From owner-svn-src-all@FreeBSD.ORG  Mon Oct 15 01:13:37 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 029C9C8B;
 Mon, 15 Oct 2012 01:13:37 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
 by mx1.freebsd.org (Postfix) with ESMTP id DF0528FC18;
 Mon, 15 Oct 2012 01:13:36 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
 by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q9F1DapH081883;
 Mon, 15 Oct 2012 01:13:36 GMT
 (envelope-from rmacklem@svn.freebsd.org)
Received: (from rmacklem@localhost)
 by svn.freebsd.org (8.14.4/8.14.4/Submit) id q9F1Da5P081881;
 Mon, 15 Oct 2012 01:13:36 GMT
 (envelope-from rmacklem@svn.freebsd.org)
Message-Id: <201210150113.q9F1Da5P081881@svn.freebsd.org>
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Mon, 15 Oct 2012 01:13:36 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject: svn commit: r241571 - stable/8/sys/rpc/rpcsec_gss
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Oct 2012 01:13:37 -0000

Author: rmacklem
Date: Mon Oct 15 01:13:36 2012
New Revision: 241571
URL: http://svn.freebsd.org/changeset/base/241571

Log:
  MFC: r241097
  Attila Bogar and Herbert Poeckl both reported similar problems
  w.r.t. a Linux NFS client doing a krb5 NFS mount against the
  FreeBSD server. We determined this was a Linux bug:
  http://www.spinics.net/lists/linux-nfs/msg32466.html, however
  the mount failed to work, because the Destroy operation with a
  bogus encrypted checksum destroyed the authenticator handle.
  This patch changes the rpcsec_gss code so that it doesn't
  Destroy the authenticator handle for this case and, as such,
  the Linux mount will work.

Modified:
  stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/rpc/   (props changed)

Modified: stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Mon Oct 15 01:09:33 2012	(r241570)
+++ stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Mon Oct 15 01:13:36 2012	(r241571)
@@ -984,7 +984,7 @@ svc_rpc_gss_accept_sec_context(struct sv
 
 static bool_t
 svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg,
-    gss_qop_t *qop)
+    gss_qop_t *qop, rpc_gss_proc_t gcproc)
 {
 	struct opaque_auth	*oa;
 	gss_buffer_desc		 rpcbuf, checksum;
@@ -1024,7 +1024,8 @@ svc_rpc_gss_validate(struct svc_rpc_gss_
 	if (maj_stat != GSS_S_COMPLETE) {
 		rpc_gss_log_status("gss_verify_mic", client->cl_mech,
 		    maj_stat, min_stat);
-		client->cl_state = CLIENT_STALE;
+		if (gcproc != RPCSEC_GSS_DESTROY)
+			client->cl_state = CLIENT_STALE;
 		return (FALSE);
 	}
 
@@ -1358,7 +1359,7 @@ svc_rpc_gss(struct svc_req *rqst, struct
 			break;
 		}
 
-		if (!svc_rpc_gss_validate(client, msg, &qop)) {
+		if (!svc_rpc_gss_validate(client, msg, &qop, gc.gc_proc)) {
 			result = RPCSEC_GSS_CREDPROBLEM;
 			break;
 		}