fix(kerberos): provide default gss flags

mongodb-js · Jul 8, 2018 · b365934 · b365934
1 parent 1b4144e
commit b365934
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5 deletions.
diff --git a/src/kerberos.cc b/src/kerberos.cc
@@ -30,7 +30,7 @@ class InitializeClientWorker : public Nan::AsyncWorker {
   virtual void Execute() {
     std::unique_ptr<gss_client_state, FreeDeleter> state(gss_client_state_new());
     std::unique_ptr<gss_result, FreeDeleter> result(
-      authenticate_gss_client_init(_service.c_str(), _principal.c_str(), _gss_flags, _mech_oid, state.get()));
+      authenticate_gss_client_init(_service.c_str(), _principal.c_str(), _gss_flags, NULL, _mech_oid, state.get()));
 
     if (result->code == AUTH_GSS_ERROR) {
       SetErrorMessage(result->message);
@@ -62,7 +62,7 @@ NAN_METHOD(InitializeClient) {
   Nan::Callback* callback = new Nan::Callback(Nan::To<v8::Function>(info[2]).ToLocalChecked());
 
   std::string principal = StringOptionValue(options, "principal");
-  uint32_t gss_flags = UInt32OptionValue(options, "gssFlags", 0);
+  uint32_t gss_flags = UInt32OptionValue(options, "gssFlags", GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG);
   uint32_t mech_oid_int = UInt32OptionValue(options, "mechOID", 0);
   gss_OID mech_oid = GSS_C_NO_OID;
   if (mech_oid_int == GSS_MECH_OID_KRB5) {

diff --git a/src/kerberos_gss.cc b/src/kerberos_gss.cc
@@ -202,7 +202,6 @@ gss_result* authenticate_gss_client_init(
 
 int authenticate_gss_client_clean(gss_client_state *state)
 {
-    OM_uint32 maj_stat;
     OM_uint32 min_stat;
     int ret = AUTH_GSS_COMPLETE;
 
@@ -268,7 +267,7 @@ gss_result* authenticate_gss_client_step(gss_client_state* state, const char* ch
                                     &input_token,
                                     NULL,
                                     &output_token,
-                                    NULL
+                                    NULL,
                                     NULL);
 
     if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED))

diff --git a/src/kerberos_gss.h b/src/kerberos_gss.h
@@ -61,7 +61,11 @@ gss_server_state* gss_server_state_new();
 
 gss_result* server_principal_details(const char* service, const char* hostname);
 
-gss_result* authenticate_gss_client_init(const char* service, const char* principal, long int gss_flags, gss_OID mech_oid, gss_client_state* state);
+gss_result* authenticate_gss_client_init(
+    const char* service, const char* principal, long int gss_flags,
+    gss_server_state* delegatestate, gss_OID mech_oid, gss_client_state* state
+);
+
 int authenticate_gss_client_clean(gss_client_state* state);
 gss_result* authenticate_gss_client_step(gss_client_state* state, const char* challenge, struct gss_channel_bindings_struct* channel_bindings);
 gss_result* authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);

diff --git a/test/gssapi_tests.js b/test/gssapi_tests.js
@@ -1,6 +1,8 @@
 'use strict';
 const kerberos = require('..');
 const expect = require('chai').expect;
+const SegfaultHandler = require('segfault-handler');
+SegfaultHandler.registerHandler();
 
 const username = process.env.KERBEROS_USERNAME || 'administrator';
 // const password = process.env.KERBEROS_PASSWORD || 'Password01';