update kerberos

This commit is contained in:
LingZhaoHui 2022-07-30 21:19:32 +08:00
parent debf816e24
commit cdddd51f9e
2 changed files with 41 additions and 3 deletions

View File

@ -6,6 +6,19 @@ import gssapi
import sys import sys
import socket import socket
def send_data(data:bytes, length:int):
len_str = length.to_bytes(3, byteorder="little", signed=True)
print(len_str)
s.send(len_str)
s.send(data)
def recv_data():
bs = s.recv(3)
length = int.from_bytes(bs, byteorder="little", signed=True)
print(length)
data = s.recv(length)
return data
curr_path = os.getcwd() curr_path = os.getcwd()
os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf" os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf"
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000" os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000"
@ -31,5 +44,10 @@ print(cname)
client_ctx = gssapi.SecurityContext(name=cname, usage="initiate") client_ctx = gssapi.SecurityContext(name=cname, usage="initiate")
while not client_ctx.complete: while not client_ctx.complete:
client_token = client_ctx.step(server_token) client_token = client_ctx.step(server_token)
client_token = client_token or b''
print("client_token=", client_token, "\nlen=", len(client_token), "\n")
send_data(client_token, len(client_token))
server_token = recv_data()
print("server_token=", server_token,"len=",len(server_token), "\n")

View File

@ -5,7 +5,21 @@ import os
import gssapi import gssapi
import sys import sys
import subprocess import subprocess
import socket import socket
s = socket.socket()
def send_data(cli:socket, data:bytes, length:int):
cli.send(length.to_bytes(3, byteorder="little", signed=True))
cli.send(data)
def recv_data(cli:socket):
bs = cli.recv(3)
length = int.from_bytes(bs, byteorder="little", signed=True)
print(length)
data = cli.recv(length)
return data
# 设置环境变量 # 设置环境变量
principal = "server/hadoop.test.com@TEST.COM" principal = "server/hadoop.test.com@TEST.COM"
@ -21,7 +35,6 @@ name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_
cname = name.canonicalize(gssapi.MechType.kerberos) cname = name.canonicalize(gssapi.MechType.kerberos)
print(cname) print(cname)
s = socket.socket()
host = "127.0.0.1" host = "127.0.0.1"
port = 12345 port = 12345
@ -35,5 +48,12 @@ while True:
c, addr = s.accept() c, addr = s.accept()
print("client") print("client")
c.send(b"no_auth") c.send(b"no_auth")
while not server_ctx.complete:
client_ticket = recv_data(c)
print("client_ticket=", client_ticket, "len=", len(client_ticket), "\n")
server_token = server_ctx.step(client_ticket)
print("server_token=", server_token, "len=", len(server_token), "\n")
send_data(c, server_token, len(server_token))
print("auth ok")