On Thu, Jul 18, 2013 at 08:04:58PM +0000, Myklebust, Trond wrote: > On Thu, 2013-07-18 at 15:54 -0400, Trond Myklebust wrote: > > On Thu, 2013-07-18 at 19:49 +0000, Adamson, Dros wrote: > > > Only supporting operations that have the error code NFS4ERR_WRONG_CRED seems to be wrong. Operations like BIND_CONN_TO_SESSION don't support don't support this error code, but are explicitly mentioned in SP4_MACH_CRED sections of the spec. > > > > Looking at the allowed error return values for BIND_CONN_TO_SESSION, I'm > > at a loss to figure out exactly what it should return in this case. I > > suspect that the lack of an NFS4ERR_WRONG_CRED is actually a protocol > > bug. > > > > Time to go back to the ietf mailing list... > > Hi all, > > When attempting to implement the SP4_MACH_CRED state protection, Dros > ran into an issue. If the BIND_CONN_TO_SESSION operation is listed in > the "spo_must_enforce" list of operations, what should it not be allowed > to return NFS4ERR_WRONG_CRED if called with a credential that is not the > machine or SSV credential? For what it's worth, the Linux server is returning WRONG_CRED, as you'd expect, in this case. Looks to me like a simple omission from the spec. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
