From: "J. Bruce Fields" Subject: Re: Problem with 2.6.33-rc1 and insecure flag Date: Sun, 20 Dec 2009 10:46:24 -0500 Message-ID: <20091220154624.GC2841@fieldses.org> References: <20091220094625.GA2159@trillian.comsick.at> <7A24DF798E223B4C9864E8F92E8C93EC04EBFD3F@SACMVEXC1-PRD.hq.netapp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Michael Guntsche , linux-nfs To: "Muntz, Daniel" Return-path: Received: from fieldses.org ([174.143.236.118]:51898 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752080AbZLTPqP (ORCPT ); Sun, 20 Dec 2009 10:46:15 -0500 In-Reply-To: <7A24DF798E223B4C9864E8F92E8C93EC04EBFD3F-hX7t0kiaRRpT+ZUat5FNkAK/GNPrWCqfQQ4Iyu8u01E@public.gmane.org> Sender: linux-nfs-owner@vger.kernel.org List-ID: On Sun, Dec 20, 2009 at 02:13:07AM -0800, Muntz, Daniel wrote: > If one were to hit this bug with v4.x, would the error be something like > this in the RPC layer: > > Reply State: denied (1) > Reject State: AUTH_ERROR (1) > Auth State: bad credential (seal broken) (1) Since we let the "insecure" flag vary by filesystem, we don't catch this until we decode filehandles, so return an nfs-level error. --b. > > -Dan > > > -----Original Message----- > > From: Michael Guntsche [mailto:mike-Z92qn3yYq0hWk0Htik3J/w@public.gmane.org] > > Sent: Sunday, December 20, 2009 1:46 AM > > To: bfields@citi.umich.edu > > Cc: linux-nfs > > Subject: Re: Problem with 2.6.33-rc1 and insecure flag > > > > I think I figured out the problem. > > > > Apparently the code checked if insecure was set, while it > > should check if it was NOT set. > > > > Kind regards, > > Michael > > > > diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c > > index 1c12177..55c8e63 100644 > > --- a/fs/nfsd/nfsfh.c > > +++ b/fs/nfsd/nfsfh.c > > @@ -89,7 +89,7 @@ static __be32 > > nfsd_setuser_and_check_port(struct svc_rqst *rqstp, > > int flags = nfsexp_flags(rqstp, exp); > > > > /* Check if the request originated from a secure port. */ > > - if (!rqstp->rq_secure && (flags & NFSEXP_INSECURE_PORT)) { > > + if (!rqstp->rq_secure && !(flags & NFSEXP_INSECURE_PORT)) { > > RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]); > > dprintk(KERN_WARNING > > "nfsd: request from insecure port %s!\n", > > > > > > > > -- > > To unsubscribe from this list: send the line "unsubscribe > > linux-nfs" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > >