Project

General

Profile

Bug #46330

Accessing as an invalid user will result in an infinite loop in getting a SessionKey.

Added by MASAYUKI MIYAKE about 1 month ago. Updated 26 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
librados
Target version:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Accessing a Ceph cluster as an invalid user results in an infinite loop instead of an error in authentication.

$ sudo rbd pool stats --user user_x user_a_rbd
2020-07-02T16:14:14.095+0900 7f03f4ab0f40  0 monclient(hunting): authenticate timed out after 300
2020-07-02T16:19:14.095+0900 7f03f4ab0f40  0 monclient(hunting): authenticate timed out after 300
2020-07-02T16:24:14.096+0900 7f03f4ab0f40  0 monclient(hunting): authenticate timed out after 300
2020-07-02T16:29:14.097+0900 7f03f4ab0f40  0 monclient(hunting): authenticate timed out after 300

To investigate the cause, I checked the authentication packets.
As a result, we found out that the authentication error -13 (Permission denied) was returned in response to a request to get a session key, but the retry process was repeated without completing the process due to this authentication error.

Ceph Auth, Proto: CephX
    Filter Data
    Tag: message (0x07)
    Message Header, Type: C_CEPH_MSG_AUTH, From: client, Front Len: 66
    Paxos Message
        Paxos Version: 0
        Mon: -1
        Mon Transaction ID: 0
    Auth Message, Proto: CephX
        Protocol: CephX (0x00000002)
        CephX, Request Type: Get Auth Session Key
            Type: Get Auth Session Key (0x0100)
            [Expert Info (Warning/Undecoded): This data's meaning depends on other information in the message but the dissector doesn't know what type it is.]
        34 unused bytes
            [Expert Info (Warning/Undecoded): 34 unused bytes]
        Monmap epoch: 0
    Message Footer

Ceph Auth Reply, Proto: CephX
    Filter Data
    Tag: message (0x07)
    Message Header, Type: C_CEPH_MSG_AUTH_REPLY, From: mon0, Front Len: 24
    Auth Reply Message, Proto: CephX
        Protocol: CephX (0x00000002)
        Result: -13
        Global ID: 0x000000000019d9f6
        [Expert Info (Warning/Undecoded): This data's meaning depends on other information in the message but the dissector doesn't know what type it is.]
        Message: 
    Message Footer

How to reproduce the problem

Create a keyring file for a user not registered in the Ceph cluster and execute the ceph client command on that user.

In the processing of CephxClientHandler::handle_response function, the It is creating an authentication error status from the data received.
This process, I believe, makes it EAGAIN instead of EACCES.

History

#1 Updated by MASAYUKI MIYAKE 26 days ago

This bug was a mistake on my part.
This happened when I set only one MON in ceph.conf on the client side. It is.

Also available in: Atom PDF