NFSv4 + Kerberos + users

Zoltan Menyhart Zoltan.Menyhart at bull.net
Mon Jul 2 08:07:29 EDT 2007 

Kevin Coffman wrote:

> ...
> There have been reports of this in the past where restarting
> rpc.svcgssd on the server has "fixed" it.  I don't know that we've
> definitively figured out what the problem is.  It looked like it might
> be a memory allocation problem, but I never understood how restarting
> rpc.svcgssd helped that.
> 
> Could you try restarting rpc.svcgssd on the server to see if that has
> any effect, and remind me what kernel version you have on the server?
> 
> K.C.

The kernel is 2.6.19-rc6 + linux-2.6.19-rc6-CITI_NFS4_ALL-1.diff + this patch:
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -740,9 +740,12

 static void cstate_free(struct nfsd4_compound_state *cstate)
 {
+       if (cstate == NULL)
+              return;
        fh_put(&cstate->current_fh);
        fh_put(&cstate->save_fh);
        BUG_ON(cstate->replay_owner);
+       kfree(cstate);
 }

 static struct nfsd4_compound_state *cstate_alloc(void)


Today's attempt to recreate the problem:

I start a fresh svcgssd on the server in the foreground.

# su - linux
$ kinit
Password for linux at FREC.BULL.FR:
$ logout
# kinit
Password for root at FREC.BULL.FR:
# mount lucy2_10g:/			<<< this one worked
# umount lucy2_10g:/
# mount lucy2_10g:/
mount.nfs4: Permission denied

Now I kill svcgssd on the server and start a fresh copy in the foreground.

# mount lucy2_10g:/			<<< this one worked again
# mount lucy2_10g:/
mount.nfs4: Permission denied		<<< today more luck in reproducing :-)
#

This is the log of the second two mounts.

leaving poll
handling null request
readline: read 940 chars into buffer of size 2048:
\x \x608201cf06092a864886f71201020201006e8201be308201baa003020105a10302010ea20703050020000000a381fb6181f83081f5a003020105a10e1b0c465245432e42554c4c2e4652a2283026a003020103a11f301d1b036e66731b166c756379325f3130672e667265632e62756c6c2e6672a381b33081b0a003020101a103020105a281a30481a01b76e329e5f21e8e102b7c86f7d7e89a9457913b6ee97d519fc15180335bbd7a51ebd3c90cba84a3fc46df576b6ea4037647117cf96d1e8eeefffc3d914aaa92f9f17c1c7220952422f9f0c1fee03005e34...
in_handle:
length 0

in_tok:
length 467

  0000: 6082 01cf 0609 2a86 4886 f712 0102 0201  `.....*.H.......
  0010: 006e 8201 be30 8201 baa0 0302 0105 a103  .n...0..........
  0020: 0201 0ea2 0703 0500 2000 0000 a381 fb61  ........ ......a
  0030: 81f8 3081 f5a0 0302 0105 a10e 1b0c 4652  ..0...........FR
  0040: 4543 2e42 554c 4c2e 4652 a228 3026 a003  EC.BULL.FR.(0&..
  0050: 0201 03a1 1f30 1d1b 036e 6673 1b16 6c75  .....0...nfs..lu
  0060: 6379 325f 3130 672e 6672 6563 2e62 756c  cy2_10g.frec.bul
  0070: 6c2e 6672 a381 b330 81b0 a003 0201 01a1  l.fr...0........
  0080: 0302 0105 a281 a304 81a0 1b76 e329 e5f2  ...........v.)..
  0090: 1e8e 102b 7c86 f7d7 e89a 9457 913b 6ee9  ...+|......W.;n.
  00a0: 7d51 9fc1 5180 335b bd7a 51eb d3c9 0cba  }Q..Q.3[.zQ.....
  00b0: 84a3 fc46 df57 6b6e a403 7647 117c f96d  ...F.Wkn..vG.|.m
  00c0: 1e8e eeff fc3d 914a aa92 f9f1 7c1c 7220  .....=.J....|.r
  00d0: 9524 22f9 f0c1 fee0 3005 e341 5a42 f865  .$".....0..AZB.e
  00e0: a442 d1da 43eb 1d87 cc0e 2927 8c23 ba18  .B..C.....)'.#..
  00f0: ed53 8475 4ee3 74d9 f4b3 46b1 b7e1 2c7d  .S.uN.t...F...,}
  0100: 2f68 bc45 ee75 1daf c65c 1d06 7d6f 1536  /h.E.u...\..}o.6
  0110: 1d0c a2c8 e645 fcc6 88d7 6ed4 62fe 3688  .....E....n.b.6.
  0120: 0d21 f3d7 d30a 572c 754a a481 a630 81a3  .!....W,uJ...0..
  0130: a003 0201 01a2 819b 0481 98f6 f78d 12ca  ................
  0140: 2368 1449 3f05 a7e0 8bf9 803a acd0 b565  #h.I?......:...e
  0150: 0e8f eff9 b81d 3374 6db8 c986 f77c f247  ......3tm....|.G
  0160: d460 f806 f0d7 6e34 3468 449b f61e 4ba9  .`....n44hD...K.
  0170: 40ac 6f7d 0017 e2e8 4872 25d2 1108 2fb1  @.o}....Hr%.../.
  0180: fa9d ae13 05f6 dbc6 28e8 b77b ceeb 54dd  ........(..{..T.
  0190: f91a 4a14 7fa0 f61a 30a3 4a2d 8570 6ab8  ..J.....0.J-.pj.
  01a0: 1aed d9b4 f5ca a10c 7478 4e7a bc57 361d  ........txNz.W6.
  01b0: 7934 80d9 5fa2 8f93 8610 1bac 0805 b774  y4.._..........t
  01c0: 308b 0bf2 aac5 aa1e 413e 985b 3fc8 4575  0.......A>.[?.Eu
  01d0: 041d 19                                  ...
sname = root at FREC.BULL.FR
serialize_krb5_ctx: serializing keys with enctype 4 and length 8
doing downcall
\x01000000 2147483647 0 0 7 0 1 2 3 4 6 10 krb5 \x00000000000000000000000000000000000000000000000000000000000000005c378a467f62451f090000002a864886f71201020204000000080000005d7ffbb0e575fe520400000008000000ad8f0b4015850ea2
sending null reply
writing message: \x \x608201cf06092a864886f71201020201006e8201be308201baa003020105a10302010ea20703050020000000a381fb6181f83081f5a003020105a10e1b0c465245432e42554c4c2e4652a2283026a003020103a11f301d1b036e66731b166c756379325f3130672e667265632e62756c6c2e6672a381b33081b0a003020101a103020105a281a30481a01b76e329e5f21e8e102b7c86f7d7e89a9457913b6ee97d519fc15180335bbd7a51ebd3c90cba84a3fc46df576b6ea4037647117cf96d1e8eeefffc3d914aaa92f9f17c1c7220952422f9f0c1fee03005e3415a42f865a442d1da43eb1d87cc0e29278...
finished handling null request
entering poll

leaving poll
handling null request
readline: read 940 chars into buffer of size 2048:
\x \x608201cf06092a864886f71201020201006e8201be308201baa003020105a10302010ea20703050020000000a381fb6181f83081f5a003020105a10e1b0c465245432e42554c4c2e4652a2283026a003020103a11f301d1b036e66731b166c756379325f3130672e667265632e62756c6c2e6672a381b33081b0a003020101a103020105a281a30481a01b76e329e5f21e8e102b7c86f7d7e89a9457913b6ee97d519fc15180335bbd7a51ebd3c90cba84a3fc46df576b6ea4037647117cf96d1e8eeefffc3d914aaa92f9f17c1c7220952422f9f0c1fee03005e34...
in_handle:
length 0

in_tok:
length 467

  0000: 6082 01cf 0609 2a86 4886 f712 0102 0201  `.....*.H.......
  0010: 006e 8201 be30 8201 baa0 0302 0105 a103  .n...0..........
  0020: 0201 0ea2 0703 0500 2000 0000 a381 fb61  ........ ......a
  0030: 81f8 3081 f5a0 0302 0105 a10e 1b0c 4652  ..0...........FR
  0040: 4543 2e42 554c 4c2e 4652 a228 3026 a003  EC.BULL.FR.(0&..
  0050: 0201 03a1 1f30 1d1b 036e 6673 1b16 6c75  .....0...nfs..lu
  0060: 6379 325f 3130 672e 6672 6563 2e62 756c  cy2_10g.frec.bul
  0070: 6c2e 6672 a381 b330 81b0 a003 0201 01a1  l.fr...0........
  0080: 0302 0105 a281 a304 81a0 1b76 e329 e5f2  ...........v.)..
  0090: 1e8e 102b 7c86 f7d7 e89a 9457 913b 6ee9  ...+|......W.;n.
  00a0: 7d51 9fc1 5180 335b bd7a 51eb d3c9 0cba  }Q..Q.3[.zQ.....
  00b0: 84a3 fc46 df57 6b6e a403 7647 117c f96d  ...F.Wkn..vG.|.m
  00c0: 1e8e eeff fc3d 914a aa92 f9f1 7c1c 7220  .....=.J....|.r
  00d0: 9524 22f9 f0c1 fee0 3005 e341 5a42 f865  .$".....0..AZB.e
  00e0: a442 d1da 43eb 1d87 cc0e 2927 8c23 ba18  .B..C.....)'.#..
  00f0: ed53 8475 4ee3 74d9 f4b3 46b1 b7e1 2c7d  .S.uN.t...F...,}
  0100: 2f68 bc45 ee75 1daf c65c 1d06 7d6f 1536  /h.E.u...\..}o.6
  0110: 1d0c a2c8 e645 fcc6 88d7 6ed4 62fe 3688  .....E....n.b.6.
  0120: 0d21 f3d7 d30a 572c 754a a481 a630 81a3  .!....W,uJ...0..
  0130: a003 0201 01a2 819b 0481 98d8 3d89 874f  ............=..O
  0140: 27bf 1490 fc38 d469 3acd 8e88 4b21 8d0a  '....8.i:...K!..
  0150: 24b3 64f2 44e4 a4c6 f1e7 4a6a 1a40 6bbe  $.d.D.....Jj. at k.
  0160: da88 fa49 1bbb de30 fa0d 3004 0b22 e349  ...I...0..0..".I
  0170: ce55 6816 73ef 3ce4 921f 0eda 72ac 83c8  .Uh.s.<.....r...
  0180: eddc 7954 2b35 17b2 41d3 3cf0 b2f7 3337  ..yT+5..A.<...37
  0190: c1d0 8b74 e0c7 f062 a163 68cd 9856 3f2d  ...t...b.ch..V?-
  01a0: 9b5a daf4 3f49 5d27 144d 921d 38a7 b1c4  .Z..?I]'.M..8...
  01b0: 01e5 cfa5 41eb 0b4c d92b 1016 230e 214b  ....A..L.+..#.!K
  01c0: 0795 69f0 0484 4173 266d bffb 38d4 fecd  ..i...As&m..8...
  01d0: 34e6 58                                  4.X
sname = root at FREC.BULL.FR
serialize_krb5_ctx: serializing keys with enctype 4 and length 8
doing downcall
\x02000000 2147483647 0 0 7 0 1 2 3 4 6 10 krb5 \x00000000000000000000000000000000000000000000000000000000000000005c378a4674aca62d090000002a864886f7120102020400000008000000bfd58cd998adbc3b04000000080000004f257c29685d4ccb
sending null reply
writing message: \x \x608201cf06092a864886f71201020201006e8201be308201baa003020105a10302010ea20703050020000000a381fb6181f83081f5a003020105a10e1b0c465245432e42554c4c2e4652a2283026a003020103a11f301d1b036e66731b166c756379325f3130672e667265632e62756c6c2e6672a381b33081b0a003020101a103020105a281a30481a01b76e329e5f21e8e102b7c86f7d7e89a9457913b6ee97d519fc15180335bbd7a51ebd3c90cba84a3fc46df576b6ea4037647117cf96d1e8eeefffc3d914aaa92f9f17c1c7220952422f9f0c1fee03005e3415a42f865a442d1da43eb1d87cc0e29278...
finished handling null request
entering poll

Thanks,

Zoltan

P.S.: I've got ntpd synchronizing the NFS server / client and the KDC to the same source.

More information about the NFSv4 mailing list