Setclientid / Definition of client
J. Bruce Fields
bfields at fieldses.org
Mon Dec 4 13:31:35 EST 2006
On Mon, Dec 04, 2006 at 01:11:45PM -0500, Trond Myklebust wrote:
> On Mon, 2006-12-04 at 12:00 -0500, J. Bruce Fields wrote:
> > That does give the first user the ability to revoke any other user's
> > locks or opens, though.
>
> In theory, yes.
It's probably easier than we'd like: all you have to do is fire up a
userland nfs client (possibly on some other machine) that uses your
creds to send a setclientid. That setclientid should be very easy to
construct without any special information.
Oh well, perhaps there's not much to be done about that.
> Our client will always try a RENEW first. If that fails, then we
> setclientid,
and the same if the RENEW fails because your credentials expired?
> if that fails, we change the client identifier string.
OK. Well, I can fix the server to allow it to remove unused client
state earlier, and that'll fix the reported symptom--the server won't
complain about setclientid's with bad credentials any more--but falling
back on a differen client identifier should work in that case, so I
still don't understand the originally reported problem.
Might be worth retesting with 2.6.19.
--b.
More information about the NFSv4
mailing list