FreeBSD Bugzilla – Attachment 201862 Details for
Bug 235582
rpc_svc_gss / nfsd kernel panic
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
updated fix for srv side rpcsec_gss NULL client principal
svcgss2.patch (text/plain), 4.64 KB, created by
Rick Macklem
on 2019-02-09 05:18:36 UTC
(
hide
)
Description:
updated fix for srv side rpcsec_gss NULL client principal
Filename:
MIME Type:
Creator:
Rick Macklem
Created:
2019-02-09 05:18:36 UTC
Size:
4.64 KB
patch
obsolete
>--- rpc/rpcsec_gss/svc_rpcsec_gss.c.sav 2019-02-08 19:19:29.390541000 -0500 >+++ rpc/rpcsec_gss/svc_rpcsec_gss.c 2019-02-09 00:59:43.377244000 -0500 >@@ -794,12 +794,15 @@ svc_rpc_gss_build_ucred(struct svc_rpc_g > uc->gidlist = client->cl_gid_storage; > > numgroups = NGROUPS; >- maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech, >- &uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]); >- if (GSS_ERROR(maj_stat)) >+ if (name != NULL) { >+ maj_stat = gss_pname_to_unix_cred(&min_stat, name, client->cl_mech, >+ &uc->uid, &uc->gid, &numgroups, &uc->gidlist[0]); >+ if (GSS_ERROR(maj_stat)) >+ uc->gidlen = 0; >+ else >+ uc->gidlen = numgroups; >+ } else > uc->gidlen = 0; >- else >- uc->gidlen = numgroups; > } > > static void >@@ -841,6 +844,7 @@ svc_rpc_gss_accept_sec_context(struct sv > OM_uint32 maj_stat = 0, min_stat = 0, ret_flags; > OM_uint32 cred_lifetime; > struct svc_rpc_gss_svc_name *sname; >+ gss_name_t cname; > > rpc_gss_log_debug("in svc_rpc_gss_accept_context()"); > >@@ -854,6 +858,7 @@ svc_rpc_gss_accept_sec_context(struct sv > return (FALSE); > } > >+ cname = NULL; > /* > * First time round, try all the server names we have until > * one matches. Afterwards, stick with that one. >@@ -870,7 +875,7 @@ svc_rpc_gss_accept_sec_context(struct sv > sname->sn_cred, > &recv_tok, > GSS_C_NO_CHANNEL_BINDINGS, >- &client->cl_cname, >+ &cname, > &mech, > &gr->gr_token, > &ret_flags, >@@ -903,7 +908,7 @@ svc_rpc_gss_accept_sec_context(struct sv > client->cl_sname->sn_cred, > &recv_tok, > GSS_C_NO_CHANNEL_BINDINGS, >- &client->cl_cname, >+ &cname, > &mech, > &gr->gr_token, > &ret_flags, >@@ -954,20 +959,28 @@ svc_rpc_gss_accept_sec_context(struct sv > */ > client->cl_rawcred.version = RPCSEC_GSS_VERSION; > rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism); >- maj_stat = gss_export_name(&min_stat, client->cl_cname, >- &export_name); >- if (maj_stat != GSS_S_COMPLETE) { >- rpc_gss_log_status("gss_export_name", client->cl_mech, >- maj_stat, min_stat); >- return (FALSE); >+ if (cname != NULL) { >+ maj_stat = gss_export_name(&min_stat, cname, >+ &export_name); >+ if (maj_stat != GSS_S_COMPLETE) { >+ rpc_gss_log_status("gss_export_name", client->cl_mech, >+ maj_stat, min_stat); >+ return (FALSE); >+ } >+ client->cl_rawcred.client_principal = >+ mem_alloc(sizeof(*client->cl_rawcred.client_principal) >+ + export_name.length); >+ client->cl_rawcred.client_principal->len = export_name.length; >+ memcpy(client->cl_rawcred.client_principal->name, >+ export_name.value, export_name.length); >+ gss_release_buffer(&min_stat, &export_name); >+ } else { >+ printf("svc_rpcsec_gss: cname NULL\n"); >+ if (client->cl_rawcred.client_principal == NULL) >+ printf("svc_rpcsec_gss: client_princ NULL\n"); >+ else >+ printf("svc_rpcsec_gss: client_princ not NULL\n"); > } >- client->cl_rawcred.client_principal = >- mem_alloc(sizeof(*client->cl_rawcred.client_principal) >- + export_name.length); >- client->cl_rawcred.client_principal->len = export_name.length; >- memcpy(client->cl_rawcred.client_principal->name, >- export_name.value, export_name.length); >- gss_release_buffer(&min_stat, &export_name); > client->cl_rawcred.svc_principal = > client->cl_sname->sn_principal; > client->cl_rawcred.service = gc->gc_svc; >@@ -976,9 +989,10 @@ svc_rpc_gss_accept_sec_context(struct sv > * Use gss_pname_to_uid to map to unix creds. For > * kerberos5, this uses krb5_aname_to_localname. > */ >- svc_rpc_gss_build_ucred(client, client->cl_cname); >+ svc_rpc_gss_build_ucred(client, cname); > svc_rpc_gss_set_flavor(client); >- gss_release_name(&min_stat, &client->cl_cname); >+ if (cname != NULL) >+ gss_release_name(&min_stat, &cname); > > #ifdef DEBUG > { >@@ -986,11 +1000,17 @@ svc_rpc_gss_accept_sec_context(struct sv > > gss_oid_to_str(&min_stat, mech, &mechname); > >- rpc_gss_log_debug("accepted context for %s with " >- "<mech %.*s, qop %d, svc %d>", >- client->cl_rawcred.client_principal->name, >- mechname.length, (char *)mechname.value, >- client->cl_qop, client->cl_rawcred.service); >+ if (client->cl_rawcred.client_principal != NULL) >+ rpc_gss_log_debug("accepted context for %s with " >+ "<mech %.*s, qop %d, svc %d>", >+ client->cl_rawcred.client_principal->name, >+ mechname.length, (char *)mechname.value, >+ client->cl_qop, client->cl_rawcred.service); >+ else >+ rpc_gss_log_debug("accepted context for no principal with " >+ "<mech %.*s, qop %d, svc %d>", >+ mechname.length, (char *)mechname.value, >+ client->cl_qop, client->cl_rawcred.service); > > gss_release_buffer(&min_stat, &mechname); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 235582
:
201858
| 201862 |
201876