Date: Thu, 25 Oct 2012 00:50:15 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r242018 - stable/8/sys/rpc/rpcsec_gss Message-ID: <201210250050.q9P0oFct034611@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Thu Oct 25 00:50:14 2012 New Revision: 242018 URL: http://svn.freebsd.org/changeset/base/242018 Log: MFC: r241582 Add a comment describing why r241097 was done. Modified: stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/rpc/ (props changed) Modified: stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c ============================================================================== --- stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Thu Oct 25 00:45:51 2012 (r242017) +++ stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Thu Oct 25 00:50:14 2012 (r242018) @@ -1024,6 +1024,17 @@ svc_rpc_gss_validate(struct svc_rpc_gss_ if (maj_stat != GSS_S_COMPLETE) { rpc_gss_log_status("gss_verify_mic", client->cl_mech, maj_stat, min_stat); + /* + * Attila Bogar and Herbert Poeckl reported similar problems + * w.r.t. a Linux NFS client doing a krb5 NFS mount against the + * FreeBSD server. We determined this was a Linux bug: + * http://www.spinics.net/lists/linux-nfs/msg32466.html, where + * the mount failed to work because a Destroy operation with a + * bogus encrypted checksum destroyed the authenticator handle. + * Since the checksum is bogus (gss_verify_mic() failed), it + * doesn't make sense to destroy the handle and not doing so + * fixes the Linux mount. + */ if (gcproc != RPCSEC_GSS_DESTROY) client->cl_state = CLIENT_STALE; return (FALSE);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210250050.q9P0oFct034611>