diff options
| author | Niels de Vos <ndevos@redhat.com> | 2014-03-20 18:13:49 +0100 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2014-04-08 10:50:52 -0700 |
| commit | 8235de189845986a535d676b1fd2c894b9c02e52 (patch) | |
| tree | 6f5ea06d6b0b9b3f8091e0b9e7b34a7158afe3d1 /rpc/rpc-lib/src/xdr-common.h | |
| parent | 07df69edc8165d875edd42a4080a494e09b98de5 (diff) | |
rpc: warn and truncate grouplist if RPC/AUTH can not hold everything
The GlusterFS protocol currently uses AUTH_GLUSTERFS_V2 in the RPC/AUTH
header. This header contains the uid, gid and auxiliary groups of the
user/process that accesses the Gluster Volume.
The AUTH_GLUSTERFS_V2 structure allows up to 65535 auxiliary groups to
be passed on. Unfortunately, the RPC/AUTH header is limited to 400 bytes
by the RPC specification: http://tools.ietf.org/html/rfc5531#section-8.2
In order to not cause complete failures on the client-side when trying
to encode a AUTH_GLUSTERFS_V2 that would result in more than 400 bytes,
we can calculate the expected size of the other elements:
1 | pid
1 | uid
1 | gid
1 | groups_len
XX | groups_val (GF_MAX_AUX_GROUPS=65535)
1 | lk_owner_len
YY | lk_owner_val (GF_MAX_LOCK_OWNER_LEN=1024)
----+-------------------------------------------
5 | total xdr-units
one XDR-unit is defined as BYTES_PER_XDR_UNIT = 4 bytes
MAX_AUTH_BYTES = 400 is the maximum, this is 100 xdr-units.
XX + YY can be 95 to fill the 100 xdr-units.
Note that the on-wire protocol has tighter requirements than the
internal structures. It is possible for xlators to use more groups and
a bigger lk_owner than that can be sent by a GlusterFS-client.
This change prevents overflows when allocating the RPC/AUTH header. Two
new macros are introduced to calculate the number of groups that fit in
the RPC/AUTH header, when taking the size of the lk_owner in account. In
case the list of groups exceeds the maximum possible, only the first
groups are passed over the RPC/GlusterFS protocol to the bricks.
A warning is added to the logs, so that most system administrators will
get informed.
The reducing of the number of groups is not a new inventions. The
RPC/AUTH header (AUTH_SYS or AUTH_UNIX) that NFS uses has a limit of 16
groups. Most, if not all, NFS-clients will reduce any bigger number of
groups to 16. (nfs.server-aux-gids can be used to workaround the limit
of 16 groups, but the Gluster NFS-server will be limited to a maximum of
93 groups, or fewer in case the lk_owner structure contains more items.)
Change-Id: I8410e59d0fd246d601b54b961d3ae9cb5a858c10
BUG: 1053579
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/7202
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'rpc/rpc-lib/src/xdr-common.h')
| -rw-r--r-- | rpc/rpc-lib/src/xdr-common.h | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/rpc/rpc-lib/src/xdr-common.h b/rpc/rpc-lib/src/xdr-common.h index 34dc9c6a228..f221192adbe 100644 --- a/rpc/rpc-lib/src/xdr-common.h +++ b/rpc/rpc-lib/src/xdr-common.h @@ -18,6 +18,7 @@ #include <rpc/types.h> #include <sys/types.h> +#include <rpc/auth.h> #include <rpc/xdr.h> #include <sys/uio.h> @@ -34,7 +35,34 @@ enum gf_dump_procnum { #define GLUSTER_DUMP_PROGRAM 123451501 /* Completely random */ #define GLUSTER_DUMP_VERSION 1 -#define GF_MAX_AUTH_BYTES 2048 +/* MAX_AUTH_BYTES is restricted to 400 bytes, see + * http://tools.ietf.org/html/rfc5531#section-8.2 */ +#define GF_MAX_AUTH_BYTES MAX_AUTH_BYTES + +/* The size of an AUTH_GLUSTERFS_V2 structure: + * + * 1 | pid + * 1 | uid + * 1 | gid + * 1 | groups_len + * XX | groups_val (GF_MAX_AUX_GROUPS=65535) + * 1 | lk_owner_len + * YY | lk_owner_val (GF_MAX_LOCK_OWNER_LEN=1024) + * ----+------------------------------------------- + * 5 | total xdr-units + * + * one XDR-unit is defined as BYTES_PER_XDR_UNIT = 4 bytes + * MAX_AUTH_BYTES = 400 is the maximum, this is 100 xdr-units. + * XX + YY can be 95 to fill the 100 xdr-units. + * + * Note that the on-wire protocol has tighter requirements than the internal + * structures. It is possible for xlators to use more groups and a bigger + * lk_owner than that can be sent by a GlusterFS-client. + */ +#define GF_AUTH_GLUSTERFS_MAX_GROUPS(lk_owner_len) \ + (95 - lk_owner_len) +#define GF_AUTH_GLUSTERFS_MAX_LKOWNER(groups_len) \ + (95 - groups_len) #if GF_DARWIN_HOST_OS #define xdr_u_quad_t xdr_u_int64_t |