svn commit: r241570 - stable/9/sys/rpc/rpcsec_gss

[Rick Macklem]

Author: rmacklem
Date: Mon Oct 15 01:09:33 2012
New Revision: 241570
URL: http://svn.freebsd.org/changeset/base/241570

Log:
  MFC: r241097
  Attila Bogar and Herbert Poeckl both reported similar problems
  w.r.t. a Linux NFS client doing a krb5 NFS mount against the
  FreeBSD server. We determined this was a Linux bug:
  http://www.spinics.net/lists/linux-nfs/msg32466.html, however
  the mount failed to work, because the Destroy operation with a
  bogus encrypted checksum destroyed the authenticator handle.
  This patch changes the rpcsec_gss code so that it doesn't
  Destroy the authenticator handle for this case and, as such,
  the Linux mount will work.

Modified:
  stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
==============================================================================
--- stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Mon Oct 15 00:24:23 2012	(r241569)
+++ stable/9/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c	Mon Oct 15 01:09:33 2012	(r241570)
@@ -984,7 +984,7 @@ svc_rpc_gss_accept_sec_context(struct sv
 
 static bool_t
 svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg,
-    gss_qop_t *qop)
+    gss_qop_t *qop, rpc_gss_proc_t gcproc)
 {
 	struct opaque_auth	*oa;
 	gss_buffer_desc		 rpcbuf, checksum;
@@ -1024,7 +1024,8 @@ svc_rpc_gss_validate(struct svc_rpc_gss_
 	if (maj_stat != GSS_S_COMPLETE) {
 		rpc_gss_log_status("gss_verify_mic", client->cl_mech,
 		    maj_stat, min_stat);
-		client->cl_state = CLIENT_STALE;
+		if (gcproc != RPCSEC_GSS_DESTROY)
+			client->cl_state = CLIENT_STALE;
 		return (FALSE);
 	}
 
@@ -1358,7 +1359,7 @@ svc_rpc_gss(struct svc_req *rqst, struct
 			break;
 		}
 
-		if (!svc_rpc_gss_validate(client, msg, &qop)) {
+		if (!svc_rpc_gss_validate(client, msg, &qop, gc.gc_proc)) {
 			result = RPCSEC_GSS_CREDPROBLEM;
 			break;
 		}