Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 15 Oct 2012 01:09:34 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r241570 - stable/9/sys/rpc/rpcsec_gss
Message-ID:  <201210150109.q9F19YDW081202@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rmacklem
Date: Mon Oct 15 01:09:33 2012
New Revision: 241570
URL: http://svn.freebsd.org/changeset/base/241570

Log:
  MFC: r241097
  Attila Bogar and Herbert Poeckl both reported similar problems
  w.r.t. a Linux NFS client doing a krb5 NFS mount against the
  FreeBSD server. We determined this was a Linux bug:
  http://www.spinics.net/lists/linux-nfs/msg32466.html, however
  the mount failed to work, because the Destroy operation with a
  bogus encrypted checksum destroyed the authenticator handle.
  This patch changes the rpcsec_gss code so that it doesn't
  Destroy the authenticator handle for this case and, as such,
  the Linux mount will work.

Modified:
  stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Mon Oct 15 00:24:23 2012	(r241569)
+++ stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Mon Oct 15 01:09:33 2012	(r241570)
@@ -984,7 +984,7 @@ svc_rpc_gss_accept_sec_context(struct sv
 
 static bool_t
 svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg,
-    gss_qop_t *qop)
+    gss_qop_t *qop, rpc_gss_proc_t gcproc)
 {
 	struct opaque_auth	*oa;
 	gss_buffer_desc		 rpcbuf, checksum;
@@ -1024,7 +1024,8 @@ svc_rpc_gss_validate(struct svc_rpc_gss_
 	if (maj_stat != GSS_S_COMPLETE) {
 		rpc_gss_log_status("gss_verify_mic", client->cl_mech,
 		    maj_stat, min_stat);
-		client->cl_state = CLIENT_STALE;
+		if (gcproc != RPCSEC_GSS_DESTROY)
+			client->cl_state = CLIENT_STALE;
 		return (FALSE);
 	}
 
@@ -1358,7 +1359,7 @@ svc_rpc_gss(struct svc_req *rqst, struct
 			break;
 		}
 
-		if (!svc_rpc_gss_validate(client, msg, &qop)) {
+		if (!svc_rpc_gss_validate(client, msg, &qop, gc.gc_proc)) {
 			result = RPCSEC_GSS_CREDPROBLEM;
 			break;
 		}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210150109.q9F19YDW081202>