Skip to content
Permalink
Browse files

fix(kerberos): provide default gss flags

  • Loading branch information
mbroadst committed Jul 2, 2018
1 parent 1b4144e commit b365934676b802fb0b1ce0b7017be87640c1066e
Showing with 10 additions and 5 deletions.
  1. +2 −2 src/kerberos.cc
  2. +1 −2 src/kerberos_gss.cc
  3. +5 −1 src/kerberos_gss.h
  4. +2 −0 test/gssapi_tests.js
@@ -30,7 +30,7 @@ class InitializeClientWorker : public Nan::AsyncWorker {
virtual void Execute() {
std::unique_ptr<gss_client_state, FreeDeleter> state(gss_client_state_new());
std::unique_ptr<gss_result, FreeDeleter> result(
authenticate_gss_client_init(_service.c_str(), _principal.c_str(), _gss_flags, _mech_oid, state.get()));
authenticate_gss_client_init(_service.c_str(), _principal.c_str(), _gss_flags, NULL, _mech_oid, state.get()));

if (result->code == AUTH_GSS_ERROR) {
SetErrorMessage(result->message);
@@ -62,7 +62,7 @@ NAN_METHOD(InitializeClient) {
Nan::Callback* callback = new Nan::Callback(Nan::To<v8::Function>(info[2]).ToLocalChecked());

std::string principal = StringOptionValue(options, "principal");
uint32_t gss_flags = UInt32OptionValue(options, "gssFlags", 0);
uint32_t gss_flags = UInt32OptionValue(options, "gssFlags", GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG);
uint32_t mech_oid_int = UInt32OptionValue(options, "mechOID", 0);
gss_OID mech_oid = GSS_C_NO_OID;
if (mech_oid_int == GSS_MECH_OID_KRB5) {
@@ -202,7 +202,6 @@ gss_result* authenticate_gss_client_init(

int authenticate_gss_client_clean(gss_client_state *state)
{
OM_uint32 maj_stat;
OM_uint32 min_stat;
int ret = AUTH_GSS_COMPLETE;

@@ -268,7 +267,7 @@ gss_result* authenticate_gss_client_step(gss_client_state* state, const char* ch
&input_token,
NULL,
&output_token,
NULL
NULL,
NULL);

if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED))
@@ -61,7 +61,11 @@ gss_server_state* gss_server_state_new();

gss_result* server_principal_details(const char* service, const char* hostname);

gss_result* authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_OID mech_oid, gss_client_state* state);
gss_result* authenticate_gss_client_init(
const char* service, const char* principal, long int gss_flags,
gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
);

int authenticate_gss_client_clean(gss_client_state* state);
gss_result* authenticate_gss_client_step(gss_client_state* state, const char* challenge, struct gss_channel_bindings_struct* channel_bindings);
gss_result* authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);
@@ -1,6 +1,8 @@
'use strict';
const kerberos = require('..');
const expect = require('chai').expect;
const SegfaultHandler = require('segfault-handler');
SegfaultHandler.registerHandler();

const username = process.env.KERBEROS_USERNAME || 'administrator';
// const password = process.env.KERBEROS_PASSWORD || 'Password01';

0 comments on commit b365934

Please sign in to comment.
You can’t perform that action at this time.