--- rpc/rpcsec_gss/svc_rpcsec_gss.c 2019-02-08 19:19:29.390541000 -0500 +++ rpc/rpcsec_gss/svc_rpcsec_gss.c 2019-02-08 19:46:56.614047000 -0500 @@ -794,12 +794,15 @@ svc_rpc_gss_build_ucred(struct svc_rpc_g uc->gidlist = client->cl_gid_storage; numgroups = NGROUPS; - maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech, - &uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]); - if (GSS_ERROR(maj_stat)) + if (name != NULL) { + maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech, + &uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]); + if (GSS_ERROR(maj_stat)) + uc->gidlen = 0; + else + uc->gidlen = numgroups; + } else uc->gidlen = 0; - else - uc->gidlen = numgroups; } static void @@ -954,20 +957,24 @@ svc_rpc_gss_accept_sec_context(struct sv */ client->cl_rawcred.version = RPCSEC_GSS_VERSION; rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism); - maj_stat = gss_export_name(&min_stat, client->cl_cname, - &export_name); - if (maj_stat != GSS_S_COMPLETE) { - rpc_gss_log_status("gss_export_name", client->cl_mech, - maj_stat, min_stat); - return (FALSE); - } - client->cl_rawcred.client_principal = - mem_alloc(sizeof(*client->cl_rawcred.client_principal) - + export_name.length); - client->cl_rawcred.client_principal->len = export_name.length; - memcpy(client->cl_rawcred.client_principal->name, - export_name.value, export_name.length); - gss_release_buffer(&min_stat, &export_name); + if (client->cl_cname != NULL) { + maj_stat = gss_export_name(&min_stat, client->cl_cname, + &export_name); + if (maj_stat != GSS_S_COMPLETE) { + rpc_gss_log_status("gss_export_name", client->cl_mech, + maj_stat, min_stat); + return (FALSE); + } + client->cl_rawcred.client_principal = + mem_alloc(sizeof(*client->cl_rawcred.client_principal) + + export_name.length); + client->cl_rawcred.client_principal->len = export_name.length; + memcpy(client->cl_rawcred.client_principal->name, + export_name.value, export_name.length); + gss_release_buffer(&min_stat, &export_name); + } else + KASSERT(client->cl_rawcred.client_principal == NULL, + ("cl_rawcred.client_principal should be NULL")); client->cl_rawcred.svc_principal = client->cl_sname->sn_principal; client->cl_rawcred.service = gc->gc_svc; @@ -978,7 +985,8 @@ svc_rpc_gss_accept_sec_context(struct sv */ svc_rpc_gss_build_ucred(client, client->cl_cname); svc_rpc_gss_set_flavor(client); - gss_release_name(&min_stat, &client->cl_cname); + if (client->cl_cname != NULL) + gss_release_name(&min_stat, &client->cl_cname); #ifdef DEBUG { @@ -986,11 +994,17 @@ svc_rpc_gss_accept_sec_context(struct sv gss_oid_to_str(&min_stat, mech, &mechname); - rpc_gss_log_debug("accepted context for %s with " - "", - client->cl_rawcred.client_principal->name, - mechname.length, (char *)mechname.value, - client->cl_qop, client->cl_rawcred.service); + if (client->cl_rawcred.client_principal != NULL) + rpc_gss_log_debug("accepted context for %s with " + "", + client->cl_rawcred.client_principal->name, + mechname.length, (char *)mechname.value, + client->cl_qop, client->cl_rawcred.service); + else + rpc_gss_log_debug("accepted context for no principal with " + "", + mechname.length, (char *)mechname.value, + client->cl_qop, client->cl_rawcred.service); gss_release_buffer(&min_stat, &mechname); }