]
Jan Kalina edited comment on ELY-1472 at 12/21/17 1:20 PM:
-----------------------------------------------------------
Look like {{cb->initiator_address.length}} is not initialized in {{GSSLibStub.c}} in
OpenJDK:
{code}
cb->initiator_address.length = 140608975239744 (should be 0?)
cb->acceptor_address.length = 0
{code}
=> wrong channel binding checksum in kg_checksum_channel_bindings in util_cksum.c in
krb5
was (Author: honza889):
Look like {{cb->initiator_address.length}} is not initialized in {{GSSLibStub.c}} in
OpenJDK:
{code}
cb->initiator_address.length = 140608975239744 (should be 0?)
cb->acceptor_address.length = 0
{code}
[native kerberos] setting channelBinding of gssContext when not used
--------------------------------------------------------------------
Key: ELY-1472
URL:
https://issues.jboss.org/browse/ELY-1472
Project: WildFly Elytron
Issue Type: Bug
Components: SASL
Affects Versions: 1.2.0.Beta11
Reporter: Jan Kalina
Assignee: Jan Kalina
Labels: kerberos
Gs2SaslServer: gssContext's channelBinding setting leads to error when native
Kerberos is used.
This lead to following error when using native Kerberos library:
{code}
[GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
[GSSLibStub_acceptContext] before3: inToken.length=515
[GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
[GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
[GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
c/r/s = 0/4/0
{code}
Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel
bindings were supplied.
This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of
setting null into channelBinding in gssContext.