https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-9336 Lustre <p>The documentation of the -d flag on lgss_sk only identifies is as setting the "Key random data source" but it also causes the shared key to be regenerated, regardless of the other flags. </p> <p>When converting a server shared key to a client one, it's necessary to use the -m modification flag to change the type attribute of the key. If one uses the -d flag as well, it will rewrite the shared key portion of the keyfile as well, and this behavior is not documented anywhere. This causes errors like:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">Handling sk request Decoded netstring of 653 bytes Creating credentials <span class="code-keyword">for</span> target: test-MDT0000-mdc-ffff88003c228800 with nodemap: <span class="code-keyword">default</span> Searching <span class="code-keyword">for</span> key with description: lustre:test:<span class="code-keyword">default</span> HMAC verification error: 0x60000 from peer 192.168.122.2@tcp sending reply writing message:... </pre> </div></div> <p>It would be nice if this behavior was documented somewhere, though I personally feel like rewriting the shared key should be the sole domain of the -w flag. In any case, I thought I'd report this issue in case it trips up anyone else.</p> LU-9336

ssk: documentation of -d flag of lgss_sk is incomplete

Improvement Minor Resolved Fixed Chris Hanna Kit Westneat Thu, 13 Apr 2017 15:10:58 +0000 Sat, 8 Jul 2017 02:08:20 +0000 Mon, 1 May 2017 18:50:40 +0000 Lustre 2.9.0 Lustre 2.10.0 0 5 <p>Similarly, I see another problem with the documentation of the ‘-d’ flag. According to the lgss_sk help:</p> <p><del>d|</del>-data &lt;file&gt; Key random data source (Default: /dev/random)</p> <p>This implies to me, and I suspect it would to others, that the data file is a source of entropy for the generation of the key. Instead, the file becomes the key, since get_key_data() just copies it in. For example, if “-d /dev/zero” is specified when creating a new key:</p> <p>Version: 1<br/> Type: server<br/> HMAC alg: SHA256<br/> Crypto alg: AES-256-CTR<br/> Ctx Expiration: 604800 seconds<br/> Shared keylen: 256 bits<br/> Prime length: 2048 bits<br/> File system: test<br/> MGS NIDs: <br/> Nodemap name: default<br/> Shared key:<br/> 0000: 0000 0000 0000 0000 0000 0000 0000 0000 ................<br/> 0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................</p> <p>This could be more clearly reflected in the help. I also agree and propose that the -m flag should not rewrite the original secret when adding the client prime, just because the -d option was specified.</p> <p>Kit, Chris, since you are most familiar with this code, could one of you please submit a patch to fix the man page and/or user manual.</p> <p>Kit, do you think that this interaction between options should be considered a defect and instead fixed in the code, rather than a comment in the man page that the user will likely not read closely before they get it wrong?</p> <p>I can write a quick code patch to make the -m and -d flags incompatible, and fix the help text to clarify that -d specifies the data source without any additional randomization. I don't think there is any reason to use modify on the key data source, as one could just create new key. Any objections?</p> <p>That works for me!</p> <p>Chris Hanna (hannac@iu.edu) uploaded a new patch: <a href="https://review.whamcloud.com/26838" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/26838</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9336" title="ssk: documentation of -d flag of lgss_sk is incomplete" class="issue-link" data-issue-key="LU-9336"><del>LU-9336</del></a> utils: prevent key clobber and clarify lgss_sk usage<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 6f0ff3f9c5b2b7bdf69b8f5c7c4e3a2732ee26ac</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="https://review.whamcloud.com/26838/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/26838/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9336" title="ssk: documentation of -d flag of lgss_sk is incomplete" class="issue-link" data-issue-key="LU-9336"><del>LU-9336</del></a> utils: prevent key clobber and clarify lgss_sk usage<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: 236651f59c321cadb66043a5d31174e8ec74c043</p> <p>Landed for 2.10</p> Development Rank 1|hzza4v: Rank (Obsolete) 9223372036854775807