aboutsummaryrefslogtreecommitdiff
path: root/net/rfkill
diff options
context:
space:
mode:
authorAndy Adamson <andros@netapp.com>2012-11-27 10:34:19 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-11-29 10:50:32 -0800
commit14384c7346f4d6480503b825a474006a654d50e2 (patch)
tree102f7a97b454cfe3a2a555f4d25a6a6593921b5a /net/rfkill
parentfa7b5d69efb4db4ee60adcefa86bac1efd8e8b45 (diff)
SUNRPC handle EKEYEXPIRED in call_refreshresult
commit eb96d5c97b0825d542e9c4ba5e0a22b519355166 upstream. Currently, when an RPCSEC_GSS context has expired or is non-existent and the users (Kerberos) credentials have also expired or are non-existent, the client receives the -EKEYEXPIRED error and tries to refresh the context forever. If an application is performing I/O, or other work against the share, the application hangs, and the user is not prompted to refresh/establish their credentials. This can result in a denial of service for other users. Users are expected to manage their Kerberos credential lifetimes to mitigate this issue. Move the -EKEYEXPIRED handling into the RPC layer. Try tk_cred_retry number of times to refresh the gss_context, and then return -EACCES to the application. Signed-off-by: Andy Adamson <andros@netapp.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> [bwh: Backported to 3.2: - Adjust context - Drop change to nfs4_handle_reclaim_lease_error()] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/rfkill')
0 files changed, 0 insertions, 0 deletions