Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp959900pxb; Thu, 30 Sep 2021 23:31:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx/xmob91qm6dOtRohvgeXDPhedAtFNhV8wQiHqICBHF/P5quzikjT2tQfh41/INVpABdZF X-Received: by 2002:a17:906:7208:: with SMTP id m8mr4386060ejk.82.1633069889491; Thu, 30 Sep 2021 23:31:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633069889; cv=none; d=google.com; s=arc-20160816; b=LZA2wF460ERQCA9Ct82ueR6S+vBRCfKCP5k9pfITqwTyTwPTN+Kh7428p1zKFc9I+O ELeRx1yAKr9Xa8s8g8lw1I9e3vHvt7ny7MxnvST4Ws3/jgLjQFBGcMzCjYcMrhTYjyWH F+wQwjQMkiXKPOeULulvMbtB308YUwho71CxLxedP6jeNKQSsDcXJPp0EDobdw8NSmxo u6EsiKKz268NcGeODn83caq5WtE2n2edqS868raQB3FxWGKAiXly/fCR6obD4WUnTzzc QKpzJdLQWYYq1JdVAfWqzQd/sQXDPlVR7x+BSymXEu/jbqScUKWLPdm8/xD9gLdpq7xN 7dpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=NOTJYER/idURZQmQAjcttF4r8c5HWgifH8AMSqldgMw=; b=oudIJqdNb7kMRKz1kMDdTWUXB6/AyNfNNBLYn/OofHvNSjtC+lq5O5IGz6dVbJJS6y PZsmZHEIQopfdj4uChuFPdwYXOlwXaHb6R5uQC9v+sGbtwssxxgA1tWOf63P2+lt9d5t y5S8NIYfG/5mUvQrVBMuSxFdoZsy9kx/iEAid2l6p3wzgHHIUwwvaQ6IpBuCoe3vdozN Izwm/5k3d4Ggf2dBHJ3Xy7JSMh5eMHn3veNebT5u9rqUpIZvmCo6LDY4ZSpCLTCaVZfr zYJJupn/XC0OQJvEn/zY2AoZxT81/f0lw5yydZgirN28jTbR/gmKWhC2IKayPJD996np OYqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@vastdata.com header.s=google header.b="jBvT/Mc3"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o8si7170992ejj.94.2021.09.30.23.30.51; Thu, 30 Sep 2021 23:31:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@vastdata.com header.s=google header.b="jBvT/Mc3"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352168AbhJAG34 (ORCPT + 99 others); Fri, 1 Oct 2021 02:29:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352187AbhJAG3u (ORCPT ); Fri, 1 Oct 2021 02:29:50 -0400 Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A97BC06176A for ; Thu, 30 Sep 2021 23:28:06 -0700 (PDT) Received: by mail-lf1-x136.google.com with SMTP id i25so34711454lfg.6 for ; Thu, 30 Sep 2021 23:28:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vastdata.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NOTJYER/idURZQmQAjcttF4r8c5HWgifH8AMSqldgMw=; b=jBvT/Mc3ByuR53D0xtBKBP5QbpC/Dfxuqi7ue6kVQx84tmB9+M1XExrYmoZ4gh2bl5 ZvrswtghuCIA1cdtq7PKCdhrUYZwgHOXpZG69/mQYftfpoz8P1WwbHRxldChzpXHOezT DNNvTRgNgonS8Oyz+3v4SfiJy8woZIfGmQWuCO5cO6P53xvUAkOh87OLzotqpL663bsR rPYZUdMZTcpEPIwAZ1oEG/K/Vi5reENEMdDlZGewowVvrcfIk0wniOjfEkbwZuKe2eKe uJt9CM2ocwCv5gLKpkdUPxwCMTyRXXTYxNP3pB5QzIngla2buJrnHBcFZvnj8YsEkkK+ qjow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NOTJYER/idURZQmQAjcttF4r8c5HWgifH8AMSqldgMw=; b=A2jsvNFdsJvI2WaAFhoKeDocP55xflC07yPzpAs1A/il104pUrVPx+unup5Y2abG49 +SGPVgItHCykJCt+9bEhoPE4aDbnagZWI6tac7K6IR+8omeJ0xcgVl3oN3ShWVaZE/Jc VJU6Cb+BhKgJcHEGG9342Ea8Zy8+NbO0vqvWFlfiUuGpmM5m/QpMC2J6e2lePbh8Bj2Q 0hVVKvgx0lbHUqq1mv24MHfo8WINA/jU4OFlGCFv7bH5B4S+XMIHmjs37V7ro74bjkIP gKU3sfwYy0glQSSY+VKGLVoeqaq1dhBAso8ynFBiPQBQZQ2aYbLkbopv3ow47Wrah4+X 5XKA== X-Gm-Message-State: AOAM530vwd50eFImziZRRTGmmh0QjpIfTr5x+mqBGQd6AAY3NviInAAc DDwoVrUwdEgSA2BxzocZehMp94zGKGj6hBOeBetBkP7UqSl3tw== X-Received: by 2002:a2e:8746:: with SMTP id q6mr10165014ljj.286.1633069684934; Thu, 30 Sep 2021 23:28:04 -0700 (PDT) MIME-Version: 1.0 References: <20210930211123.GA16927@fieldses.org> <20210930212506.GB16927@fieldses.org> In-Reply-To: <20210930212506.GB16927@fieldses.org> From: Volodymyr Khomenko Date: Fri, 1 Oct 2021 09:27:54 +0300 Message-ID: Subject: Re: GSSAPI fix for pynfs nfs4.1 client code To: "J. Bruce Fields" Cc: linux-nfs@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org > Looking at the network--my server's not responding to the first data > message. I see that linux client (when doing mount -t nfs -o "vers=4.1,sec=krb") always does the same (i.e. the very 1st packet with EXCHANGE_ID operation comes with GSS sequence number=1, then CREATE_SESSION uses seq_num=2, and so on). If your server works normally with a regular mount, I don't think that my fix is not related at all to this problem volodymyr. On Fri, Oct 1, 2021 at 12:25 AM J. Bruce Fields wrote: > > On Thu, Sep 30, 2021 at 05:11:23PM -0400, J. Bruce Fields wrote: > > On Thu, Sep 30, 2021 at 06:22:09PM +0300, Volodymyr Khomenko wrote: > > > commit b77dc49c775756f08bdd0c6ebbe67a96f0ffe41f > > > Author: Volodymyr Khomenko > > > Date: Thu Sep 30 17:53:04 2021 +0300 > > > > > > Fixed GSSContext to start sequence numbering from 1 > > > > > > GSS sequence number 0 is usually used by NFS4 NULL request > > > during GSS context establishment (but ignored by server). > > > Client should never reuse GSS sequence number, so using > > > 0 for the next real operation (EXCHANGE_ID) is possible but > > > looks suspicious. Fixed the code so numbering for operations > > > is done from 1 to avoid confusion. > > > > So, I can verify that --security=krb5 works after this patch but not > > before, good. But why is that? As you say, the server is supposed to > > ignore the sequence number on context creation requests. And 0 is valid > > sequence number as far as I know. > > Looking at the network--my server's not responding to the first data > message. > > I think the Linux server just has a bug. I'll make a patch.... > > --b.