nfsd4: setclientid_confirm with unmatched verifier should fail A setclientid_confirm with (clientid, verifier) both matching an existing confirmed record is assumed to be a replay, but if the verifier doesn't match, it shouldn't be. This would be a very rare case, except that clients following https://tools.ietf.org/html/rfc7931#section-5.8 may depend on the failure. Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>

commit: 7d22fc11c7edeeac6f1c3f1ae0edcef4de08c6e0 [log] [tgz]
author: J. Bruce Fields <bfields@redhat.com> Tue Sep 20 20:55:36 2016 -0400
committer: J. Bruce Fields <bfields@redhat.com> Mon Sep 26 15:20:38 2016 -0400
tree: 51c6cdd75f7a6b424fc65cd8c72aec630c9746f5
parent: ebd7c72c63acc3d00944c88cbf96143a8cae179f [diff]
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 4062f4f..a0e5128 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c

@@ -3304,9 +3304,10 @@
 		goto out;
 	/* cases below refer to rfc 3530 section 14.2.34: */
 	if (!unconf || !same_verf(&confirm, &unconf->cl_confirm)) {
-		if (conf && !unconf) /* case 2: probable retransmit */
+		if (conf && same_verf(&confirm, &conf->cl_confirm)) {
+			/* case 2: probable retransmit */
 			status = nfs_ok;
-		else /* case 4: client hasn't noticed we rebooted yet? */
+		} else /* case 4: client hasn't noticed we rebooted yet? */
 			status = nfserr_stale_clientid;
 		goto out;
 	}
commit	7d22fc11c7edeeac6f1c3f1ae0edcef4de08c6e0	[log] [tgz]
author	J. Bruce Fields <bfields@redhat.com>	Tue Sep 20 20:55:36 2016 -0400
committer	J. Bruce Fields <bfields@redhat.com>	Mon Sep 26 15:20:38 2016 -0400
tree	51c6cdd75f7a6b424fc65cd8c72aec630c9746f5
parent	ebd7c72c63acc3d00944c88cbf96143a8cae179f [diff]