svn commit: r242018 - stable/8/sys/rpc/rpcsec_gss
Rick Macklem
rmacklem at FreeBSD.org
Thu Oct 25 00:50:15 UTC 2012
Author: rmacklem
Date: Thu Oct 25 00:50:14 2012
New Revision: 242018
URL: http://svn.freebsd.org/changeset/base/242018
Log:
MFC: r241582
Add a comment describing why r241097 was done.
Modified:
stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/rpc/ (props changed)
Modified: stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Thu Oct 25 00:45:51 2012 (r242017)
+++ stable/8/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c Thu Oct 25 00:50:14 2012 (r242018)
@@ -1024,6 +1024,17 @@ svc_rpc_gss_validate(struct svc_rpc_gss_
if (maj_stat != GSS_S_COMPLETE) {
rpc_gss_log_status("gss_verify_mic", client->cl_mech,
maj_stat, min_stat);
+ /*
+ * Attila Bogar and Herbert Poeckl reported similar problems
+ * w.r.t. a Linux NFS client doing a krb5 NFS mount against the
+ * FreeBSD server. We determined this was a Linux bug:
+ * http://www.spinics.net/lists/linux-nfs/msg32466.html, where
+ * the mount failed to work because a Destroy operation with a
+ * bogus encrypted checksum destroyed the authenticator handle.
+ * Since the checksum is bogus (gss_verify_mic() failed), it
+ * doesn't make sense to destroy the handle and not doing so
+ * fixes the Linux mount.
+ */
if (gcproc != RPCSEC_GSS_DESTROY)
client->cl_state = CLIENT_STALE;
return (FALSE);
More information about the svn-src-all
mailing list