From owner-cvs-src-old@FreeBSD.ORG Wed Jun 24 18:30:25 2009 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6369210656A9 for ; Wed, 24 Jun 2009 18:30:25 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 4E9A88FC1B for ; Wed, 24 Jun 2009 18:30:25 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5OIUP6Q042277 for ; Wed, 24 Jun 2009 18:30:25 GMT (envelope-from rmacklem@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5OIUPUC042276 for cvs-src-old@freebsd.org; Wed, 24 Jun 2009 18:30:25 GMT (envelope-from rmacklem@repoman.freebsd.org) Message-Id: <200906241830.n5OIUPUC042276@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to rmacklem@repoman.freebsd.org using -f From: Rick Macklem Date: Wed, 24 Jun 2009 18:30:14 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/rpc/rpcsec_gss rpcsec_gss.c X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 18:30:26 -0000 rmacklem 2009-06-24 18:30:14 UTC FreeBSD src repository Modified files: sys/rpc/rpcsec_gss rpcsec_gss.c Log: SVN rev 194878 on 2009-06-24 18:30:14Z by rmacklem If the initial attempt to refresh credentials in the RPCSEC_GSS client side fails, the entry in the cache is left with no valid context (gd_ctx == GSS_C_NO_CONTEXT). As such, subsequent hits on the cache will result in persistent authentication failure, even after the user has done a kinit or similar and acquired a new valid TGT. This patch adds a test for that case upon a cache hit and calls rpc_gss_init() to make another attempt at getting valid credentials. It also moves the setting of gc_proc to before the import of the principal name to ensure that, if that case fails, it will be detected as a failure after going to "out:". Reviewed by: dfr Approved by: kib (mentor) Revision Changes Path 1.2 +15 -3 src/sys/rpc/rpcsec_gss/rpcsec_gss.c