Buisson [ 23/Sep/18 ]

Hi Mike,

You can try to run sanity-gss test_1 with SHARED_KEYS=true. Even the fact that preparation before test_1 succeeds would be a good sign.
But it may fail for an unrelated reason. I can test a patch for you if you want.

Thanks,
Sebastien.

Comment by Gerrit Updater [ 23/Sep/18 ]

Mike Pershin (mpershin@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/33223
Subject: ~~LU-11414~~ ptlrpc: don't change buffer when signature is ready
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 7b6683cc5608d7698bf2869601fb13e66b80ca4a

Comment by Mikhail Pershin [ 23/Sep/18 ]

Sebastien, I think this patch should restore GSS functionality. I would appreciate help with testing it, thanks.

Comment by Sebastien Buisson [ 24/Sep/18 ]

Mike, just tested patch at https://review.whamcloud.com/33223 , it fixes GSS regression, thanks.

Comment by Gerrit Updater [ 05/Oct/18 ]

Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/33223/
Subject: ~~LU-11414~~ ptlrpc: don't change buffer when signature is ready
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: cf503e047c7fe58c3f75c912b3ce8da93f79bf0e

Comment by Peter Jones [ 06/Oct/18 ]

Landed for 2.12

Generated at Sat Feb 10 02:43:40 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.

[LU-11414] 'read on open' breaks GSS integrity check Created: 21/Sep/18 Updated: 06/Oct/18 Resolved: 06/Oct/18