add kerberos

This commit is contained in:
LingZhaoHui 2022-03-19 14:03:41 +08:00
parent f8ef877996
commit 67c33ac1ec
2 changed files with 56 additions and 14 deletions

View File

@ -12,12 +12,12 @@
char buf[SAMPLE_SEC_BUF_SIZE]; char buf[SAMPLE_SEC_BUF_SIZE];
static sasl_conn_t *conn = NULL; static sasl_conn_t *conn = NULL;
char *realm = "DOMAIN.COM"; const char *realm = "DOMAIN.COM";
char *mech = "gssapi"; const char *mech = "gssapi";
char *iplocal = "127.0.0.1"; const char *iplocal = "127.0.0.1";
char *ipremote = "127.0.0.1"; const char *ipremote = "127.0.0.1";
char *searchpath = NULL; char *searchpath = NULL;
char *service = "zeekling"; const char *service = "zeekling";
int cfd; int cfd;
int init_sasl() { int init_sasl() {
@ -30,8 +30,8 @@ int init_sasl() {
} }
int connect_server() { int connect_server() {
struct sockaddr_in s_add,c_add; struct sockaddr_in s_add, c_add;
unsigned short portnum=2345; unsigned short portnum = 2345;
printf("Hello,welcome to client !\r\n"); printf("Hello,welcome to client !\r\n");
cfd = socket(AF_INET, SOCK_STREAM, 0); cfd = socket(AF_INET, SOCK_STREAM, 0);
if(-1 == cfd) { if(-1 == cfd) {
@ -63,7 +63,7 @@ int main() {
const char *chosenmech; const char *chosenmech;
int serverlast = 0; int serverlast = 0;
unsigned len; unsigned len;
char *fqdn = ""; const char *fqdn = "";
char *userid = NULL; char *userid = NULL;
char *authid = NULL; char *authid = NULL;

View File

@ -1,3 +1,5 @@
#include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/types.h> #include <sys/types.h>
#include <stdio.h> #include <stdio.h>
@ -6,7 +8,7 @@
#include <string.h> #include <string.h>
#include <sasl/sasl.h> #include <sasl/sasl.h>
int sfp; /* 定义两个描述符 */ int sfp;
struct sockaddr_in s_add,c_add; struct sockaddr_in s_add,c_add;
int sin_size; int sin_size;
@ -14,10 +16,11 @@ typedef struct kClient {
int fp; int fp;
int auth_complete; int auth_complete;
int begin_auth; int begin_auth;
sasl_conn_t *conn;
} kClient; } kClient;
int listen_port() { int listen_port() {
unsigned short portnum=2345; /* 服务端使用端口 */ unsigned short portnum=2345;
sfp = socket(AF_INET, SOCK_STREAM, 0); sfp = socket(AF_INET, SOCK_STREAM, 0);
if(-1 == sfp) { if(-1 == sfp) {
@ -50,12 +53,51 @@ kClient *createClient(int fp) {
kClient *c = malloc(sizeof(kClient)); kClient *c = malloc(sizeof(kClient));
c->fp = fp; c->fp = fp;
c->auth_complete = -1; c->auth_complete = -1;
c->begin_auth = -1; c->begin_auth = 0;
c->conn = NULL;
return c; return c;
} }
int auth_client(kClient *c) { int auth_client(kClient *c) {
if (!c->begin_auth && sasl_server_new("sample", "DOMAIN.COM",
"DOMAIN.COM", "127.0.0.1", "127.0.0.1", NULL,
0, &c->conn) == SASL_OK) {
printf("Allocating sasl connection state");
return 1;
}
const char *mech = "GSSAPI";
int recbytes;
char buffer[1024]={0};
if ((recbytes = read(c->fp, buffer, 1024)) == -1) {
printf("read failed");
close(c->fp);
return 1;
}
buffer[recbytes] = '\0';
char *out;
unsigned len = 0;
int result = sasl_server_start(c->conn, mech, buffer, recbytes, &out, &len);
if (result != SASL_OK && result != SASL_CONTINUE) {
printf("auth failed ");
write(c->fp, "auth failed", 11);
close(c->fp);
}
while (result == SASL_CONTINUE) {
if (write(c->fp, out, len) == -1) {
printf("write failed");
return 1;
}
if (recbytes = read(c->fp, buffer, 1024)) {
printf("write failed");
return 1;
}
result = sasl_server_step(c->conn, buffer, recbytes, &out, &len);
if (result != SASL_OK && result != SASL_CONTINUE) {
write(c->fp, "auth failed", 11);
close(c->fp);
return 1;
}
}
return 0; return 0;
} }
@ -77,7 +119,7 @@ void readQuery(kClient *c) {
} }
if (c->auth_complete != 1 && auth_client(c) != 0) { if (c->auth_complete != 1 && auth_client(c) != 0) {
printf("auth failed!\n"); printf("auth failed!\n");
break; break;
} }
if(-1 == write(c->fp,"need_auth",9)) { if(-1 == write(c->fp,"need_auth",9)) {
printf("write fail!\n"); printf("write fail!\n");
@ -113,7 +155,7 @@ int main()
return -1; return -1;
} }
printf("accept ok!\r\nServer start get connect from %#x : %#x\r\n",ntohl(c_add.sin_addr.s_addr),ntohs(c_add.sin_port)); printf("accept ok!\nServer start get connect from %#x : %#x\n", ntohl(c_add.sin_addr.s_addr), ntohs(c_add.sin_port));
kClient *c = createClient(nfp); kClient *c = createClient(nfp);
readQuery(c); readQuery(c);
} }