From: Tom Haynes <tdh@excfb.com>
To: Bryan Schumaker <bjschuma@netapp.com>
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: secinfo_no_name question
Date: Tue, 5 Apr 2011 11:09:33 -0500 [thread overview]
Message-ID: <20110405160933.GA7787@adept.internal.excfb.com> (raw)
In-Reply-To: <4D99E237.3030508@netapp.com>
On Mon, Apr 04, 2011 at 11:22:31AM -0400, Bryan Schumaker wrote:
> On 04/04/2011 11:14 AM, J. Bruce Fields wrote:
> > On Mon, Apr 04, 2011 at 09:43:24AM -0400, Bryan Schumaker wrote:
> >> Hi Bruce,
> >>
> >> I'm looking at secinfo_no_name on the client. RFC 5661 says to says to send PUTROOTFH followed by SECINFO_NO_NAME in the same compound and to use SECINFO_STYLE4_CURRENT_FH. My compound is: SEQUENCE, PUTROOTFH, SECINFO_NO_NAME. The server processes up to the PUTROOTFH, and then returns with NFS4ERR_WRONGSEC.
> >>
> >> Am I doing something wrong? Is this a server problem?
> >
> > Could be; is the compound is being sent with a security flavor that
> > *isn't* permitted on the root export?
It should never fail:
2.6.3.1.1.5. Put Filehandle Operation + SECINFO/SECINFO_NO_NAME
...
The NFSv4.1 server MUST NOT return NFS4ERR_WRONGSEC to a put
filehandle operation that is immediately followed by SECINFO or
SECINFO_NO_NAME. The NFSv4.1 server MUST NOT return NFS4ERR_WRONGSEC
from SECINFO or SECINFO_NO_NAME.
> >
> > If so I believe the compound should have succeeded--the server needs
> > some special exception there that we may have left out....
>
> The root export is set up with sec=null and my compound is using auth_unix.
>
> >
> > --b.
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Tom Haynes
ex-cfb
next prev parent reply other threads:[~2011-04-05 16:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-04 13:43 secinfo_no_name question Bryan Schumaker
2011-04-04 15:14 ` J. Bruce Fields
2011-04-04 15:22 ` Bryan Schumaker
2011-04-05 16:09 ` Tom Haynes [this message]
2011-04-10 16:25 ` J. Bruce Fields
2011-04-10 16:29 ` [PATCH 1/5] nfsd: distinguish functions of NFSD_MAY_* flags J. Bruce Fields
2011-04-11 3:06 ` Mi Jinlong
2011-04-11 12:42 ` J. Bruce Fields
2011-04-10 16:29 ` [PATCH 2/5] nfsd4: allow fh_verify caller to skip pseudoflavor checks J. Bruce Fields
2011-04-10 16:29 ` [PATCH 3/5] nfsd4: introduce OPDESC helper J. Bruce Fields
2011-04-10 16:29 ` [PATCH 4/5] nfsd4: make fh_verify responsibility of nfsd_lookup_dentry caller J. Bruce Fields
2011-04-10 16:29 ` [PATCH 5/5] nfsd4: fix wrongsec handling for PUTFH + op cases J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110405160933.GA7787@adept.internal.excfb.com \
--to=tdh@excfb.com \
--cc=bfields@fieldses.org \
--cc=bjschuma@netapp.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).