From 67c33ac1ecad657c2a8d86689d719290e8fbc64f Mon Sep 17 00:00:00 2001 From: zeekling Date: Sat, 19 Mar 2022 14:03:41 +0800 Subject: [PATCH] add kerberos --- sample/sample-client.c | 16 ++++++------- sample/sample-server.c | 54 +++++++++++++++++++++++++++++++++++++----- 2 files changed, 56 insertions(+), 14 deletions(-) diff --git a/sample/sample-client.c b/sample/sample-client.c index cf374a7..5b27ad9 100644 --- a/sample/sample-client.c +++ b/sample/sample-client.c @@ -12,12 +12,12 @@ char buf[SAMPLE_SEC_BUF_SIZE]; static sasl_conn_t *conn = NULL; -char *realm = "DOMAIN.COM"; -char *mech = "gssapi"; -char *iplocal = "127.0.0.1"; -char *ipremote = "127.0.0.1"; +const char *realm = "DOMAIN.COM"; +const char *mech = "gssapi"; +const char *iplocal = "127.0.0.1"; +const char *ipremote = "127.0.0.1"; char *searchpath = NULL; -char *service = "zeekling"; +const char *service = "zeekling"; int cfd; int init_sasl() { @@ -30,8 +30,8 @@ int init_sasl() { } int connect_server() { - struct sockaddr_in s_add,c_add; - unsigned short portnum=2345; + struct sockaddr_in s_add, c_add; + unsigned short portnum = 2345; printf("Hello,welcome to client !\r\n"); cfd = socket(AF_INET, SOCK_STREAM, 0); if(-1 == cfd) { @@ -63,7 +63,7 @@ int main() { const char *chosenmech; int serverlast = 0; unsigned len; - char *fqdn = ""; + const char *fqdn = ""; char *userid = NULL; char *authid = NULL; diff --git a/sample/sample-server.c b/sample/sample-server.c index 626d242..f5ca709 100644 --- a/sample/sample-server.c +++ b/sample/sample-server.c @@ -1,3 +1,5 @@ + +#include #include #include #include @@ -6,7 +8,7 @@ #include #include -int sfp; /* 定义两个描述符 */ +int sfp; struct sockaddr_in s_add,c_add; int sin_size; @@ -14,10 +16,11 @@ typedef struct kClient { int fp; int auth_complete; int begin_auth; + sasl_conn_t *conn; } kClient; int listen_port() { - unsigned short portnum=2345; /* 服务端使用端口 */ + unsigned short portnum=2345; sfp = socket(AF_INET, SOCK_STREAM, 0); if(-1 == sfp) { @@ -50,12 +53,51 @@ kClient *createClient(int fp) { kClient *c = malloc(sizeof(kClient)); c->fp = fp; c->auth_complete = -1; - c->begin_auth = -1; + c->begin_auth = 0; + c->conn = NULL; return c; } int auth_client(kClient *c) { - + if (!c->begin_auth && sasl_server_new("sample", "DOMAIN.COM", + "DOMAIN.COM", "127.0.0.1", "127.0.0.1", NULL, + 0, &c->conn) == SASL_OK) { + printf("Allocating sasl connection state"); + return 1; + } + const char *mech = "GSSAPI"; + int recbytes; + char buffer[1024]={0}; + if ((recbytes = read(c->fp, buffer, 1024)) == -1) { + printf("read failed"); + close(c->fp); + return 1; + } + buffer[recbytes] = '\0'; + char *out; + unsigned len = 0; + int result = sasl_server_start(c->conn, mech, buffer, recbytes, &out, &len); + if (result != SASL_OK && result != SASL_CONTINUE) { + printf("auth failed "); + write(c->fp, "auth failed", 11); + close(c->fp); + } + while (result == SASL_CONTINUE) { + if (write(c->fp, out, len) == -1) { + printf("write failed"); + return 1; + } + if (recbytes = read(c->fp, buffer, 1024)) { + printf("write failed"); + return 1; + } + result = sasl_server_step(c->conn, buffer, recbytes, &out, &len); + if (result != SASL_OK && result != SASL_CONTINUE) { + write(c->fp, "auth failed", 11); + close(c->fp); + return 1; + } + } return 0; } @@ -77,7 +119,7 @@ void readQuery(kClient *c) { } if (c->auth_complete != 1 && auth_client(c) != 0) { printf("auth failed!\n"); - break; + break; } if(-1 == write(c->fp,"need_auth",9)) { printf("write fail!\n"); @@ -113,7 +155,7 @@ int main() return -1; } - printf("accept ok!\r\nServer start get connect from %#x : %#x\r\n",ntohl(c_add.sin_addr.s_addr),ntohs(c_add.sin_port)); + printf("accept ok!\nServer start get connect from %#x : %#x\n", ntohl(c_add.sin_addr.s_addr), ntohs(c_add.sin_port)); kClient *c = createClient(nfp); readQuery(c); } -- 2.45.2