On Thu, 2013-07-18 at 16:04 -0400, Trond Myklebust wrote: > On Thu, 2013-07-18 at 15:54 -0400, Trond Myklebust wrote: > > On Thu, 2013-07-18 at 19:49 +0000, Adamson, Dros wrote: > > > Only supporting operations that have the error code NFS4ERR_WRONG_CRED seems to be wrong. Operations like BIND_CONN_TO_SESSION don't support don't support this error code, but are explicitly mentioned in SP4_MACH_CRED sections of the spec. > > > > Looking at the allowed error return values for BIND_CONN_TO_SESSION, I'm > > at a loss to figure out exactly what it should return in this case. I > > suspect that the lack of an NFS4ERR_WRONG_CRED is actually a protocol > > bug. > > > > Time to go back to the ietf mailing list... > > Hi all, > > When attempting to implement the SP4_MACH_CRED state protection, Dros > ran into an issue. If the BIND_CONN_TO_SESSION operation is listed in > the "spo_must_enforce" list of operations, what should it not be allowed > to return NFS4ERR_WRONG_CRED if called with a credential that is not the > machine or SSV credential? Ditto question for BACKCHANNEL_CTL, LAYOUTGET, TEST_STATEID, READ and WRITE. Finally, should OPEN and WANT_DELEGATION be allowed to return NFS4ERR_WRONG_CRED in the case when we're doing reboot recovery? -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com ��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥