From: Jeff Layton <jlayton@redhat.com>
Date: Tue, 12 Jan 2010 12:32:51 +0000 (-0500)
Subject: gssd: on krb5 upcall, have gssd send a more granular error code
X-Git-Tag: nfs-utils-1-2-2-rc5
X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=commitdiff_plain;h=289ad31e013029c924c2777b4d3c0875b87db042;hp=289ad31e013029c924c2777b4d3c0875b87db042

gssd: on krb5 upcall, have gssd send a more granular error code

Currently if a krb5 context expires, GSSAPI authenticated RPC calls
start returning error (-EACCES in particular). This is bad when someone
has a long running job that's doing filesystem ops on a krb5 authenticated
NFS mount and just happens to forget to redo a 'kinit' in time.

The existing gssd always does a downcall with a '-1' error code if there
are problems, and the kernel always ignores this error code. Begin to
fix this by having gssd distinguish between someone that has no
credcache at all, and someone who has an expired one. In the case where
there is an existing credcache, have gssd downcall with an error code of
-EKEYEXPIRED. If there's not a credcache, then downcall with an error of
-EACCES.

We can then have the kernel use this error code to handle these
situations differently.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---