Date: Mon, 15 Oct 2012 01:13:36 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r241571 - stable/8/sys/rpc/rpcsec_gss Message-ID: <201210150113.q9F1Da5P081881@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Mon Oct 15 01:13:36 2012 New Revision: 241571 URL: http://svn.freebsd.org/changeset/base/241571 Log: MFC: r241097 Attila Bogar and Herbert Poeckl both reported similar problems w.r.t. a Linux NFS client doing a krb5 NFS mount against the FreeBSD server. We determined this was a Linux bug: http://www.spinics.net/lists/linux-nfs/msg32466.html, however the mount failed to work, because the Destroy operation with a bogus encrypted checksum destroyed the authenticator handle. This patch changes the rpcsec_gss code so that it doesn't Destroy the authenticator handle for this case and, as such, the Linux mount will work. Modified: stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/rpc/ (props changed) Modified: stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c ============================================================================== --- stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Oct 15 01:09:33 2012 (r241570) +++ stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Mon Oct 15 01:13:36 2012 (r241571) @@ -984,7 +984,7 @@ svc_rpc_gss_accept_sec_context(struct sv static bool_t svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, - gss_qop_t *qop) + gss_qop_t *qop, rpc_gss_proc_t gcproc) { struct opaque_auth *oa; gss_buffer_desc rpcbuf, checksum; @@ -1024,7 +1024,8 @@ svc_rpc_gss_validate(struct svc_rpc_gss_ if (maj_stat != GSS_S_COMPLETE) { rpc_gss_log_status("gss_verify_mic", client->cl_mech, maj_stat, min_stat); - client->cl_state = CLIENT_STALE; + if (gcproc != RPCSEC_GSS_DESTROY) + client->cl_state = CLIENT_STALE; return (FALSE); } @@ -1358,7 +1359,7 @@ svc_rpc_gss(struct svc_req *rqst, struct break; } - if (!svc_rpc_gss_validate(client, msg, &qop)) { + if (!svc_rpc_gss_validate(client, msg, &qop, gc.gc_proc)) { result = RPCSEC_GSS_CREDPROBLEM; break; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210150113.q9F1Da5P081881>