zeekling/kerberosTest
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add kerberos config #6

Merged
zeekling merged 1 commits from kerberos into master 2022-07-17 12:43:03 +00:00
Conversation 0 Commits 1 Files Changed 6 +491 -241
6 changed files with 491 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -176,5 +176,6 @@ cython_debug/
a.out a.out
*.out *.out
*.o *.o
sample/sample_server sample/server
sample/sample_client sample/client
sample/core

213
sample/.clang-format Normal file
View File

@ -0,0 +1,213 @@
# 语言: None, Cpp, Java, JavaScript, ObjC, Proto, TableGen, TextProto
Language: Cpp
# BasedOnStyle: LLVM
# 访问说明符(public、private等)的偏移
AccessModifierOffset: -4
# 开括号(开圆括号、开尖括号、开方括号)后的对齐: Align, DontAlign, AlwaysBreak(总是在开括号后换行)
AlignAfterOpenBracket: Align
# 连续赋值时,对齐所有等号
AlignConsecutiveAssignments: false
# 连续声明时,对齐所有声明的变量名
AlignConsecutiveDeclarations: false
# 右对齐逃脱换行(使用反斜杠换行)的反斜杠
AlignEscapedNewlines: Right
# 水平对齐二元和三元表达式的操作数
AlignOperands: true
# 对齐连续的尾随的注释
AlignTrailingComments: true
# 不允许函数声明的所有参数在放在下一行
AllowAllParametersOfDeclarationOnNextLine: false
# 不允许短的块放在同一行
AllowShortBlocksOnASingleLine: true
# 允许短的case标签放在同一行
AllowShortCaseLabelsOnASingleLine: true
# 允许短的函数放在同一行: None, InlineOnly(定义在类中), Empty(空函数), Inline(定义在类中,空函数), All
AllowShortFunctionsOnASingleLine: None
# 允许短的if语句保持在同一行
AllowShortIfStatementsOnASingleLine: true
# 允许短的循环保持在同一行
AllowShortLoopsOnASingleLine: true
# 总是在返回类型后换行: None, All, TopLevel(顶级函数,不包括在类中的函数),
# AllDefinitions(所有的定义,不包括声明), TopLevelDefinitions(所有的顶级函数的定义)
AlwaysBreakAfterReturnType: None
# 总是在多行string字面量前换行
AlwaysBreakBeforeMultilineStrings: false
# 总是在template声明后换行
AlwaysBreakTemplateDeclarations: true
# false表示函数实参要么都在同一行要么都各自一行
BinPackArguments: true
# false表示所有形参要么都在同一行要么都各自一行
BinPackParameters: true
# 大括号换行只有当BreakBeforeBraces设置为Custom时才有效
BraceWrapping:
# class定义后面
AfterClass: false
# 控制语句后面
AfterControlStatement: false
# enum定义后面
AfterEnum: false
# 函数定义后面
AfterFunction: false
# 命名空间定义后面
AfterNamespace: false
# struct定义后面
AfterStruct: false
# union定义后面
AfterUnion: false
# extern之后
AfterExternBlock: false
# catch之前
BeforeCatch: false
# else之前
BeforeElse: false
# 缩进大括号
IndentBraces: false
# 分离空函数
SplitEmptyFunction: false
# 分离空语句
SplitEmptyRecord: false
# 分离空命名空间
SplitEmptyNamespace: false
# 在二元运算符前换行: None(在操作符后换行), NonAssignment(在非赋值的操作符前换行), All(在操作符前换行)
BreakBeforeBinaryOperators: NonAssignment
# 在大括号前换行: Attach(始终将大括号附加到周围的上下文), Linux(除函数、命名空间和类定义与Attach类似),
# Mozilla(除枚举、函数、记录定义与Attach类似), Stroustrup(除函数定义、catch、else与Attach类似),
# Allman(总是在大括号前换行), GNU(总是在大括号前换行,并对于控制语句的大括号增加额外的缩进), WebKit(在函数前换行), Custom
# 注:这里认为语句块也属于函数
BreakBeforeBraces: Custom
# 在三元运算符前换行
BreakBeforeTernaryOperators: false
# 在构造函数的初始化列表的冒号后换行
BreakConstructorInitializers: AfterColon
#BreakInheritanceList: AfterColon
BreakStringLiterals: false
# 每行字符的限制0表示没有限制
ColumnLimit: 0
CompactNamespaces: true
# 构造函数的初始化列表要么都在同一行,要么都各自一行
ConstructorInitializerAllOnOneLineOrOnePerLine: false
# 构造函数的初始化列表的缩进宽度
ConstructorInitializerIndentWidth: 4
# 延续的行的缩进宽度
ContinuationIndentWidth: 4
# 去除C++11的列表初始化的大括号{后和}前的空格
Cpp11BracedListStyle: true
# 继承最常用的指针和引用的对齐方式
DerivePointerAlignment: false
# 固定命名空间注释
FixNamespaceComments: true
# 缩进case标签
IndentCaseLabels: false
IndentPPDirectives: None
# 缩进宽度
IndentWidth: 4
# 函数返回类型换行时,缩进函数声明或函数定义的函数名
IndentWrappedFunctionNames: false
# 保留在块开始处的空行
KeepEmptyLinesAtTheStartOfBlocks: false
# 连续空行的最大数量
MaxEmptyLinesToKeep: 1
# 命名空间的缩进: None, Inner(缩进嵌套的命名空间中的内容), All
NamespaceIndentation: None
# 指针和引用的对齐: Left, Right, Middle
PointerAlignment: Right
# 允许重新排版注释
ReflowComments: true
# 允许排序#include
SortIncludes: false
# 允许排序 using 声明
SortUsingDeclarations: false
# 在C风格类型转换后添加空格
SpaceAfterCStyleCast: false
# 在Template 关键字后面添加空格
SpaceAfterTemplateKeyword: true
# 在赋值运算符之前添加空格
SpaceBeforeAssignmentOperators: true
# SpaceBeforeCpp11BracedList: true
# SpaceBeforeCtorInitializerColon: true
# SpaceBeforeInheritanceColon: true
# 开圆括号之前添加一个空格: Never, ControlStatements, Always
SpaceBeforeParens: ControlStatements
# SpaceBeforeRangeBasedForLoopColon: true
# 在空的圆括号中添加空格
SpaceInEmptyParentheses: false
# 在尾随的评论前添加的空格数(只适用于//)
SpacesBeforeTrailingComments: 1
# 在尖括号的<后和>前添加空格
SpacesInAngles: false
# 在C风格类型转换的括号中添加空格
SpacesInCStyleCastParentheses: false
# 在容器(ObjC和JavaScript的数组和字典等)字面量中添加空格
SpacesInContainerLiterals: true
# 在圆括号的(后和)前添加空格
SpacesInParentheses: false
# 在方括号的[后和]前添加空格lamda表达式和未指明大小的数组的声明不受影响
SpacesInSquareBrackets: false
# 标准: Cpp03, Cpp11, Auto
Standard: Cpp11
# tab宽度
TabWidth: 4
# 使用tab字符: Never, ForIndentation, ForContinuationAndIndentation, Always
UseTab: Never

12
sample/Makefile
View File

@ -1,7 +1,7 @@
CC=gcc CC=gcc
PROGRAM=sample_client sample_server PROGRAM=client server
LIBSSL_LIBS=-lsasl2 LIBSSL_LIBS=-lsasl2
@ -14,17 +14,17 @@ all: $(PROGRAM)
@echo "build seccess!" @echo "build seccess!"
@echo "" @echo ""
sample_client:sample-client.c client:sample-client.c
$(CC) -g -c sample-client.c $(FINAL_FLAG) $(CC) -g -c sample-client.c $(FINAL_FLAG)
$(CC) -g -o sample_client sample-client.o $(FINAL_FLAG) $(CC) -g -o client sample-client.o $(FINAL_FLAG)
rm *.o rm *.o
sample_server:sample-server.c server:sample-server.c
$(CC) -g -c sample-server.c $(FINAL_FLAG) $(CC) -g -c sample-server.c $(FINAL_FLAG)
$(CC) -g -o sample_server sample-server.o $(FINAL_FLAG) $(CC) -g -o server sample-server.o $(FINAL_FLAG)
rm *.o rm *.o
clean: clean:
rm sample_server sample_client rm server client

77
sample/sample-client.c
View File

@ -1,25 +1,24 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/types.h>
#include <sasl/sasl.h> #include <sasl/sasl.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <linux/in.h> #include <linux/in.h>
#include <string.h>
#define SAMPLE_SEC_BUF_SIZE (2048) #define SAMPLE_SEC_BUF_SIZE (2048)
char buf[SAMPLE_SEC_BUF_SIZE]; char buf[SAMPLE_SEC_BUF_SIZE];
static sasl_conn_t *conn = NULL; static sasl_conn_t *conn = NULL;
const char *realm = "DOMAIN.COM"; const char *realm = "TEST.COM";
const char *mech = "GSSAPI"; const char *mech = "GSSAPI";
const char *iplocal = "127.0.0.1"; const char *iplocal = "127.0.0.1";
const char *ipremote = "127.0.0.1"; const char *ipremote = "127.0.0.1";
char *searchpath = NULL; char *searchpath = NULL;
const char *service = "zeekling"; const char *service = "server";
const char *fqdn = ""; const char *fqdn = "hadoop.test.com";
int cfd; int cfd;
int init_sasl() { int init_sasl() {
@ -28,6 +27,7 @@ int init_sasl() {
printf("Initializing libsasl\n"); printf("Initializing libsasl\n");
return -1; return -1;
} }
printf("sasl_client_init ok\n");
return 0; return 0;
} }
@ -54,35 +54,63 @@ int connect_server() {
return 0; return 0;
} }
int readTicket(char *ticket) {
char len_str[10] = {0};
int recbytes;
if (-1 == (recbytes = read(cfd, len_str, 10))) {
printf("read len fail !\n");
close(cfd);
return 0;
}
char buffer[1024] = {0};
int len = atoi(len_str);
printf("read len=%s\n", len_str);
if (-1 == (recbytes = read(cfd, ticket, len))) {
printf("read data fail !\n");
close(cfd);
return 0;
}
return len;
}
void writeTicket(char *data, unsigned len) {
char len_str[10] = {0};
sprintf(len_str, "%d", len);
if (-1 == write(cfd, len_str, 10)) {
printf("write failed\n");
return 1;
}
if (-1 == write(cfd, data, len)) {
printf("write failed\n");
return 1;
}
}
int auth_sever() { int auth_sever() {
int result = sasl_client_new("sample", fqdn, "127.0.0.1", printf("begin auth\n");
"127.0.0.1", NULL, 0, &conn); int result = sasl_client_new("server", fqdn, NULL, NULL, NULL, 0, &conn);
if (result != SASL_OK) { if (result != SASL_OK) {
printf("client new client failed\n"); printf("client new client failed\n");
return 1; return 1;
} }
char *data = NULL; char data[1024] = {0};
unsigned len = 0; unsigned len = 0;
printf("begin sasl_client_start\n");
result = sasl_client_start(conn, mech, NULL, &data, &len, &mech); result = sasl_client_start(conn, mech, NULL, &data, &len, &mech);
if (result != SASL_OK && result != SASL_CONTINUE) { if (result != SASL_OK && result != SASL_CONTINUE) {
printf("client auth start failed error:%s\n", sasl_errdetail(conn)); printf("client auth start failed error:%s\n", sasl_errdetail(conn));
return 1; return 1;
} }
//data[len] = '\0';
printf("sasl_client_start ok: ticket=%s, len=%d\n", data, len);
while (1) { while (1) {
//todo 多次认证 char len_str[10] = {0};
printf("write data %s, %d", data, len); writeTicket(data, len);
if(-1 == write(cfd, data, len)) { char *buffer;
printf("write failed\n"); int size = readTicket(buffer);
return 1;
} result = sasl_client_step(conn, buffer, size, NULL, &data, &len);
int recbytes = 0;
char *buffer = NULL;
if (read(recbytes = read(cfd, buffer, 1024)) == -1) {
printf("read error\n");
return 1;
}
printf("receive %s %d", buffer, recbytes);
result = sasl_client_step(conn, buffer, recbytes, NULL, &data, &len);
if (result != SASL_OK && result != SASL_CONTINUE) { if (result != SASL_OK && result != SASL_CONTINUE) {
printf("auth failed, %s\n", sasl_errdetail(conn)); printf("auth failed, %s\n", sasl_errdetail(conn));
return 1; return 1;
@ -104,8 +132,7 @@ int main() {
int sin_size; int sin_size;
char buffer[1024] = {0}; char buffer[1024] = {0};
if (connect_server() != 0) if (connect_server() != 0) {
{
return 1; return 1;
} }
@ -137,5 +164,3 @@ int main() {
} }
return 0; return 0;
} }

118
sample/sample-server.c
View File

@ -12,6 +12,8 @@ int sfp;
struct sockaddr_in s_add, c_add; struct sockaddr_in s_add, c_add;
int sin_size; int sin_size;
char *server = "server";
typedef struct kClient { typedef struct kClient {
int fp; int fp;
int auth_complete; int auth_complete;
@ -34,14 +36,12 @@ int listen_port() {
s_add.sin_addr.s_addr = htonl(INADDR_ANY); /* 这里地址使用全0即所有 */ s_add.sin_addr.s_addr = htonl(INADDR_ANY); /* 这里地址使用全0即所有 */
s_add.sin_port = htons(portnum); s_add.sin_port = htons(portnum);
/* 使用bind进行绑定端口 */ /* 使用bind进行绑定端口 */
if(-1 == bind(sfp,(struct sockaddr *)(&s_add), sizeof(struct sockaddr))) if (-1 == bind(sfp, (struct sockaddr *)(&s_add), sizeof(struct sockaddr))) {
{
printf("bind fail !\n"); printf("bind fail !\n");
return -1; return -1;
} }
/* 开始监听相应的端口 */ /* 开始监听相应的端口 */
if(-1 == listen(sfp,5)) if (-1 == listen(sfp, 5)) {
{
printf("listen fail !\n"); printf("listen fail !\n");
return -1; return -1;
} }
@ -59,80 +59,95 @@ kClient *createClient(int fp) {
} }
int auth_client(kClient *c) { int auth_client(kClient *c) {
if (!c->begin_auth && sasl_server_new("sample", "DOMAIN.COM", if (!c->begin_auth) {
"DOMAIN.COM", "127.0.0.1", "127.0.0.1", NULL, int result = sasl_server_new(server, "hadoop.test.com", "TEST.COM", NULL, NULL, NULL, 0, &c->conn);
0, &c->conn) == SASL_OK) { if (result != SASL_OK) {
printf("Allocating sasl connection state"); printf("Allocating sasl connection state, %s\n", sasl_errdetail(c->conn));
return 1; return 1;
} }
}
const char *mech = "GSSAPI"; const char *mech = "GSSAPI";
int recbytes;
char buffer[1024] = {0}; char buffer[1024] = {0};
if ((recbytes = read(c->fp, buffer, 1024)) == -1) { int client_len = readTicket(c, buffer);
printf("read failed\n");
close(c->fp);
return 1;
}
buffer[recbytes] = '\0';
char *out; char *out;
unsigned len = 0; unsigned len = 0;
int result = sasl_server_start(c->conn, mech, buffer, recbytes, &out, &len); buffer[client_len] = '\n';
printf("ticket=%s, len=%d\n", buffer, client_len);
int result = sasl_server_start(c->conn, mech, buffer, client_len, &out, &len);
if (result != SASL_OK && result != SASL_CONTINUE) { if (result != SASL_OK && result != SASL_CONTINUE) {
printf("auth failed ,%s\n", sasl_errdetail(c->conn)); printf("auth failed ,%s, result=%d\n", sasl_errdetail(c->conn), result);
write(c->fp, "auth failed\n", 11); write(c->fp, "auth failed\n", 11);
close(c->fp); close(c->fp);
return;
} }
printf("sasl_server_start ok\n");
while (result == SASL_CONTINUE) { while (result == SASL_CONTINUE) {
if (write(c->fp, out, len) == -1) { writeTicket(c, out, len);
printf("write failed\n"); client_len = readTicket(c, buffer);
return 1; result = sasl_server_step(c->conn, buffer, client_len, &out, &len);
}
if (recbytes = read(c->fp, buffer, 1024)) {
printf("write failed\n");
return 1;
}
result = sasl_server_step(c->conn, buffer, recbytes, &out, &len);
if (result != SASL_OK && result != SASL_CONTINUE) { if (result != SASL_OK && result != SASL_CONTINUE) {
printf("auth failed ,%s\n", sasl_errdetail(c->conn)); printf("auth failed ,%s\n", sasl_errdetail(c->conn));
write(c->fp, "auth failed\n", 11); write(c->fp, "auth failed\n", 11);
close(c->fp); close(c->fp);
return 1; return 1;
} }
printf("sasl_server_start ok");
} }
return 0; return 0;
} }
int readTicket(kClient *c, char *ticket) {
char len_str[10] = {0};
int recbytes;
if (-1 == (recbytes = read(c->fp, len_str, 25))) {
printf("read len fail !\n");
close(c->fp);
return 0;
}
int len = atoi(len_str);
printf("read len=%s\n", len_str);
if (-1 == (recbytes = read(c->fp, ticket, len))) {
printf("read data fail !\n");
close(c->fp);
return 0;
}
return len;
}
void writeTicket(kClient *c, char *data, unsigned len) {
char len_str[10] = {0};
sprintf(len_str, "%d", len);
if (-1 == write(c->fp, len_str, 10)) {
printf("write failed\n");
return 1;
}
if (-1 == write(c->fp, data, len)) {
printf("write failed\n");
return 1;
}
}
void readQuery(kClient *c) { void readQuery(kClient *c) {
char buffer[1024] = {0}; char buffer[1024] = {0};
int recbytes; int recbytes;
/* 这里使用write向客户端发送信息也可以尝试使用其他函数实现 */ /* 这里使用write向客户端发送信息也可以尝试使用其他函数实现 */
if(-1 == write(c->fp,"need_auth",9)) if (-1 == write(c->fp, "need_auth", 9)) {
{
printf("write fail!\n"); printf("write fail!\n");
close(c->fp); close(c->fp);
return; return;
} }
printf("write ok!\n");
while (1) { if (auth_client(c) != 0) {
if(-1 == (recbytes = read(c->fp,buffer,1024))) {
printf("read data fail !\n");
close(c->fp);
}
if (c->auth_complete != 1 && auth_client(c) != 0) {
printf("auth failed!\n"); printf("auth failed!\n");
break; return;
}
if(-1 == write(c->fp,"need_auth",9)) {
printf("write fail!\n");
break;
}
}
close(c->fp);
} }
close(c->fp);
}
int init_sasl() { int init_sasl() {
int result = sasl_server_init(NULL, "sample"); int result = sasl_server_init(NULL, server);
if (result != SASL_OK) { if (result != SASL_OK) {
printf("Initializing libsasl"); printf("Initializing libsasl");
return 1; return 1;
@ -140,18 +155,15 @@ int init_sasl() {
return 0; return 0;
} }
int main() int main() {
{ if (listen_port() != 0) {
if (listen_port() != 0 && init_sasl() != 0)
{
return 1; return 1;
} }
while(1) init_sasl();
{ while (1) {
sin_size = sizeof(struct sockaddr_in); sin_size = sizeof(struct sockaddr_in);
int nfp = accept(sfp, (struct sockaddr *)(&c_add), &sin_size); int nfp = accept(sfp, (struct sockaddr *)(&c_add), &sin_size);
if(-1 == nfp) if (-1 == nfp) {
{
printf("accept fail !\r\n"); printf("accept fail !\r\n");
return -1; return -1;
} }
@ -163,5 +175,3 @@ int main()
close(sfp); close(sfp);
return 0; return 0;
} }

1
server/env
View File

@ -1,3 +1,4 @@
PWD=$(pwd) PWD=$(pwd)
export KRB5_CONFIG=${PWD}/server/krb5.conf export KRB5_CONFIG=${PWD}/server/krb5.conf
export KRB5CCNAME=/tmp/krb5cc_hadoop_1000 export KRB5CCNAME=/tmp/krb5cc_hadoop_1000
export KRB5_KTNAME=${PWD}/server/hadoop.keytab