diff options
author | rmacklem <rmacklem@FreeBSD.org> | 2012-10-01 12:28:58 +0000 |
---|---|---|
committer | rmacklem <rmacklem@FreeBSD.org> | 2012-10-01 12:28:58 +0000 |
commit | 9290b3731bca094d5f675d971a1bfb4b8c606e3f (patch) | |
tree | b750e661ede8d7cc5ebc3208a821cd9456fafae8 /sys/rpc | |
parent | 53bc32bb8f91732cb52721f120f0430b84dd588b (diff) | |
download | FreeBSD-src-9290b3731bca094d5f675d971a1bfb4b8c606e3f.zip FreeBSD-src-9290b3731bca094d5f675d971a1bfb4b8c606e3f.tar.gz |
Attila Bogar and Herbert Poeckl both reported similar problems
w.r.t. a Linux NFS client doing a krb5 NFS mount against the
FreeBSD server. We determined this was a Linux bug:
http://www.spinics.net/lists/linux-nfs/msg32466.html, however
the mount failed to work, because the Destroy operation with a
bogus encrypted checksum destroyed the authenticator handle.
This patch changes the rpcsec_gss code so that it doesn't
Destroy the authenticator handle for this case and, as such,
the Linux mount will work.
Tested by: Attila Bogar and Herbert Poeckl
MFC after: 2 weeks
Diffstat (limited to 'sys/rpc')
-rw-r--r-- | sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index a4253a4..dadd36e 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -984,7 +984,7 @@ svc_rpc_gss_accept_sec_context(struct svc_rpc_gss_client *client, static bool_t svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, - gss_qop_t *qop) + gss_qop_t *qop, rpc_gss_proc_t gcproc) { struct opaque_auth *oa; gss_buffer_desc rpcbuf, checksum; @@ -1024,7 +1024,8 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, if (maj_stat != GSS_S_COMPLETE) { rpc_gss_log_status("gss_verify_mic", client->cl_mech, maj_stat, min_stat); - client->cl_state = CLIENT_STALE; + if (gcproc != RPCSEC_GSS_DESTROY) + client->cl_state = CLIENT_STALE; return (FALSE); } @@ -1358,7 +1359,7 @@ svc_rpc_gss(struct svc_req *rqst, struct rpc_msg *msg) break; } - if (!svc_rpc_gss_validate(client, msg, &qop)) { + if (!svc_rpc_gss_validate(client, msg, &qop, gc.gc_proc)) { result = RPCSEC_GSS_CREDPROBLEM; break; } |