984c71f903
Without this patch, nfsd_checkrootexp() returns failure and then the NFSv4 operation would reply NFSERR_WRONGSEC. RFC5661 Sec. 2.6 only allows a few NFSv4 operations, none of which call nfsv4_checktootexp(), to return NFSERR_WRONGSEC. This patch modifies nfsd_checkrootexp() to return the error instead of a boolean and sets the returned error to an RPC layer AUTH_ERR, as discussed on nfsv4@ietf.org. The patch also fixes nfsd_errmap() so that the pseudo error NFSERR_AUTHERR is handled correctly such that an RPC layer AUTH_ERR is replied to the NFSv4 client. The two new "enum auth_stat" values have not yet been assigned by IANA, but are the expected next two values. The effect on extant NFSv4 clients of this change appears limited to reporting a different failure error when a mount that does not use adequate security is attempted. MFC after: 2 weeks |
||
|---|---|---|
| .. | ||
| rpcsec_gss | ||
| rpcsec_tls | ||
| auth_none.c | ||
| auth_unix.c | ||
| auth.h | ||
| authunix_prot.c | ||
| clnt_bck.c | ||
| clnt_dg.c | ||
| clnt_rc.c | ||
| clnt_stat.h | ||
| clnt_vc.c | ||
| clnt.h | ||
| getnetconfig.c | ||
| krpc.h | ||
| netconfig.h | ||
| nettype.h | ||
| pmap_prot.h | ||
| replay.c | ||
| replay.h | ||
| rpc_callmsg.c | ||
| rpc_com.h | ||
| rpc_generic.c | ||
| rpc_msg.h | ||
| rpc_prot.c | ||
| rpc.h | ||
| rpcb_clnt.c | ||
| rpcb_clnt.h | ||
| rpcb_prot.c | ||
| rpcb_prot.h | ||
| rpcm_subs.h | ||
| rpcsec_gss.h | ||
| rpcsec_tls.h | ||
| svc_auth_unix.c | ||
| svc_auth.c | ||
| svc_auth.h | ||
| svc_dg.c | ||
| svc_generic.c | ||
| svc_vc.c | ||
| svc.c | ||
| svc.h | ||
| types.h | ||
| xdr.h | ||