[PATCH 11/16] nfsd4: return nfserr_wrongsec

Fri May 18 18:33:23 EDT 2007

On Fri, 2007-05-18 at 18:28 -0400, J. Bruce Fields wrote:
> On Fri, May 18, 2007 at 06:23:05PM -0400, Trond Myklebust wrote:
> > On Fri, 2007-05-18 at 17:28 -0400, J. Bruce Fields wrote:
> > > +	return nfserr_wrongsec;
> > > +}
> > 
> > Hmm... What about NFSv2/v3 clients? They won't grok nfserr_wrongsec...
> 
> I'm fixing it up the same way we do for jukebox; see:
> 
> > > --- a/fs/nfsd/nfssvc.c
> > > +++ b/fs/nfsd/nfssvc.c
> > > @@ -492,6 +492,15 @@ out:
> > >  	module_put_and_exit(0);
> > >  }
> > >  
> > > +static __be32 map_new_errors(u32 vers, __be32 nfserr)
> > > +{
> > > +	if (nfserr == nfserr_jukebox && vers == 2)
> > > +		return nfserr_dropit;
> > > +	if (nfserr == nfserr_wrongsec && vers < 4)
> > > +		return nfserr_perm;
> > > +	return nfserr;
> > > +}
> > > +
> > >  int
> > >  nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp)
> > >  {
> > > @@ -534,6 +543,7 @@ nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp)
> > >  
> > >  	/* Now call the procedure handler, and encode NFS status. */
> > >  	nfserr = proc->pc_func(rqstp, rqstp->rq_argp, rqstp->rq_resp);
> > > +	nfserr = map_new_errors(rqstp->rq_vers, nfserr);
> > >  	if (nfserr == nfserr_jukebox && rqstp->rq_vers == 2)
> > >  		nfserr = nfserr_dropit;
> > >  	if (nfserr == nfserr_dropit) {
> 
> Does that look sane?

OK, but shouldn't it be mapped into EACCES? EPERM means that an
operation failed because the caller is "either not a privileged user
(root) or the owner of the target of the operation".

Trond