[Midnightbsd-cvs] src [8267] trunk/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c: add comment
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sat Sep 17 17:48:47 EDT 2016
Revision: 8267
http://svnweb.midnightbsd.org/src/?rev=8267
Author: laffer1
Date: 2016-09-17 17:48:47 -0400 (Sat, 17 Sep 2016)
Log Message:
-----------
add comment
Modified Paths:
--------------
trunk/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Modified: trunk/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
===================================================================
--- trunk/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c 2016-09-17 21:48:18 UTC (rev 8266)
+++ trunk/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c 2016-09-17 21:48:47 UTC (rev 8267)
@@ -1024,6 +1024,17 @@
if (maj_stat != GSS_S_COMPLETE) {
rpc_gss_log_status("gss_verify_mic", client->cl_mech,
maj_stat, min_stat);
+ /*
+ * Attila Bogar and Herbert Poeckl reported similar problems
+ * w.r.t. a Linux NFS client doing a krb5 NFS mount against the
+ * FreeBSD server. We determined this was a Linux bug:
+ * http://www.spinics.net/lists/linux-nfs/msg32466.html, where
+ * the mount failed to work because a Destroy operation with a
+ * bogus encrypted checksum destroyed the authenticator handle.
+ * Since the checksum is bogus (gss_verify_mic() failed), it
+ * doesn't make sense to destroy the handle and not doing so
+ * fixes the Linux mount.
+ */
if (gcproc != RPCSEC_GSS_DESTROY)
client->cl_state = CLIENT_STALE;
return (FALSE);
More information about the Midnightbsd-cvs
mailing list