summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--clients/tde/src/app/remotemdi.h2
-rw-r--r--lib/libtdekrb/src/Makefile.am8
-rw-r--r--lib/libtdekrb/src/tdekrbclientsocket.cpp (renamed from lib/libtdekrb/src/tdekrbsocket.cpp)24
-rw-r--r--lib/libtdekrb/src/tdekrbclientsocket.h (renamed from lib/libtdekrb/src/tdekrbsocket.h)6
-rw-r--r--lib/libtdekrb/src/tdekrbserversocket.cpp434
-rw-r--r--lib/libtdekrb/src/tdekrbserversocket.h68
-rw-r--r--servers/auth_server_lin/src/Makefile.am2
-rw-r--r--servers/auth_server_lin/src/auth_conn.cpp276
-rw-r--r--servers/auth_server_lin/src/auth_conn.h25
9 files changed, 543 insertions, 302 deletions
diff --git a/clients/tde/src/app/remotemdi.h b/clients/tde/src/app/remotemdi.h
index 2e1c939..5ccc80d 100644
--- a/clients/tde/src/app/remotemdi.h
+++ b/clients/tde/src/app/remotemdi.h
@@ -11,7 +11,7 @@
#include <tqvaluelist.h>
#include <kmdimainfrm.h>
-#include "tdekrbsocket.h"
+#include "tdekrbclientsocket.h"
class KMdiChildView;
class KListBox;
diff --git a/lib/libtdekrb/src/Makefile.am b/lib/libtdekrb/src/Makefile.am
index 110019d..b0b10cf 100644
--- a/lib/libtdekrb/src/Makefile.am
+++ b/lib/libtdekrb/src/Makefile.am
@@ -4,10 +4,8 @@ METASOURCES = AUTO
# Create a shared library file
lib_LTLIBRARIES = libtdekrbsocket.la
-include_HEADERS = tdekrbsocket.h
+include_HEADERS = tdekrbclientsocket.h tdekrbserversocket.h
-libtdekrbsocket_la_SOURCES = tdekrbsocket.cpp
+libtdekrbsocket_la_SOURCES = tdekrbclientsocket.cpp tdekrbserversocket.cpp
libtdekrbsocket_la_LIBADD = -lkio $(LIB_TDEUI) -lsasl2
-libtdekrbsocket_la_LDFLAGS = -avoid-version -module -no-undefined \
- $(all_libraries)
-
+libtdekrbsocket_la_LDFLAGS = -avoid-version -module -no-undefined $(all_libraries) \ No newline at end of file
diff --git a/lib/libtdekrb/src/tdekrbsocket.cpp b/lib/libtdekrb/src/tdekrbclientsocket.cpp
index 19b666a..c9db10a 100644
--- a/lib/libtdekrb/src/tdekrbsocket.cpp
+++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp
@@ -27,7 +27,7 @@
#include <saslplug.h>
#include <saslutil.h>
-#include "tdekrbsocket.h"
+#include "tdekrbclientsocket.h"
#define NET_SEC_BUF_SIZE (2048)
@@ -58,7 +58,7 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority,
}
printf("[SASL %s] %s\n\r", label, message);
-
+
return SASL_OK;
}
@@ -116,12 +116,28 @@ void TDEKerberosClientSocket::setServerFQDN(TQString name) {
}
Q_LONG TDEKerberosClientSocket::readBlock(char *data, Q_ULONG maxlen) {
- Q_LONG ret = TQSocket::readBlock(data, maxlen);
+ Q_LONG ret;
+
+ if (m_kerberosRequested) {
+ ret = receiveEncryptedData(data, maxlen);
+ }
+ else {
+ ret = TQSocket::readBlock(data, maxlen);
+ }
+
return ret;
}
Q_LONG TDEKerberosClientSocket::writeBlock(const char *data, Q_ULONG len) {
- Q_LONG ret = TQSocket::writeBlock(data, len);
+ Q_LONG ret;
+
+ if (m_kerberosRequested) {
+ ret = transmitEncryptedData(socket(), data, len);
+ }
+ else {
+ ret = TQSocket::writeBlock(data, len);
+ }
+
return ret;
}
diff --git a/lib/libtdekrb/src/tdekrbsocket.h b/lib/libtdekrb/src/tdekrbclientsocket.h
index 5f5f036..b010bc5 100644
--- a/lib/libtdekrb/src/tdekrbsocket.h
+++ b/lib/libtdekrb/src/tdekrbclientsocket.h
@@ -18,8 +18,8 @@
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
-#ifndef TDEKRBSOCKET_H
-#define TDEKRBSOCKET_H
+#ifndef TDEKRBCLIENTSOCKET_H
+#define TDEKRBCLIENTSOCKET_H
#include <tqsocket.h>
@@ -65,4 +65,4 @@ class TDEKerberosClientSocket : public TQSocket
unsigned int m_negotiatedMaxBufferSize;
};
-#endif // TDEKRBSOCKET_H \ No newline at end of file
+#endif // TDEKRBCLIENTSOCKET_H \ No newline at end of file
diff --git a/lib/libtdekrb/src/tdekrbserversocket.cpp b/lib/libtdekrb/src/tdekrbserversocket.cpp
new file mode 100644
index 0000000..0704aeb
--- /dev/null
+++ b/lib/libtdekrb/src/tdekrbserversocket.cpp
@@ -0,0 +1,434 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * kb9vqf@pearsoncomputing.net *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <tqapplication.h>
+
+#include <sasl.h>
+#include <saslplug.h>
+#include <saslutil.h>
+
+#include "tdekrbserversocket.h"
+
+#define NET_SEC_BUF_SIZE (2048)
+
+class SASLDataPrivate
+{
+ public:
+ sasl_callback_t m_callbacks[N_CALLBACKS];
+ sasl_conn_t *m_krbConnection;
+};
+
+static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
+ const char *label;
+
+ if (!message) {
+ return SASL_BADPARAM;
+ }
+
+ switch (priority) {
+ case SASL_LOG_ERR:
+ label = "Error";
+ break;
+ case SASL_LOG_NOTE:
+ label = "Info";
+ break;
+ default:
+ label = "Other";
+ break;
+ }
+
+ printf("[SASL %s] %s\n\r", label, message);
+
+ return SASL_OK;
+}
+
+TDEKerberosServerSocket::TDEKerberosServerSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) {
+ saslData = new SASLDataPrivate;
+ saslData->m_krbConnection = NULL;
+}
+
+TDEKerberosServerSocket::~TDEKerberosServerSocket() {
+ delete saslData;
+}
+
+bool TDEKerberosServerSocket::open(int mode) {
+ bool ret = TQSocket::open(mode);
+ if (m_kerberosRequested) {
+ initializeKerberosInterface();
+ }
+ return ret;
+}
+
+void TDEKerberosServerSocket::close() {
+ TQSocket::close();
+}
+
+int TDEKerberosServerSocket::setUsingKerberos(bool krbactive) {
+ int ret = 0;
+
+ if (m_serviceName == "") {
+ printf("[ERROR] No service name set!\n\r"); fflush(stdout);
+ return -1;
+ }
+
+ if (krbactive) {
+ m_kerberosRequested = true;
+ if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) {
+ ret = initializeKerberosInterface();
+ }
+ }
+ else {
+ m_kerberosRequested = false;
+ if (saslData->m_krbConnection) {
+ freeKerberosConnection();
+ }
+ }
+
+ return ret;
+}
+
+void TDEKerberosServerSocket::setServiceName(TQString name) {
+ m_serviceName = name;
+}
+
+void TDEKerberosServerSocket::setServerFQDN(TQString name) {
+ m_serverFQDN = name;
+}
+
+Q_LONG TDEKerberosServerSocket::readBlock(char *data, Q_ULONG maxlen) {
+ Q_LONG ret;
+
+ if (m_kerberosRequested) {
+ ret = receiveEncryptedData(data, maxlen);
+ }
+ else {
+ ret = TQSocket::readBlock(data, maxlen);
+ }
+
+ return ret;
+}
+
+Q_LONG TDEKerberosServerSocket::writeBlock(const char *data, Q_ULONG len) {
+ Q_LONG ret;
+
+ if (m_kerberosRequested) {
+ ret = transmitEncryptedData(socket(), data, len);
+ }
+ else {
+ ret = TQSocket::writeBlock(data, len);
+ }
+
+ return ret;
+}
+
+Q_LONG TDEKerberosServerSocket::readLine(char *data, Q_ULONG maxlen) {
+ Q_LONG ret;
+
+ if (m_kerberosRequested) {
+ ret = getSASLDataFromNetwork(data, maxlen);
+ }
+ else {
+ ret = TQSocket::readLine(data, maxlen);
+ }
+
+ return ret;
+}
+
+TQString TDEKerberosServerSocket::readLine() {
+ TQString ret;
+ char *buf;
+
+ if (m_kerberosRequested) {
+ buf = (char*)malloc(m_negotiatedMaxBufferSize);
+ receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
+ ret = TQString(buf);
+ free(buf);
+ }
+ else {
+ ret = TQSocket::readLine();
+ }
+
+ return ret;
+}
+
+void TDEKerberosServerSocket::writeLine(TQString str) {
+ if (m_kerberosRequested) {
+ transmitEncryptedData(socket(), str.ascii(), str.length());
+ }
+ else {
+ TQSocket::writeBlock(str.ascii(), str.length());
+ }
+}
+
+void TDEKerberosServerSocket::freeKerberosConnection(void) {
+ if (saslData->m_krbConnection) {
+ sasl_dispose(&saslData->m_krbConnection);
+ }
+ saslData->m_krbConnection = 0;
+}
+
+void TDEKerberosServerSocket::sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd) {
+ char *buf;
+ unsigned len, alloclen;
+ int result;
+
+ alloclen = ((length / 3) + 1) * 4 + 1;
+ buf = (char*)malloc(alloclen);
+ if (!buf) {
+ printf("[ERROR] Unable to malloc()!\n\r");
+ return;
+ }
+
+ result = sasl_encode64(buffer, length, buf, alloclen, &len);
+ if (result != SASL_OK) {
+ printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+ return;
+ }
+
+ len = strlen(buf);
+ buf[len] = '\n';
+ buf[len+1] = 0;
+ write(netfd, buf, len+1);
+
+ free(buf);
+}
+
+unsigned int TDEKerberosServerSocket::getSASLDataFromNetwork(char *buf, int trunclen) {
+ unsigned int len;
+ int result;
+
+ TQByteArray ba(2048);
+
+ len = 0;
+ while (1) {
+ tqApp->processEvents();
+ if (state() != TQSocket::Connected) {
+ return -1;
+ }
+ if (TQSocket::readBlock(ba.data()+len, 1) > 0) {
+ if (ba.data()[len] == '\n') {
+ ba.data()[len] = 0;
+ break;
+ }
+ if (ba.data()[len] != '\r') {
+ len++;
+ }
+ }
+ if (len >= (ba.size()-1)) {
+ ba.resize(ba.size()+2048);
+ break;
+ }
+ }
+
+ len = strlen(ba.data());
+ result = sasl_decode64(ba.data(), strlen(ba.data()), buf, trunclen, &len);
+ if (result != SASL_OK) {
+ printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+ return -1;
+ }
+ buf[len] = '\0';
+
+ return len;
+}
+
+int TDEKerberosServerSocket::transmitEncryptedData(int fd, const char* readbuf, int cc) {
+ int result = 0;
+ unsigned int len;
+ const char *data;
+
+ result=sasl_encode(saslData->m_krbConnection, readbuf, cc, &data, &len);
+ if (result != SASL_OK) {
+ printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ return -1;
+ }
+ sendSASLDataToNetwork(data, len, fd);
+
+ return 0;
+}
+
+int TDEKerberosServerSocket::receiveEncryptedData(char *buf, int trunclen) {
+ unsigned int recv_len;
+ const char *recv_data;
+ int result;
+ int len;
+
+ len = getSASLDataFromNetwork(buf, trunclen);
+ if (len >= 0) {
+ result=sasl_decode(saslData->m_krbConnection, buf, len, &recv_data, &recv_len);
+ if (result != SASL_OK) {
+ printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ return -1;
+ }
+ strncpy(buf, recv_data, trunclen);
+ }
+
+ return 0;
+}
+
+int TDEKerberosServerSocket::initializeKerberosInterface() {
+ if (state() != TQSocket::Connected) {
+ saslData->m_krbConnection = false;
+ return -1;
+ }
+
+ sasl_callback_t *callback;
+ char buf[NET_SEC_BUF_SIZE];
+ int result = 0;
+ int serverlast = 0;
+ sasl_security_properties_t secprops;
+ const char *ext_authid = NULL;
+ unsigned int len;
+ int count;
+ const char *data;
+ char user_authorized = 0;
+ sasl_ssf_t *ssf;
+
+ // FIXME
+ // Populate these fields!
+ char *iplocal = NULL;
+ char *ipremote = NULL;
+ char *localdomain = NULL;
+ char *userdomain = NULL;
+
+ callback = saslData->m_callbacks;
+
+ // log
+ callback->id = SASL_CB_LOG;
+ callback->proc = (sasl_callback_ft)&logSASLMessages;
+ callback->context = NULL;
+ ++callback;
+
+ // end of callback list
+ callback->id = SASL_CB_LIST_END;
+ callback->proc = NULL;
+ callback->context = NULL;
+ ++callback;
+
+ // Initialize default data structures
+ memset(&secprops, 0L, sizeof(secprops));
+ secprops.maxbufsize = NET_SEC_BUF_SIZE;
+ secprops.max_ssf = UINT_MAX;
+
+ result = sasl_server_init(saslData->m_callbacks, m_serviceName.ascii());
+ if (result != SASL_OK) {
+ printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ return -1;
+ }
+
+ result = sasl_server_new(m_serviceName.ascii(), localdomain, userdomain, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection);
+ if (result != SASL_OK) {
+ printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ return -1;
+ }
+
+ result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops);
+
+ if (result != SASL_OK) {
+ printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ freeKerberosConnection();
+ return -1;
+ }
+
+ puts("[DEBUG] Generating client mechanism list...");
+ result = sasl_listmech(saslData->m_krbConnection, ext_authid, NULL, " ", NULL, &data, &len, &count);
+ if (result != SASL_OK) {
+ printf("[ERROR] Generating client mechanism list returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ freeKerberosConnection();
+ return -1;
+ }
+
+ printf("[DEBUG] Sending list of %d mechanism(s)\n\r", count);
+ sendSASLDataToNetwork(data, len, socket());
+
+ printf("[DEBUG] Waiting for client mechanism...\n\r");
+ len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
+ if (strlen(buf) < len) {
+ printf("[DEBUG] Initial response received (%d < %d) [%s]\n\r", strlen(buf), len, buf);
+ // An initial response is present
+ data = buf + strlen(buf) + 1;
+ len = len - (unsigned) strlen(buf) - 1;
+ }
+ else {
+ data = NULL;
+ len = 0;
+ }
+ result = sasl_server_start(saslData->m_krbConnection, buf, data, len, &data, &len);
+ if (result != SASL_OK && result != SASL_CONTINUE) {
+ printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ freeKerberosConnection();
+ return -1;
+ }
+
+ while (result == SASL_CONTINUE) {
+ if (data) {
+ printf("[DEBUG] Sending response...\n\r");
+ sendSASLDataToNetwork(data, len, socket());
+ }
+ else {
+ printf("[ERROR] No data to send!\n\r");
+ freeKerberosConnection();
+ return -1;
+ }
+ printf("[DEBUG] Waiting for client reply...\n\r");
+ len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
+ data = NULL;
+ result = sasl_server_step(saslData->m_krbConnection, buf, len, &data, &len);
+ if (result != SASL_OK && result != SASL_CONTINUE) {
+ printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+ freeKerberosConnection();
+ return -1;
+ }
+ }
+ printf("[DEBUG] Negotiation complete\n\r");
+
+ if(serverlast && data) {
+ printf("[DEBUG] Additional information needed to be sent\n\r");
+ sendSASLDataToNetwork(data, len, socket());
+ }
+
+ result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
+ if (result != SASL_OK) {
+ printf("[WARNING] Unable to determine authenticated username!\n\r");
+ }
+ else {
+ printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
+ }
+
+ result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
+ if (result != SASL_OK) {
+ printf("[WARNING] Unable to determine authenticated realm!\n\r");
+ }
+ else {
+ printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
+ }
+
+ result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
+ if (result != SASL_OK) {
+ printf("[WARNING] Unable to determine SSF!\n\r");
+ }
+ else {
+ printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
+ }
+
+ return 0;
+} \ No newline at end of file
diff --git a/lib/libtdekrb/src/tdekrbserversocket.h b/lib/libtdekrb/src/tdekrbserversocket.h
new file mode 100644
index 0000000..16d6483
--- /dev/null
+++ b/lib/libtdekrb/src/tdekrbserversocket.h
@@ -0,0 +1,68 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * kb9vqf@pearsoncomputing.net *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+#ifndef TDEKRBSERVERSOCKET_H
+#define TDEKRBSERVERSOCKET_H
+
+#include <tqsocket.h>
+
+#define N_CALLBACKS 3
+
+class SASLDataPrivate;
+
+class TDEKerberosServerSocket : public TQSocket
+{
+ Q_OBJECT
+
+ public:
+ TDEKerberosServerSocket(TQObject *parent=0, const char *name=0);
+ virtual ~TDEKerberosServerSocket();
+
+ bool open(int mode);
+ void close();
+ Q_LONG readBlock(char *data, Q_ULONG maxlen);
+ Q_LONG writeBlock(const char *data, Q_ULONG len);
+ Q_LONG readLine(char *data, Q_ULONG maxlen);
+ TQString readLine();
+ void writeLine(TQString);
+
+ int setUsingKerberos(bool krbactive);
+ void setServiceName(TQString name);
+ void setServerFQDN(TQString name);
+
+ private:
+ int initializeKerberosInterface();
+ void freeKerberosConnection();
+ void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
+ unsigned int getSASLDataFromNetwork(char *buf, int trunclen);
+ int transmitEncryptedData(int fd, const char* readbuf, int cc);
+ int receiveEncryptedData(char *buf, int trunclen);
+
+ private:
+ bool m_kerberosRequested;
+ TQString m_serviceName;
+ TQString m_serverFQDN;
+
+ private:
+ SASLDataPrivate *saslData;
+ unsigned int m_negotiatedMaxBufferSize;
+};
+
+#endif // TDEKRBSERVERSOCKET_H \ No newline at end of file
diff --git a/servers/auth_server_lin/src/Makefile.am b/servers/auth_server_lin/src/Makefile.am
index 169c4c7..e7250a4 100644
--- a/servers/auth_server_lin/src/Makefile.am
+++ b/servers/auth_server_lin/src/Makefile.am
@@ -5,6 +5,6 @@ bin_PROGRAMS = remotefpga_authserver
remotefpga_authserver_SOURCES = main.cpp auth_conn.cpp
remotefpga_authserver_METASOURCES = AUTO
-remotefpga_authserver_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -lsasl2
+remotefpga_authserver_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -ltdekrbsocket
KDE_OPTIONS = nofinal
diff --git a/servers/auth_server_lin/src/auth_conn.cpp b/servers/auth_server_lin/src/auth_conn.cpp
index acf8e83..41a09f9 100644
--- a/servers/auth_server_lin/src/auth_conn.cpp
+++ b/servers/auth_server_lin/src/auth_conn.cpp
@@ -30,15 +30,9 @@
instance of this class.
*/
AuthSocket::AuthSocket(int sock, TQObject *parent, const char *name) :
- TQSocket( parent, name ) {
+ TDEKerberosServerSocket( parent, name ) {
- iplocal = NULL;
- ipremote = NULL;
- searchpath = NULL;
- service = "remotefpga";
- localdomain = NULL;
- userdomain = NULL;
- conn = NULL;
+ setServiceName("remotefpga");
line = 0;
connect(this, SIGNAL(connectionClosed()), SLOT(deleteLater()));
@@ -60,270 +54,22 @@ void AuthSocket::connectionClosedHandler() {
}
int AuthSocket::initiateKerberosHandshake() {
- return authenticate_connection_with_kerberos(socket());
-}
-
-#define NET_SEC_BUF_SIZE (2048)
+ bool user_authorized = false;
-static int sasl_my_log(void *context __attribute__((unused)), int priority, const char *message) {
- const char *label;
-
- if (!message) {
- return SASL_BADPARAM;
- }
-
- switch (priority) {
- case SASL_LOG_ERR:
- label = "Error";
- break;
- case SASL_LOG_NOTE:
- label = "Info";
- break;
- default:
- label = "Other";
- break;
- }
+ if (setUsingKerberos(true) == 0) {
+ // RAJA FIXME
+ if (user_authorized == 1) {
+ // Send list of available servers...
+ writeBlock("OK�", strlen("OK�"));
+ }
- printf("[SASL %s] %s\n\r", label, message);
+ writeBlock("TESTING", strlen("TESTING"));
- return SASL_OK;
-}
-
-sasl_callback_t callbacks[] = {
- {SASL_CB_LOG, (sasl_callback_ft)&sasl_my_log, NULL},
- {SASL_CB_LIST_END, NULL, NULL}
-};
-
-void AuthSocket::free_conn(void) {
- if (conn) {
- sasl_dispose(&conn);
- }
-}
-
-void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length, int netfd)
-{
- char *buf;
- unsigned len, alloclen;
- int result;
-
- alloclen = ((length / 3) + 1) * 4 + 1;
- buf = (char*)malloc(alloclen);
- if (!buf) {
- printf("[ERROR] Unable to malloc()!\n\r");
- return;
- }
-
- result = sasl_encode64(buffer, length, buf, alloclen, &len);
- if (result != SASL_OK) {
- printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errdetail(conn), result);
- return;
- }
-
- len = strlen(buf);
- buf[len] = '\n';
- buf[len+1] = 0;
- write(netfd, buf, len+1);
-
- free(buf);
-}
-
-unsigned int AuthSocket::get_sasl_data_from_network(char *buf) {
- unsigned int len;
- int result;
-
- len = 0;
- while (1) {
- tqApp->processEvents();
- if (state() != TQSocket::Connected) {
- return -1;
- }
- if (readBlock(buf+len, 1) > 0) {
- if (buf[len] == '\n') {
- buf[len] = 0;
- break;
- }
- if (buf[len] != '\r') {
- len++;
- }
- }
- if (len >= NET_SEC_BUF_SIZE) {
- break;
- }
- }
-
- len = strlen(buf);
- result = sasl_decode64(buf, (unsigned) strlen(buf), buf, NET_SEC_BUF_SIZE, &len);
- if (result != SASL_OK) {
- printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errdetail(conn), result);
- return -1;
- }
- buf[len] = '\0';
-
- return len;
-}
-
-int AuthSocket::write_data_to_client(int fd, const char* readbuf, int cc) {
- int result = 0;
- unsigned int len;
- const char *data;
-
- result=sasl_encode(conn, readbuf, cc, &data, &len);
- if (result != SASL_OK) {
- printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(conn), result);
- return -1;
- }
- send_sasl_data_to_network(data, len, fd);
-
- return 0;
-}
-
-int AuthSocket::receive_data_from_client(char *buf, int netfd) {
- unsigned int recv_len;
- const char *recv_data;
- int result;
- int len;
-
- len = get_sasl_data_from_network(buf);
- if (len >= 0) {
- result=sasl_decode(conn, buf, len, &recv_data, &recv_len);
- if (result != SASL_OK) {
- printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(conn), result);
- return -1;
- }
- strncpy(buf, recv_data, NET_SEC_BUF_SIZE);
- }
-
- return 0;
- }
-
-int AuthSocket::authenticate_connection_with_kerberos(int netfd) {
- char buf[NET_SEC_BUF_SIZE];
- int result = 0;
- int serverlast = 0;
- sasl_security_properties_t secprops;
- const char *ext_authid = NULL;
- unsigned int len;
- int count;
- const char *data;
- char user_authorized = 0;
- sasl_ssf_t *ssf;
-
- // FIXME
- // Initialize default data structures
- memset(&secprops, 0L, sizeof(secprops));
- secprops.maxbufsize = NET_SEC_BUF_SIZE;
- secprops.max_ssf = UINT_MAX;
-
- result = sasl_server_init(callbacks, "remotefpga");
- if (result != SASL_OK) {
- printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errdetail(conn), result);
- return -1;
- }
-
- result = sasl_server_new(service, localdomain, userdomain, iplocal, ipremote, NULL, serverlast, &conn);
- if (result != SASL_OK) {
- printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errdetail(conn), result);
- return -1;
- }
-
- result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
-
- if (result != SASL_OK) {
- printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errdetail(conn), result);
- free_conn();
- return -1;
- }
-
- puts("[DEBUG] Generating client mechanism list...");
- result = sasl_listmech(conn, ext_authid, NULL, " ", NULL, &data, &len, &count);
- if (result != SASL_OK) {
- printf("[ERROR] Generating client mechanism list returned %s (%d)\n\r", sasl_errdetail(conn), result);
- free_conn();
- return -1;
- }
-
- printf("[DEBUG] Sending list of %d mechanism(s)\n\r", count);
- send_sasl_data_to_network(data, len, netfd);
-
- printf("[DEBUG] Waiting for client mechanism...\n\r");
- len = get_sasl_data_from_network(buf);
- if (strlen(buf) < len) {
- printf("[DEBUG] Initial response received (%d < %d) [%s]\n\r", strlen(buf), len, buf);
- // An initial response is present
- data = buf + strlen(buf) + 1;
- len = len - (unsigned) strlen(buf) - 1;
+ return 0;
}
else {
- data = NULL;
- len = 0;
- }
- result = sasl_server_start(conn, buf, data, len, &data, &len);
- if (result != SASL_OK && result != SASL_CONTINUE) {
- printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errdetail(conn), result);
- free_conn();
return -1;
}
-
- while (result == SASL_CONTINUE) {
- if (data) {
- printf("[DEBUG] Sending response...\n\r");
- send_sasl_data_to_network(data, len, netfd);
- }
- else {
- printf("[ERROR] No data to send!\n\r");
- free_conn();
- return -1;
- }
- printf("[DEBUG] Waiting for client reply...\n\r");
- len = get_sasl_data_from_network(buf);
- data = NULL;
- result = sasl_server_step(conn, buf, len, &data, &len);
- if (result != SASL_OK && result != SASL_CONTINUE) {
- printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errdetail(conn), result);
- free_conn();
- return -1;
- }
- }
- printf("[DEBUG] Negotiation complete\n\r");
-
- if(serverlast && data) {
- printf("[DEBUG] Additional information needed to be sent\n\r");
- send_sasl_data_to_network(data, len, netfd);
- }
-
- result = sasl_getprop(conn, SASL_USERNAME, (const void **)&data);
- if (result != SASL_OK) {
- printf("[WARNING] Unable to determine authenticated username!\n\r");
- }
- else {
- printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
- }
-
- result = sasl_getprop(conn, SASL_DEFUSERREALM, (const void **)&data);
- if (result != SASL_OK) {
- printf("[WARNING] Unable to determine authenticated realm!\n\r");
- }
- else {
- printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
- }
-
- result = sasl_getprop(conn, SASL_SSF, (const void **)&ssf);
- if (result != SASL_OK) {
- printf("[WARNING] Unable to determine SSF!\n\r");
- }
- else {
- printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
- }
-
- // RAJA FIXME
- if (user_authorized == 1) {
- // Send list of available servers...
- write_data_to_client(netfd, "OK�", strlen("OK�"));
- }
-
- write_data_to_client(netfd, "TESTING", strlen("TESTING"));
-
- return 0;
}
/*
diff --git a/servers/auth_server_lin/src/auth_conn.h b/servers/auth_server_lin/src/auth_conn.h
index 9b4e28e..7c9d000 100644
--- a/servers/auth_server_lin/src/auth_conn.h
+++ b/servers/auth_server_lin/src/auth_conn.h
@@ -29,11 +29,9 @@
#include <tqpushbutton.h>
#include <tqtextstream.h>
-#include <sasl.h>
-#include <saslplug.h>
-#include <saslutil.h>
+#include <tdekrbserversocket.h>
-class AuthSocket : public TQSocket
+class AuthSocket : public TDEKerberosServerSocket
{
Q_OBJECT
@@ -45,27 +43,8 @@ class AuthSocket : public TQSocket
void close();
int initiateKerberosHandshake();
- private:
- void free_conn(void);
- void send_sasl_data_to_network(const char *buffer, unsigned length, int netfd);
- unsigned int get_sasl_data_from_network(char *buf);
- int write_data_to_client(int fd, const char* readbuf, int cc);
- int receive_data_from_client(char *buf, int netfd);
- int authenticate_connection_with_kerberos(int netfd);
-
- sasl_callback_t callbacks[];
-
private slots:
void connectionClosedHandler();
-
- private:
- char *iplocal;
- char *ipremote;
- char *searchpath;
- const char *service;
- char *localdomain;
- char *userdomain;
- sasl_conn_t *conn;
private:
int line;