Write initial SASL/GSSAPI Kerberos classes and server code

9 files changed, 627 insertions, 25 deletions

diff --git a/clients/tde/src/Makefile.am b/clients/tde/src/Makefile.am
index 23fbb4d..40077c5 100644
--- a/clients/tde/src/Makefile.am
+++ b/clients/tde/src/Makefile.am
@@ -1,3 +1,3 @@
-SUBDIRS     = widgets app part
+SUBDIRS     = lib widgets app part
 INCLUDES    = $(all_includes)
 METASOURCES = AUTO
diff --git a/clients/tde/src/app/Makefile.am b/clients/tde/src/app/Makefile.am
index 7b53912..eeb1b1f 100644
--- a/clients/tde/src/app/Makefile.am
+++ b/clients/tde/src/app/Makefile.am
@@ -5,5 +5,5 @@ METASOURCES = AUTO
 # Application
 bin_PROGRAMS = remote_laboratory_client
 remote_laboratory_client_SOURCES = main.cpp remotemdi.cpp
-remote_laboratory_client_LDADD = ./views/libinstrumentview.la $(LIB_KPARTS) $(LIB_TDEUI)
+remote_laboratory_client_LDADD = ../lib/libtdekrbsocket.la ./views/libinstrumentview.la $(LIB_KPARTS) $(LIB_TDEUI)
 remote_laboratory_client_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -lkmdi
diff --git a/clients/tde/src/app/main.cpp b/clients/tde/src/app/main.cpp
index 491056e..09b81e0 100644
--- a/clients/tde/src/app/main.cpp
+++ b/clients/tde/src/app/main.cpp
@@ -23,15 +23,15 @@ static KAboutData about(
 	"http://remotefpga.pearsoncomputing.net/", "kb9vqf@pearsoncomputing.net" );
 
 
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
 {
-	about.addAuthor( "Timothy Pearson", I18N_NOOP("Author, maintainer"), "kb9vqf@pearsoncomputing.net", "http://remotefpga.pearsoncomputing.net/" );
-	
-	KCmdLineArgs::init( argc, argv, &about );
-	KCmdLineArgs::addCmdLineOptions( options );
-	
+	about.addAuthor("Timothy Pearson", I18N_NOOP("Author, maintainer"), "kb9vqf@pearsoncomputing.net", "http://remotefpga.pearsoncomputing.net/");
+
+	KCmdLineArgs::init(argc, argv, &about);
+	KCmdLineArgs::addCmdLineOptions(options);
+
 	KApplication app;
-	
+
 	// Read MDI settings (window positions, etc)
 	KConfig *c = app.config();
 	// RAJA FIXME
@@ -41,7 +41,9 @@ int main( int argc, char *argv[] )
 	app.setMainWidget(mainWin);
 
 	KCmdLineArgs* const args = KCmdLineArgs::parsedArgs();
-	if (args->count() > 0) mainWin->setServerHost(args->arg(0));
+	if (args->count() > 0) {
+		mainWin->setServerHost(args->arg(0));
+	}
 	args->clear();
 
 	mainWin->show();
diff --git a/clients/tde/src/app/remotemdi.cpp b/clients/tde/src/app/remotemdi.cpp
index 3e7e26b..cb1d397 100644
--- a/clients/tde/src/app/remotemdi.cpp
+++ b/clients/tde/src/app/remotemdi.cpp
@@ -28,7 +28,7 @@ using namespace std;
 #include "views/instrumentview.h"
 
 RemoteMDI::RemoteMDI()
-    : KMdiMainFrm(0, "RemoteMDI", KMdi::ChildframeMode), m_children(0)
+    : KMdiMainFrm(0, "RemoteMDI", KMdi::ChildframeMode), m_children(NULL), m_rsvSvrSocket(NULL)
 {
 	setXMLFile("remotelabui.rc");
 
@@ -36,32 +36,41 @@ RemoteMDI::RemoteMDI()
 	KStdAction::close(this, SLOT(closeCurrent()), actionCollection());
 	KStdAction::quit(this, SLOT(close()), actionCollection());
 
-	// Use a traditional MDI
-	switchToChildframeMode();
-
-	KToggleAction *inst_sa_menu = new KToggleAction(i18n("Spectrum Analyzer"), KShortcut(), this, SLOT(startSpectrumAnalyzer()), actionCollection(), "spectrum_analyzer");
-
 	KActionCollection *const ac = actionCollection();
-	setStandardToolBarMenuEnabled( true );
-	KStdAction::quit( TQT_TQOBJECT(this), TQT_SLOT(close()), ac );
+	setStandardToolBarMenuEnabled(true);
+	KStdAction::quit(TQT_TQOBJECT(this), TQT_SLOT(close()), ac);
 	KStdAction::configureToolbars(TQT_TQOBJECT(this), TQT_SLOT(configToolbars()), ac);
 	KStdAction::keyBindings(TQT_TQOBJECT(this), TQT_SLOT(configKeys()), ac);
-	new KAction(i18n("Launch Spectrum Analyzer"), "remote", CTRL+Key_Home, TQT_TQOBJECT(this), TQT_SLOT(startSpectrumAnalyzer()), ac, "spectrum_analyzer" );
+	connect_action = new KAction(i18n("Connect to Server"), "remote", NULL, TQT_TQOBJECT(this), TQT_SLOT(connectToServer()), ac, "connect_server");
+	disconnect_action = new KAction(i18n("Disconnect from Server"), "remote", NULL, TQT_TQOBJECT(this), TQT_SLOT(disconnectFromServer()), ac, "disconnect_server");
+	inst_sa_menu = new KAction(i18n("Launch Spectrum Analyzer"), "remote", NULL, TQT_TQOBJECT(this), TQT_SLOT(startSpectrumAnalyzer()), ac, "spectrum_analyzer");
+
+	// Add Window menu
+	if ( !isFakingSDIApplication() ) {
+		menuBar()->insertItem(i18n("&Window"), windowMenu());
+	}
 
 	createGUI( 0 );
 
 	// When we change view, change the status bar text
 	connect(this, SIGNAL(viewActivated(KMdiChildView*)), this, SLOT(currentChanged(KMdiChildView*)));
 
+	ac->setHighlightingEnabled(true);  
+	connect(ac, TQT_SIGNAL(actionStatusText(const TQString&)), statusBar(), TQT_SLOT(message(const TQString&) ));
+	connect(ac, TQT_SIGNAL(clearStatusText()), statusBar(), TQT_SLOT(clear()));
+
 	// Create the status bar
-	statusBar()->message( i18n( "No view!" ) );
+	statusBar()->message(i18n("No view!"));
 
 	// Create the list of the opened windows
-	m_listBox = new KListBox( this );
-	m_listBox->setCaption( i18n( "Opened windows" ) );
-	addToolWindow( m_listBox, KDockWidget::DockLeft, getMainDockWidget() );
+	m_listBox = new KListBox(this);
+	m_listBox->setCaption(i18n("Opened windows"));
+	addToolWindow(m_listBox, KDockWidget::DockLeft, getMainDockWidget());
+
+	connect(m_listBox, SIGNAL(executed(TQListBoxItem *)), this, SLOT(listBoxExecuted(TQListBoxItem*)));
+	connect(m_listBox, SIGNAL(rightButtonClicked(TQListBoxItem*, const TQPoint&)), this, SLOT(listBoxRightClicked(TQListBoxItem*)));
 
-	connect(m_listBox, SIGNAL(executed(TQListBoxItem *)), this, SLOT(listBoxExecuted(TQListBoxItem* )));
+	processLockouts();
 }
 
 RemoteMDI::~RemoteMDI()
@@ -69,6 +78,86 @@ RemoteMDI::~RemoteMDI()
 	while (m_pCurrentWindow) {
 		closeCurrent();
 	}
+
+	if (m_rsvSvrSocket) {
+		m_rsvSvrSocket->close();
+		while (m_rsvSvrSocket->state() == TQSocket::Closing) {
+			tqApp->processEvents();
+		}
+		delete m_rsvSvrSocket;
+	}
+}
+
+void RemoteMDI::connectToServer() {
+	if (m_rsvSvrSocket) {
+		return;
+	}
+
+	connect_action->setEnabled(false);
+	disconnect_action->setEnabled(false);
+
+	// Connect to the central reservation/control server
+	m_rsvSvrSocket = new TDEKerberosClientSocket(this);
+	connect(m_rsvSvrSocket, SIGNAL(connectionClosed()), this, SLOT(connectionClosedHandler()));
+	m_rsvSvrSocket->setServiceName("remotefpga");
+	if (m_serverHost != "") {
+		m_rsvSvrSocket->setServerFQDN(m_serverHost);
+		m_rsvSvrSocket->connectToHost(m_serverHost, 4004);
+		while ((m_rsvSvrSocket->state() == TQSocket::Connecting) || (m_rsvSvrSocket->state() == TQSocket::HostLookup)) {
+			tqApp->processEvents();
+		}
+		if (m_rsvSvrSocket->state() == TQSocket::Connected) {
+			printf("[DEBUG] Initial connection established...\n\r"); fflush(stdout);
+			if (m_rsvSvrSocket->setUsingKerberos(true) != 0) {
+				disconnectFromServer();
+			}
+			else {
+				// Connection established!
+				disconnect_action->setEnabled(true);
+
+				// Read the next line from the server
+				TQString str = m_rsvSvrSocket->readLine();
+				printf("[RAJA DEBUG 200.0] Got %s\n\r", str.ascii()); fflush(stdout);
+			}
+		}
+		else {
+			printf("[ERROR] Initial connection failed (state %d)\n\r", m_rsvSvrSocket->state()); fflush(stdout);
+			disconnectFromServer();
+		}
+	}
+
+	processLockouts();
+}
+
+void RemoteMDI::disconnectFromServer() {
+	connect_action->setEnabled(false);
+	disconnect_action->setEnabled(false);
+
+	if (m_rsvSvrSocket) {
+		m_rsvSvrSocket->close();
+		while (m_rsvSvrSocket->state() == TQSocket::Closing) {
+			tqApp->processEvents();
+		}
+		delete m_rsvSvrSocket;
+		m_rsvSvrSocket = 0;
+	}
+
+	connect_action->setEnabled(true);
+	processLockouts();
+}
+
+void RemoteMDI::connectionClosedHandler() {
+	disconnectFromServer();
+}
+
+void RemoteMDI::processLockouts() {
+	bool connected = false;
+	if (m_rsvSvrSocket) {
+		connected = (m_rsvSvrSocket->state() == TQSocket::Connected);
+	}
+
+printf("[RAJA DEBUG 600.0] connected: %d\n\r", connected); fflush(stdout);
+	inst_sa_menu->setEnabled(connected);
 }
 
 void RemoteMDI::configToolbars() {
@@ -199,6 +288,26 @@ void RemoteMDI::listBoxExecuted(TQListBoxItem *item)
 	}
 }
 
+void RemoteMDI::listBoxRightClicked(TQListBoxItem *item)
+{
+	// Get the current item's text
+	TQString text = item->text();
+
+	// Bring up a menu for the corresponding window
+	// RAJA FIXME
+	for (TQValueList< KMdiChildView *>::iterator it = m_window.begin(); it != m_window.end(); ++it ) {
+		// Get the view
+		KMdiChildView *view = *it;
+		assert(view);
+
+		// Is the view we need to show?
+		if (view->caption() == text) {
+			view->activate();
+			break;
+		}
+	}
+}
+
 void RemoteMDI::childClosed(KMdiChildView * w)
 {
 	assert(w);
diff --git a/clients/tde/src/app/remotemdi.h b/clients/tde/src/app/remotemdi.h
index 144bd6d..0a7ddd2 100644
--- a/clients/tde/src/app/remotemdi.h
+++ b/clients/tde/src/app/remotemdi.h
@@ -11,9 +11,12 @@
 #include <tqvaluelist.h>
 #include <kmdimainfrm.h>
 
+#include "lib/tdekrbsocket.h"
+
 class KMdiChildView;
 class KListBox;
 class TQListBoxItem;
+class KToggleAction;
 
 /**
  * @short Remote Laboratory Main Window
@@ -46,11 +49,16 @@ class RemoteMDI : public KMdiMainFrm
 		void currentChanged(KMdiChildView *current);
 		void closeCurrent();
 		void listBoxExecuted(TQListBoxItem *);
+		void listBoxRightClicked(TQListBoxItem *);
 		void childClosed(KMdiChildView *w);
 	
 	private slots:
 		void configToolbars();
 		void configKeys();
+		void connectToServer();
+		void disconnectFromServer();
+		void connectionClosedHandler();
+		void processLockouts();
 		void startSpectrumAnalyzer();
 	
 	protected:
@@ -62,6 +70,13 @@ class RemoteMDI : public KMdiMainFrm
 		TQValueList<KMdiChildView*> m_window;
 		TQValueList<KMdiChildView*> m_closelist;
 		KListBox *m_listBox;
+
+		TDEKerberosClientSocket* m_rsvSvrSocket;
+
+	private:
+		KAction *connect_action;
+		KAction *disconnect_action;
+		KAction *inst_sa_menu;
 };
 
 #endif // _REMOTEMDI_H_
diff --git a/clients/tde/src/lib/Makefile.am b/clients/tde/src/lib/Makefile.am
new file mode 100644
index 0000000..9e5f086
--- /dev/null
+++ b/clients/tde/src/lib/Makefile.am
@@ -0,0 +1,5 @@
+INCLUDES = $(all_includes) -I/usr/include/sasl
+METASOURCES = AUTO
+noinst_LTLIBRARIES = libtdekrbsocket.la
+libtdekrbsocket_la_SOURCES = tdekrbsocket.cpp
+libtdekrbsocket_la_LDFLAGS = -lsasl2
diff --git a/clients/tde/src/lib/tdekrbsocket.cpp b/clients/tde/src/lib/tdekrbsocket.cpp
new file mode 100644
index 0000000..30f28d2
--- /dev/null
+++ b/clients/tde/src/lib/tdekrbsocket.cpp
@@ -0,0 +1,404 @@
+/***************************************************************************
+ *   Copyright (C) 2012 by Timothy Pearson                                 *
+ *   kb9vqf@pearsoncomputing.net                                           *
+ *                                                                         *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU General Public License as published by  *
+ *   the Free Software Foundation; either version 2 of the License, or     *
+ *   (at your option) any later version.                                   *
+ *                                                                         *
+ *   This program is distributed in the hope that it will be useful,       *
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ *   GNU General Public License for more details.                          *
+ *                                                                         *
+ *   You should have received a copy of the GNU General Public License     *
+ *   along with this program; if not, write to the                         *
+ *   Free Software Foundation, Inc.,                                       *
+ *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ ***************************************************************************/
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <tqapplication.h>
+
+#include <sasl.h>
+#include <saslplug.h>
+#include <saslutil.h>
+
+#include "tdekrbsocket.h"
+
+#define NET_SEC_BUF_SIZE (2048)
+
+class SASLDataPrivate
+{
+	public:
+		sasl_callback_t m_callbacks[N_CALLBACKS];
+		sasl_conn_t *m_krbConnection;
+};
+
+static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
+	const char *label;
+	
+	if (!message) {
+		return SASL_BADPARAM;
+	}
+	
+	switch (priority) {
+		case SASL_LOG_ERR:
+			label = "Error";
+			break;
+		case SASL_LOG_NOTE:
+			label = "Info";
+			break;
+		default:
+			label = "Other";
+			break;
+	}
+	
+	printf("[SASL %s] %s\n\r", label, message);
+	
+	return SASL_OK;
+}
+
+TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false) {
+	saslData = new SASLDataPrivate;
+	saslData->m_krbConnection = NULL;
+}
+
+TDEKerberosClientSocket::~TDEKerberosClientSocket() {
+	delete saslData;
+}
+
+bool TDEKerberosClientSocket::open(int mode) {
+	bool ret = TQSocket::open(mode);
+	if (m_kerberosRequested) {
+		initializeKerberosInterface();
+	}
+	return ret;
+}
+
+void TDEKerberosClientSocket::close() {
+	TQSocket::close();
+}
+
+int TDEKerberosClientSocket::setUsingKerberos(bool krbactive) {
+	int ret = 0;
+
+	if (m_serviceName == "") {
+		printf("[ERROR] No service name set!\n\r"); fflush(stdout);
+		return -1;
+	}
+
+	if (krbactive) {
+		m_kerberosRequested = true;
+		if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) {
+			ret = initializeKerberosInterface();
+		}
+	}
+	else {
+		m_kerberosRequested = false;
+		if (saslData->m_krbConnection) {
+			freeKerberosConnection();
+		}
+	}
+
+	return ret;
+}
+
+void TDEKerberosClientSocket::setServiceName(TQString name) {
+	m_serviceName = name;
+}
+
+void TDEKerberosClientSocket::setServerFQDN(TQString name) {
+	m_serverFQDN = name;
+}
+
+Q_LONG TDEKerberosClientSocket::readBlock(char *data, Q_ULONG maxlen) {
+	Q_LONG ret = TQSocket::readBlock(data, maxlen);
+	return ret;
+}
+
+Q_LONG TDEKerberosClientSocket::writeBlock(const char *data, Q_ULONG len) {
+	Q_LONG ret = TQSocket::writeBlock(data, len);
+	return ret;
+}
+
+Q_LONG TDEKerberosClientSocket::readLine(char *data, Q_ULONG maxlen) {
+	Q_LONG ret;
+
+	if (m_kerberosRequested) {
+		ret = getSASLDataFromNetwork(data, maxlen);
+	}
+	else {
+		ret = TQSocket::readLine(data, maxlen);
+	}
+
+	return ret;
+}
+
+TQString TDEKerberosClientSocket::readLine() {
+	TQString ret;
+	char buf[NET_SEC_BUF_SIZE];
+
+	if (m_kerberosRequested) {
+		receiveEncryptedData(buf, NET_SEC_BUF_SIZE);
+		ret = TQString(buf);
+	}
+	else {
+		ret = TQSocket::readLine();
+	}
+
+	return ret;
+}
+
+void TDEKerberosClientSocket::writeLine(TQString str) {
+	if (m_kerberosRequested) {
+		transmitEncryptedData(socket(), str.ascii(), str.length());
+	}
+	else {
+		TQSocket::writeBlock(str.ascii(), str.length());
+	}
+}
+
+void TDEKerberosClientSocket::freeKerberosConnection(void) {
+	if (saslData->m_krbConnection) {
+		sasl_dispose(&saslData->m_krbConnection);
+	}
+	saslData->m_krbConnection = 0;
+}
+
+void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd) {
+	char *buf;
+	unsigned len, alloclen;
+	int result;
+	char txbuf[NET_SEC_BUF_SIZE];
+
+	alloclen = ((length / 3) + 1) * 4 + 1;
+	buf = (char*)malloc(alloclen);
+	if (!buf) {
+		printf("[ERROR] Unable to malloc()!\n\r");
+		return;
+	}
+
+	result = sasl_encode64(buffer, length, buf, alloclen, &len);
+	if (result != SASL_OK) {
+		printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		return;
+	}
+
+	sprintf(txbuf, "%s\n", buf);
+	write(netfd, txbuf, strlen(txbuf));
+
+	free(buf);
+}
+
+unsigned int TDEKerberosClientSocket::getSASLDataFromNetwork(char *buf, int trunclen) {
+	unsigned int len;
+	int result;
+
+	len = 0;
+	while (1) {
+		tqApp->processEvents();
+		if (state() != TQSocket::Connected) {
+			return -1;
+		}
+		if (TQSocket::readBlock(buf+len, 1) > 0) {
+			if (buf[len] == '\n') {
+				buf[len] = 0;
+				break;
+			}
+			if (buf[len] != '\r') {
+				len++;
+			}
+		}
+		if (len >= trunclen) {
+			break;
+		}
+	}
+
+	len = strlen(buf);
+	result = sasl_decode64(buf, (unsigned) strlen(buf), buf, trunclen, &len);
+	if (result != SASL_OK) {
+		printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		return -1;
+	}
+	buf[len] = '\0';
+
+	return len;
+}
+
+int TDEKerberosClientSocket::transmitEncryptedData(int fd, const char* readbuf, int cc) {
+	int result = 0;
+	unsigned int len;
+	const char *data;
+
+	result=sasl_encode(saslData->m_krbConnection, readbuf, cc, &data, &len);
+	if (result != SASL_OK) {
+		printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+		return -1;
+	}
+	sendSASLDataToNetwork(data, len, fd);
+
+	return 0;
+}
+
+int TDEKerberosClientSocket::receiveEncryptedData(char *buf, int trunclen) {
+	unsigned int recv_len;
+	const char *recv_data;
+	int result;
+	int len;
+
+	len = getSASLDataFromNetwork(buf, trunclen);
+	if (len >= 0) {
+		result=sasl_decode(saslData->m_krbConnection, buf, len, &recv_data, &recv_len);
+		if (result != SASL_OK) {
+			printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+			return -1;
+		}
+		strncpy(buf, recv_data, trunclen);
+	}
+
+	return 0;
+}
+
+int TDEKerberosClientSocket::initializeKerberosInterface() {
+	if (state() != TQSocket::Connected) {
+		saslData->m_krbConnection = false;
+		return -1;
+	}
+
+	sasl_callback_t *callback;
+	char buf[NET_SEC_BUF_SIZE];
+	int result = 0;
+	int serverlast = 0;
+	sasl_security_properties_t secprops;
+	const char *chosenmech;
+	unsigned int len;
+	const char *data;
+	char user_authorized = 0;
+	sasl_ssf_t *ssf;
+	char *iplocal = NULL;
+	char *ipremote = NULL;
+	const char *service = m_serviceName.ascii();
+	const char *fqdn = m_serverFQDN.ascii();
+
+	callback = saslData->m_callbacks;
+
+	// log
+	callback->id = SASL_CB_LOG;
+	callback->proc = (sasl_callback_ft)&logSASLMessages;
+	callback->context = NULL;
+	++callback;
+
+	// end of callback list
+	callback->id = SASL_CB_LIST_END;
+	callback->proc = NULL;
+	callback->context = NULL;
+	++callback;
+
+	// Initialize default data structures
+	memset(&secprops, 0L, sizeof(secprops));
+	secprops.maxbufsize = NET_SEC_BUF_SIZE;
+	secprops.max_ssf = UINT_MAX;
+
+	result = sasl_client_init(saslData->m_callbacks);
+	if (result != SASL_OK) {
+		printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		return -1;
+	}
+
+	result = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection);
+	if (result != SASL_OK) {
+		printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		return -1;
+	}
+
+	result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops);
+	if (result != SASL_OK) {
+		printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		freeKerberosConnection();
+		return -1;
+	}
+
+	printf("[DEBUG] Waiting for mechanism list from server...\n\r");
+	len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
+
+	printf("Choosing best mechanism from: %s\n", buf);
+
+	result = sasl_client_start(saslData->m_krbConnection, buf, NULL, &data, &len, &chosenmech);
+	if (result != SASL_OK && result != SASL_CONTINUE) {
+		printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		freeKerberosConnection();
+		return -1;
+	}
+
+	printf("[DEBUG] Using mechanism %s\n\r", chosenmech);
+	strcpy(buf, chosenmech);
+	if (data) {
+		if (NET_SEC_BUF_SIZE - strlen(buf) - 1 < len) {
+			printf("[ERROR] Insufficient buffer space to construct initial response!\n\r");
+			freeKerberosConnection();
+			return -1;
+		}
+		printf("[DEBUG] Preparing initial response...\n\r");
+		memcpy(buf + strlen(buf) + 1, data, len);
+		len += (unsigned) strlen(buf) + 1;
+		data = NULL;
+	}
+	else {
+		len = (unsigned) strlen(buf);
+	}
+
+	printf("[DEBUG] Sending initial response...\n\r");
+	sendSASLDataToNetwork(buf, len, socket());
+
+	while (result == SASL_CONTINUE) {
+		printf("[DEBUG] Waiting for server reply...\n\r");
+		len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
+		if (state() != TQSocket::Connected) {
+			return -1;
+		}
+		result = sasl_client_step(saslData->m_krbConnection, buf, len, NULL, &data, &len);
+		if (result != SASL_OK && result != SASL_CONTINUE) {
+			printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+			freeKerberosConnection();
+			return -1;
+		}
+		if (data && len) {
+			printf("[DEBUG] Sending response...\n\r");
+			sendSASLDataToNetwork(data, len, socket());
+		}
+		else if (result != SASL_OK || !serverlast) {
+			sendSASLDataToNetwork("", 0, socket());
+		}
+	}
+	printf("[DEBUG] Negotiation complete!\n\r");
+
+	result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
+	if (result != SASL_OK) {
+		printf("[WARNING] Unable to determine authenticated username!\n\r");
+	}
+	else {
+		printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
+	}
+
+	result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
+	if (result != SASL_OK) {
+		printf("[WARNING] Unable to determine authenticated realm!\n\r");
+	}
+	else {
+		printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
+	}
+
+	result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
+	if (result != SASL_OK) {
+		printf("[WARNING] Unable to determine SSF!\n\r");
+	}
+	else {
+		printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/clients/tde/src/lib/tdekrbsocket.h b/clients/tde/src/lib/tdekrbsocket.h
new file mode 100644
index 0000000..591b579
--- /dev/null
+++ b/clients/tde/src/lib/tdekrbsocket.h
@@ -0,0 +1,67 @@
+/***************************************************************************
+ *   Copyright (C) 2012 by Timothy Pearson                                 *
+ *   kb9vqf@pearsoncomputing.net                                           *
+ *                                                                         *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU General Public License as published by  *
+ *   the Free Software Foundation; either version 2 of the License, or     *
+ *   (at your option) any later version.                                   *
+ *                                                                         *
+ *   This program is distributed in the hope that it will be useful,       *
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ *   GNU General Public License for more details.                          *
+ *                                                                         *
+ *   You should have received a copy of the GNU General Public License     *
+ *   along with this program; if not, write to the                         *
+ *   Free Software Foundation, Inc.,                                       *
+ *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ ***************************************************************************/
+
+#ifndef TDEKRBSOCKET_H
+#define TDEKRBSOCKET_H
+
+#include <tqsocket.h>
+
+#define N_CALLBACKS 3
+
+class SASLDataPrivate;
+
+class TDEKerberosClientSocket : public TQSocket
+{
+	Q_OBJECT
+
+	public:
+		TDEKerberosClientSocket(TQObject *parent=0, const char *name=0);
+		virtual ~TDEKerberosClientSocket();
+
+		bool open(int mode);
+		void close();
+		Q_LONG readBlock(char *data, Q_ULONG maxlen);
+		Q_LONG writeBlock(const char *data, Q_ULONG len);
+		Q_LONG readLine(char *data, Q_ULONG maxlen);
+		TQString readLine();
+		void writeLine(TQString);
+
+		int setUsingKerberos(bool krbactive);
+		void setServiceName(TQString name);
+		void setServerFQDN(TQString name);
+
+	private:
+		int initializeKerberosInterface();
+		void freeKerberosConnection();
+		void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
+		unsigned int getSASLDataFromNetwork(char *buf, int trunclen);
+		int transmitEncryptedData(int fd, const char* readbuf, int cc);
+		int receiveEncryptedData(char *buf, int trunclen);
+
+	private:
+		bool m_kerberosRequested;
+		TQString m_serviceName;
+		TQString m_serverFQDN;
+
+	private:
+		SASLDataPrivate *saslData;
+};
+
+#endif // TDEKRBSOCKET_H
\ No newline at end of file
diff --git a/clients/tde/src/part/commanalyzer/Makefile.am b/clients/tde/src/part/commanalyzer/Makefile.am
index db98e9e..ebb008a 100644
--- a/clients/tde/src/part/commanalyzer/Makefile.am
+++ b/clients/tde/src/part/commanalyzer/Makefile.am
@@ -3,7 +3,7 @@ METASOURCES = AUTO
 
 #Part
 kde_module_LTLIBRARIES  =  libremotelab_commanalyzer.la
-libremotelab_commanalyzer_la_LIBADD  = ../../widgets/libtracewidget.la ../../widgets/libfloatspinbox.la $(LIB_KFILE) $(LIB_KPARTS) $(LIB_TDEUI) $(LIB_QT)
+libremotelab_commanalyzer_la_LIBADD  = ../../lib/libtdekrbsocket.la ../../widgets/libtracewidget.la ../../widgets/libfloatspinbox.la $(LIB_KFILE) $(LIB_KPARTS) $(LIB_TDEUI) $(LIB_QT)
 libremotelab_commanalyzer_la_LDFLAGS = $(all_libraries) $(KDE_PLUGIN) -ltdecore -ltdeui -lkio -ltdefx
 libremotelab_commanalyzer_la_SOURCES = \
    part.cpp layout.ui