From: "J. Bruce Fields" <bfields@fieldses.org>
To: Wei Yongjun <yjwei@cn.fujitsu.com>
Cc: Neil Brown <neilb@suse.de>,
linux-nfs@vger.kernel.org, nfsv4@linux-nfs.org,
iisaman@citi.umich.edu
Subject: Re: [PATCH] svcgss: reply AUTH_BADCRED to RPCSEC_GSS with unkown services
Date: Fri, 28 Aug 2009 12:11:04 -0400 [thread overview]
Message-ID: <20090828161104.GC682@fieldses.org> (raw)
In-Reply-To: <4A972A98.2030406@cn.fujitsu.com>
On Fri, Aug 28, 2009 at 08:53:44AM +0800, Wei Yongjun wrote:
> When I test, I just fixed the GSS8 with this patch:
>
> diff --git a/lib/nfs4/servertests/st_gss.py b/lib/nfs4/servertests/st_gss.py
> index 6ad3e3e..dfff598 100644
> --- a/lib/nfs4/servertests/st_gss.py
> +++ b/lib/nfs4/servertests/st_gss.py
> @@ -330,4 +330,5 @@ def testBadService(t, env):
> "should return AUTH_BADCRED, instead got %s" %
> (service, e))
> finally:
> + orig.gss_seq_num = c.security.gss_seq_num
> c.security = orig
It might make sense just to apply something like this to upstream pynfs.
The choice of whether to increment the sequence id here isn't obvious,
but I actually think the server's more likely to be right (the rfc says
to increment when the checksum is succesfully verified, which it was in
this case. At that point we know the contents of the header are what
the client intended.)
--b.
>
>
> I am not have a test of all the case with --security=krb5, just test
> the gss. This is because the krb server does not always works well.^_^
>
>
> > (This is the problem with spending a lot of time on pynfs tests.
> > They've been useful for catching regressions, but there's a risk of
> > spending too much time tracking down "problems" that won't actually show
> > up in real situations. Time would usually be better spent on bugs
> > (and/or performance problems) found in actual use.)
> >
>
>
prev parent reply other threads:[~2009-08-28 16:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-04 9:27 [PATCH] svcgss: reply AUTH_BADCRED to RPCSEC_GSS with unkown services Wei Yongjun
2009-08-25 21:40 ` J. Bruce Fields
2009-08-26 0:34 ` Wei Yongjun
2009-08-26 20:57 ` J. Bruce Fields
2009-08-27 2:23 ` Wei Yongjun
2009-08-27 16:26 ` J. Bruce Fields
2009-08-27 21:05 ` J. Bruce Fields
2009-08-27 21:09 ` J. Bruce Fields
2009-08-28 0:53 ` Wei Yongjun
2009-08-28 16:11 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090828161104.GC682@fieldses.org \
--to=bfields@fieldses.org \
--cc=iisaman@citi.umich.edu \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=nfsv4@linux-nfs.org \
--cc=yjwei@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox