Attachment #201858 for bug #235582




	uc->gidlist = client->cl_gid_storage;

	numgroups = NGROUPS;
	if (name != NULL) {
		maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech,
		    &uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]);
		if (GSS_ERROR(maj_stat))
			uc->gidlen = 0;
		else
			uc->gidlen = numgroups;
	} else
		uc->gidlen = 0;
	else
		uc->gidlen = numgroups;
}

static void

		 */
		client->cl_rawcred.version = RPCSEC_GSS_VERSION;
		rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);
		if (client->cl_cname != NULL) {
			maj_stat = gss_export_name(&min_stat, client->cl_cname,
			    &export_name);
			if (maj_stat != GSS_S_COMPLETE) {
				rpc_gss_log_status("gss_export_name", client->cl_mech,
				    maj_stat, min_stat);
				return (FALSE);
			}
			client->cl_rawcred.client_principal =
				mem_alloc(sizeof(*client->cl_rawcred.client_principal)
				    + export_name.length);
			client->cl_rawcred.client_principal->len = export_name.length;
			memcpy(client->cl_rawcred.client_principal->name,
			    export_name.value, export_name.length);
			gss_release_buffer(&min_stat, &export_name);
		} else
			KASSERT(client->cl_rawcred.client_principal == NULL,
			    ("cl_rawcred.client_principal should be NULL"));
		client->cl_rawcred.svc_principal =
			client->cl_sname->sn_principal;
		client->cl_rawcred.service = gc->gc_svc;

		 */
		svc_rpc_gss_build_ucred(client, client->cl_cname);
		svc_rpc_gss_set_flavor(client);
		if (client->cl_cname != NULL)
			gss_release_name(&min_stat, &client->cl_cname);

#ifdef DEBUG
		{


			gss_oid_to_str(&min_stat, mech, &mechname);
			
			if (client->cl_rawcred.client_principal != NULL)
				rpc_gss_log_debug("accepted context for %s with "
				    "<mech %.*s, qop %d, svc %d>",
				    client->cl_rawcred.client_principal->name,
				    mechname.length, (char *)mechname.value,
				    client->cl_qop, client->cl_rawcred.service);
			else
				rpc_gss_log_debug("accepted context for no principal with "
				    "<mech %.*s, qop %d, svc %d>",
				    mechname.length, (char *)mechname.value,
				    client->cl_qop, client->cl_rawcred.service);

			gss_release_buffer(&min_stat, &mechname);
		}

Return to bug 235582

Lines 794-805 svc_rpc_gss_build_ucred(struct svc_rpc_g Link Here

(-)rpc/rpcsec_gss/svc_rpcsec_gss.c (-25 / +39 lines)
794	uc->gidlist = client->cl_gid_storage;	794	uc->gidlist = client->cl_gid_storage;
795		795
796	numgroups = NGROUPS;	796	numgroups = NGROUPS;
797	maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech,	797	if (name != NULL) {
798	&uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]);	798	maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech,
799	if (GSS_ERROR(maj_stat))	799	&uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]);
		800	if (GSS_ERROR(maj_stat))
		801	uc->gidlen = 0;
		802	else
		803	uc->gidlen = numgroups;
		804	} else
800	uc->gidlen = 0;	805	uc->gidlen = 0;
801	else
802	uc->gidlen = numgroups;
803	}	806	}
804		807
805	static void	808	static void
Lines 954-973 svc_rpc_gss_accept_sec_context(struct sv Link Here
954	*/	957	*/
955	client->cl_rawcred.version = RPCSEC_GSS_VERSION;	958	client->cl_rawcred.version = RPCSEC_GSS_VERSION;
956	rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);	959	rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);
957	maj_stat = gss_export_name(&min_stat, client->cl_cname,	960	if (client->cl_cname != NULL) {
958	&export_name);	961	maj_stat = gss_export_name(&min_stat, client->cl_cname,
959	if (maj_stat != GSS_S_COMPLETE) {	962	&export_name);
960	rpc_gss_log_status("gss_export_name", client->cl_mech,	963	if (maj_stat != GSS_S_COMPLETE) {
961	maj_stat, min_stat);	964	rpc_gss_log_status("gss_export_name", client->cl_mech,
962	return (FALSE);	965	maj_stat, min_stat);
963	}	966	return (FALSE);
964	client->cl_rawcred.client_principal =	967	}
965	mem_alloc(sizeof(*client->cl_rawcred.client_principal)	968	client->cl_rawcred.client_principal =
966	+ export_name.length);	969	mem_alloc(sizeof(*client->cl_rawcred.client_principal)
967	client->cl_rawcred.client_principal->len = export_name.length;	970	+ export_name.length);
968	memcpy(client->cl_rawcred.client_principal->name,	971	client->cl_rawcred.client_principal->len = export_name.length;
969	export_name.value, export_name.length);	972	memcpy(client->cl_rawcred.client_principal->name,
970	gss_release_buffer(&min_stat, &export_name);	973	export_name.value, export_name.length);
		974	gss_release_buffer(&min_stat, &export_name);
		975	} else
		976	KASSERT(client->cl_rawcred.client_principal == NULL,
		977	("cl_rawcred.client_principal should be NULL"));
971	client->cl_rawcred.svc_principal =	978	client->cl_rawcred.svc_principal =
972	client->cl_sname->sn_principal;	979	client->cl_sname->sn_principal;
973	client->cl_rawcred.service = gc->gc_svc;	980	client->cl_rawcred.service = gc->gc_svc;
Lines 978-984 svc_rpc_gss_accept_sec_context(struct sv Link Here
978	*/	985	*/
979	svc_rpc_gss_build_ucred(client, client->cl_cname);	986	svc_rpc_gss_build_ucred(client, client->cl_cname);
980	svc_rpc_gss_set_flavor(client);	987	svc_rpc_gss_set_flavor(client);
981	gss_release_name(&min_stat, &client->cl_cname);	988	if (client->cl_cname != NULL)
		989	gss_release_name(&min_stat, &client->cl_cname);
982		990
983	#ifdef DEBUG	991	#ifdef DEBUG
984	{	992	{
Lines 986-996 svc_rpc_gss_accept_sec_context(struct sv Link Here
986		994
987	gss_oid_to_str(&min_stat, mech, &mechname);	995	gss_oid_to_str(&min_stat, mech, &mechname);
988		996
989	rpc_gss_log_debug("accepted context for %s with "	997	if (client->cl_rawcred.client_principal != NULL)
990	"<mech %.*s, qop %d, svc %d>",	998	rpc_gss_log_debug("accepted context for %s with "
991	client->cl_rawcred.client_principal->name,	999	"<mech %.*s, qop %d, svc %d>",
992	mechname.length, (char *)mechname.value,	1000	client->cl_rawcred.client_principal->name,
993	client->cl_qop, client->cl_rawcred.service);	1001	mechname.length, (char *)mechname.value,
		1002	client->cl_qop, client->cl_rawcred.service);
		1003	else
		1004	rpc_gss_log_debug("accepted context for no principal with "
		1005	"<mech %.*s, qop %d, svc %d>",
		1006	mechname.length, (char *)mechname.value,
		1007	client->cl_qop, client->cl_rawcred.service);
994		1008
995	gss_release_buffer(&min_stat, &mechname);	1009	gss_release_buffer(&min_stat, &mechname);
996	}	1010	}