[krbdev.mit.edu #3180] errors reading AS-REP on systems with large numbers of interfaces

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #3180] errors reading AS-REP on systems with large numbers of interfaces

Greg Hudson via RT
>From [hidden email]  Thu Sep 15 13:27:20 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
        id NAA05806; Thu, 15 Sep 2005 13:27:20 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
        by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j8FHQmpx026304
        for <[hidden email]>; Thu, 15 Sep 2005 13:26:48 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
        [18.7.21.83])
        by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j8ENtnpx019107
        for <[hidden email]>; Wed, 14 Sep 2005 19:55:49 -0400
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
        j8ENthqP002430
        for <[hidden email]>; Wed, 14 Sep 2005 19:55:44 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
        [172.16.52.254])
        by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j8ENthvm009635
        for <[hidden email]>; Wed, 14 Sep 2005 19:55:43 -0400
Received: from devserv.devel.redhat.com (devserv.devel.redhat.com
        [172.16.58.1])
        by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j8ENthV01125
        for <[hidden email]>; Wed, 14 Sep 2005 19:55:43 -0400
Received: from blade.boston.redhat.com (blade.boston.redhat.com
        [172.16.80.50])j8ENthVn026009
        for <[hidden email]>; Wed, 14 Sep 2005 19:55:43 -0400
Received: from blade.boston.redhat.com (localhost.localdomain [127.0.0.1])
        j8ENtgCH022094
        for <[hidden email]>; Wed, 14 Sep 2005 19:55:43 -0400
Received: (from nalin@localhost)
        by blade.boston.redhat.com (8.13.4/8.13.4/Submit) id j8ENtg6O022093;
        Wed, 14 Sep 2005 19:55:42 -0400
Date: Wed, 14 Sep 2005 19:55:42 -0400
Message-Id: <[hidden email]>
To: [hidden email]
From: [hidden email]
X-send-pr-version: 3.99
X-Spam-Score: -1.367
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Thu, 15 Sep 2005 13:26:46 -0400
X-BeenThere: [hidden email]
X-Mailman-Version: 2.1
Precedence: list
Reply-To: [hidden email]
Sender: [hidden email]
Errors-To: [hidden email]


>Submitter-Id: net
>Originator: Nalin Dahyabhai
>Organization:
>Confidential: no
>Synopsis: errors reading AS-REP on systems with large numbers of interfaces
>Severity: non-critical
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: 1.4.2
>Environment:
       
System: Linux blade.boston.redhat.com 2.6.13-1.1542_FC5smp #1 SMP Tue Sep 6 19:13:02 EDT 2005 i686 athlon i386 GNU/Linux
Architecture: i686

>Description:
        On a system with a large number of network interfaces (I've done
        this with Linux and 250 network aliases on eth0) with the "noaddresses"
        option disabled, the default value of MAX_DGRAM_SIZE, which is used to
        allocate the buffer which is used to read the KDC's response in
        krb5_sendto_kdc(), is just not large enough to hold the entire response
        from the KDC.  There's no way to change this without recompiling the
        library and all statically-linked applications.
>How-To-Repeat:
        On a Linux client with a working ethernet interface, turn off the
        "noaddresses" option, run this script as a superuser:
                #!/bin/sh
                iface=0
                while test $iface -lt 250 ; do
                        ifconfig eth0:$iface 10.0.0.$iface netmask 255.255.255.0 up
                        iface=`expr $iface + 1`
                done
        and then attempt to get a TGT with kinit.
>Fix:
        I'd suggest adding a libdefaults option to allow this to be tuned,
        with the default being the value of MAX_DGRAM_SIZE.  While this doesn't
        guarantee the correct behavior, it adds a simple workaround for systems
        which run into this problem.

--- krb5/src/lib/krb5/os/osconfig.c
+++ krb5/src/lib/krb5/os/osconfig.c
@@ -36,7 +36,7 @@
 
 char *krb5_defkeyname  = DEFAULT_KEYTAB_NAME;
 
-unsigned int krb5_max_dgram_size = MAX_DGRAM_SIZE;
+unsigned int krb5_max_dgram_size = -1;
 unsigned int krb5_max_skdc_timeout = MAX_SKDC_TIMEOUT;
 unsigned int krb5_skdc_timeout_shift = SKDC_TIMEOUT_SHIFT;
 unsigned int krb5_skdc_timeout_1 = SKDC_TIMEOUT_1;
--- krb5-1.4.2/src/lib/krb5/os/sendto_kdc.c 2005-07-20 18:52:33.000000000 -0400
+++ krb5-1.4.2/src/lib/krb5/os/sendto_kdc.c 2005-09-14 19:35:31.000000000 -0400
@@ -1043,6 +1043,16 @@
 
     dprint("krb5int_sendto(message=%d@%p)\n", message->length, message->data);
 
+    if (krb5_max_dgram_size < 0) {
+       int tmp;
+       tmp = profile_get_integer(context->profile,
+                                 "libdefaults", "max_dgram_size", NULL,
+                                 MAX_DGRAM_SIZE, &krb5_max_dgram_size);
+       if ((tmp != 0) || (krb5_max_dgram_size < 0)) {
+           krb5_max_dgram_size = MAX_DGRAM_SIZE;
+       }
+    }
+
     reply->data = 0;
     reply->length = 0;
 

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs