From 9290b3731bca094d5f675d971a1bfb4b8c606e3f Mon Sep 17 00:00:00 2001 From: rmacklem Date: Mon, 1 Oct 2012 12:28:58 +0000 Subject: Attila Bogar and Herbert Poeckl both reported similar problems w.r.t. a Linux NFS client doing a krb5 NFS mount against the FreeBSD server. We determined this was a Linux bug: http://www.spinics.net/lists/linux-nfs/msg32466.html, however the mount failed to work, because the Destroy operation with a bogus encrypted checksum destroyed the authenticator handle. This patch changes the rpcsec_gss code so that it doesn't Destroy the authenticator handle for this case and, as such, the Linux mount will work. Tested by: Attila Bogar and Herbert Poeckl MFC after: 2 weeks --- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sys/rpc') diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index a4253a4..dadd36e 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -984,7 +984,7 @@ svc_rpc_gss_accept_sec_context(struct svc_rpc_gss_client *client, static bool_t svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, - gss_qop_t *qop) + gss_qop_t *qop, rpc_gss_proc_t gcproc) { struct opaque_auth *oa; gss_buffer_desc rpcbuf, checksum; @@ -1024,7 +1024,8 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, if (maj_stat != GSS_S_COMPLETE) { rpc_gss_log_status("gss_verify_mic", client->cl_mech, maj_stat, min_stat); - client->cl_state = CLIENT_STALE; + if (gcproc != RPCSEC_GSS_DESTROY) + client->cl_state = CLIENT_STALE; return (FALSE); } @@ -1358,7 +1359,7 @@ svc_rpc_gss(struct svc_req *rqst, struct rpc_msg *msg) break; } - if (!svc_rpc_gss_validate(client, msg, &qop)) { + if (!svc_rpc_gss_validate(client, msg, &qop, gc.gc_proc)) { result = RPCSEC_GSS_CREDPROBLEM; break; } -- cgit v1.1