Interface changes and bug fixes

 * Add SPDX identifiers
 * Add GSS_NT_COMPOSITE_EXPORT name type
 * Fix address family constants
 * Initial extensions support
 * Fix typos
 * Return a real GssName in SecContextInfo
 * Support indefinite / expired time specs

Author: jake-scott

build-tools/gen-gss-mech-oids.go

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
@@ -27,7 +29,9 @@ var namesToOids = []struct {
 	{"GSS_MECH_SPKM-3", "1.3.6.1.5.5.1.3", []string{}},
 }
 
-var codeTemplate = `package gssapi
+var codeTemplate = `// SPDX-License-Identifier: Apache-2.0
+
+package gssapi
 
 // GENERATED CODE: DO NOT EDIT
 
@@ -140,7 +144,7 @@ func makeParams() []tmplParam {
 func bytesFormat(b []byte) string {
 	strs := make([]string, len(b))
 	for i, s := range b {
-		strs[i] = fmt.Sprintf("0x%x", s)
+		strs[i] = fmt.Sprintf("0x%02x", s)
 	}
 	return strings.Join(strs, ", ")
 }

build-tools/gen-gss-name-oids.go

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
@@ -11,6 +13,7 @@ import (
 	"text/template"
 )
 
+// ORDER MATTERS - must be the same as names.go!
 var namesToOids = []struct {
 	name    string
 	oid     string
@@ -24,6 +27,7 @@ var namesToOids = []struct {
 	{"GSS_NO_OID", "", []string{}},
 	{"GSS_NT_EXPORT_NAME", "1.3.6.1.5.6.4", []string{}},
 	{"GSS_NO_NAME", "", []string{}},
+	{"GSS_NT_COMPOSITE_EXPORT", "1.3.6.1.5.6.6", []string{}},
 	{"GSS_KRB5_NT_PRINCIPAL_NAME", "1.2.840.113554.1.2.2.1", []string{"1.2.840.48018.1.2.2"}},
 	{"GSS_KRB5_NT_ENTERPRISE_NAME", "1.2.840.113554.1.2.2.6", []string{}},
 	{"GSS_KRB5_NT_X509_CERT", "1.2.840.113554.1.2.2.7", []string{}},
@@ -32,7 +36,9 @@ var namesToOids = []struct {
 	{"GSS_SPKM_NT_STRING_UID_NAME", "1.2.840.113554.1.2.1.3", []string{}},
 }
 
-var codeTemplate = `package gssapi
+var codeTemplate = `// SPDX-License-Identifier: Apache-2.0
+
+package gssapi
 
 // GENERATED CODE: DO NOT EDIT
 
@@ -145,7 +151,7 @@ func makeParams() []tmplParam {
 func bytesFormat(b []byte) string {
 	strs := make([]string, len(b))
 	for i, s := range b {
-		strs[i] = fmt.Sprintf("0x%x", s)
+		strs[i] = fmt.Sprintf("0x%02x", s)
 	}
 	return strings.Join(strs, ", ")
 }

v3/channelbinding.go

@@ -1,13 +1,14 @@
 // SPDX-License-Identifier: Apache-2.0
+
 package gssapi
 
 import "net"
 
 type GssAddressFamily int
 
 const (
-	GssAddrFamilyUNSPEC GssAddressFamily = 0
-	GssAddrFamilyLOCAL  GssAddressFamily = 1 << iota
+	GssAddrFamilyUNSPEC GssAddressFamily = iota
+	GssAddrFamilyLOCAL
 	GssAddrFamilyINET
 	GssAddrFamilyIMPLINK
 	GssAddrFamilyPUP

v3/cred.go

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
+
 package gssapi
 
 // GSSAPI Credential Management, RFC 2743 § 2.1

v3/ctxflags.go

@@ -1,18 +1,22 @@
 // SPDX-License-Identifier: Apache-2.0
+
 package gssapi
 
 import "strings"
 
+// The ContextFlag type holds the possible the security context reqest flags
 type ContextFlag uint32
 
-// GSS-API request context flags - the same as C bindings for compatibility
+// GSS-API context flags - the values are the same as C bindings for compatibility
+// The flags are used when initializing a security context and may be queried
+// to determine the protection levels available.
 const (
 	ContextFlagDeleg    ContextFlag = 1 << iota // delegate credentials, not currently supported
 	ContextFlagMutual                           // request remote peer authenticates itself
 	ContextFlagReplay                           // enable replay detection for signed/sealed messages
 	ContextFlagSequence                         // enable detection of out of sequence signed/sealed messages
-	ContextFlagConf                             // confidentiality available
-	ContextFlagInteg                            // integrity available
+	ContextFlagConf                             // request confidentiality / condidentiality available
+	ContextFlagInteg                            // request integrity / integrity available
 	ContextFlagAnon                             // do not transfer initiator identity to acceptor
 
 	// extensions
@@ -69,6 +73,7 @@ func FlagName(f ContextFlag) string {
 	return "Unknown"
 }
 
+// Returns a string describing the enabled flags
 func (f ContextFlag) String() string {
 	var names []string
 	for _, flag := range FlagList(f) {

v3/ctxflags_test.go

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
+
 package gssapi
 
 import (

v3/doc.go

@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: Apache-2.0
+
+/*
+Package gssapi defines an interface for using the
+Generic Security Services Application Programming Interface
+for the Go programming language.
+
+The interface is described in detail in the
+[Golang GSSAPI bindings specification].
+
+This package must be used in conjunction with a GSSAPI provider
+that implements the interface, such as the
+[C bindings] provider.
+
+[Golang GSSAPI bindings specification]: https://github.com/golang-auth/go-gssapi/wiki/Golang-GSSAPI-bindings-specification
+[C bindings]: https://github.com/golang-auth/go-gssapi-c
+*/
+package gssapi

v3/mechs.go

@@ -1,10 +1,12 @@
 // SPDX-License-Identifier: Apache-2.0
+
 package gssapi
 
 import "slices"
 
 //go:generate  go run ../build-tools/gen-gss-mech-oids.go -o mechs_gen.go
 
+// GssMech describes an available GSSAPI mechanism.
 type GssMech interface {
 	Oid() Oid
 	OidString() string
@@ -14,35 +16,38 @@ type GssMech interface {
 // gssMechImpl defines GSSAPI mechanisms
 type gssMechImpl int
 
+// Well known GSSAPI mechanisms
 const (
-	// Official Kerberos Mech (IETF)
+	// Official Kerberos Mechanism (IETF)
 	GSS_MECH_KRB5 gssMechImpl = iota
 
 	GSS_MECH_IAKERB
 
 	GSS_MECH_SPNEGO
 
 	GSS_MECH_SPKM
+
+	_GSS_MECH_LAST
 )
 
 func (mech gssMechImpl) Oid() Oid {
-	if mech > GSS_MECH_SPNEGO {
+	if mech >= _GSS_MECH_LAST {
 		panic(ErrBadMech)
 	}
 
 	return mechs[mech].oid
 }
 
 func (mech gssMechImpl) OidString() string {
-	if mech > GSS_MECH_SPNEGO {
+	if mech >= _GSS_MECH_LAST {
 		panic(ErrBadMech)
 	}
 
 	return mechs[mech].oidString
 }
 
 func (mech gssMechImpl) String() string {
-	if mech > GSS_MECH_SPNEGO {
+	if mech >= _GSS_MECH_LAST {
 		panic(ErrBadMech)
 	}
 

v3/mechs_gen.go

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: Apache-2.0
+
 package gssapi
 
 // GENERATED CODE: DO NOT EDIT
@@ -9,50 +11,53 @@ var mechs = []struct {
 	oid       Oid
 	altOids   []Oid
 }{
+	
 
 	// 1.2.840.113554.1.2.2
-	{GSS_MECH_KRB5,
+	{ GSS_MECH_KRB5,
 		"GSS_MECH_KRB5",
 		"1.2.840.113554.1.2.2",
-		[]byte{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x1, 0x2, 0x2},
+		[]byte{ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02 },
 		[]Oid{
-			{0x2b, 0x6, 0x1, 0x5, 0x2}, // 1.3.6.1.5.2
-
-			{0x2a, 0x86, 0x48, 0x82, 0xf7, 0x12, 0x1, 0x2, 0x2}, // 1.2.840.48018.1.2.2
-		}},
+		   {0x2b, 0x06, 0x01, 0x05, 0x02 }, // 1.3.6.1.5.2
+		 
+		   {0x2a, 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02 }, // 1.2.840.48018.1.2.2
+		  }},
 
 	// 1.3.6.1.5.2.5
-	{GSS_MECH_IAKERB,
+	{ GSS_MECH_IAKERB,
 		"GSS_MECH_IAKERB",
 		"1.3.6.1.5.2.5",
-		[]byte{0x2b, 0x6, 0x1, 0x5, 0x2, 0x5},
-		[]Oid{}},
+		[]byte{ 0x2b, 0x06, 0x01, 0x05, 0x02, 0x05 },
+		[]Oid{ }},
 
 	// 1.3.6.1.5.5.2
-	{GSS_MECH_SPNEGO,
+	{ GSS_MECH_SPNEGO,
 		"GSS_MECH_SPNEGO",
 		"1.3.6.1.5.5.2",
-		[]byte{0x2b, 0x6, 0x1, 0x5, 0x5, 0x2},
-		[]Oid{}},
+		[]byte{ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02 },
+		[]Oid{ }},
 
 	// 1.3.6.1.5.5.1.1
-	{GSS_MECH_SPKM - 1,
+	{ GSS_MECH_SPKM-1,
 		"GSS_MECH_SPKM-1",
 		"1.3.6.1.5.5.1.1",
-		[]byte{0x2b, 0x6, 0x1, 0x5, 0x5, 0x1, 0x1},
-		[]Oid{}},
+		[]byte{ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x01, 0x01 },
+		[]Oid{ }},
 
 	// 1.3.6.1.5.5.1.2
-	{GSS_MECH_SPKM - 2,
+	{ GSS_MECH_SPKM-2,
 		"GSS_MECH_SPKM-2",
 		"1.3.6.1.5.5.1.2",
-		[]byte{0x2b, 0x6, 0x1, 0x5, 0x5, 0x1, 0x2},
-		[]Oid{}},
+		[]byte{ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x01, 0x02 },
+		[]Oid{ }},
 
 	// 1.3.6.1.5.5.1.3
-	{GSS_MECH_SPKM - 3,
+	{ GSS_MECH_SPKM-3,
 		"GSS_MECH_SPKM-3",
 		"1.3.6.1.5.5.1.3",
-		[]byte{0x2b, 0x6, 0x1, 0x5, 0x5, 0x1, 0x3},
-		[]Oid{}},
+		[]byte{ 0x2b, 0x06, 0x01, 0x05, 0x05, 0x01, 0x03 },
+		[]Oid{ }},
+
 }
+

v3/mechs_test.go

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
+
 package gssapi
 
 import (