|
|
|
|
/***************************************************************************
|
|
|
|
|
* Copyright (C) 2012 by Timothy Pearson *
|
|
|
|
|
* kb9vqf@pearsoncomputing.net *
|
|
|
|
|
* *
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify *
|
|
|
|
|
* it under the terms of the GNU General Public License as published by *
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or *
|
|
|
|
|
* (at your option) any later version. *
|
|
|
|
|
* *
|
|
|
|
|
* This program is distributed in the hope that it will be useful, *
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
|
|
|
* GNU General Public License for more details. *
|
|
|
|
|
* *
|
|
|
|
|
* You should have received a copy of the GNU General Public License *
|
|
|
|
|
* along with this program; if not, write to the *
|
|
|
|
|
* Free Software Foundation, Inc., *
|
|
|
|
|
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
|
|
|
|
***************************************************************************/
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
#include <tqapplication.h>
|
|
|
|
|
|
|
|
|
|
#include <sasl.h>
|
|
|
|
|
#include <saslplug.h>
|
|
|
|
|
#include <saslutil.h>
|
|
|
|
|
|
|
|
|
|
#include "tdekrbserversocket.h"
|
|
|
|
|
|
|
|
|
|
#define NET_SEC_BUF_SIZE (2048)
|
|
|
|
|
|
|
|
|
|
/* exception handling */
|
|
|
|
|
struct exit_exception {
|
|
|
|
|
int c;
|
|
|
|
|
exit_exception(int c):c(c) { }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
class SASLDataPrivate
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
sasl_callback_t m_callbacks[N_CALLBACKS];
|
|
|
|
|
sasl_conn_t *m_krbConnection;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const char * safe_sasl_errdetail(sasl_conn_t *conn) {
|
|
|
|
|
const char * str = sasl_errdetail(conn);
|
|
|
|
|
if (str) {
|
|
|
|
|
return str;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return "unknown error";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
|
|
|
|
|
const char *label;
|
|
|
|
|
|
|
|
|
|
if (!message) {
|
|
|
|
|
return SASL_BADPARAM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (priority) {
|
|
|
|
|
case SASL_LOG_ERR:
|
|
|
|
|
label = "Error";
|
|
|
|
|
break;
|
|
|
|
|
case SASL_LOG_NOTE:
|
|
|
|
|
label = "Info";
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
label = "Other";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
printf("[SASL %s] %s\n\r", label, message);
|
|
|
|
|
|
|
|
|
|
return SASL_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TDEKerberosServerSocket::TDEKerberosServerSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE), m_criticalSection(0) {
|
|
|
|
|
saslData = new SASLDataPrivate;
|
|
|
|
|
saslData->m_krbConnection = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TDEKerberosServerSocket::~TDEKerberosServerSocket() {
|
|
|
|
|
delete saslData;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool TDEKerberosServerSocket::open(int mode) {
|
|
|
|
|
bool ret = TQSocket::open(mode);
|
|
|
|
|
if (m_kerberosRequested) {
|
|
|
|
|
initializeKerberosInterface();
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void TDEKerberosServerSocket::close() {
|
|
|
|
|
TQSocket::close();
|
|
|
|
|
if (m_criticalSection > 0) {
|
|
|
|
|
throw exit_exception(-1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int TDEKerberosServerSocket::setUsingKerberos(bool krbactive) {
|
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
|
|
if (m_serviceName == "") {
|
|
|
|
|
printf("[ERROR] No service name set!\n\r"); fflush(stdout);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (krbactive) {
|
|
|
|
|
m_kerberosRequested = true;
|
|
|
|
|
if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) {
|
|
|
|
|
ret = initializeKerberosInterface();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
m_kerberosRequested = false;
|
|
|
|
|
if (saslData->m_krbConnection) {
|
|
|
|
|
freeKerberosConnection();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void TDEKerberosServerSocket::setServiceName(TQString name) {
|
|
|
|
|
m_serviceName = name;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void TDEKerberosServerSocket::setServerFQDN(TQString name) {
|
|
|
|
|
m_serverFQDN = name;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQ_LONG TDEKerberosServerSocket::readBlock(char *data, TQ_ULONG maxlen) {
|
|
|
|
|
TQ_LONG ret;
|
|
|
|
|
|
|
|
|
|
if (m_kerberosRequested) {
|
|
|
|
|
ret = receiveEncryptedData(data, maxlen);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
ret = TQSocket::readBlock(data, maxlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQ_LONG TDEKerberosServerSocket::writeBlock(const char *data, TQ_ULONG len) {
|
|
|
|
|
TQ_LONG ret;
|
|
|
|
|
|
|
|
|
|
if (m_kerberosRequested) {
|
|
|
|
|
ret = transmitEncryptedData(socket(), data, len);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
ret = TQSocket::writeBlock(data, len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQ_LONG TDEKerberosServerSocket::readLine(char *data, TQ_ULONG maxlen) {
|
|
|
|
|
TQ_LONG ret;
|
|
|
|
|
|
|
|
|
|
if (m_kerberosRequested) {
|
|
|
|
|
ret = receiveEncryptedData(data, maxlen);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
ret = TQSocket::readLine(data, maxlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQString TDEKerberosServerSocket::readLine() {
|
|
|
|
|
TQString ret;
|
|
|
|
|
char *buf;
|
|
|
|
|
|
|
|
|
|
if (m_kerberosRequested) {
|
|
|
|
|
buf = (char*)malloc(m_negotiatedMaxBufferSize);
|
|
|
|
|
receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
|
|
|
|
|
ret = TQString(buf);
|
|
|
|
|
free(buf);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
ret = TQSocket::readLine();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void TDEKerberosServerSocket::writeLine(TQString str) {
|
|
|
|
|
if (m_kerberosRequested) {
|
|
|
|
|
transmitEncryptedData(socket(), str.ascii(), str.length());
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
TQSocket::writeBlock(str.ascii(), str.length());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void TDEKerberosServerSocket::freeKerberosConnection(void) {
|
|
|
|
|
if (saslData->m_krbConnection) {
|
|
|
|
|
sasl_dispose(&saslData->m_krbConnection);
|
|
|
|
|
}
|
|
|
|
|
saslData->m_krbConnection = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void TDEKerberosServerSocket::sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd) {
|
|
|
|
|
char *buf;
|
|
|
|
|
unsigned len, alloclen;
|
|
|
|
|
int result;
|
|
|
|
|
|
|
|
|
|
alloclen = ((length / 3) + 1) * 4 + 1;
|
|
|
|
|
buf = (char*)malloc(alloclen);
|
|
|
|
|
if (!buf) {
|
|
|
|
|
printf("[ERROR] Unable to malloc()!\n\r");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = sasl_encode64(buffer, length, buf, alloclen, &len);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
len = strlen(buf);
|
|
|
|
|
buf[len] = '\n';
|
|
|
|
|
buf[len+1] = 0;
|
|
|
|
|
write(netfd, buf, len+1);
|
|
|
|
|
|
|
|
|
|
free(buf);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int TDEKerberosServerSocket::getSASLDataFromNetwork(char *buf, int trunclen) {
|
|
|
|
|
m_criticalSection++;
|
|
|
|
|
try {
|
|
|
|
|
unsigned int len;
|
|
|
|
|
int result;
|
|
|
|
|
|
|
|
|
|
TQByteArray ba(2048);
|
|
|
|
|
|
|
|
|
|
len = 0;
|
|
|
|
|
while (1) {
|
|
|
|
|
tqApp->processEvents();
|
|
|
|
|
if (state() != TQSocket::Connected) {
|
|
|
|
|
m_criticalSection--;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (TQSocket::readBlock(ba.data()+len, 1) > 0) {
|
|
|
|
|
if (ba.data()[len] == '\n') {
|
|
|
|
|
ba.data()[len] = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (ba.data()[len] != '\r') {
|
|
|
|
|
len++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
usleep(1000);
|
|
|
|
|
}
|
|
|
|
|
if (len >= (ba.size()-1)) {
|
|
|
|
|
ba.resize(ba.size()+2048);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
len = strlen(ba.data());
|
|
|
|
|
result = sasl_decode64(ba.data(), strlen(ba.data()), buf, trunclen, &len);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
|
|
|
|
m_criticalSection--;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
buf[len] = '\0';
|
|
|
|
|
|
|
|
|
|
m_criticalSection--;
|
|
|
|
|
return len;
|
|
|
|
|
}
|
|
|
|
|
catch(exit_exception& e) {
|
|
|
|
|
m_criticalSection--;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int TDEKerberosServerSocket::transmitEncryptedData(int fd, const char* readbuf, int cc) {
|
|
|
|
|
int result = 0;
|
|
|
|
|
unsigned int len;
|
|
|
|
|
const char *data;
|
|
|
|
|
|
|
|
|
|
result=sasl_encode(saslData->m_krbConnection, readbuf, cc, &data, &len);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[ERROR] Encrypting data returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
sendSASLDataToNetwork(data, len, fd);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int TDEKerberosServerSocket::receiveEncryptedData(char *buf, int trunclen) {
|
|
|
|
|
unsigned int recv_len;
|
|
|
|
|
const char *recv_data;
|
|
|
|
|
int result;
|
|
|
|
|
int len;
|
|
|
|
|
|
|
|
|
|
char *encbuf = (char*)malloc(m_negotiatedMaxBufferSize);
|
|
|
|
|
len = getSASLDataFromNetwork(encbuf, m_negotiatedMaxBufferSize);
|
|
|
|
|
if (len < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (len >= 0) {
|
|
|
|
|
result=sasl_decode(saslData->m_krbConnection, encbuf, len, &recv_data, &recv_len);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
free(encbuf);
|
|
|
|
|
printf("[ERROR] Decrypting data returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (recv_len > trunclen) {
|
|
|
|
|
recv_len = trunclen;
|
|
|
|
|
}
|
|
|
|
|
memcpy(buf, recv_data, recv_len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(encbuf);
|
|
|
|
|
return recv_len;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int TDEKerberosServerSocket::initializeKerberosInterface() {
|
|
|
|
|
if (state() != TQSocket::Connected) {
|
|
|
|
|
saslData->m_krbConnection = false;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sasl_callback_t *callback;
|
|
|
|
|
char buf[NET_SEC_BUF_SIZE];
|
|
|
|
|
int result = 0;
|
|
|
|
|
int serverlast = 0;
|
|
|
|
|
sasl_security_properties_t secprops;
|
|
|
|
|
const char *ext_authid = NULL;
|
|
|
|
|
unsigned int len;
|
|
|
|
|
int slen;
|
|
|
|
|
int count;
|
|
|
|
|
const char *data;
|
|
|
|
|
char user_authorized = 0;
|
|
|
|
|
sasl_ssf_t *ssf;
|
|
|
|
|
|
|
|
|
|
// FIXME
|
|
|
|
|
// Populate these fields!
|
|
|
|
|
char *iplocal = NULL;
|
|
|
|
|
char *ipremote = NULL;
|
|
|
|
|
char *localdomain = NULL;
|
|
|
|
|
char *userdomain = NULL;
|
|
|
|
|
|
|
|
|
|
callback = saslData->m_callbacks;
|
|
|
|
|
|
|
|
|
|
// log
|
|
|
|
|
callback->id = SASL_CB_LOG;
|
|
|
|
|
callback->proc = (sasl_callback_ft)&logSASLMessages;
|
|
|
|
|
callback->context = NULL;
|
|
|
|
|
++callback;
|
|
|
|
|
|
|
|
|
|
// end of callback list
|
|
|
|
|
callback->id = SASL_CB_LIST_END;
|
|
|
|
|
callback->proc = NULL;
|
|
|
|
|
callback->context = NULL;
|
|
|
|
|
++callback;
|
|
|
|
|
|
|
|
|
|
// Initialize default data structures
|
|
|
|
|
memset(&secprops, 0L, sizeof(secprops));
|
|
|
|
|
secprops.maxbufsize = NET_SEC_BUF_SIZE;
|
|
|
|
|
secprops.max_ssf = UINT_MAX;
|
|
|
|
|
|
|
|
|
|
result = sasl_server_init(saslData->m_callbacks, m_serviceName.ascii());
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = sasl_server_new(m_serviceName.ascii(), localdomain, userdomain, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops);
|
|
|
|
|
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[ERROR] Setting security properties returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
freeKerberosConnection();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
puts("[DEBUG] Generating client mechanism list...");
|
|
|
|
|
result = sasl_listmech(saslData->m_krbConnection, ext_authid, NULL, " ", NULL, &data, &len, &count);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[ERROR] Generating client mechanism list returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
freeKerberosConnection();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
printf("[DEBUG] Sending list of %d mechanism(s)\n\r", count);
|
|
|
|
|
sendSASLDataToNetwork(data, len, socket());
|
|
|
|
|
|
|
|
|
|
printf("[DEBUG] Waiting for client mechanism...\n\r");
|
|
|
|
|
slen = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
|
|
|
|
|
if (slen < 0) {
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
len = slen;
|
|
|
|
|
if (strlen(buf) < len) {
|
|
|
|
|
printf("[DEBUG] Initial response received\n\r");
|
|
|
|
|
// An initial response is present
|
|
|
|
|
data = buf + strlen(buf) + 1;
|
|
|
|
|
len = len - (unsigned) strlen(buf) - 1;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
data = NULL;
|
|
|
|
|
len = 0;
|
|
|
|
|
}
|
|
|
|
|
result = sasl_server_start(saslData->m_krbConnection, buf, data, len, &data, &len);
|
|
|
|
|
if (result != SASL_OK && result != SASL_CONTINUE) {
|
|
|
|
|
printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
freeKerberosConnection();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (result == SASL_CONTINUE) {
|
|
|
|
|
if (data) {
|
|
|
|
|
printf("[DEBUG] Sending response...\n\r");
|
|
|
|
|
sendSASLDataToNetwork(data, len, socket());
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
printf("[ERROR] No data to send!\n\r");
|
|
|
|
|
freeKerberosConnection();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
printf("[DEBUG] Waiting for client reply...\n\r");
|
|
|
|
|
slen = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
|
|
|
|
|
if (slen < 0) {
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
len = slen;
|
|
|
|
|
data = NULL;
|
|
|
|
|
result = sasl_server_step(saslData->m_krbConnection, buf, len, &data, &len);
|
|
|
|
|
if (result != SASL_OK && result != SASL_CONTINUE) {
|
|
|
|
|
printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", safe_sasl_errdetail(saslData->m_krbConnection), result);
|
|
|
|
|
freeKerberosConnection();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
printf("[DEBUG] Negotiation complete\n\r");
|
|
|
|
|
|
|
|
|
|
if(serverlast && data) {
|
|
|
|
|
printf("[DEBUG] Additional information needed to be sent\n\r");
|
|
|
|
|
sendSASLDataToNetwork(data, len, socket());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[WARNING] Unable to determine authenticated username!\n\r");
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
m_authenticatedUserName = data ? data : "(NULL)";
|
|
|
|
|
printf("[DEBUG] Authenticated username: %s\n\r", m_authenticatedUserName.ascii());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[WARNING] Unable to determine authenticated realm!\n\r");
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
m_authenticatedRealmName = data ? data : "(NULL)";
|
|
|
|
|
printf("[DEBUG] Authenticated realm: %s\n\r", m_authenticatedRealmName.ascii());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
|
|
|
|
|
if (result != SASL_OK) {
|
|
|
|
|
printf("[WARNING] Unable to determine SSF!\n\r");
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
