Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
f00fcb16
Commit
f00fcb16
authored
Feb 01, 2019
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix Kerberos authentication
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
04f6200d
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
66 additions
and
1 deletion
+66
-1
ee/app/helpers/ee/kerberos_spnego_helper.rb
ee/app/helpers/ee/kerberos_spnego_helper.rb
+1
-1
ee/changelogs/unreleased/9519-kerberos-spnego-authentication-is-broken-since-a-code-refactoring.yml
...ego-authentication-is-broken-since-a-code-refactoring.yml
+5
-0
ee/spec/helpers/kerberos_spnego_helper_spec.rb
ee/spec/helpers/kerberos_spnego_helper_spec.rb
+60
-0
No files found.
ee/app/helpers/ee/kerberos_spnego_helper.rb
View file @
f00fcb16
...
...
@@ -66,7 +66,7 @@ module EE
# pass service name to acquire_credentials explicitly to support the special meaning of nil
gss_service_name
=
if
::
Gitlab
.
config
.
kerberos
.
service_principal_name
.
present?
gss
.
import_name
(
Gitlab
.
config
.
kerberos
.
service_principal_name
)
gss
.
import_name
(
::
Gitlab
.
config
.
kerberos
.
service_principal_name
)
else
nil
# accept any valid service principal name from keytab
end
...
...
ee/changelogs/unreleased/9519-kerberos-spnego-authentication-is-broken-since-a-code-refactoring.yml
0 → 100644
View file @
f00fcb16
---
title
:
Fix Kerberos authentication
merge_request
:
9390
author
:
type
:
fixed
ee/spec/helpers/kerberos_spnego_helper_spec.rb
0 → 100644
View file @
f00fcb16
require
'spec_helper'
require
'gssapi'
describe
KerberosSpnegoHelper
do
describe
'#spnego_credentials!'
do
let
(
:gss
)
{
double
(
'GSSAPI::Simple'
)
}
let
(
:gss_service_name
)
{
'gss_service_name'
}
subject
{
Class
.
new
{
include
KerberosSpnegoHelper
}.
new
}
before
do
expect
(
GSSAPI
::
Simple
).
to
receive
(
:new
)
.
with
(
nil
,
nil
,
::
Gitlab
.
config
.
kerberos
.
keytab
)
.
and_return
(
gss
)
end
shared_examples
'a method that decodes a spnego token'
do
let
(
:gss_result
)
{
true
}
let
(
:spnego_response_token
)
{
nil
}
it
'decodes the given spnego token'
do
token
=
'abc123'
gss_display_name
=
'gss_display_name'
expect
(
gss
).
to
receive
(
:acquire_credentials
).
with
(
gss_service_name
)
expect
(
gss
).
to
receive
(
:accept_context
).
with
(
token
).
and_return
(
gss_result
)
expect
(
gss
).
to
receive
(
:display_name
).
and_return
(
gss_display_name
)
expect
(
subject
.
spnego_credentials!
(
token
)).
to
eq
(
gss_display_name
)
expect
(
subject
.
spnego_response_token
).
to
eq
(
spnego_response_token
)
end
end
context
'with Kerberos service_principal_name present'
do
before
do
kerberos_service_principal_name
=
'default'
stub_kerberos_setting
(
service_principal_name:
kerberos_service_principal_name
)
expect
(
gss
).
to
receive
(
:import_name
).
with
(
kerberos_service_principal_name
).
and_return
(
gss_service_name
)
end
it_behaves_like
'a method that decodes a spnego token'
context
'when gss_result is not true'
do
it_behaves_like
'a method that decodes a spnego token'
do
let
(
:gss_result
)
{
'gss_result'
}
let
(
:spnego_response_token
)
{
gss_result
}
end
end
end
context
'with Kerberos service_principal_name missing'
do
before
do
expect
(
gss
).
not_to
receive
(
:import_name
)
end
it_behaves_like
'a method that decodes a spnego token'
do
let
(
:gss_service_name
)
{
nil
}
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment