Date: Wed, 24 Jun 2009 18:30:14 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/rpc/rpcsec_gss rpcsec_gss.c Message-ID: <200906241830.n5OIUPUC042276@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rmacklem 2009-06-24 18:30:14 UTC
FreeBSD src repository
Modified files:
sys/rpc/rpcsec_gss rpcsec_gss.c
Log:
SVN rev 194878 on 2009-06-24 18:30:14Z by rmacklem
If the initial attempt to refresh credentials in the RPCSEC_GSS client
side fails, the entry in the cache is left with no valid context
(gd_ctx == GSS_C_NO_CONTEXT). As such, subsequent hits on the cache
will result in persistent authentication failure, even after the user has
done a kinit or similar and acquired a new valid TGT. This patch adds a test
for that case upon a cache hit and calls rpc_gss_init() to make another
attempt at getting valid credentials. It also moves the setting of gc_proc
to before the import of the principal name to ensure that, if that case
fails, it will be detected as a failure after going to "out:".
Reviewed by: dfr
Approved by: kib (mentor)
Revision Changes Path
1.2 +15 -3 src/sys/rpc/rpcsec_gss/rpcsec_gss.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906241830.n5OIUPUC042276>