use mechanism specific OID

mongodb-js · Suraiya-Hameed · Aug 2, 2017 · Aug 17, 2017 · Aug 17, 2017 · Jun 4, 2018
commit 05115848dfe61dd0fa0b2687fe692ef99f7f880c
diff --git a/lib/kerberos.cc b/lib/kerberos.cc
@@ -23,6 +23,7 @@ typedef struct AuthGSSClientCall {
   uint32_t  flags;
   char *uri;
   char *credentials_cache;
+  gss_OID oid;
 } AuthGSSClientCall;
 
 typedef struct AuthGSSClientStepCall {
@@ -119,7 +120,7 @@ static void _authGSSClientInit(Worker *worker) {
   // Unpack the parameter data struct
   AuthGSSClientCall *call = (AuthGSSClientCall *)worker->parameters;
   // Start the kerberos client
-  response = authenticate_gss_client_init(call->uri, call->flags, call->credentials_cache, state);
+  response = authenticate_gss_client_init(call->uri, call->flags, call->credentials_cache, state, call->oid);
 
   // Release the parameter struct memory
   free(call->uri);
@@ -151,8 +152,9 @@ NAN_METHOD(Kerberos::AuthGSSClientInit) {
   const char *usage = "Requires a service string uri, integer flags, string credentialsCache and a callback function";
 
   // Ensure valid call
-  if(info.Length() != 4) return Nan::ThrowError(usage);
-  if(!info[0]->IsString() || !info[1]->IsInt32() || !info[2]->IsString() || !info[3]->IsFunction())
+  if(info.Length() != 5) return Nan::ThrowError(usage);
+  if(!info[0]->IsString() || !info[1]->IsInt32() || !info[2]->IsString() || !info[3]->IsFunction()
+    || !(info[4]->IsUndefined() || info[4]->IsInt32()))
       return Nan::ThrowError(usage);
 
   Local<String> service = info[0]->ToString();
@@ -177,7 +179,11 @@ NAN_METHOD(Kerberos::AuthGSSClientInit) {
   call->flags = Nan::To<uint32_t>(info[1]).FromJust();
   call->uri = service_str;
   call->credentials_cache = credentials_cache_str;
-
+  if(info[4]->IsInt32())
+    call->oid = GSS_C_NO_OID;
+  else
+    call->oid = gss_krb5_nt_service_name;
+
   // Unpack the callback
   Local<Function> callbackHandle = Local<Function>::Cast(info[3]);
   Nan::Callback *callback = new Nan::Callback(callbackHandle);

diff --git a/lib/kerberos.js b/lib/kerberos.js
@@ -14,6 +14,15 @@ var Kerberos = function() {
 // delegation), specify the cache name here and it will be used for this 
 // exchange. The credentialsCache is optional.
 Kerberos.prototype.authGSSClientInit = function(uri, flags, credentialsCache, callback) {
+  return authClientInit.call(this, uri, flags, credentialsCache, callback);
+}
+
+// uses mechanism specific OID 
+Kerberos.prototype.authGSSClientInitDefault = function(uri, flags, credentialsCache, callback) {
+  return authClientInit.call(this, uri, flags, credentialsCache, callback, Kerberos.GSS_C_NO_OID);
+}
+
+let authClientInit = function(uri, flags, credentialsCache, callback, oid = undefined){
   if (typeof(credentialsCache) == 'function') {
     callback = credentialsCache;
     credentialsCache = '';
@@ -23,7 +32,7 @@ Kerberos.prototype.authGSSClientInit = function(uri, flags, credentialsCache, ca
       credentialsCache = '';
   }
 
-  return this._native_kerberos.authGSSClientInit(uri, flags, credentialsCache, callback);
+  return this._native_kerberos.authGSSClientInit(uri, flags, credentialsCache, callback, oid );
 }
 
 // This will obtain credentials using a credentials cache. To override the default
@@ -166,6 +175,7 @@ Kerberos.AUTH_GSS_CONTINUE     = 0;
 Kerberos.AUTH_GSS_COMPLETE     = 1;
 
 // Some useful gss flags 
+Kerberos.GSS_C_NO_OID          = 0;
 Kerberos.GSS_C_DELEG_FLAG      = 1;
 Kerberos.GSS_C_MUTUAL_FLAG     = 2;
 Kerberos.GSS_C_REPLAY_FLAG     = 4;

diff --git a/lib/kerberosgss.c b/lib/kerberosgss.c
@@ -150,7 +150,7 @@ char* server_principal_details(const char* service, const char* hostname)
     return result;
 }
 */
-gss_client_response *authenticate_gss_client_init(const char* service, long int gss_flags, const char* credentials_cache, gss_client_state* state) {
+gss_client_response *authenticate_gss_client_init(const char* service, long int gss_flags, const char* credentials_cache, gss_client_state* state, gss_OID oid) {
   OM_uint32 maj_stat;
   OM_uint32 min_stat;
   gss_buffer_desc name_token = GSS_C_EMPTY_BUFFER;
@@ -168,7 +168,7 @@ gss_client_response *authenticate_gss_client_init(const char* service, long int
   name_token.length = strlen(service);
   name_token.value = (char *)service;
 
-  maj_stat = gss_import_name(&min_stat, &name_token, gss_krb5_nt_service_name, &state->server_name);
+  maj_stat = gss_import_name(&min_stat, &name_token, oid , &state->server_name);
 
   if (GSS_ERROR(maj_stat)) {
     response = gss_error(__func__, "gss_import_name", maj_stat, min_stat);

diff --git a/lib/kerberosgss.h b/lib/kerberosgss.h
@@ -61,7 +61,7 @@ typedef struct {
 
 // char* server_principal_details(const char* service, const char* hostname);
 
-gss_client_response *authenticate_gss_client_init(const char* service, long int gss_flags, const char* credentials_cache, gss_client_state* state);
+gss_client_response *authenticate_gss_client_init(const char *service, long int gss_flags, const char *credentials_cache, gss_client_state *state, gss_OID oid);
 gss_client_response *authenticate_gss_client_clean(gss_client_state *state);
 gss_client_response *authenticate_gss_client_step(gss_client_state *state, const char *challenge);
 gss_client_response *authenticate_gss_client_unwrap(gss_client_state* state, const char* challenge);