All of lore.kernel.org
 help / color / mirror / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Weston Andros Adamson <dros@netapp.com>
Cc: Trond.Myklebust@netapp.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 0/5] nfs4.1: Initial SP4_MACH_CRED implementation
Date: Thu, 8 Aug 2013 11:56:43 -0400	[thread overview]
Message-ID: <20130808155643.GK5282@fieldses.org> (raw)
In-Reply-To: <1375823311-18457-1-git-send-email-dros@netapp.com>

On Tue, Aug 06, 2013 at 05:08:26PM -0400, Weston Andros Adamson wrote:
> These patches are the initial client-side SP4_MACH_CRED implementation.
> 
> Patch 1 is a repost with a few cleanups
> 
> Patch 2 adds the sp4 handler that replaces the cred on an rpc message (and
> picks the right rpc_clnt).  Note that for now, we always use the machine cred
> if supported - we could only use it if the user cred expires, but this is
> simple and spec compliant.

So anything on the spo_may_enforce_list will *always* use the machine
cred?

I wonder....  This is within the letter of the spec, but the spec also
does also give the motivation.  ("The purpose of spo_must_allow is to
allow clients to solve the following conundrum....")

I'd worry that server implementors will also stick to the letter of the
spec and allow this, but also design under the assumption that this is a
rare case.  (E.g., allow the access but trigger some extra auditing??)

I'd probably try it this way first too, as you say, it's simpler, but I
wonder whether it's really what we want to client doing all the time.

> Patch 3-5 implement SP4_MACH_CRED "features":
>   - cleanup - CLOSE and LOCKU use machine cred
>   - secinfo - SECINFO and SECINFO_NO_NAME use machine cred
>   - stateid - TEST_STATEID and FREE_STATEID use machine cred
> 
> There are three more features that I've been working on, but need to be tested
> before I post:
>   - commit - COMMIT uses machine cred
>   - write - WRITE uses machine cred, forces stable writes unless commit feature
>             is also enabled
>   - recovery - OPEN and LOCK can use machine cred - only in recovery.
> 
> The commit and write cases should be easy to test against a hacked nfsd, but
> I need to think more about how to test the recovery stuff...

Can't you just hack nfsd to allow those ops and then do a server
restart, or try Bryan's fault-injection interface if you want to test
some more exotic recovery scenario?

--b.

  parent reply	other threads:[~2013-08-08 15:56 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-06 21:08 [PATCH 0/5] nfs4.1: Initial SP4_MACH_CRED implementation Weston Andros Adamson
2013-08-06 21:08 ` [PATCH 1/5] nfs4.1: Minimal " Weston Andros Adamson
2013-08-06 21:08 ` [PATCH 2/5] nfs4.1: add state protection handler Weston Andros Adamson
2013-08-06 21:08 ` [PATCH 3/5] nfs4.1: Add SP4_MACH_CRED cleanup support Weston Andros Adamson
2013-08-06 21:08 ` [PATCH 4/5] nfs4.1: Add SP4_MACH_CRED secinfo support Weston Andros Adamson
2013-08-06 21:08 ` [PATCH 5/5] nfs4.1: Add SP4_MACH_CRED stateid support Weston Andros Adamson
2013-08-07 18:14 ` [PATCH 0/5] nfs4.1: Initial SP4_MACH_CRED implementation Adamson, Dros
2013-08-08 15:56 ` J. Bruce Fields [this message]
2013-08-08 16:21   ` Adamson, Dros

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130808155643.GK5282@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Trond.Myklebust@netapp.com \
    --cc=dros@netapp.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.