openshift
diff --git a/‎glide.lock
Lines changed: 9 additions & 4 deletions b/‎glide.lock
Lines changed: 9 additions & 4 deletions
diff --git a/‎glide.yaml
Lines changed: 3 additions & 0 deletions b/‎glide.yaml
Lines changed: 3 additions & 0 deletions
diff --git a/‎pkg/oc/cli/cmd/version.go
Lines changed: 7 additions & 2 deletions b/‎pkg/oc/cli/cmd/version.go
Lines changed: 7 additions & 2 deletions
diff --git a/‎pkg/oc/util/tokencmd/negotiate.go
Lines changed: 11 additions & 11 deletions b/‎pkg/oc/util/tokencmd/negotiate.go
Lines changed: 11 additions & 11 deletions
diff --git a/‎pkg/oc/util/tokencmd/negotiate_helpers.go
Lines changed: 39 additions & 0 deletions b/‎pkg/oc/util/tokencmd/negotiate_helpers.go
Lines changed: 39 additions & 0 deletions
diff --git a/‎pkg/oc/util/tokencmd/negotiator_gssapi.go
Lines changed: 2 additions & 10 deletions b/‎pkg/oc/util/tokencmd/negotiator_gssapi.go
Lines changed: 2 additions & 10 deletions
diff --git a/‎pkg/oc/util/tokencmd/negotiator_gssapi_unsupported.go
Lines changed: 2 additions & 19 deletions b/‎pkg/oc/util/tokencmd/negotiator_gssapi_unsupported.go
Lines changed: 2 additions & 19 deletions
@@ -161,6 +161,9 @@ import:
 # auth (for oc kerberos on linux + mac)
 - package: github.com/apcera/gssapi
   version: release-2.6.3
+# auth (for oc kerberos on windows)
+- package: github.com/alexbrainman/sspi
+  version: e580b900e9f5657daa5473021296289be6da2661
 # new-app
 - package: github.com/joho/godotenv
   version: 6d367c18edf6ca7fd004efd6863e4c5728fa858e
 
@@ -113,8 +113,13 @@ func (o VersionOptions) RunVersion() error {
 		}
 		if tokencmd.GSSAPIEnabled() {
 			features = append(features, "GSSAPI")
-			features = append(features, "Kerberos") // GSSAPI or SSPI
-			features = append(features, "SPNEGO")   // GSSAPI or SSPI
+		}
+		if tokencmd.SSPIEnabled() {
+			features = append(features, "SSPI")
+		}
+		if tokencmd.GSSAPIEnabled() || tokencmd.SSPIEnabled() {
+			features = append(features, "Kerberos")
+			features = append(features, "SPNEGO")
 		}
 		fmt.Printf("features: %s\n", strings.Join(features, " "))
 	}
 
@@ -9,8 +9,8 @@ import (
 	"github.com/golang/glog"
 )
 
-// Negotiater defines the minimal interface needed to interact with GSSAPI to perform a negotiate challenge/response
-type Negotiater interface {
+// Negotiator defines the minimal interface needed to interact with GSSAPI to perform a negotiate challenge/response
+type Negotiator interface {
 	// Load gives the negotiator a chance to load any resources needed to handle a challenge/response sequence.
 	// It may be invoked multiple times. If an error is returned, InitSecContext and IsComplete are not called, but Release() is.
 	Load() error
@@ -28,11 +28,11 @@ type Negotiater interface {
 // NegotiateChallengeHandler manages a challenge negotiation session
 // it is single-host, single-use only, and not thread-safe
 type NegotiateChallengeHandler struct {
-	negotiater Negotiater
+	negotiator Negotiator
 }
 
-func NewNegotiateChallengeHandler(negotiater Negotiater) ChallengeHandler {
-	return &NegotiateChallengeHandler{negotiater: negotiater}
+func NewNegotiateChallengeHandler(negotiator Negotiator) ChallengeHandler {
+	return &NegotiateChallengeHandler{negotiator: negotiator}
 }
 
 func (c *NegotiateChallengeHandler) CanHandle(headers http.Header) bool {
@@ -41,7 +41,7 @@ func (c *NegotiateChallengeHandler) CanHandle(headers http.Header) bool {
 		return false
 	}
 	// Make sure our negotiator can initialize
-	if err := c.negotiater.Load(); err != nil {
+	if err := c.negotiator.Load(); err != nil {
 		return false
 	}
 	return true
@@ -55,7 +55,7 @@ func (c *NegotiateChallengeHandler) HandleChallenge(requestURL string, headers h
 	}
 
 	// Process the token
-	outgoingToken, err := c.negotiater.InitSecContext(requestURL, incomingToken)
+	outgoingToken, err := c.negotiator.InitSecContext(requestURL, incomingToken)
 	if err != nil {
 		glog.V(5).Infof("InitSecContext returned error: %v", err)
 		return nil, false, err
@@ -68,7 +68,7 @@ func (c *NegotiateChallengeHandler) HandleChallenge(requestURL string, headers h
 }
 
 func (c *NegotiateChallengeHandler) CompleteChallenge(requestURL string, headers http.Header) error {
-	if c.negotiater.IsComplete() {
+	if c.negotiator.IsComplete() {
 		return nil
 	}
 	glog.V(5).Infof("continue needed")
@@ -83,19 +83,19 @@ func (c *NegotiateChallengeHandler) CompleteChallenge(requestURL string, headers
 	}
 
 	// Process the token
-	_, err = c.negotiater.InitSecContext(requestURL, incomingToken)
+	_, err = c.negotiator.InitSecContext(requestURL, incomingToken)
 	if err != nil {
 		glog.V(5).Infof("InitSecContext returned error during final negotiation: %v", err)
 		return err
 	}
-	if !c.negotiater.IsComplete() {
+	if !c.negotiator.IsComplete() {
 		return errors.New("InitSecContext did not indicate final negotiation completed")
 	}
 	return nil
 }
 
 func (c *NegotiateChallengeHandler) Release() error {
-	return c.negotiater.Release()
+	return c.negotiator.Release()
 }
 
 const negotiateScheme = "negotiate"
 
@@ -0,0 +1,39 @@
+package tokencmd
+
+import (
+	"errors"
+	"net/url"
+)
+
+func getServiceName(sep rune, requestURL string) (string, error) {
+	u, err := url.Parse(requestURL)
+	if err != nil {
+		return "", err
+	}
+
+	return "HTTP" + string(sep) + u.Hostname(), nil
+}
+
+type negotiateUnsupported struct {
+	error
+}
+
+func newUnsupportedNegotiator(name string) Negotiator {
+	return &negotiateUnsupported{error: errors.New(name + " support is not enabled")}
+}
+
+func (n *negotiateUnsupported) Load() error {
+	return n
+}
+
+func (n *negotiateUnsupported) InitSecContext(requestURL string, challengeToken []byte) ([]byte, error) {
+	return nil, n
+}
+
+func (*negotiateUnsupported) IsComplete() bool {
+	return false
+}
+
+func (n *negotiateUnsupported) Release() error {
+	return n
+}
@@ -4,8 +4,6 @@ package tokencmd
 
 import (
 	"errors"
-	"net"
-	"net/url"
 	"runtime"
 	"sync"
 	"time"
@@ -46,7 +44,7 @@ type gssapiNegotiator struct {
 	complete bool
 }
 
-func NewGSSAPINegotiator(principalName string) Negotiater {
+func NewGSSAPINegotiator(principalName string) Negotiator {
 	return &gssapiNegotiator{principalName: principalName}
 }
 
@@ -90,17 +88,11 @@ func (g *gssapiNegotiator) InitSecContext(requestURL string, challengeToken []by
 			g.cred = lib.GSS_C_NO_CREDENTIAL
 		}
 
-		u, err := url.Parse(requestURL)
+		serviceName, err := getServiceName('@', requestURL)
 		if err != nil {
 			return nil, err
 		}
 
-		hostname := u.Host
-		if h, _, err := net.SplitHostPort(u.Host); err == nil {
-			hostname = h
-		}
-
-		serviceName := "HTTP@" + hostname
 		glog.V(5).Infof("importing service name %s", serviceName)
 		nameBuf, err := lib.MakeBufferString(serviceName)
 		if err != nil {
 
@@ -2,27 +2,10 @@
 
 package tokencmd
 
-import "errors"
-
 func GSSAPIEnabled() bool {
 	return false
 }
 
-type gssapiUnsupported struct{}
-
-func NewGSSAPINegotiator(principalName string) Negotiater {
-	return &gssapiUnsupported{}
-}
-
-func (g *gssapiUnsupported) Load() error {
-	return errors.New("GSSAPI support is not enabled")
-}
-func (g *gssapiUnsupported) InitSecContext(requestURL string, challengeToken []byte) (tokenToSend []byte, err error) {
-	return nil, errors.New("GSSAPI support is not enabled")
-}
-func (g *gssapiUnsupported) IsComplete() bool {
-	return false
-}
-func (g *gssapiUnsupported) Release() error {
-	return errors.New("GSSAPI support is not enabled")
+func NewGSSAPINegotiator(string) Negotiator {
+	return newUnsupportedNegotiator("GSSAPI")
 }
Original file line number	Diff line number	Diff line change
`@@ -113,8 +113,13 @@ func (o VersionOptions) RunVersion() error {`
`113`	`113`	`}`
`114`	`114`	`if tokencmd.GSSAPIEnabled() {`
`115`	`115`	`features = append(features, "GSSAPI")`
`116`		`- features = append(features, "Kerberos") // GSSAPI or SSPI`
`117`		`- features = append(features, "SPNEGO") // GSSAPI or SSPI`
	`116`	`+ }`
	`117`	`+ if tokencmd.SSPIEnabled() {`
	`118`	`+ features = append(features, "SSPI")`
	`119`	`+ }`
	`120`	`+ if tokencmd.GSSAPIEnabled() \|\| tokencmd.SSPIEnabled() {`
	`121`	`+ features = append(features, "Kerberos")`
	`122`	`+ features = append(features, "SPNEGO")`
`118`	`123`	`}`
`119`	`124`	`fmt.Printf("features: %s\n", strings.Join(features, " "))`
`120`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,8 @@ import (`
`9`	`9`	`"github.com/golang/glog"`
`10`	`10`	`)`
`11`	`11`
`12`		`-// Negotiater defines the minimal interface needed to interact with GSSAPI to perform a negotiate challenge/response`
`13`		`-type Negotiater interface {`
	`12`	`+// Negotiator defines the minimal interface needed to interact with GSSAPI to perform a negotiate challenge/response`
	`13`	`+type Negotiator interface {`
`14`	`14`	`// Load gives the negotiator a chance to load any resources needed to handle a challenge/response sequence.`
`15`	`15`	`// It may be invoked multiple times. If an error is returned, InitSecContext and IsComplete are not called, but Release() is.`
`16`	`16`	`Load() error`
`@@ -28,11 +28,11 @@ type Negotiater interface {`
`28`	`28`	`// NegotiateChallengeHandler manages a challenge negotiation session`
`29`	`29`	`// it is single-host, single-use only, and not thread-safe`
`30`	`30`	`type NegotiateChallengeHandler struct {`
`31`		`- negotiater Negotiater`
	`31`	`+ negotiator Negotiator`
`32`	`32`	`}`
`33`	`33`
`34`		`-func NewNegotiateChallengeHandler(negotiater Negotiater) ChallengeHandler {`
`35`		`- return &NegotiateChallengeHandler{negotiater: negotiater}`
	`34`	`+func NewNegotiateChallengeHandler(negotiator Negotiator) ChallengeHandler {`
	`35`	`+ return &NegotiateChallengeHandler{negotiator: negotiator}`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`func (c *NegotiateChallengeHandler) CanHandle(headers http.Header) bool {`
`@@ -41,7 +41,7 @@ func (c *NegotiateChallengeHandler) CanHandle(headers http.Header) bool {`
`41`	`41`	`return false`
`42`	`42`	`}`
`43`	`43`	`// Make sure our negotiator can initialize`
`44`		`- if err := c.negotiater.Load(); err != nil {`
	`44`	`+ if err := c.negotiator.Load(); err != nil {`
`45`	`45`	`return false`
`46`	`46`	`}`
`47`	`47`	`return true`
`@@ -55,7 +55,7 @@ func (c *NegotiateChallengeHandler) HandleChallenge(requestURL string, headers h`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`// Process the token`
`58`		`- outgoingToken, err := c.negotiater.InitSecContext(requestURL, incomingToken)`
	`58`	`+ outgoingToken, err := c.negotiator.InitSecContext(requestURL, incomingToken)`
`59`	`59`	`if err != nil {`
`60`	`60`	`glog.V(5).Infof("InitSecContext returned error: %v", err)`
`61`	`61`	`return nil, false, err`
`@@ -68,7 +68,7 @@ func (c *NegotiateChallengeHandler) HandleChallenge(requestURL string, headers h`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`func (c *NegotiateChallengeHandler) CompleteChallenge(requestURL string, headers http.Header) error {`
`71`		`- if c.negotiater.IsComplete() {`
	`71`	`+ if c.negotiator.IsComplete() {`
`72`	`72`	`return nil`
`73`	`73`	`}`
`74`	`74`	`glog.V(5).Infof("continue needed")`
`@@ -83,19 +83,19 @@ func (c *NegotiateChallengeHandler) CompleteChallenge(requestURL string, headers`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`// Process the token`
`86`		`- _, err = c.negotiater.InitSecContext(requestURL, incomingToken)`
	`86`	`+ _, err = c.negotiator.InitSecContext(requestURL, incomingToken)`
`87`	`87`	`if err != nil {`
`88`	`88`	`glog.V(5).Infof("InitSecContext returned error during final negotiation: %v", err)`
`89`	`89`	`return err`
`90`	`90`	`}`
`91`		`- if !c.negotiater.IsComplete() {`
	`91`	`+ if !c.negotiator.IsComplete() {`
`92`	`92`	`return errors.New("InitSecContext did not indicate final negotiation completed")`
`93`	`93`	`}`
`94`	`94`	`return nil`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`func (c *NegotiateChallengeHandler) Release() error {`
`98`		`- return c.negotiater.Release()`
	`98`	`+ return c.negotiator.Release()`
`99`	`99`	`}`
`100`	`100`
`101`	`101`	`const negotiateScheme = "negotiate"`