From 45ba21dbc0c7b5ac4d5d7333fdba8b66abd0d5b7 Mon Sep 17 00:00:00 2001 From: zeekling Date: Sun, 20 Mar 2022 22:14:30 +0800 Subject: [PATCH] add kerberos --- sample/Makefile | 12 +++--- sample/sample-client.c | 83 ++++++++++++++++++++++++++++++------------ sample/sample-server.c | 13 ++++--- 3 files changed, 73 insertions(+), 35 deletions(-) diff --git a/sample/Makefile b/sample/Makefile index 99b5eaf..4a32714 100644 --- a/sample/Makefile +++ b/sample/Makefile @@ -15,14 +15,16 @@ all: $(PROGRAM) @echo "" client:sample-client.c - $(CC) -c sample-client.c $(FINAL_FLAG) - $(CC) -o client sample-client.o $(FINAL_FLAG) + $(CC) -g -c sample-client.c $(FINAL_FLAG) + $(CC) -g -o client sample-client.o $(FINAL_FLAG) + rm *.o server:sample-server.c - $(CC) -c sample-server.c $(FINAL_FLAG) - $(CC) -o server sample-server.o $(FINAL_FLAG) + $(CC) -g -c sample-server.c $(FINAL_FLAG) + $(CC) -g -o server sample-server.o $(FINAL_FLAG) + rm *.o clean: - rm *.o server client + rm server client diff --git a/sample/sample-client.c b/sample/sample-client.c index 5b27ad9..694b1e2 100644 --- a/sample/sample-client.c +++ b/sample/sample-client.c @@ -1,3 +1,4 @@ + #include #include #include @@ -13,17 +14,18 @@ char buf[SAMPLE_SEC_BUF_SIZE]; static sasl_conn_t *conn = NULL; const char *realm = "DOMAIN.COM"; -const char *mech = "gssapi"; +const char *mech = "GSSAPI"; const char *iplocal = "127.0.0.1"; const char *ipremote = "127.0.0.1"; char *searchpath = NULL; const char *service = "zeekling"; +const char *fqdn = ""; int cfd; int init_sasl() { int result = sasl_client_init(NULL); - if (result != SASL_OK) { - printf("Initializing libsasl"); + if (result != SASL_OK) { + printf("Initializing libsasl\n"); return -1; } return 0; @@ -32,38 +34,69 @@ int init_sasl() { int connect_server() { struct sockaddr_in s_add, c_add; unsigned short portnum = 2345; - printf("Hello,welcome to client !\r\n"); + printf("Hello,welcome to client !\n"); cfd = socket(AF_INET, SOCK_STREAM, 0); if(-1 == cfd) { - printf("socket fail ! \r\n"); - return 1; - } - printf("socket ok !\r\n"); - bzero(&s_add,sizeof(struct sockaddr_in)); - s_add.sin_family=AF_INET; - s_add.sin_addr.s_addr= inet_addr("127.0.0.1"); - s_add.sin_port=htons(portnum); - - if(-1 == connect(cfd,(struct sockaddr *)(&s_add), sizeof(struct sockaddr))) { - printf("connect fail !\r\n"); + printf("socket fail ! \n"); return 1; } - printf("connect ok !\r\n"); + printf("socket ok !\n"); + bzero(&s_add, sizeof(struct sockaddr_in)); + s_add.sin_family = AF_INET; + s_add.sin_addr.s_addr = inet_addr("127.0.0.1"); + s_add.sin_port = htons(portnum); + + if(-1 == connect(cfd,(struct sockaddr *)(&s_add), sizeof(struct sockaddr))) { + printf("connect fail !\n"); + return 1; + } + printf("connect ok !\n"); return 0; } int auth_sever() { - + int result = sasl_client_new("sample", fqdn, "127.0.0.1", + "127.0.0.1", NULL, 0, &conn); + if (result != SASL_OK) { + printf("client new client failed\n"); + return 1; + } + char *data = NULL; + unsigned len = 0; + result = sasl_client_start(conn, mech, NULL, &data, &len, &mech); + if (result != SASL_OK && result != SASL_CONTINUE) { + printf("client auth start failed error:%s\n", sasl_errdetail(conn)); + return 1; + } + while (1) { + //todo 多次认证 + printf("write data %s, %d", data, len); + if(-1 == write(cfd, data, len)) { + printf("write failed\n"); + return 1; + } + int recbytes = 0; + char *buffer = NULL; + if (read(recbytes = read(cfd, buffer, 1024)) == -1) { + printf("read error\n"); + return 1; + } + printf("receive %s %d", buffer, recbytes); + result = sasl_client_step(conn, buffer, recbytes, NULL, &data, &len); + if (result != SASL_OK && result != SASL_CONTINUE) { + printf("auth failed, %s\n", sasl_errdetail(conn)); + return 1; + } + } return 0; } int main() { - int result; + int result; const char *data; - const char *chosenmech; + const char *chosenmech; int serverlast = 0; unsigned len; - const char *fqdn = ""; char *userid = NULL; char *authid = NULL; @@ -81,18 +114,20 @@ int main() { } if(-1 == (recbytes = read(cfd, buffer, 1024))) { - printf("read data fail !\r\n"); + printf("read data fail !\n"); return -1; } if (strcmp(buffer, "need_auth") == 0 && auth_sever() != 0) { - printf("auth failed"); + printf("auth failed\n"); return -1; } - printf("auth ok\r\nREC:\r\n"); + printf("auth ok\nREC:\n"); buffer[recbytes]='\0'; - printf("%s\r\n",buffer); + printf("%s\n",buffer); + + auth_sever(); getchar(); close(cfd); diff --git a/sample/sample-server.c b/sample/sample-server.c index f5ca709..c27b377 100644 --- a/sample/sample-server.c +++ b/sample/sample-server.c @@ -69,7 +69,7 @@ int auth_client(kClient *c) { int recbytes; char buffer[1024]={0}; if ((recbytes = read(c->fp, buffer, 1024)) == -1) { - printf("read failed"); + printf("read failed\n"); close(c->fp); return 1; } @@ -78,22 +78,23 @@ int auth_client(kClient *c) { unsigned len = 0; int result = sasl_server_start(c->conn, mech, buffer, recbytes, &out, &len); if (result != SASL_OK && result != SASL_CONTINUE) { - printf("auth failed "); - write(c->fp, "auth failed", 11); + printf("auth failed ,%s\n", sasl_errdetail(c->conn)); + write(c->fp, "auth failed\n", 11); close(c->fp); } while (result == SASL_CONTINUE) { if (write(c->fp, out, len) == -1) { - printf("write failed"); + printf("write failed\n"); return 1; } if (recbytes = read(c->fp, buffer, 1024)) { - printf("write failed"); + printf("write failed\n"); return 1; } result = sasl_server_step(c->conn, buffer, recbytes, &out, &len); if (result != SASL_OK && result != SASL_CONTINUE) { - write(c->fp, "auth failed", 11); + printf("auth failed ,%s\n", sasl_errdetail(c->conn)); + write(c->fp, "auth failed\n", 11); close(c->fp); return 1; } -- 2.45.1