9 년 전 · 1a705f2f6f
--- a/GSSAPI/gssapi.go
+++ b/GSSAPI/gssapi.go
@@ -11,6 +11,8 @@ const (
 
				 	SPNEGO_OIDHex = "2b0601050502" //1.3.6.1.5.5.2
			
 
				 )
			
 
				 
			
 
				+var SPNEGO_OID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 2}
			
 
				+
			
 
				 type SPNEGO struct {
			
 
				 	Init         bool
			
 
				 	Resp         bool
			
@@ -66,7 +68,7 @@ func (s *SPNEGO) Marshal() ([]byte, error) {
 
				 	if !s.Init && !s.Resp {
			
 
				 		return b, errors.New("SPNEGO cannot be marshalled. It contains neither a NegTokenInit or NegTokenResp")
			
 
				 	}
			
 
				-	hb, _ := asn1.Marshal(MechTypeOID_Krb5)
			
 
				+	hb, _ := asn1.Marshal(SPNEGO_OID)
			
 
				 	if s.Init {
			
 
				 		tb, err := s.NegTokenInit.Marshal()
			
 
				 		if err != nil {
			
--- a/GSSAPI/krb5Token.go
+++ b/GSSAPI/krb5Token.go
@@ -58,22 +58,19 @@ func newAuthenticator(c config.Config, username types.PrincipalName) types.Authe
 
				 
			
 
				 func newAuthenticatorChksum(flags []int) []byte {
			
 
				 	a := make([]byte, 24)
			
 
				-	for i := range flags {
			
 
				+	binary.LittleEndian.PutUint32(a[:4], 16)
			
 
				+	for _, i := range flags {
			
 
				 		if i == GSS_C_DELEG_FLAG {
			
 
				 			x := make([]byte, 28-len(a))
			
 
				 			a = append(a, x...)
			
 
				 		}
			
 
				-		setAuthenticatorChksumFlag(a, uint32(i))
			
 
				+		f := binary.LittleEndian.Uint32(a[20:24])
			
 
				+		f |= uint32(i)
			
 
				+		binary.LittleEndian.PutUint32(a[20:24], f)
			
 
				 	}
			
 
				 	return a
			
 
				 }
			
 
				 
			
 
				-func setAuthenticatorChksumFlag(a []byte, i uint32) {
			
 
				-	f := binary.LittleEndian.Uint32(a[20:24])
			
 
				-	f |= i
			
 
				-	binary.LittleEndian.PutUint32(a[20:24], f)
			
 
				-}
			
 
				-
			
 
				 /*
			
 
				 The authenticator checksum field SHALL have the following format:
			
 
				 
			
--- a/testenv/krbhttp-vagrant/Vagrantfile
+++ b/testenv/krbhttp-vagrant/Vagrantfile
@@ -4,7 +4,7 @@ Vagrant.configure("2") do |config|
 
				     v.cpus = 1
			
 
				   end
			
 
				   config.vm.define "krbhttp", primary: true do |krbhttp|
			
 
				-    krbhttp.vm.hostname = "http.test.gokrb5"
			
 
				+    krbhttp.vm.hostname = "host.test.gokrb5"
			
 
				     krbhttp.vm.box = "centos/7"
			
 
				     krbhttp.vm.network "private_network", ip: "10.80.88.90", netmask: "255.255.0.0"
			
 
				     krbhttp.vm.provision :shell, path: "bootstrap.sh"
			
--- a/testenv/krbhttp-vagrant/bootstrap.sh
+++ b/testenv/krbhttp-vagrant/bootstrap.sh
@@ -23,7 +23,7 @@ net.ipv6.conf.lo.disable_ipv6 = 1
 
				 EOF
			
 
				 
			
 
				 echo "10.80.88.89 client.test.gokrb5" >> /etc/hosts
			
 
				-echo "10.80.88.90 http.test.gokrb5" >> /etc/hosts
			
 
				+echo "10.80.88.90 host.test.gokrb5" >> /etc/hosts
			
 
				 
			
 
				 sh /vagrant/krb-setup.sh
			
 
				 mv /vagrant/httpd-krb5.conf /etc/httpd/conf.d/
			
--- a/testenv/krbhttp-vagrant/httpd-krb5.conf
+++ b/testenv/krbhttp-vagrant/httpd-krb5.conf
@@ -8,7 +8,7 @@ ProxyIOBufferSize 65536
 
				         KrbMethodK5Passwd On
			
 
				         KrbLocalUserMapping On
			
 
				         KrbAuthRealms TEST.GOKRB5
			
 
				-        Krb5KeyTab /etc/httpd/http.testtab
			
 
				+        Krb5KeyTab /vagrant/http.testtab
			
 
				         #KrbSaveCredentials On
			
 
				         require valid-user
			
 
				 </LocationMatch>