On Fri, 2009-12-18 at 09:39 -0500, Jeff Layton wrote: > Yeah, we could do that with the existing code. I sort of don't like > that because it's hard to know if other functions could eventually > return an EACCES for another reason and then that error would bubble up > to this function. If you think it's the right thing to do though, I'm > OK with it. The error EACCES means 'you are not authorised'. I don't see how it can be ambiguous here. > FWIW: The reason I'm poking around in here is because I'm taking a stab > at fixing the problem where syscalls start returning errors when a krb5 > ticket expires. > > As part of that, I want to have gssd send a more granular error code > and have the kernel adjust what it does accordingly. I'd like to have > it retry the upcall indefinitely when there's an expired credcache, and > return an error when there's no credcache at all). That makes sense. > Without a separate downcall error field, we'll need to special case at > least 2 different errors -- one for a "real" EACCES and one that > indicates that the ticket expired and the upcall should be retried > instead. We can find another error for the 'ticket expired' case. EKEYEXPIRED springs to mind... > > BTW: while looking at this, I spotted a nasty bug in > > gss_import_sec_context_kerberos(). If the kzalloc() call fails, we will > > return a random error code since 'p' still points to a valid memory > > location... > > Good catch. Do you want fix that one, or should I? > I can do it, if you like. Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
