Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Oct 2012 00:50:15 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r242018 - stable/8/sys/rpc/rpcsec_gss
Message-ID:  <201210250050.q9P0oFct034611@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rmacklem
Date: Thu Oct 25 00:50:14 2012
New Revision: 242018
URL: http://svn.freebsd.org/changeset/base/242018

Log:
  MFC: r241582
  Add a comment describing why r241097 was done.

Modified:
  stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/rpc/   (props changed)

Modified: stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Thu Oct 25 00:45:51 2012	(r242017)
+++ stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Thu Oct 25 00:50:14 2012	(r242018)
@@ -1024,6 +1024,17 @@ svc_rpc_gss_validate(struct svc_rpc_gss_
 	if (maj_stat != GSS_S_COMPLETE) {
 		rpc_gss_log_status("gss_verify_mic", client->cl_mech,
 		    maj_stat, min_stat);
+		/*
+		 * Attila Bogar and Herbert Poeckl reported similar problems
+		 * w.r.t. a Linux NFS client doing a krb5 NFS mount against the
+		 * FreeBSD server. We determined this was a Linux bug:
+		 * http://www.spinics.net/lists/linux-nfs/msg32466.html, where
+		 * the mount failed to work because a Destroy operation with a
+		 * bogus encrypted checksum destroyed the authenticator handle.
+		 * Since the checksum is bogus (gss_verify_mic() failed), it
+		 * doesn't make sense to destroy the handle and not doing so
+		 * fixes the Linux mount.
+		 */
 		if (gcproc != RPCSEC_GSS_DESTROY)
 			client->cl_state = CLIENT_STALE;
 		return (FALSE);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210250050.q9P0oFct034611>