[Bugs] [Bug 1179179] New: When an unsupported AUTH_* scheme is used, the RPC-Reply should contain MSG_DENIED/AUTH_ERROR/AUTH_FAILED
bugzilla at redhat.com
bugzilla at redhat.com
Tue Jan 6 11:35:41 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1179179
Bug ID: 1179179
Summary: When an unsupported AUTH_* scheme is used, the
RPC-Reply should contain
MSG_DENIED/AUTH_ERROR/AUTH_FAILED
Product: GlusterFS
Version: mainline
Component: rpc
Keywords: Triaged
Severity: medium
Priority: low
Assignee: bugs at gluster.org
Reporter: ndevos at redhat.com
CC: bugs at gluster.org, gluster-bugs at redhat.com
Description of problem:
When an NFS-client (for example MS Windows NFS) tries to access the NFS-server
with AUTH_KERB, the RPC response contains MSG_ACCEPTED/GARBAGE_ARGS. It would
be much nicer to have a response like MSG_DENIED/AUTH_ERROR/AUTH_FAILED.
See http://tools.ietf.org/html/rfc5531#section-9 for more details.
Unfortunately the actual 'the auth flavor you used is not supported' does not
seem to be a possible error.
Version-Release number of selected component (if applicable):
current mainline, reported against 3.5
How reproducible:
Enable all security flavors on the client (MS Windows <version?>)
Steps to Reproduce:
1. start capturing a tcpdump
2. mount a volume over NFS
3. wait until it fails
4. stop the tcpdump
Actual results:
While mounting, the 1st NFS calls use AUTH_UNIX, but afterwards AUTH_KERB
(RPCSEC_GSS) is used. When using AUTH_KERB the RPC layer responds with
MSG_ACCEPTED/GARBAGE_ARGS eventhough the contents of the AUTH-header is
supposedly correct (but the auth flavor unsupported).
Expected results:
The NFS-client should not think AUTH_KERB/RPCSEC_GSS is supported and keep on
using AUTH_UNIX.
Additional info:
Chatlog between warci/ndevos:
- https://botbot.me/freenode/gluster/2015-01-06/?msg=28863542&page=3
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list