From cdddd51f9e08f95c2b731d543d203edcd928b896 Mon Sep 17 00:00:00 2001 From: zeekling Date: Sat, 30 Jul 2022 21:19:32 +0800 Subject: [PATCH] update kerberos --- sample/client.py | 18 ++++++++++++++++++ sample/server.py | 26 +++++++++++++++++++++++--- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/sample/client.py b/sample/client.py index 9d5ea93..e555093 100755 --- a/sample/client.py +++ b/sample/client.py @@ -6,6 +6,19 @@ import gssapi import sys import socket +def send_data(data:bytes, length:int): + len_str = length.to_bytes(3, byteorder="little", signed=True) + print(len_str) + s.send(len_str) + s.send(data) + +def recv_data(): + bs = s.recv(3) + length = int.from_bytes(bs, byteorder="little", signed=True) + print(length) + data = s.recv(length) + return data + curr_path = os.getcwd() os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf" os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000" @@ -31,5 +44,10 @@ print(cname) client_ctx = gssapi.SecurityContext(name=cname, usage="initiate") while not client_ctx.complete: client_token = client_ctx.step(server_token) + client_token = client_token or b'' + print("client_token=", client_token, "\nlen=", len(client_token), "\n") + send_data(client_token, len(client_token)) + server_token = recv_data() + print("server_token=", server_token,"len=",len(server_token), "\n") diff --git a/sample/server.py b/sample/server.py index 3f197d2..d602cbf 100755 --- a/sample/server.py +++ b/sample/server.py @@ -5,7 +5,21 @@ import os import gssapi import sys import subprocess -import socket +import socket + +s = socket.socket() + +def send_data(cli:socket, data:bytes, length:int): + cli.send(length.to_bytes(3, byteorder="little", signed=True)) + cli.send(data) + +def recv_data(cli:socket): + bs = cli.recv(3) + length = int.from_bytes(bs, byteorder="little", signed=True) + print(length) + data = cli.recv(length) + return data + # 设置环境变量 principal = "server/hadoop.test.com@TEST.COM" @@ -21,7 +35,6 @@ name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_ cname = name.canonicalize(gssapi.MechType.kerberos) print(cname) -s = socket.socket() host = "127.0.0.1" port = 12345 @@ -35,5 +48,12 @@ while True: c, addr = s.accept() print("client") c.send(b"no_auth") - + while not server_ctx.complete: + client_ticket = recv_data(c) + print("client_ticket=", client_ticket, "len=", len(client_ticket), "\n") + server_token = server_ctx.step(client_ticket) + print("server_token=", server_token, "len=", len(server_token), "\n") + send_data(c, server_token, len(server_token)) + print("auth ok") +