From: "J. Bruce Fields" <bfields@fieldses.org>
To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
Cc: "Adamson, Dros" <Weston.Adamson@netapp.com>,
"nfsv4@ietf.org" <nfsv4@ietf.org>,
linux-nfs list <linux-nfs@vger.kernel.org>
Subject: Re: [nfsv4] Should BIND_CONN_TO_SESSION be allowed to return NFS4ERR_WRONG_CRED
Date: Fri, 19 Jul 2013 11:09:36 -0400 [thread overview]
Message-ID: <20130719150936.GA19297@fieldses.org> (raw)
In-Reply-To: <1374177896.3788.67.camel@leira.trondhjem.org>
On Thu, Jul 18, 2013 at 08:04:58PM +0000, Myklebust, Trond wrote:
> On Thu, 2013-07-18 at 15:54 -0400, Trond Myklebust wrote:
> > On Thu, 2013-07-18 at 19:49 +0000, Adamson, Dros wrote:
> > > Only supporting operations that have the error code NFS4ERR_WRONG_CRED seems to be wrong. Operations like BIND_CONN_TO_SESSION don't support don't support this error code, but are explicitly mentioned in SP4_MACH_CRED sections of the spec.
> >
> > Looking at the allowed error return values for BIND_CONN_TO_SESSION, I'm
> > at a loss to figure out exactly what it should return in this case. I
> > suspect that the lack of an NFS4ERR_WRONG_CRED is actually a protocol
> > bug.
> >
> > Time to go back to the ietf mailing list...
>
> Hi all,
>
> When attempting to implement the SP4_MACH_CRED state protection, Dros
> ran into an issue. If the BIND_CONN_TO_SESSION operation is listed in
> the "spo_must_enforce" list of operations, what should it not be allowed
> to return NFS4ERR_WRONG_CRED if called with a credential that is not the
> machine or SSV credential?
For what it's worth, the Linux server is returning WRONG_CRED, as you'd
expect, in this case. Looks to me like a simple omission from the spec.
--b.
prev parent reply other threads:[~2013-07-19 15:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-18 14:46 SP4_MACH_CRED: v4 proc -> opcodes mapping Adamson, Dros
2013-07-18 14:57 ` Myklebust, Trond
2013-07-18 15:10 ` Adamson, Dros
2013-07-18 15:21 ` Myklebust, Trond
2013-07-18 15:50 ` Adamson, Dros
2013-07-18 17:08 ` Myklebust, Trond
2013-07-18 18:13 ` Adamson, Dros
2013-07-18 19:49 ` Adamson, Dros
2013-07-18 19:54 ` Myklebust, Trond
2013-07-18 20:04 ` Adamson, Dros
2013-07-18 20:06 ` Myklebust, Trond
2013-07-18 20:16 ` Adamson, Dros
2013-07-18 20:41 ` Adamson, Dros
2013-07-18 20:48 ` Myklebust, Trond
2013-07-18 20:49 ` Myklebust, Trond
2013-07-18 20:56 ` Myklebust, Trond
2013-07-18 20:36 ` Myklebust, Trond
2013-07-18 20:04 ` Should BIND_CONN_TO_SESSION be allowed to return NFS4ERR_WRONG_CRED Myklebust, Trond
2013-07-18 20:24 ` Myklebust, Trond
2013-07-19 15:09 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130719150936.GA19297@fieldses.org \
--to=bfields@fieldses.org \
--cc=Trond.Myklebust@netapp.com \
--cc=Weston.Adamson@netapp.com \
--cc=linux-nfs@vger.kernel.org \
--cc=nfsv4@ietf.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).