diff options
-rw-r--r-- | sys/fs/nfsserver/nfs_nfsdstate.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 908c02878b40..9f657d6948d4 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -147,12 +147,20 @@ nfsrv_setclient(struct nfsrv_descript *nd, struct nfsclient **new_clpp, if (nfsrv_openpluslock > NFSRV_V4STATELIMIT) return (NFSERR_RESOURCE); - if ((nd->nd_flag & ND_GSS) && nfsrv_nogsscallback) + if (nfsrv_issuedelegs == 0 || + ((nd->nd_flag & ND_GSS) != 0 && nfsrv_nogsscallback != 0)) /* - * Don't do callbacks for AUTH_GSS. - * (Since these aren't yet debugged, they might cause the - * server to crap out, if they get past the Init call to - * the client.) + * Don't do callbacks when delegations are disabled or + * for AUTH_GSS unless enabled via nfsrv_nogsscallback. + * If establishing a callback connection is attempted + * when a firewall is blocking the callback path, the + * server may wait too long for the connect attempt to + * succeed during the Open. Some clients, such as Linux, + * may timeout and give up on the Open before the server + * replies. Also, since AUTH_GSS callbacks are not + * yet interoperability tested, they might cause the + * server to crap out, if they get past the Init call to + * the client. */ new_clp->lc_program = 0; |