Lines 794-805
svc_rpc_gss_build_ucred(struct svc_rpc_g
Link Here
|
794 |
uc->gidlist = client->cl_gid_storage; |
794 |
uc->gidlist = client->cl_gid_storage; |
795 |
|
795 |
|
796 |
numgroups = NGROUPS; |
796 |
numgroups = NGROUPS; |
797 |
maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech, |
797 |
if (name != NULL) { |
798 |
&uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]); |
798 |
maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech, |
799 |
if (GSS_ERROR(maj_stat)) |
799 |
&uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]); |
|
|
800 |
if (GSS_ERROR(maj_stat)) |
801 |
uc->gidlen = 0; |
802 |
else |
803 |
uc->gidlen = numgroups; |
804 |
} else |
800 |
uc->gidlen = 0; |
805 |
uc->gidlen = 0; |
801 |
else |
|
|
802 |
uc->gidlen = numgroups; |
803 |
} |
806 |
} |
804 |
|
807 |
|
805 |
static void |
808 |
static void |
Lines 841-846
svc_rpc_gss_accept_sec_context(struct sv
Link Here
|
841 |
OM_uint32 maj_stat = 0, min_stat = 0, ret_flags; |
844 |
OM_uint32 maj_stat = 0, min_stat = 0, ret_flags; |
842 |
OM_uint32 cred_lifetime; |
845 |
OM_uint32 cred_lifetime; |
843 |
struct svc_rpc_gss_svc_name *sname; |
846 |
struct svc_rpc_gss_svc_name *sname; |
|
|
847 |
gss_name_t cname; |
844 |
|
848 |
|
845 |
rpc_gss_log_debug("in svc_rpc_gss_accept_context()"); |
849 |
rpc_gss_log_debug("in svc_rpc_gss_accept_context()"); |
846 |
|
850 |
|
Lines 854-859
svc_rpc_gss_accept_sec_context(struct sv
Link Here
|
854 |
return (FALSE); |
858 |
return (FALSE); |
855 |
} |
859 |
} |
856 |
|
860 |
|
|
|
861 |
cname = NULL; |
857 |
/* |
862 |
/* |
858 |
* First time round, try all the server names we have until |
863 |
* First time round, try all the server names we have until |
859 |
* one matches. Afterwards, stick with that one. |
864 |
* one matches. Afterwards, stick with that one. |
Lines 870-876
svc_rpc_gss_accept_sec_context(struct sv
Link Here
|
870 |
sname->sn_cred, |
875 |
sname->sn_cred, |
871 |
&recv_tok, |
876 |
&recv_tok, |
872 |
GSS_C_NO_CHANNEL_BINDINGS, |
877 |
GSS_C_NO_CHANNEL_BINDINGS, |
873 |
&client->cl_cname, |
878 |
&cname, |
874 |
&mech, |
879 |
&mech, |
875 |
&gr->gr_token, |
880 |
&gr->gr_token, |
876 |
&ret_flags, |
881 |
&ret_flags, |
Lines 903-909
svc_rpc_gss_accept_sec_context(struct sv
Link Here
|
903 |
client->cl_sname->sn_cred, |
908 |
client->cl_sname->sn_cred, |
904 |
&recv_tok, |
909 |
&recv_tok, |
905 |
GSS_C_NO_CHANNEL_BINDINGS, |
910 |
GSS_C_NO_CHANNEL_BINDINGS, |
906 |
&client->cl_cname, |
911 |
&cname, |
907 |
&mech, |
912 |
&mech, |
908 |
&gr->gr_token, |
913 |
&gr->gr_token, |
909 |
&ret_flags, |
914 |
&ret_flags, |
Lines 954-973
svc_rpc_gss_accept_sec_context(struct sv
Link Here
|
954 |
*/ |
959 |
*/ |
955 |
client->cl_rawcred.version = RPCSEC_GSS_VERSION; |
960 |
client->cl_rawcred.version = RPCSEC_GSS_VERSION; |
956 |
rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism); |
961 |
rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism); |
957 |
maj_stat = gss_export_name(&min_stat, client->cl_cname, |
962 |
if (cname != NULL) { |
958 |
&export_name); |
963 |
maj_stat = gss_export_name(&min_stat, cname, |
959 |
if (maj_stat != GSS_S_COMPLETE) { |
964 |
&export_name); |
960 |
rpc_gss_log_status("gss_export_name", client->cl_mech, |
965 |
if (maj_stat != GSS_S_COMPLETE) { |
961 |
maj_stat, min_stat); |
966 |
rpc_gss_log_status("gss_export_name", client->cl_mech, |
962 |
return (FALSE); |
967 |
maj_stat, min_stat); |
|
|
968 |
return (FALSE); |
969 |
} |
970 |
client->cl_rawcred.client_principal = |
971 |
mem_alloc(sizeof(*client->cl_rawcred.client_principal) |
972 |
+ export_name.length); |
973 |
client->cl_rawcred.client_principal->len = export_name.length; |
974 |
memcpy(client->cl_rawcred.client_principal->name, |
975 |
export_name.value, export_name.length); |
976 |
gss_release_buffer(&min_stat, &export_name); |
977 |
} else { |
978 |
printf("svc_rpcsec_gss: cname NULL\n"); |
979 |
if (client->cl_rawcred.client_principal == NULL) |
980 |
printf("svc_rpcsec_gss: client_princ NULL\n"); |
981 |
else |
982 |
printf("svc_rpcsec_gss: client_princ not NULL\n"); |
963 |
} |
983 |
} |
964 |
client->cl_rawcred.client_principal = |
|
|
965 |
mem_alloc(sizeof(*client->cl_rawcred.client_principal) |
966 |
+ export_name.length); |
967 |
client->cl_rawcred.client_principal->len = export_name.length; |
968 |
memcpy(client->cl_rawcred.client_principal->name, |
969 |
export_name.value, export_name.length); |
970 |
gss_release_buffer(&min_stat, &export_name); |
971 |
client->cl_rawcred.svc_principal = |
984 |
client->cl_rawcred.svc_principal = |
972 |
client->cl_sname->sn_principal; |
985 |
client->cl_sname->sn_principal; |
973 |
client->cl_rawcred.service = gc->gc_svc; |
986 |
client->cl_rawcred.service = gc->gc_svc; |
Lines 976-984
svc_rpc_gss_accept_sec_context(struct sv
Link Here
|
976 |
* Use gss_pname_to_uid to map to unix creds. For |
989 |
* Use gss_pname_to_uid to map to unix creds. For |
977 |
* kerberos5, this uses krb5_aname_to_localname. |
990 |
* kerberos5, this uses krb5_aname_to_localname. |
978 |
*/ |
991 |
*/ |
979 |
svc_rpc_gss_build_ucred(client, client->cl_cname); |
992 |
svc_rpc_gss_build_ucred(client, cname); |
980 |
svc_rpc_gss_set_flavor(client); |
993 |
svc_rpc_gss_set_flavor(client); |
981 |
gss_release_name(&min_stat, &client->cl_cname); |
994 |
if (cname != NULL) |
|
|
995 |
gss_release_name(&min_stat, &cname); |
982 |
|
996 |
|
983 |
#ifdef DEBUG |
997 |
#ifdef DEBUG |
984 |
{ |
998 |
{ |
Lines 986-996
svc_rpc_gss_accept_sec_context(struct sv
Link Here
|
986 |
|
1000 |
|
987 |
gss_oid_to_str(&min_stat, mech, &mechname); |
1001 |
gss_oid_to_str(&min_stat, mech, &mechname); |
988 |
|
1002 |
|
989 |
rpc_gss_log_debug("accepted context for %s with " |
1003 |
if (client->cl_rawcred.client_principal != NULL) |
990 |
"<mech %.*s, qop %d, svc %d>", |
1004 |
rpc_gss_log_debug("accepted context for %s with " |
991 |
client->cl_rawcred.client_principal->name, |
1005 |
"<mech %.*s, qop %d, svc %d>", |
992 |
mechname.length, (char *)mechname.value, |
1006 |
client->cl_rawcred.client_principal->name, |
993 |
client->cl_qop, client->cl_rawcred.service); |
1007 |
mechname.length, (char *)mechname.value, |
|
|
1008 |
client->cl_qop, client->cl_rawcred.service); |
1009 |
else |
1010 |
rpc_gss_log_debug("accepted context for no principal with " |
1011 |
"<mech %.*s, qop %d, svc %d>", |
1012 |
mechname.length, (char *)mechname.value, |
1013 |
client->cl_qop, client->cl_rawcred.service); |
994 |
|
1014 |
|
995 |
gss_release_buffer(&min_stat, &mechname); |
1015 |
gss_release_buffer(&min_stat, &mechname); |
996 |
} |
1016 |
} |