parent
0e11c4ce6d
commit
35dc01b709
@ -0,0 +1 @@
|
||||
Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
@ -0,0 +1 @@
|
||||
2012-05-17 - Initial Release
|
@ -0,0 +1,167 @@
|
||||
Basic Installation
|
||||
==================
|
||||
|
||||
These are generic installation instructions.
|
||||
|
||||
The `configure' shell script attempts to guess correct values for
|
||||
various system-dependent variables used during compilation. It uses
|
||||
those values to create a `Makefile' in each directory of the package.
|
||||
It may also create one or more `.h' files containing system-dependent
|
||||
definitions. Finally, it creates a shell script `config.status' that
|
||||
you can run in the future to recreate the current configuration, a file
|
||||
`config.cache' that saves the results of its tests to speed up
|
||||
reconfiguring, and a file `config.log' containing compiler output
|
||||
(useful mainly for debugging `configure').
|
||||
|
||||
If you need to do unusual things to compile the package, please try
|
||||
to figure out how `configure' could check whether to do them, and mail
|
||||
diffs or instructions to the address given in the `README' so they can
|
||||
be considered for the next release. If at some point `config.cache'
|
||||
contains results you don't want to keep, you may remove or edit it.
|
||||
|
||||
The file `configure.in' is used to create `configure' by a program
|
||||
called `autoconf'. You only need `configure.in' if you want to change
|
||||
it or regenerate `configure' using a newer version of `autoconf'.
|
||||
|
||||
The simplest way to compile this package is:
|
||||
|
||||
1. `cd' to the directory containing the package's source code and type
|
||||
`./configure' to configure the package for your system. If you're
|
||||
using `csh' on an old version of System V, you might need to type
|
||||
`sh ./configure' instead to prevent `csh' from trying to execute
|
||||
`configure' itself.
|
||||
|
||||
Running `configure' takes a while. While running, it prints some
|
||||
messages telling which features it is checking for.
|
||||
|
||||
2. Type `make' to compile the package.
|
||||
|
||||
3. Type `make install' to install the programs and any data files and
|
||||
documentation.
|
||||
|
||||
4. You can remove the program binaries and object files from the
|
||||
source code directory by typing `make clean'.
|
||||
|
||||
Compilers and Options
|
||||
=====================
|
||||
|
||||
Some systems require unusual options for compilation or linking that
|
||||
the `configure' script does not know about. You can give `configure'
|
||||
initial values for variables by setting them in the environment. Using
|
||||
a Bourne-compatible shell, you can do that on the command line like
|
||||
this:
|
||||
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
|
||||
|
||||
Or on systems that have the `env' program, you can do it like this:
|
||||
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
|
||||
|
||||
Compiling For Multiple Architectures
|
||||
====================================
|
||||
|
||||
You can compile the package for more than one kind of computer at the
|
||||
same time, by placing the object files for each architecture in their
|
||||
own directory. To do this, you must use a version of `make' that
|
||||
supports the `VPATH' variable, such as GNU `make'. `cd' to the
|
||||
directory where you want the object files and executables to go and run
|
||||
the `configure' script. `configure' automatically checks for the
|
||||
source code in the directory that `configure' is in and in `..'.
|
||||
|
||||
If you have to use a `make' that does not supports the `VPATH'
|
||||
variable, you have to compile the package for one architecture at a time
|
||||
in the source code directory. After you have installed the package for
|
||||
one architecture, use `make distclean' before reconfiguring for another
|
||||
architecture.
|
||||
|
||||
Installation Names
|
||||
==================
|
||||
|
||||
By default, `make install' will install the package's files in
|
||||
`/usr/local/bin', `/usr/local/man', etc. You can specify an
|
||||
installation prefix other than `/usr/local' by giving `configure' the
|
||||
option `--prefix=PATH'.
|
||||
|
||||
You can specify separate installation prefixes for
|
||||
architecture-specific files and architecture-independent files. If you
|
||||
give `configure' the option `--exec-prefix=PATH', the package will use
|
||||
PATH as the prefix for installing programs and libraries.
|
||||
Documentation and other data files will still use the regular prefix.
|
||||
|
||||
If the package supports it, you can cause programs to be installed
|
||||
with an extra prefix or suffix on their names by giving `configure' the
|
||||
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
||||
|
||||
Optional Features
|
||||
=================
|
||||
|
||||
Some packages pay attention to `--enable-FEATURE' options to
|
||||
`configure', where FEATURE indicates an optional part of the package.
|
||||
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
||||
is something like `gnu-as' or `x' (for the X Window System). The
|
||||
`README' should mention any `--enable-' and `--with-' options that the
|
||||
package recognizes.
|
||||
|
||||
For packages that use the X Window System, `configure' can usually
|
||||
find the X include and library files automatically, but if it doesn't,
|
||||
you can use the `configure' options `--x-includes=DIR' and
|
||||
`--x-libraries=DIR' to specify their locations.
|
||||
|
||||
Specifying the System Type
|
||||
==========================
|
||||
|
||||
There may be some features `configure' can not figure out
|
||||
automatically, but needs to determine by the type of host the package
|
||||
will run on. Usually `configure' can figure that out, but if it prints
|
||||
a message saying it can not guess the host type, give it the
|
||||
`--host=TYPE' option. TYPE can either be a short name for the system
|
||||
type, such as `sun4', or a canonical name with three fields:
|
||||
CPU-COMPANY-SYSTEM
|
||||
|
||||
See the file `config.sub' for the possible values of each field. If
|
||||
`config.sub' isn't included in this package, then this package doesn't
|
||||
need to know the host type.
|
||||
|
||||
If you are building compiler tools for cross-compiling, you can also
|
||||
use the `--target=TYPE' option to select the type of system they will
|
||||
produce code for and the `--build=TYPE' option to select the type of
|
||||
system on which you are compiling the package.
|
||||
|
||||
Sharing Defaults
|
||||
================
|
||||
|
||||
If you want to set default values for `configure' scripts to share,
|
||||
you can create a site shell script called `config.site' that gives
|
||||
default values for variables like `CC', `cache_file', and `prefix'.
|
||||
`configure' looks for `PREFIX/share/config.site' if it exists, then
|
||||
`PREFIX/etc/config.site' if it exists. Or, you can set the
|
||||
`CONFIG_SITE' environment variable to the location of the site script.
|
||||
A warning: not all `configure' scripts look for a site script.
|
||||
|
||||
Operation Controls
|
||||
==================
|
||||
|
||||
`configure' recognizes the following options to control how it
|
||||
operates.
|
||||
|
||||
`--cache-file=FILE'
|
||||
Use and save the results of the tests in FILE instead of
|
||||
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
|
||||
debugging `configure'.
|
||||
|
||||
`--help'
|
||||
Print a summary of the options to `configure', and exit.
|
||||
|
||||
`--quiet'
|
||||
`--silent'
|
||||
`-q'
|
||||
Do not print messages saying which checks are being made.
|
||||
|
||||
`--srcdir=DIR'
|
||||
Look for the package's source code in directory DIR. Usually
|
||||
`configure' can determine that directory automatically.
|
||||
|
||||
`--version'
|
||||
Print the version of Autoconf used to generate the `configure'
|
||||
script, and exit.
|
||||
|
||||
`configure' also accepts some other, not widely useful, options.
|
||||
|
@ -0,0 +1,22 @@
|
||||
SUBDIRS = $(TOPSUBDIRS)
|
||||
|
||||
$(top_srcdir)/configure.in: configure.in.in $(top_srcdir)/subdirs
|
||||
cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common configure.in ;
|
||||
|
||||
$(top_srcdir)/subdirs:
|
||||
cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common subdirs
|
||||
|
||||
$(top_srcdir)/acinclude.m4: $(top_srcdir)/admin/acinclude.m4.in $(top_srcdir)/admin/libtool.m4.in
|
||||
@cd $(top_srcdir) && cat admin/acinclude.m4.in admin/libtool.m4.in > acinclude.m4
|
||||
|
||||
MAINTAINERCLEANFILES = subdirs configure.in acinclude.m4 configure.files
|
||||
|
||||
package-messages:
|
||||
cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common package-messages
|
||||
$(MAKE) -C po merge
|
||||
|
||||
EXTRA_DIST = admin COPYING configure.in.in
|
||||
|
||||
dist-hook:
|
||||
cd $(top_distdir) && perl admin/am_edit -padmin
|
||||
cd $(top_distdir) && $(MAKE) -f admin/Makefile.common subdirs
|
@ -0,0 +1,10 @@
|
||||
all:
|
||||
@echo "This Makefile is only for the CVS repository"
|
||||
@echo "This will be deleted before making the distribution"
|
||||
@echo ""
|
||||
$(MAKE) -f admin/Makefile.common cvs
|
||||
|
||||
dist:
|
||||
$(MAKE) -f admin/Makefile.common dist
|
||||
|
||||
.SILENT:
|
@ -0,0 +1 @@
|
||||
Subproject commit 06098efaf31973c11d7dd89ae291e6844b132e1a
|
@ -0,0 +1 @@
|
||||
Subproject commit 477d071b5db5544ace5449f0c2eea6d5c01d693b
|
@ -0,0 +1,2 @@
|
||||
./admin/configure.in.min
|
||||
configure.in.in
|
@ -0,0 +1,6 @@
|
||||
#MIN_CONFIG(3.2.0)
|
||||
|
||||
AM_INIT_AUTOMAKE(autostart, 0.1)
|
||||
AC_C_BIGENDIAN
|
||||
AC_CHECK_KDEMAXPATHLEN
|
||||
|
@ -0,0 +1,5 @@
|
||||
libtdekrb-trinity (0.1-0ubuntu0) karmic; urgency=low
|
||||
|
||||
* Karmic rebuild
|
||||
|
||||
-- Timothy Pearson <kb9vqf@pearsoncomputing.net> Thu, 02 July 2009 16:08:00 -0600
|
@ -0,0 +1 @@
|
||||
5
|
@ -0,0 +1,12 @@
|
||||
Source: libtdekrb-trinity
|
||||
Section: tde
|
||||
Priority: optional
|
||||
Maintainer: Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
||||
Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libsasl2-dev, automake, autoconf, libtool, libltdl-dev
|
||||
Standards-Version: 3.8.4
|
||||
|
||||
Package: libtdekrb-trinity
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||
Description: Kerberos network library for TDE
|
||||
Kerberos network library for TDE.
|
@ -0,0 +1,31 @@
|
||||
This package was debianized by Timothy Pearson <kb9vqf@pearsoncomputing.net> on
|
||||
Thu, 17 May 2012 19:52:51 +0100.
|
||||
|
||||
It was downloaded from http://www.trinitydesktop.org
|
||||
|
||||
Upstream Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
||||
|
||||
copyright (C) 2012 Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
||||
|
||||
License:
|
||||
|
||||
This package is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This package is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this package; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
On Debian systems, the complete text of the GNU General
|
||||
Public License can be found in `/usr/share/common-licenses/GPL'.
|
||||
|
||||
The Debian packaging is (C) 2012, Timothy Pearson <kb9vqf@pearsoncomputing.net> and
|
||||
is licensed under the GPL, see above.
|
||||
|
@ -0,0 +1,24 @@
|
||||
#!/usr/bin/make -f
|
||||
|
||||
include /usr/share/cdbs/1/rules/simple-patchsys.mk
|
||||
include /usr/share/cdbs/1/class/autotools.mk
|
||||
include /usr/share/cdbs/1/rules/debhelper.mk
|
||||
|
||||
DEB_CONFIGURE_INCLUDEDIR := /opt/trinity/include/tde
|
||||
DEB_CONFIGURE_MANDIR := /opt/trinity/share/man
|
||||
DEB_CONFIGURE_PREFIX := /opt/trinity
|
||||
DEB_CONFIGURE_INFODIR := /opt/trinity/share/info
|
||||
|
||||
cdbs_configure_flags := --with-qt-dir=/usr/share/qt3 --disable-rpath --with-xinerama $(cdbs_kde_enable_final) $(cdbs_kde_enable_debug)
|
||||
|
||||
post-patches:: debian/stamp-bootstrap
|
||||
|
||||
debian/stamp-bootstrap:
|
||||
! [ -f /usr/share/libtool/ltmain.sh ] || \
|
||||
cp -f /usr/share/libtool/ltmain.sh admin/ltmain.sh
|
||||
! [ -f /usr/share/libtool/config/ltmain.sh ] || \
|
||||
cp -f /usr/share/libtool/config/ltmain.sh admin/ltmain.sh
|
||||
cp -f /usr/share/aclocal/libtool.m4 admin/libtool.m4.in
|
||||
|
||||
make -f admin/Makefile.common cvs
|
||||
touch debian/stamp-bootstrap
|
@ -0,0 +1,6 @@
|
||||
# the SUBDIRS is filled automatically by am_edit. If files are
|
||||
# in this directory they are installed into the english dir
|
||||
|
||||
KDE_LANG = en
|
||||
KDE_DOCS = autostart
|
||||
SUBDIRS = $(AUTODIRS)
|
@ -0,0 +1,2 @@
|
||||
KDE_DOCS = ldap
|
||||
KDE_LANG = en
|
@ -0,0 +1,2 @@
|
||||
POFILES = AUTO
|
||||
# noinst_HEADERS = ldap.pot
|
@ -0,0 +1,13 @@
|
||||
INCLUDES = $(all_includes) -I/usr/include/sasl
|
||||
METASOURCES = AUTO
|
||||
|
||||
# Create a shared library file
|
||||
lib_LTLIBRARIES = libtdekrbsocket.la
|
||||
|
||||
include_HEADERS = tdekrbsocket.h
|
||||
|
||||
libtdekrbsocket_la_SOURCES = tdekrbsocket.cpp
|
||||
libtdekrbsocket_la_LIBADD = -lkio $(LIB_TDEUI) -lsasl2
|
||||
libtdekrbsocket_la_LDFLAGS = -avoid-version -module -no-undefined \
|
||||
$(all_libraries)
|
||||
|
@ -0,0 +1,404 @@
|
||||
/***************************************************************************
|
||||
* Copyright (C) 2012 by Timothy Pearson *
|
||||
* kb9vqf@pearsoncomputing.net *
|
||||
* *
|
||||
* This program is free software; you can redistribute it and/or modify *
|
||||
* it under the terms of the GNU General Public License as published by *
|
||||
* the Free Software Foundation; either version 2 of the License, or *
|
||||
* (at your option) any later version. *
|
||||
* *
|
||||
* This program is distributed in the hope that it will be useful, *
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||
* GNU General Public License for more details. *
|
||||
* *
|
||||
* You should have received a copy of the GNU General Public License *
|
||||
* along with this program; if not, write to the *
|
||||
* Free Software Foundation, Inc., *
|
||||
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
||||
***************************************************************************/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <tqapplication.h>
|
||||
|
||||
#include <sasl.h>
|
||||
#include <saslplug.h>
|
||||
#include <saslutil.h>
|
||||
|
||||
#include "tdekrbsocket.h"
|
||||
|
||||
#define NET_SEC_BUF_SIZE (2048)
|
||||
|
||||
class SASLDataPrivate
|
||||
{
|
||||
public:
|
||||
sasl_callback_t m_callbacks[N_CALLBACKS];
|
||||
sasl_conn_t *m_krbConnection;
|
||||
};
|
||||
|
||||
static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
|
||||
const char *label;
|
||||
|
||||
if (!message) {
|
||||
return SASL_BADPARAM;
|
||||
}
|
||||
|
||||
switch (priority) {
|
||||
case SASL_LOG_ERR:
|
||||
label = "Error";
|
||||
break;
|
||||
case SASL_LOG_NOTE:
|
||||
label = "Info";
|
||||
break;
|
||||
default:
|
||||
label = "Other";
|
||||
break;
|
||||
}
|
||||
|
||||
printf("[SASL %s] %s\n\r", label, message);
|
||||
|
||||
return SASL_OK;
|
||||
}
|
||||
|
||||
TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false) {
|
||||
saslData = new SASLDataPrivate;
|
||||
saslData->m_krbConnection = NULL;
|
||||
}
|
||||
|
||||
TDEKerberosClientSocket::~TDEKerberosClientSocket() {
|
||||
delete saslData;
|
||||
}
|
||||
|
||||
bool TDEKerberosClientSocket::open(int mode) {
|
||||
bool ret = TQSocket::open(mode);
|
||||
if (m_kerberosRequested) {
|
||||
initializeKerberosInterface();
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
void TDEKerberosClientSocket::close() {
|
||||
TQSocket::close();
|
||||
}
|
||||
|
||||
int TDEKerberosClientSocket::setUsingKerberos(bool krbactive) {
|
||||
int ret = 0;
|
||||
|
||||
if (m_serviceName == "") {
|
||||
printf("[ERROR] No service name set!\n\r"); fflush(stdout);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (krbactive) {
|
||||
m_kerberosRequested = true;
|
||||
if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) {
|
||||
ret = initializeKerberosInterface();
|
||||
}
|
||||
}
|
||||
else {
|
||||
m_kerberosRequested = false;
|
||||
if (saslData->m_krbConnection) {
|
||||
freeKerberosConnection();
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void TDEKerberosClientSocket::setServiceName(TQString name) {
|
||||
m_serviceName = name;
|
||||
}
|
||||
|
||||
void TDEKerberosClientSocket::setServerFQDN(TQString name) {
|
||||
m_serverFQDN = name;
|
||||
}
|
||||
|
||||
Q_LONG TDEKerberosClientSocket::readBlock(char *data, Q_ULONG maxlen) {
|
||||
Q_LONG ret = TQSocket::readBlock(data, maxlen);
|
||||
return ret;
|
||||
}
|
||||
|
||||
Q_LONG TDEKerberosClientSocket::writeBlock(const char *data, Q_ULONG len) {
|
||||
Q_LONG ret = TQSocket::writeBlock(data, len);
|
||||
return ret;
|
||||
}
|
||||
|
||||
Q_LONG TDEKerberosClientSocket::readLine(char *data, Q_ULONG maxlen) {
|
||||
Q_LONG ret;
|
||||
|
||||
if (m_kerberosRequested) {
|
||||
ret = getSASLDataFromNetwork(data, maxlen);
|
||||
}
|
||||
else {
|
||||
ret = TQSocket::readLine(data, maxlen);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
TQString TDEKerberosClientSocket::readLine() {
|
||||
TQString ret;
|
||||
char buf[NET_SEC_BUF_SIZE];
|
||||
|
||||
if (m_kerberosRequested) {
|
||||
receiveEncryptedData(buf, NET_SEC_BUF_SIZE);
|
||||
ret = TQString(buf);
|
||||
}
|
||||
else {
|
||||
ret = TQSocket::readLine();
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void TDEKerberosClientSocket::writeLine(TQString str) {
|
||||
if (m_kerberosRequested) {
|
||||
transmitEncryptedData(socket(), str.ascii(), str.length());
|
||||
}
|
||||
else {
|
||||
TQSocket::writeBlock(str.ascii(), str.length());
|
||||
}
|
||||
}
|
||||
|
||||
void TDEKerberosClientSocket::freeKerberosConnection(void) {
|
||||
if (saslData->m_krbConnection) {
|
||||
sasl_dispose(&saslData->m_krbConnection);
|
||||
}
|
||||
saslData->m_krbConnection = 0;
|
||||
}
|
||||
|
||||
void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd) {
|
||||
char *buf;
|
||||
unsigned len, alloclen;
|
||||
int result;
|
||||
char txbuf[NET_SEC_BUF_SIZE];
|
||||
|
||||
alloclen = ((length / 3) + 1) * 4 + 1;
|
||||
buf = (char*)malloc(alloclen);
|
||||
if (!buf) {
|
||||
printf("[ERROR] Unable to malloc()!\n\r");
|
||||
return;
|
||||
}
|
||||
|
||||
result = sasl_encode64(buffer, length, buf, alloclen, &len);
|
||||
if (result != SASL_OK) {
|
||||
printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||
return;
|
||||
}
|
||||
|
||||
sprintf(txbuf, "%s\n", buf);
|
||||
write(netfd, txbuf, strlen(txbuf));
|
||||
|
||||
free(buf);
|
||||
}
|
||||
|
||||
unsigned int TDEKerberosClientSocket::getSASLDataFromNetwork(char *buf, int trunclen) {
|
||||
unsigned int len;
|
||||
int result;
|
||||
|
||||
len = 0;
|
||||
while (1) {
|
||||
tqApp->processEvents();
|
||||
if (state() != TQSocket::Connected) {
|
||||
return -1;
|
||||
}
|
||||
if (TQSocket::readBlock(buf+len, 1) > 0) {
|
||||
if (buf[len] == '\n') {
|
||||
buf[len] = 0;
|
||||
break;
|
||||
}
|
||||
if (buf[len] != '\r') {
|
||||
len++;
|
||||
}
|
||||
}
|
||||
if (len >= trunclen) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
len = strlen(buf);
|
||||
result = sasl_decode64(buf, (unsigned) strlen(buf), buf, trunclen, &len);
|
||||
if (result != SASL_OK) {
|
||||
printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||
return -1;
|
||||
}
|
||||
buf[len] = '\0';
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
int TDEKerberosClientSocket::transmitEncryptedData(int fd, const char* readbuf, int cc) {
|
||||
int result = 0;
|
||||
unsigned int len;
|
||||
const char *data;
|
||||
|
||||
result=sasl_encode(saslData->m_krbConnection, readbuf, cc, &data, &len);
|
||||
if (result != SASL_OK) {
|
||||
printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
|
||||
return -1;
|
||||
}
|
||||
sendSASLDataToNetwork(data, len, fd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int TDEKerberosClientSocket::receiveEncryptedData(char *buf, int trunclen) {
|
||||
unsigned int recv_len;
|
||||
const char *recv_data;
|
||||
int result;
|
||||
int len;
|
||||
|
||||
len = getSASLDataFromNetwork(buf, trunclen);
|
||||
if (len >= 0) {
|
||||
result=sasl_decode(saslData->m_krbConnection, buf, len, &recv_data, &recv_len);
|
||||
if (result != SASL_OK) {
|
||||
printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
|
||||
return -1;
|
||||
}
|
||||
strncpy(buf, recv_data, trunclen);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int TDEKerberosClientSocket::initializeKerberosInterface() {
|
||||
if (state() != TQSocket::Connected) {
|
||||
saslData->m_krbConnection = false;
|
||||
return -1;
|
||||
}
|
||||
|
||||
sasl_callback_t *callback;
|
||||
char buf[NET_SEC_BUF_SIZE];
|
||||
int result = 0;
|
||||
int serverlast = 0;
|
||||
sasl_security_properties_t secprops;
|
||||
const char *chosenmech;
|
||||
unsigned int len;
|
||||
const char *data;
|
||||
char user_authorized = 0;
|
||||
sasl_ssf_t *ssf;
|
||||
char *iplocal = NULL;
|
||||
char *ipremote = NULL;
|
||||
const char *service = m_serviceName.ascii();
|
||||
const char *fqdn = m_serverFQDN.ascii();
|
||||
|
||||
callback = saslData->m_callbacks;
|
||||
|
||||
// log
|
||||
callback->id = SASL_CB_LOG;
|
||||
callback->proc = (sasl_callback_ft)&logSASLMessages;
|
||||
callback->context = NULL;
|
||||
++callback;
|
||||
|
||||
// end of callback list
|
||||
callback->id = SASL_CB_LIST_END;
|
||||
callback->proc = NULL;
|
||||
callback->context = NULL;
|
||||
++callback;
|
||||
|
||||
// Initialize default data structures
|
||||
memset(&secprops, 0L, sizeof(secprops));
|
||||
secprops.maxbufsize = NET_SEC_BUF_SIZE;
|
||||
secprops.max_ssf = UINT_MAX;
|
||||
|
||||
result = sasl_client_init(saslData->m_callbacks);
|
||||
if (result != SASL_OK) {
|
||||
printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||
return -1;
|
||||
}
|
||||
|
||||
result = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection);
|
||||
if (result != SASL_OK) {
|
||||
printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||
return -1;
|
||||
}
|
||||
|
||||
result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops);
|
||||
if (result != SASL_OK) {
|
||||
printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||
freeKerberosConnection();
|
||||
return -1;
|
||||
}
|
||||
|
||||
printf("[DEBUG] Waiting for mechanism list from server...\n\r");
|
||||
len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
|
||||
|
||||
printf("Choosing best mechanism from: %s\n", buf);
|
||||
|
||||
result = sasl_client_start(saslData->m_krbConnection, buf, NULL, &data, &len, &chosenmech);
|
||||
if (result != SASL_OK && result != SASL_CONTINUE) {
|
||||
printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||
freeKerberosConnection();
|
||||
return -1;
|
||||
}
|
||||
|
||||
printf("[DEBUG] Using mechanism %s\n\r", chosenmech);
|
||||
strcpy(buf, chosenmech);
|
||||
if (data) {
|
||||
if (NET_SEC_BUF_SIZE - strlen(buf) - 1 < len) {
|
||||
printf("[ERROR] Insufficient buffer space to construct initial response!\n\r");
|
||||
freeKerberosConnection();
|
||||
return -1;
|
||||
}
|
||||
printf("[DEBUG] Preparing initial response...\n\r");
|
||||
memcpy(buf + strlen(buf) + 1, data, len);
|
||||
len += (unsigned) strlen(buf) + 1;
|
||||
data = NULL;
|
||||
}
|
||||
else {
|
||||
len = (unsigned) strlen(buf);
|
||||
}
|
||||
|
||||
printf("[DEBUG] Sending initial response...\n\r");
|
||||
sendSASLDataToNetwork(buf, len, socket());
|
||||
|
||||
while (result == SASL_CONTINUE) {
|
||||
printf("[DEBUG] Waiting for server reply...\n\r");
|
||||
len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
|
||||
if (state() != TQSocket::Connected) {
|
||||
return -1;
|
||||
}
|
||||
result = sasl_client_step(saslData->m_krbConnection, buf, len, NULL, &data, &len);
|
||||
if (result != SASL_OK && result != SASL_CONTINUE) {
|
||||
printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||
freeKerberosConnection();
|
||||
return -1;
|
||||
}
|
||||
if (data && len) {
|
||||
printf("[DEBUG] Sending response...\n\r");
|
||||
sendSASLDataToNetwork(data, len, socket());
|
||||
}
|
||||
else if (result != SASL_OK || !serverlast) {
|
||||
sendSASLDataToNetwork("", 0, socket());
|
||||
}
|
||||
}
|
||||
printf("[DEBUG] Negotiation complete!\n\r");
|
||||
|
||||
result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
|
||||
if (result != SASL_OK) {
|
||||
printf("[WARNING] Unable to determine authenticated username!\n\r");
|
||||
}
|
||||
else {
|
||||
printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
|
||||
}
|
||||
|
||||
result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
|
||||
if (result != SASL_OK) {
|
||||
printf("[WARNING] Unable to determine authenticated realm!\n\r");
|
||||
}
|
||||
else {
|
||||
printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
|
||||
}
|
||||
|
||||
result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
|
||||
if (result != SASL_OK) {
|
||||
printf("[WARNING] Unable to determine SSF!\n\r");
|
||||
}
|
||||
else {
|
||||
printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
@ -0,0 +1,67 @@
|
||||
/***************************************************************************
|
||||
* Copyright (C) 2012 by Timothy Pearson *
|
||||
* kb9vqf@pearsoncomputing.net *
|
||||
* *
|
||||
* This program is free software; you can redistribute it and/or modify *
|
||||
* it under the terms of the GNU General Public License as published by *
|
||||
* the Free Software Foundation; either version 2 of the License, or *
|
||||
* (at your option) any later version. *
|
||||
* *
|
||||
* This program is distributed in the hope that it will be useful, *
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||
* GNU General Public License for more details. *
|
||||
* *
|
||||
* You should have received a copy of the GNU General Public License *
|
||||
* along with this program; if not, write to the *
|
||||
* Free Software Foundation, Inc., *
|
||||
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
||||
***************************************************************************/
|
||||
|
||||
#ifndef TDEKRBSOCKET_H
|
||||
#define TDEKRBSOCKET_H
|
||||
|
||||
#include <tqsocket.h>
|
||||
|
||||
#define N_CALLBACKS 3
|
||||
|
||||
class SASLDataPrivate;
|
||||
|
||||
class TDEKerberosClientSocket : public TQSocket
|
||||
{
|
||||
Q_OBJECT
|
||||
|
||||
public:
|
||||
TDEKerberosClientSocket(TQObject *parent=0, const char *name=0);
|
||||
virtual ~TDEKerberosClientSocket();
|
||||
|
||||
bool open(int mode);
|
||||
void close();
|
||||
Q_LONG readBlock(char *data, Q_ULONG maxlen);
|
||||
Q_LONG writeBlock(const char *data, Q_ULONG len);
|
||||
Q_LONG readLine(char *data, Q_ULONG maxlen);
|
||||
TQString readLine();
|
||||
void writeLine(TQString);
|
||||
|
||||
int setUsingKerberos(bool krbactive);
|
||||
void setServiceName(TQString name);
|
||||
void setServerFQDN(TQString name);
|
||||
|
||||
private:
|
||||
int initializeKerberosInterface();
|
||||
void freeKerberosConnection();
|
||||
void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
|
||||
unsigned int getSASLDataFromNetwork(char *buf, int trunclen);
|
||||
int transmitEncryptedData(int fd, const char* readbuf, int cc);
|
||||
int receiveEncryptedData(char *buf, int trunclen);
|
||||
|
||||
private:
|
||||
bool m_kerberosRequested;
|
||||
TQString m_serviceName;
|
||||
TQString m_serverFQDN;
|
||||
|
||||
private:
|
||||
SASLDataPrivate *saslData;
|
||||
};
|
||||
|
||||
#endif // TDEKRBSOCKET_H
|
@ -0,0 +1,3 @@
|
||||
doc
|
||||
po
|
||||
src
|
Loading…
Reference in new issue