修改域名 (#9)

Reviewed-on: #9
This commit is contained in:
LingZhaoHui 2023-10-06 02:32:55 +00:00
parent cdddd51f9e
commit 2cacce72bc
8 changed files with 49 additions and 12 deletions

1
.gitignore vendored
View File

@ -179,3 +179,4 @@ a.out
sample/server sample/server
sample/client sample/client
sample/core sample/core
*.keytab

View File

@ -20,13 +20,13 @@ def recv_data():
return data return data
curr_path = os.getcwd() curr_path = os.getcwd()
os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf" os.environ["KRB5_CONFIG"] = curr_path + "/krb5.conf"
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000" os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000"
os.environ["KRB5_KTNAME"] = curr_path + "/client/cli.keytab" os.environ["KRB5_KTNAME"] = curr_path + "/cli.keytab"
os.environ["KRB5_TRACE"] = "/tmp/client.log" os.environ["KRB5_TRACE"] = "/tmp/client.log"
principal = "cli@TEST.COM" principal = "cli@TEST.HADOOP.COM"
res = subprocess.call(["kinit", "-kt", "client/cli.keytab", principal]) res = subprocess.call(["kinit", "-kt", "cli.keytab", principal])
subprocess.call(["klist"]) subprocess.call(["klist"])
name = gssapi.Name(principal) name = gssapi.Name(principal)

9
sample/kinit_client.sh Executable file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
export KRB5CCNAME=/tmp/krb5cc_cli_1000
export KRB5_CONFIG="/home/zeekling/project/gitea/kerberosTest/sample/krb5.conf"
kinit -kt ./cli.keytab cli
klist

9
sample/kinit_server.sh Executable file
View File

@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
export KRB5CCNAME=/tmp/krb5_server_1000
export KRB5_CONFIG="/home/zeekling/project/gitea/kerberosTest/sample/krb5.conf"
kinit -kt ./hadoop.keytab server/hadoop.test.hadoop.com@TEST.HADOOP.COM
klist

18
sample/krb5.conf Normal file
View File

@ -0,0 +1,18 @@
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.HADOOP.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
TEST.HADOOP.COM = {
kdc = krb5-kdc-server:88
admin_server = krb5-kdc-server
}

View File

@ -12,13 +12,13 @@
char buf[SAMPLE_SEC_BUF_SIZE]; char buf[SAMPLE_SEC_BUF_SIZE];
static sasl_conn_t *conn = NULL; static sasl_conn_t *conn = NULL;
const char *realm = "TEST.COM"; const char *realm = "TEST.HADOOP.COM";
const char *mech = "GSSAPI"; const char *mech = "GSSAPI";
const char *iplocal = "127.0.0.1"; const char *iplocal = "127.0.0.1";
const char *ipremote = "127.0.0.1"; const char *ipremote = "127.0.0.1";
char *searchpath = NULL; char *searchpath = NULL;
const char *service = "server"; const char *service = "server";
const char *fqdn = "hadoop.test.com"; const char *fqdn = "hadoop.test.hadoop.com";
int cfd; int cfd;
int init_sasl() { int init_sasl() {

View File

@ -60,7 +60,7 @@ kClient *createClient(int fp) {
int auth_client(kClient *c) { int auth_client(kClient *c) {
if (!c->begin_auth) { if (!c->begin_auth) {
int result = sasl_server_new(server, "hadoop.test.com", "TEST.COM", NULL, NULL, NULL, 0, &c->conn); int result = sasl_server_new(server, "hadoop.test.hadoop.com", "TEST.HADOOP.COM", NULL, NULL, NULL, 0, &c->conn);
if (result != SASL_OK) { if (result != SASL_OK) {
printf("Allocating sasl connection state, %s\n", sasl_errdetail(c->conn)); printf("Allocating sasl connection state, %s\n", sasl_errdetail(c->conn));
return 1; return 1;

View File

@ -22,16 +22,16 @@ def recv_data(cli:socket):
# 设置环境变量 # 设置环境变量
principal = "server/hadoop.test.com@TEST.COM" principal = "server/hadoop.test.hadoop.com@TEST.HADOOP.COM"
curr_path = os.getcwd() curr_path = os.getcwd()
os.environ["KRB5_CONFIG"] = curr_path + "/server/krb5.conf" os.environ["KRB5_CONFIG"] = curr_path + "/krb5.conf"
os.environ["KRB5_KTNAME"] = curr_path + "/server/hadoop.keytab" os.environ["KRB5_KTNAME"] = curr_path + "/hadoop.keytab"
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_hadoop_1000" os.environ["KRB5CCNAME"] = "/tmp/krb5_server_1000"
os.environ["KRB5_TRACE"] = "/tmp/server.log" os.environ["KRB5_TRACE"] = "/tmp/server.log"
kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal]) kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal])
klist_res = subprocess.call(["klist"]) klist_res = subprocess.call(["klist"])
name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_principal) name = gssapi.Name("server/hadoop.test.hadoop.com", name_type=gssapi.NameType.kerberos_principal)
cname = name.canonicalize(gssapi.MechType.kerberos) cname = name.canonicalize(gssapi.MechType.kerberos)
print(cname) print(cname)