uLab
/
remotelaboratory
mirror of https://mirror.git.trinitydesktop.org/gitea/uLab/remotelaboratory
0
0
Fork 0
Code Issues Releases Wiki Activity

Use separate kerberos library

Browse Source
master
Timothy Pearson 12 years ago
parent 35dc01b709
commit 0c68d7df39
7 changed files with 6 additions and 482 deletions
Show Stats Download Patch File Download Diff File

2
clients/tde/src/Makefile.am
Unescape View File

@ -1,3 +1,3 @@
SUBDIRS = lib widgets app part
SUBDIRS = widgets app part
INCLUDES = $(all_includes)
METASOURCES = AUTO

6
clients/tde/src/app/Makefile.am
Unescape View File

@ -1,9 +1,9 @@
SUBDIRS = views
INCLUDES = $(all_includes) -I$(top_srcdir)/src
INCLUDES = $(all_includes) -I$(top_srcdir)/src $(KDE_INCLUDES)/tde
METASOURCES = AUTO
# Application
bin_PROGRAMS = remote_laboratory_client
remote_laboratory_client_SOURCES = main.cpp remotemdi.cpp
remote_laboratory_client_LDADD = ../lib/libtdekrbsocket.la ./views/libinstrumentview.la $(LIB_KPARTS) $(LIB_TDEUI)
remote_laboratory_client_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -lkmdi
remote_laboratory_client_LDADD = ./views/libinstrumentview.la $(LIB_KPARTS) $(LIB_TDEUI)
remote_laboratory_client_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -lkmdi -ltdekrbsocket

2
clients/tde/src/app/remotemdi.h
Unescape View File

@ -11,7 +11,7 @@
#include <tqvaluelist.h>
#include <kmdimainfrm.h>
#include "lib/tdekrbsocket.h"
#include "tdekrbsocket.h"
class KMdiChildView;
class KListBox;

5
clients/tde/src/lib/Makefile.am
Unescape View File

@ -1,5 +0,0 @@
INCLUDES = $(all_includes) -I/usr/include/sasl
METASOURCES = AUTO
noinst_LTLIBRARIES = libtdekrbsocket.la
libtdekrbsocket_la_SOURCES = tdekrbsocket.cpp
libtdekrbsocket_la_LDFLAGS = -lsasl2

404
clients/tde/src/lib/tdekrbsocket.cpp
Unescape View File

@ -1,404 +0,0 @@
/***************************************************************************
* Copyright (C) 2012 by Timothy Pearson *
* kb9vqf@pearsoncomputing.net *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#include <stdlib.h>
#include <unistd.h>
#include <tqapplication.h>
#include <sasl.h>
#include <saslplug.h>
#include <saslutil.h>
#include "tdekrbsocket.h"
#define NET_SEC_BUF_SIZE (2048)
class SASLDataPrivate
{
public:
sasl_callback_t m_callbacks[N_CALLBACKS];
sasl_conn_t *m_krbConnection;
};
static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
const char *label;
if (!message) {
return SASL_BADPARAM;
}
switch (priority) {
case SASL_LOG_ERR:
label = "Error";
break;
case SASL_LOG_NOTE:
label = "Info";
break;
default:
label = "Other";
break;
}
printf("[SASL %s] %s\n\r", label, message);
return SASL_OK;
}
TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false) {
saslData = new SASLDataPrivate;
saslData->m_krbConnection = NULL;
}
TDEKerberosClientSocket::~TDEKerberosClientSocket() {
delete saslData;
}
bool TDEKerberosClientSocket::open(int mode) {
bool ret = TQSocket::open(mode);
if (m_kerberosRequested) {
initializeKerberosInterface();
}
return ret;
}
void TDEKerberosClientSocket::close() {
TQSocket::close();
}
int TDEKerberosClientSocket::setUsingKerberos(bool krbactive) {
int ret = 0;
if (m_serviceName == "") {
printf("[ERROR] No service name set!\n\r"); fflush(stdout);
return -1;
}
if (krbactive) {
m_kerberosRequested = true;
if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) {
ret = initializeKerberosInterface();
}
}
else {
m_kerberosRequested = false;
if (saslData->m_krbConnection) {
freeKerberosConnection();
}
}
return ret;
}
void TDEKerberosClientSocket::setServiceName(TQString name) {
m_serviceName = name;
}
void TDEKerberosClientSocket::setServerFQDN(TQString name) {
m_serverFQDN = name;
}
Q_LONG TDEKerberosClientSocket::readBlock(char *data, Q_ULONG maxlen) {
Q_LONG ret = TQSocket::readBlock(data, maxlen);
return ret;
}
Q_LONG TDEKerberosClientSocket::writeBlock(const char *data, Q_ULONG len) {
Q_LONG ret = TQSocket::writeBlock(data, len);
return ret;
}
Q_LONG TDEKerberosClientSocket::readLine(char *data, Q_ULONG maxlen) {
Q_LONG ret;
if (m_kerberosRequested) {
ret = getSASLDataFromNetwork(data, maxlen);
}
else {
ret = TQSocket::readLine(data, maxlen);
}
return ret;
}
TQString TDEKerberosClientSocket::readLine() {
TQString ret;
char buf[NET_SEC_BUF_SIZE];
if (m_kerberosRequested) {
receiveEncryptedData(buf, NET_SEC_BUF_SIZE);
ret = TQString(buf);
}
else {
ret = TQSocket::readLine();
}
return ret;
}
void TDEKerberosClientSocket::writeLine(TQString str) {
if (m_kerberosRequested) {
transmitEncryptedData(socket(), str.ascii(), str.length());
}
else {
TQSocket::writeBlock(str.ascii(), str.length());
}
}
void TDEKerberosClientSocket::freeKerberosConnection(void) {
if (saslData->m_krbConnection) {
sasl_dispose(&saslData->m_krbConnection);
}
saslData->m_krbConnection = 0;
}
void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd) {
char *buf;
unsigned len, alloclen;
int result;
char txbuf[NET_SEC_BUF_SIZE];
alloclen = ((length / 3) + 1) * 4 + 1;
buf = (char*)malloc(alloclen);
if (!buf) {
printf("[ERROR] Unable to malloc()!\n\r");
return;
}
result = sasl_encode64(buffer, length, buf, alloclen, &len);
if (result != SASL_OK) {
printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
return;
}
sprintf(txbuf, "%s\n", buf);
write(netfd, txbuf, strlen(txbuf));
free(buf);
}
unsigned int TDEKerberosClientSocket::getSASLDataFromNetwork(char *buf, int trunclen) {
unsigned int len;
int result;
len = 0;
while (1) {
tqApp->processEvents();
if (state() != TQSocket::Connected) {
return -1;
}
if (TQSocket::readBlock(buf+len, 1) > 0) {
if (buf[len] == '\n') {
buf[len] = 0;
break;
}
if (buf[len] != '\r') {
len++;
}
}
if (len >= trunclen) {
break;
}
}
len = strlen(buf);
result = sasl_decode64(buf, (unsigned) strlen(buf), buf, trunclen, &len);
if (result != SASL_OK) {
printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
return -1;
}
buf[len] = '\0';
return len;
}
int TDEKerberosClientSocket::transmitEncryptedData(int fd, const char* readbuf, int cc) {
int result = 0;
unsigned int len;
const char *data;
result=sasl_encode(saslData->m_krbConnection, readbuf, cc, &data, &len);
if (result != SASL_OK) {
printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
return -1;
}
sendSASLDataToNetwork(data, len, fd);
return 0;
}
int TDEKerberosClientSocket::receiveEncryptedData(char *buf, int trunclen) {
unsigned int recv_len;
const char *recv_data;
int result;
int len;
len = getSASLDataFromNetwork(buf, trunclen);
if (len >= 0) {
result=sasl_decode(saslData->m_krbConnection, buf, len, &recv_data, &recv_len);
if (result != SASL_OK) {
printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
return -1;
}
strncpy(buf, recv_data, trunclen);
}
return 0;
}
int TDEKerberosClientSocket::initializeKerberosInterface() {
if (state() != TQSocket::Connected) {
saslData->m_krbConnection = false;
return -1;
}
sasl_callback_t *callback;
char buf[NET_SEC_BUF_SIZE];
int result = 0;
int serverlast = 0;
sasl_security_properties_t secprops;
const char *chosenmech;
unsigned int len;
const char *data;
char user_authorized = 0;
sasl_ssf_t *ssf;
char *iplocal = NULL;
char *ipremote = NULL;
const char *service = m_serviceName.ascii();
const char *fqdn = m_serverFQDN.ascii();
callback = saslData->m_callbacks;
// log
callback->id = SASL_CB_LOG;
callback->proc = (sasl_callback_ft)&logSASLMessages;
callback->context = NULL;
++callback;
// end of callback list
callback->id = SASL_CB_LIST_END;
callback->proc = NULL;
callback->context = NULL;
++callback;
// Initialize default data structures
memset(&secprops, 0L, sizeof(secprops));
secprops.maxbufsize = NET_SEC_BUF_SIZE;
secprops.max_ssf = UINT_MAX;
result = sasl_client_init(saslData->m_callbacks);
if (result != SASL_OK) {
printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
return -1;
}
result = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection);
if (result != SASL_OK) {
printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
return -1;
}
result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops);
if (result != SASL_OK) {
printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
freeKerberosConnection();
return -1;
}
printf("[DEBUG] Waiting for mechanism list from server...\n\r");
len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
printf("Choosing best mechanism from: %s\n", buf);
result = sasl_client_start(saslData->m_krbConnection, buf, NULL, &data, &len, &chosenmech);
if (result != SASL_OK && result != SASL_CONTINUE) {
printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
freeKerberosConnection();
return -1;
}
printf("[DEBUG] Using mechanism %s\n\r", chosenmech);
strcpy(buf, chosenmech);
if (data) {
if (NET_SEC_BUF_SIZE - strlen(buf) - 1 < len) {
printf("[ERROR] Insufficient buffer space to construct initial response!\n\r");
freeKerberosConnection();
return -1;
}
printf("[DEBUG] Preparing initial response...\n\r");
memcpy(buf + strlen(buf) + 1, data, len);
len += (unsigned) strlen(buf) + 1;
data = NULL;
}
else {
len = (unsigned) strlen(buf);
}
printf("[DEBUG] Sending initial response...\n\r");
sendSASLDataToNetwork(buf, len, socket());
while (result == SASL_CONTINUE) {
printf("[DEBUG] Waiting for server reply...\n\r");
len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
if (state() != TQSocket::Connected) {
return -1;
}
result = sasl_client_step(saslData->m_krbConnection, buf, len, NULL, &data, &len);
if (result != SASL_OK && result != SASL_CONTINUE) {
printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
freeKerberosConnection();
return -1;
}
if (data && len) {
printf("[DEBUG] Sending response...\n\r");
sendSASLDataToNetwork(data, len, socket());
}
else if (result != SASL_OK || !serverlast) {
sendSASLDataToNetwork("", 0, socket());
}
}
printf("[DEBUG] Negotiation complete!\n\r");
result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
if (result != SASL_OK) {
printf("[WARNING] Unable to determine authenticated username!\n\r");
}
else {
printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
}
result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
if (result != SASL_OK) {
printf("[WARNING] Unable to determine authenticated realm!\n\r");
}
else {
printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
}
result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
if (result != SASL_OK) {
printf("[WARNING] Unable to determine SSF!\n\r");
}
else {
printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
}
return 0;
}

67
clients/tde/src/lib/tdekrbsocket.h
Unescape View File

@ -1,67 +0,0 @@
/***************************************************************************
* Copyright (C) 2012 by Timothy Pearson *
* kb9vqf@pearsoncomputing.net *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
#ifndef TDEKRBSOCKET_H
#define TDEKRBSOCKET_H
#include <tqsocket.h>
#define N_CALLBACKS 3
class SASLDataPrivate;
class TDEKerberosClientSocket : public TQSocket
{
Q_OBJECT
public:
TDEKerberosClientSocket(TQObject *parent=0, const char *name=0);
virtual ~TDEKerberosClientSocket();
bool open(int mode);
void close();
Q_LONG readBlock(char *data, Q_ULONG maxlen);
Q_LONG writeBlock(const char *data, Q_ULONG len);
Q_LONG readLine(char *data, Q_ULONG maxlen);
TQString readLine();
void writeLine(TQString);
int setUsingKerberos(bool krbactive);
void setServiceName(TQString name);
void setServerFQDN(TQString name);
private:
int initializeKerberosInterface();
void freeKerberosConnection();
void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
unsigned int getSASLDataFromNetwork(char *buf, int trunclen);
int transmitEncryptedData(int fd, const char* readbuf, int cc);
int receiveEncryptedData(char *buf, int trunclen);
private:
bool m_kerberosRequested;
TQString m_serviceName;
TQString m_serverFQDN;
private:
SASLDataPrivate *saslData;
};
#endif // TDEKRBSOCKET_H

2
clients/tde/src/part/commanalyzer/Makefile.am
Unescape View File

@ -3,7 +3,7 @@ METASOURCES = AUTO
#Part
kde_module_LTLIBRARIES = libremotelab_commanalyzer.la
libremotelab_commanalyzer_la_LIBADD = ../../lib/libtdekrbsocket.la ../../widgets/libtracewidget.la ../../widgets/libfloatspinbox.la $(LIB_KFILE) $(LIB_KPARTS) $(LIB_TDEUI) $(LIB_QT)
libremotelab_commanalyzer_la_LIBADD = ../../widgets/libtracewidget.la ../../widgets/libfloatspinbox.la $(LIB_KFILE) $(LIB_KPARTS) $(LIB_TDEUI) $(LIB_QT)
libremotelab_commanalyzer_la_LDFLAGS = $(all_libraries) $(KDE_PLUGIN) -ltdecore -ltdeui -lkio -ltdefx
libremotelab_commanalyzer_la_SOURCES = \
part.cpp layout.ui

Write Preview
Loading…
Cancel
Save