[Bug 235582] rpc_svc_gss / nfsd kernel panic

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235582

--- Comment #13 from Peter Eriksson <peter.x.eriksson at liu.se> ---
I'm running a kernel with your patches now on our test server. With some added
code to print the 'cname' to export_name converted as hexadecimal characters
(for non-printable ones). It really looks like som 'struct' ending with the
length of the principal as a 4-byte int and then the printable principal name.

Not many NFS clients connecting to that server so a race condition causing the
"random" characters isn't really likely. Especially not when it's the first
call to happening :-)


(Machine authentication)
rpcsec_gss: svc_rpc_gss_accept_sec_context:
  cl_cname =
\x04\x01\x00\x0B\x06\x09*\xFFH\xFF\xFF\x12\x01\x02\x02\x00\x00\x00\x16FILIFJONKAN$@AD.LIU.SE
(41 bytes),
  cl_sname = nfs at filur00.it.liu.se
rpcsec_gss: accepted context for  (41 bytes) with <mech { 1 2 840 113554 1 2 2
}, qop 0, svc 1>

(User authentication)
rpcsec_gss: svc_rpc_gss_accept_sec_context:
  cl_cname =
\x04\x01\x00\x0B\x06\x09*\xFFH\xFF\xFF\x12\x01\x02\x02\x00\x00\x00\x12tesje148 at AD.LIU.SE
(37 bytes),
  cl_sname = nfs at filur00.it.liu.se
rpcsec_gss: accepted context for  (37 bytes) with <mech { 1 2 840 113554 1 2 2
}, qop 0, svc 1>


My quick hack to print the export_name:

               maj_stat = gss_export_name(&min_stat, cname,
                                             &export_name);

                  if (maj_stat != GSS_S_COMPLETE) {
                    rpc_gss_log_status("gss_export_name", client->cl_mech,
                                       maj_stat, min_stat);
                    return (FALSE);
                  }

                  if (1) /* Debug printout */
                  {
                    gss_buffer_desc tmp;
                    char *src, *dst;
                    int i;
                    OM_uint32 dummy;

                    dst = tmp.value = mem_alloc(tmp.length =
export_name.length*4+1);
                    src = export_name.value;
                    for (i = 0; i < export_name.length; i++) {
                      if (*src < ' ' || *src > '~') {
                        sprintf(dst, "\\x%02X", *src);
                        dst += 4;
                        src++;
                      } else
                        *dst++ = *src++;
                    }
                    *dst = '\0';

                    rpc_gss_log_debug("svc_rpc_gss_accept_sec_context: cl_cname
= %s (%d bytes), cl_sname = %s",
                                      tmp.value, export_name.length,
                                      client->cl_sname &&
client->cl_sname->sn_principal ? client->cl_sname->sn_principal : "<null>");
                    gss_release_buffer(&dummy, &tmp);
                  }

                  client->cl_rawcred.client_principal =
                    mem_alloc(sizeof(*client->cl_rawcred.client_principal)
                              + export_name.length);
                  client->cl_rawcred.client_principal->len =
export_name.length;
                  memcpy(client->cl_rawcred.client_principal->name,
                         export_name.value, export_name.length);

                  gss_release_buffer(&min_stat, &export_name);

-- 
You are receiving this mail because:
You are the assignee for the bug.