[jboss-jira] [JBoss JIRA] (ELY-1472) [native kerberos] setting channelBinding of gssContext when not used

Jan Kalina (JIRA) issues at jboss.org
Fri Dec 22 06:24:00 EST 2017 

    [ https://issues.jboss.org/browse/ELY-1472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13508109#comment-13508109 ] 

Jan Kalina commented on ELY-1472:
---------------------------------

Following path of OpenJDK fixes the issue:
{code}
src/java.security.jgss/share/native/libj2gss/GSSLibStub.c:
   // initialize addrtype in CB first
   cb->initiator_addrtype = GSS_C_AF_NULLADDR;
   cb->acceptor_addrtype = GSS_C_AF_NULLADDR;
+  // addresses needs to be initialized to empty
+  cb->initiator_address.length = 0;
+  cb->initiator_address.value = NULL;
+  cb->acceptor_address.length = 0;
+  cb->acceptor_address.value = NULL;
{code}

> [native kerberos] setting channelBinding of gssContext when not used
> --------------------------------------------------------------------
>
>                 Key: ELY-1472
>                 URL: https://issues.jboss.org/browse/ELY-1472
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SASL
>    Affects Versions: 1.2.0.Beta11
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>              Labels: kerberos
>
> Gs2SaslServer: gssContext's channelBinding setting leads to error when native Kerberos is used.
> This lead to following error when using native Kerberos library:
> {code}
> [GSSLibStub_acceptContext] before2: pCred=35810112, pContext=0
> [GSSLibStub_acceptContext] before3: inToken.length=515
> [GSSLibStub_acceptContext] after: pCred=35810112, pContext=0, pDelegCred=0
> [GSSLibStub_acceptContext] after2: major=262144, GSS_ERROR(major)=262144 minor=12
> [GSSLibStub_acceptContext] acceptSecContext JK Status major/minor = 40000/12
> c/r/s = 0/4/0
> {code}
> Which mean routine error 4 has occurred, which is GSS_S_BAD_BINDINGS - Incorrect channel bindings were supplied.
> This is fixed when I change cb (in native) to GSS_C_NO_CHANNEL_BINDINGS - equivalent of setting null into channelBinding in gssContext.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list