Attachment #201862 for bug #235582

Lines 794-805 svc_rpc_gss_build_ucred(struct svc_rpc_g Link Here

(-)rpc/rpcsec_gss/svc_rpcsec_gss.c (-27 / +47 lines)
794	uc->gidlist = client->cl_gid_storage;	794	uc->gidlist = client->cl_gid_storage;
795		795
796	numgroups = NGROUPS;	796	numgroups = NGROUPS;
797	maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech,	797	if (name != NULL) {
798	&uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]);	798	maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech,
799	if (GSS_ERROR(maj_stat))	799	&uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]);
		800	if (GSS_ERROR(maj_stat))
		801	uc->gidlen = 0;
		802	else
		803	uc->gidlen = numgroups;
		804	} else
800	uc->gidlen = 0;	805	uc->gidlen = 0;
801	else
802	uc->gidlen = numgroups;
803	}	806	}
804		807
805	static void	808	static void
Lines 841-846 svc_rpc_gss_accept_sec_context(struct sv Link Here
841	OM_uint32 maj_stat = 0, min_stat = 0, ret_flags;	844	OM_uint32 maj_stat = 0, min_stat = 0, ret_flags;
842	OM_uint32 cred_lifetime;	845	OM_uint32 cred_lifetime;
843	struct svc_rpc_gss_svc_name *sname;	846	struct svc_rpc_gss_svc_name *sname;
		847	gss_name_t cname;
844		848
845	rpc_gss_log_debug("in svc_rpc_gss_accept_context()");	849	rpc_gss_log_debug("in svc_rpc_gss_accept_context()");
846		850
Lines 854-859 svc_rpc_gss_accept_sec_context(struct sv Link Here
854	return (FALSE);	858	return (FALSE);
855	}	859	}
856		860
		861	cname = NULL;
857	/*	862	/*
858	* First time round, try all the server names we have until	863	* First time round, try all the server names we have until
859	* one matches. Afterwards, stick with that one.	864	* one matches. Afterwards, stick with that one.
Lines 870-876 svc_rpc_gss_accept_sec_context(struct sv Link Here
870	sname->sn_cred,	875	sname->sn_cred,
871	&recv_tok,	876	&recv_tok,
872	GSS_C_NO_CHANNEL_BINDINGS,	877	GSS_C_NO_CHANNEL_BINDINGS,
873	&client->cl_cname,	878	&cname,
874	&mech,	879	&mech,
875	&gr->gr_token,	880	&gr->gr_token,
876	&ret_flags,	881	&ret_flags,
Lines 903-909 svc_rpc_gss_accept_sec_context(struct sv Link Here
903	client->cl_sname->sn_cred,	908	client->cl_sname->sn_cred,
904	&recv_tok,	909	&recv_tok,
905	GSS_C_NO_CHANNEL_BINDINGS,	910	GSS_C_NO_CHANNEL_BINDINGS,
906	&client->cl_cname,	911	&cname,
907	&mech,	912	&mech,
908	&gr->gr_token,	913	&gr->gr_token,
909	&ret_flags,	914	&ret_flags,
Lines 954-973 svc_rpc_gss_accept_sec_context(struct sv Link Here
954	*/	959	*/
955	client->cl_rawcred.version = RPCSEC_GSS_VERSION;	960	client->cl_rawcred.version = RPCSEC_GSS_VERSION;
956	rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);	961	rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);
957	maj_stat = gss_export_name(&min_stat, client->cl_cname,	962	if (cname != NULL) {
958	&export_name);	963	maj_stat = gss_export_name(&min_stat, cname,
959	if (maj_stat != GSS_S_COMPLETE) {	964	&export_name);
960	rpc_gss_log_status("gss_export_name", client->cl_mech,	965	if (maj_stat != GSS_S_COMPLETE) {
961	maj_stat, min_stat);	966	rpc_gss_log_status("gss_export_name", client->cl_mech,
962	return (FALSE);	967	maj_stat, min_stat);
		968	return (FALSE);
		969	}
		970	client->cl_rawcred.client_principal =
		971	mem_alloc(sizeof(*client->cl_rawcred.client_principal)
		972	+ export_name.length);
		973	client->cl_rawcred.client_principal->len = export_name.length;
		974	memcpy(client->cl_rawcred.client_principal->name,
		975	export_name.value, export_name.length);
		976	gss_release_buffer(&min_stat, &export_name);
		977	} else {
		978	printf("svc_rpcsec_gss: cname NULL\n");
		979	if (client->cl_rawcred.client_principal == NULL)
		980	printf("svc_rpcsec_gss: client_princ NULL\n");
		981	else
		982	printf("svc_rpcsec_gss: client_princ not NULL\n");
963	}	983	}
964	client->cl_rawcred.client_principal =
965	mem_alloc(sizeof(*client->cl_rawcred.client_principal)
966	+ export_name.length);
967	client->cl_rawcred.client_principal->len = export_name.length;
968	memcpy(client->cl_rawcred.client_principal->name,
969	export_name.value, export_name.length);
970	gss_release_buffer(&min_stat, &export_name);
971	client->cl_rawcred.svc_principal =	984	client->cl_rawcred.svc_principal =
972	client->cl_sname->sn_principal;	985	client->cl_sname->sn_principal;
973	client->cl_rawcred.service = gc->gc_svc;	986	client->cl_rawcred.service = gc->gc_svc;
Lines 976-984 svc_rpc_gss_accept_sec_context(struct sv Link Here
976	* Use gss_pname_to_uid to map to unix creds. For	989	* Use gss_pname_to_uid to map to unix creds. For
977	* kerberos5, this uses krb5_aname_to_localname.	990	* kerberos5, this uses krb5_aname_to_localname.
978	*/	991	*/
979	svc_rpc_gss_build_ucred(client, client->cl_cname);	992	svc_rpc_gss_build_ucred(client, cname);
980	svc_rpc_gss_set_flavor(client);	993	svc_rpc_gss_set_flavor(client);
981	gss_release_name(&min_stat, &client->cl_cname);	994	if (cname != NULL)
		995	gss_release_name(&min_stat, &cname);
982		996
983	#ifdef DEBUG	997	#ifdef DEBUG
984	{	998	{
Lines 986-996 svc_rpc_gss_accept_sec_context(struct sv Link Here
986		1000
987	gss_oid_to_str(&min_stat, mech, &mechname);	1001	gss_oid_to_str(&min_stat, mech, &mechname);
988		1002
989	rpc_gss_log_debug("accepted context for %s with "	1003	if (client->cl_rawcred.client_principal != NULL)
990	"<mech %.*s, qop %d, svc %d>",	1004	rpc_gss_log_debug("accepted context for %s with "
991	client->cl_rawcred.client_principal->name,	1005	"<mech %.*s, qop %d, svc %d>",
992	mechname.length, (char *)mechname.value,	1006	client->cl_rawcred.client_principal->name,
993	client->cl_qop, client->cl_rawcred.service);	1007	mechname.length, (char *)mechname.value,
		1008	client->cl_qop, client->cl_rawcred.service);
		1009	else
		1010	rpc_gss_log_debug("accepted context for no principal with "
		1011	"<mech %.*s, qop %d, svc %d>",
		1012	mechname.length, (char *)mechname.value,
		1013	client->cl_qop, client->cl_rawcred.service);
994		1014
995	gss_release_buffer(&min_stat, &mechname);	1015	gss_release_buffer(&min_stat, &mechname);
996	}	1016	}

Return to bug 235582