aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/fs/nfsserver/nfs_nfsdstate.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c
index 908c02878b40..9f657d6948d4 100644
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -147,12 +147,20 @@ nfsrv_setclient(struct nfsrv_descript *nd, struct nfsclient **new_clpp,
if (nfsrv_openpluslock > NFSRV_V4STATELIMIT)
return (NFSERR_RESOURCE);
- if ((nd->nd_flag & ND_GSS) && nfsrv_nogsscallback)
+ if (nfsrv_issuedelegs == 0 ||
+ ((nd->nd_flag & ND_GSS) != 0 && nfsrv_nogsscallback != 0))
/*
- * Don't do callbacks for AUTH_GSS.
- * (Since these aren't yet debugged, they might cause the
- * server to crap out, if they get past the Init call to
- * the client.)
+ * Don't do callbacks when delegations are disabled or
+ * for AUTH_GSS unless enabled via nfsrv_nogsscallback.
+ * If establishing a callback connection is attempted
+ * when a firewall is blocking the callback path, the
+ * server may wait too long for the connect attempt to
+ * succeed during the Open. Some clients, such as Linux,
+ * may timeout and give up on the Open before the server
+ * replies. Also, since AUTH_GSS callbacks are not
+ * yet interoperability tested, they might cause the
+ * server to crap out, if they get past the Init call to
+ * the client.
*/
new_clp->lc_program = 0;