parent
0e11c4ce6d
commit
35dc01b709
@ -0,0 +1 @@
|
|||||||
|
Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
@ -0,0 +1 @@
|
|||||||
|
2012-05-17 - Initial Release
|
@ -0,0 +1,167 @@
|
|||||||
|
Basic Installation
|
||||||
|
==================
|
||||||
|
|
||||||
|
These are generic installation instructions.
|
||||||
|
|
||||||
|
The `configure' shell script attempts to guess correct values for
|
||||||
|
various system-dependent variables used during compilation. It uses
|
||||||
|
those values to create a `Makefile' in each directory of the package.
|
||||||
|
It may also create one or more `.h' files containing system-dependent
|
||||||
|
definitions. Finally, it creates a shell script `config.status' that
|
||||||
|
you can run in the future to recreate the current configuration, a file
|
||||||
|
`config.cache' that saves the results of its tests to speed up
|
||||||
|
reconfiguring, and a file `config.log' containing compiler output
|
||||||
|
(useful mainly for debugging `configure').
|
||||||
|
|
||||||
|
If you need to do unusual things to compile the package, please try
|
||||||
|
to figure out how `configure' could check whether to do them, and mail
|
||||||
|
diffs or instructions to the address given in the `README' so they can
|
||||||
|
be considered for the next release. If at some point `config.cache'
|
||||||
|
contains results you don't want to keep, you may remove or edit it.
|
||||||
|
|
||||||
|
The file `configure.in' is used to create `configure' by a program
|
||||||
|
called `autoconf'. You only need `configure.in' if you want to change
|
||||||
|
it or regenerate `configure' using a newer version of `autoconf'.
|
||||||
|
|
||||||
|
The simplest way to compile this package is:
|
||||||
|
|
||||||
|
1. `cd' to the directory containing the package's source code and type
|
||||||
|
`./configure' to configure the package for your system. If you're
|
||||||
|
using `csh' on an old version of System V, you might need to type
|
||||||
|
`sh ./configure' instead to prevent `csh' from trying to execute
|
||||||
|
`configure' itself.
|
||||||
|
|
||||||
|
Running `configure' takes a while. While running, it prints some
|
||||||
|
messages telling which features it is checking for.
|
||||||
|
|
||||||
|
2. Type `make' to compile the package.
|
||||||
|
|
||||||
|
3. Type `make install' to install the programs and any data files and
|
||||||
|
documentation.
|
||||||
|
|
||||||
|
4. You can remove the program binaries and object files from the
|
||||||
|
source code directory by typing `make clean'.
|
||||||
|
|
||||||
|
Compilers and Options
|
||||||
|
=====================
|
||||||
|
|
||||||
|
Some systems require unusual options for compilation or linking that
|
||||||
|
the `configure' script does not know about. You can give `configure'
|
||||||
|
initial values for variables by setting them in the environment. Using
|
||||||
|
a Bourne-compatible shell, you can do that on the command line like
|
||||||
|
this:
|
||||||
|
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
|
||||||
|
|
||||||
|
Or on systems that have the `env' program, you can do it like this:
|
||||||
|
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
|
||||||
|
|
||||||
|
Compiling For Multiple Architectures
|
||||||
|
====================================
|
||||||
|
|
||||||
|
You can compile the package for more than one kind of computer at the
|
||||||
|
same time, by placing the object files for each architecture in their
|
||||||
|
own directory. To do this, you must use a version of `make' that
|
||||||
|
supports the `VPATH' variable, such as GNU `make'. `cd' to the
|
||||||
|
directory where you want the object files and executables to go and run
|
||||||
|
the `configure' script. `configure' automatically checks for the
|
||||||
|
source code in the directory that `configure' is in and in `..'.
|
||||||
|
|
||||||
|
If you have to use a `make' that does not supports the `VPATH'
|
||||||
|
variable, you have to compile the package for one architecture at a time
|
||||||
|
in the source code directory. After you have installed the package for
|
||||||
|
one architecture, use `make distclean' before reconfiguring for another
|
||||||
|
architecture.
|
||||||
|
|
||||||
|
Installation Names
|
||||||
|
==================
|
||||||
|
|
||||||
|
By default, `make install' will install the package's files in
|
||||||
|
`/usr/local/bin', `/usr/local/man', etc. You can specify an
|
||||||
|
installation prefix other than `/usr/local' by giving `configure' the
|
||||||
|
option `--prefix=PATH'.
|
||||||
|
|
||||||
|
You can specify separate installation prefixes for
|
||||||
|
architecture-specific files and architecture-independent files. If you
|
||||||
|
give `configure' the option `--exec-prefix=PATH', the package will use
|
||||||
|
PATH as the prefix for installing programs and libraries.
|
||||||
|
Documentation and other data files will still use the regular prefix.
|
||||||
|
|
||||||
|
If the package supports it, you can cause programs to be installed
|
||||||
|
with an extra prefix or suffix on their names by giving `configure' the
|
||||||
|
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
|
||||||
|
|
||||||
|
Optional Features
|
||||||
|
=================
|
||||||
|
|
||||||
|
Some packages pay attention to `--enable-FEATURE' options to
|
||||||
|
`configure', where FEATURE indicates an optional part of the package.
|
||||||
|
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
|
||||||
|
is something like `gnu-as' or `x' (for the X Window System). The
|
||||||
|
`README' should mention any `--enable-' and `--with-' options that the
|
||||||
|
package recognizes.
|
||||||
|
|
||||||
|
For packages that use the X Window System, `configure' can usually
|
||||||
|
find the X include and library files automatically, but if it doesn't,
|
||||||
|
you can use the `configure' options `--x-includes=DIR' and
|
||||||
|
`--x-libraries=DIR' to specify their locations.
|
||||||
|
|
||||||
|
Specifying the System Type
|
||||||
|
==========================
|
||||||
|
|
||||||
|
There may be some features `configure' can not figure out
|
||||||
|
automatically, but needs to determine by the type of host the package
|
||||||
|
will run on. Usually `configure' can figure that out, but if it prints
|
||||||
|
a message saying it can not guess the host type, give it the
|
||||||
|
`--host=TYPE' option. TYPE can either be a short name for the system
|
||||||
|
type, such as `sun4', or a canonical name with three fields:
|
||||||
|
CPU-COMPANY-SYSTEM
|
||||||
|
|
||||||
|
See the file `config.sub' for the possible values of each field. If
|
||||||
|
`config.sub' isn't included in this package, then this package doesn't
|
||||||
|
need to know the host type.
|
||||||
|
|
||||||
|
If you are building compiler tools for cross-compiling, you can also
|
||||||
|
use the `--target=TYPE' option to select the type of system they will
|
||||||
|
produce code for and the `--build=TYPE' option to select the type of
|
||||||
|
system on which you are compiling the package.
|
||||||
|
|
||||||
|
Sharing Defaults
|
||||||
|
================
|
||||||
|
|
||||||
|
If you want to set default values for `configure' scripts to share,
|
||||||
|
you can create a site shell script called `config.site' that gives
|
||||||
|
default values for variables like `CC', `cache_file', and `prefix'.
|
||||||
|
`configure' looks for `PREFIX/share/config.site' if it exists, then
|
||||||
|
`PREFIX/etc/config.site' if it exists. Or, you can set the
|
||||||
|
`CONFIG_SITE' environment variable to the location of the site script.
|
||||||
|
A warning: not all `configure' scripts look for a site script.
|
||||||
|
|
||||||
|
Operation Controls
|
||||||
|
==================
|
||||||
|
|
||||||
|
`configure' recognizes the following options to control how it
|
||||||
|
operates.
|
||||||
|
|
||||||
|
`--cache-file=FILE'
|
||||||
|
Use and save the results of the tests in FILE instead of
|
||||||
|
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
|
||||||
|
debugging `configure'.
|
||||||
|
|
||||||
|
`--help'
|
||||||
|
Print a summary of the options to `configure', and exit.
|
||||||
|
|
||||||
|
`--quiet'
|
||||||
|
`--silent'
|
||||||
|
`-q'
|
||||||
|
Do not print messages saying which checks are being made.
|
||||||
|
|
||||||
|
`--srcdir=DIR'
|
||||||
|
Look for the package's source code in directory DIR. Usually
|
||||||
|
`configure' can determine that directory automatically.
|
||||||
|
|
||||||
|
`--version'
|
||||||
|
Print the version of Autoconf used to generate the `configure'
|
||||||
|
script, and exit.
|
||||||
|
|
||||||
|
`configure' also accepts some other, not widely useful, options.
|
||||||
|
|
@ -0,0 +1,22 @@
|
|||||||
|
SUBDIRS = $(TOPSUBDIRS)
|
||||||
|
|
||||||
|
$(top_srcdir)/configure.in: configure.in.in $(top_srcdir)/subdirs
|
||||||
|
cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common configure.in ;
|
||||||
|
|
||||||
|
$(top_srcdir)/subdirs:
|
||||||
|
cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common subdirs
|
||||||
|
|
||||||
|
$(top_srcdir)/acinclude.m4: $(top_srcdir)/admin/acinclude.m4.in $(top_srcdir)/admin/libtool.m4.in
|
||||||
|
@cd $(top_srcdir) && cat admin/acinclude.m4.in admin/libtool.m4.in > acinclude.m4
|
||||||
|
|
||||||
|
MAINTAINERCLEANFILES = subdirs configure.in acinclude.m4 configure.files
|
||||||
|
|
||||||
|
package-messages:
|
||||||
|
cd $(top_srcdir) && $(MAKE) -f admin/Makefile.common package-messages
|
||||||
|
$(MAKE) -C po merge
|
||||||
|
|
||||||
|
EXTRA_DIST = admin COPYING configure.in.in
|
||||||
|
|
||||||
|
dist-hook:
|
||||||
|
cd $(top_distdir) && perl admin/am_edit -padmin
|
||||||
|
cd $(top_distdir) && $(MAKE) -f admin/Makefile.common subdirs
|
@ -0,0 +1,10 @@
|
|||||||
|
all:
|
||||||
|
@echo "This Makefile is only for the CVS repository"
|
||||||
|
@echo "This will be deleted before making the distribution"
|
||||||
|
@echo ""
|
||||||
|
$(MAKE) -f admin/Makefile.common cvs
|
||||||
|
|
||||||
|
dist:
|
||||||
|
$(MAKE) -f admin/Makefile.common dist
|
||||||
|
|
||||||
|
.SILENT:
|
@ -0,0 +1 @@
|
|||||||
|
Subproject commit 06098efaf31973c11d7dd89ae291e6844b132e1a
|
@ -0,0 +1 @@
|
|||||||
|
Subproject commit 477d071b5db5544ace5449f0c2eea6d5c01d693b
|
@ -0,0 +1,2 @@
|
|||||||
|
./admin/configure.in.min
|
||||||
|
configure.in.in
|
@ -0,0 +1,6 @@
|
|||||||
|
#MIN_CONFIG(3.2.0)
|
||||||
|
|
||||||
|
AM_INIT_AUTOMAKE(autostart, 0.1)
|
||||||
|
AC_C_BIGENDIAN
|
||||||
|
AC_CHECK_KDEMAXPATHLEN
|
||||||
|
|
@ -0,0 +1,5 @@
|
|||||||
|
libtdekrb-trinity (0.1-0ubuntu0) karmic; urgency=low
|
||||||
|
|
||||||
|
* Karmic rebuild
|
||||||
|
|
||||||
|
-- Timothy Pearson <kb9vqf@pearsoncomputing.net> Thu, 02 July 2009 16:08:00 -0600
|
@ -0,0 +1 @@
|
|||||||
|
5
|
@ -0,0 +1,12 @@
|
|||||||
|
Source: libtdekrb-trinity
|
||||||
|
Section: tde
|
||||||
|
Priority: optional
|
||||||
|
Maintainer: Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
||||||
|
Build-Depends: debhelper (>= 5), cdbs, tdelibs4-trinity-dev, libsasl2-dev, automake, autoconf, libtool, libltdl-dev
|
||||||
|
Standards-Version: 3.8.4
|
||||||
|
|
||||||
|
Package: libtdekrb-trinity
|
||||||
|
Architecture: any
|
||||||
|
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||||
|
Description: Kerberos network library for TDE
|
||||||
|
Kerberos network library for TDE.
|
@ -0,0 +1,31 @@
|
|||||||
|
This package was debianized by Timothy Pearson <kb9vqf@pearsoncomputing.net> on
|
||||||
|
Thu, 17 May 2012 19:52:51 +0100.
|
||||||
|
|
||||||
|
It was downloaded from http://www.trinitydesktop.org
|
||||||
|
|
||||||
|
Upstream Author: Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
||||||
|
|
||||||
|
copyright (C) 2012 Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
||||||
|
|
||||||
|
License:
|
||||||
|
|
||||||
|
This package is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This package is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this package; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
|
||||||
|
On Debian systems, the complete text of the GNU General
|
||||||
|
Public License can be found in `/usr/share/common-licenses/GPL'.
|
||||||
|
|
||||||
|
The Debian packaging is (C) 2012, Timothy Pearson <kb9vqf@pearsoncomputing.net> and
|
||||||
|
is licensed under the GPL, see above.
|
||||||
|
|
@ -0,0 +1,24 @@
|
|||||||
|
#!/usr/bin/make -f
|
||||||
|
|
||||||
|
include /usr/share/cdbs/1/rules/simple-patchsys.mk
|
||||||
|
include /usr/share/cdbs/1/class/autotools.mk
|
||||||
|
include /usr/share/cdbs/1/rules/debhelper.mk
|
||||||
|
|
||||||
|
DEB_CONFIGURE_INCLUDEDIR := /opt/trinity/include/tde
|
||||||
|
DEB_CONFIGURE_MANDIR := /opt/trinity/share/man
|
||||||
|
DEB_CONFIGURE_PREFIX := /opt/trinity
|
||||||
|
DEB_CONFIGURE_INFODIR := /opt/trinity/share/info
|
||||||
|
|
||||||
|
cdbs_configure_flags := --with-qt-dir=/usr/share/qt3 --disable-rpath --with-xinerama $(cdbs_kde_enable_final) $(cdbs_kde_enable_debug)
|
||||||
|
|
||||||
|
post-patches:: debian/stamp-bootstrap
|
||||||
|
|
||||||
|
debian/stamp-bootstrap:
|
||||||
|
! [ -f /usr/share/libtool/ltmain.sh ] || \
|
||||||
|
cp -f /usr/share/libtool/ltmain.sh admin/ltmain.sh
|
||||||
|
! [ -f /usr/share/libtool/config/ltmain.sh ] || \
|
||||||
|
cp -f /usr/share/libtool/config/ltmain.sh admin/ltmain.sh
|
||||||
|
cp -f /usr/share/aclocal/libtool.m4 admin/libtool.m4.in
|
||||||
|
|
||||||
|
make -f admin/Makefile.common cvs
|
||||||
|
touch debian/stamp-bootstrap
|
@ -0,0 +1,6 @@
|
|||||||
|
# the SUBDIRS is filled automatically by am_edit. If files are
|
||||||
|
# in this directory they are installed into the english dir
|
||||||
|
|
||||||
|
KDE_LANG = en
|
||||||
|
KDE_DOCS = autostart
|
||||||
|
SUBDIRS = $(AUTODIRS)
|
@ -0,0 +1,2 @@
|
|||||||
|
KDE_DOCS = ldap
|
||||||
|
KDE_LANG = en
|
@ -0,0 +1,2 @@
|
|||||||
|
POFILES = AUTO
|
||||||
|
# noinst_HEADERS = ldap.pot
|
@ -0,0 +1,13 @@
|
|||||||
|
INCLUDES = $(all_includes) -I/usr/include/sasl
|
||||||
|
METASOURCES = AUTO
|
||||||
|
|
||||||
|
# Create a shared library file
|
||||||
|
lib_LTLIBRARIES = libtdekrbsocket.la
|
||||||
|
|
||||||
|
include_HEADERS = tdekrbsocket.h
|
||||||
|
|
||||||
|
libtdekrbsocket_la_SOURCES = tdekrbsocket.cpp
|
||||||
|
libtdekrbsocket_la_LIBADD = -lkio $(LIB_TDEUI) -lsasl2
|
||||||
|
libtdekrbsocket_la_LDFLAGS = -avoid-version -module -no-undefined \
|
||||||
|
$(all_libraries)
|
||||||
|
|
@ -0,0 +1,404 @@
|
|||||||
|
/***************************************************************************
|
||||||
|
* Copyright (C) 2012 by Timothy Pearson *
|
||||||
|
* kb9vqf@pearsoncomputing.net *
|
||||||
|
* *
|
||||||
|
* This program is free software; you can redistribute it and/or modify *
|
||||||
|
* it under the terms of the GNU General Public License as published by *
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or *
|
||||||
|
* (at your option) any later version. *
|
||||||
|
* *
|
||||||
|
* This program is distributed in the hope that it will be useful, *
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||||
|
* GNU General Public License for more details. *
|
||||||
|
* *
|
||||||
|
* You should have received a copy of the GNU General Public License *
|
||||||
|
* along with this program; if not, write to the *
|
||||||
|
* Free Software Foundation, Inc., *
|
||||||
|
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
||||||
|
***************************************************************************/
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include <tqapplication.h>
|
||||||
|
|
||||||
|
#include <sasl.h>
|
||||||
|
#include <saslplug.h>
|
||||||
|
#include <saslutil.h>
|
||||||
|
|
||||||
|
#include "tdekrbsocket.h"
|
||||||
|
|
||||||
|
#define NET_SEC_BUF_SIZE (2048)
|
||||||
|
|
||||||
|
class SASLDataPrivate
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
sasl_callback_t m_callbacks[N_CALLBACKS];
|
||||||
|
sasl_conn_t *m_krbConnection;
|
||||||
|
};
|
||||||
|
|
||||||
|
static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
|
||||||
|
const char *label;
|
||||||
|
|
||||||
|
if (!message) {
|
||||||
|
return SASL_BADPARAM;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (priority) {
|
||||||
|
case SASL_LOG_ERR:
|
||||||
|
label = "Error";
|
||||||
|
break;
|
||||||
|
case SASL_LOG_NOTE:
|
||||||
|
label = "Info";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
label = "Other";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("[SASL %s] %s\n\r", label, message);
|
||||||
|
|
||||||
|
return SASL_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false) {
|
||||||
|
saslData = new SASLDataPrivate;
|
||||||
|
saslData->m_krbConnection = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
TDEKerberosClientSocket::~TDEKerberosClientSocket() {
|
||||||
|
delete saslData;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool TDEKerberosClientSocket::open(int mode) {
|
||||||
|
bool ret = TQSocket::open(mode);
|
||||||
|
if (m_kerberosRequested) {
|
||||||
|
initializeKerberosInterface();
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
void TDEKerberosClientSocket::close() {
|
||||||
|
TQSocket::close();
|
||||||
|
}
|
||||||
|
|
||||||
|
int TDEKerberosClientSocket::setUsingKerberos(bool krbactive) {
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
|
if (m_serviceName == "") {
|
||||||
|
printf("[ERROR] No service name set!\n\r"); fflush(stdout);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (krbactive) {
|
||||||
|
m_kerberosRequested = true;
|
||||||
|
if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) {
|
||||||
|
ret = initializeKerberosInterface();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
m_kerberosRequested = false;
|
||||||
|
if (saslData->m_krbConnection) {
|
||||||
|
freeKerberosConnection();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
void TDEKerberosClientSocket::setServiceName(TQString name) {
|
||||||
|
m_serviceName = name;
|
||||||
|
}
|
||||||
|
|
||||||
|
void TDEKerberosClientSocket::setServerFQDN(TQString name) {
|
||||||
|
m_serverFQDN = name;
|
||||||
|
}
|
||||||
|
|
||||||
|
Q_LONG TDEKerberosClientSocket::readBlock(char *data, Q_ULONG maxlen) {
|
||||||
|
Q_LONG ret = TQSocket::readBlock(data, maxlen);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
Q_LONG TDEKerberosClientSocket::writeBlock(const char *data, Q_ULONG len) {
|
||||||
|
Q_LONG ret = TQSocket::writeBlock(data, len);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
Q_LONG TDEKerberosClientSocket::readLine(char *data, Q_ULONG maxlen) {
|
||||||
|
Q_LONG ret;
|
||||||
|
|
||||||
|
if (m_kerberosRequested) {
|
||||||
|
ret = getSASLDataFromNetwork(data, maxlen);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ret = TQSocket::readLine(data, maxlen);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
TQString TDEKerberosClientSocket::readLine() {
|
||||||
|
TQString ret;
|
||||||
|
char buf[NET_SEC_BUF_SIZE];
|
||||||
|
|
||||||
|
if (m_kerberosRequested) {
|
||||||
|
receiveEncryptedData(buf, NET_SEC_BUF_SIZE);
|
||||||
|
ret = TQString(buf);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ret = TQSocket::readLine();
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
void TDEKerberosClientSocket::writeLine(TQString str) {
|
||||||
|
if (m_kerberosRequested) {
|
||||||
|
transmitEncryptedData(socket(), str.ascii(), str.length());
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
TQSocket::writeBlock(str.ascii(), str.length());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void TDEKerberosClientSocket::freeKerberosConnection(void) {
|
||||||
|
if (saslData->m_krbConnection) {
|
||||||
|
sasl_dispose(&saslData->m_krbConnection);
|
||||||
|
}
|
||||||
|
saslData->m_krbConnection = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd) {
|
||||||
|
char *buf;
|
||||||
|
unsigned len, alloclen;
|
||||||
|
int result;
|
||||||
|
char txbuf[NET_SEC_BUF_SIZE];
|
||||||
|
|
||||||
|
alloclen = ((length / 3) + 1) * 4 + 1;
|
||||||
|
buf = (char*)malloc(alloclen);
|
||||||
|
if (!buf) {
|
||||||
|
printf("[ERROR] Unable to malloc()!\n\r");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
result = sasl_encode64(buffer, length, buf, alloclen, &len);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
sprintf(txbuf, "%s\n", buf);
|
||||||
|
write(netfd, txbuf, strlen(txbuf));
|
||||||
|
|
||||||
|
free(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
unsigned int TDEKerberosClientSocket::getSASLDataFromNetwork(char *buf, int trunclen) {
|
||||||
|
unsigned int len;
|
||||||
|
int result;
|
||||||
|
|
||||||
|
len = 0;
|
||||||
|
while (1) {
|
||||||
|
tqApp->processEvents();
|
||||||
|
if (state() != TQSocket::Connected) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (TQSocket::readBlock(buf+len, 1) > 0) {
|
||||||
|
if (buf[len] == '\n') {
|
||||||
|
buf[len] = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (buf[len] != '\r') {
|
||||||
|
len++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (len >= trunclen) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
len = strlen(buf);
|
||||||
|
result = sasl_decode64(buf, (unsigned) strlen(buf), buf, trunclen, &len);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
buf[len] = '\0';
|
||||||
|
|
||||||
|
return len;
|
||||||
|
}
|
||||||
|
|
||||||
|
int TDEKerberosClientSocket::transmitEncryptedData(int fd, const char* readbuf, int cc) {
|
||||||
|
int result = 0;
|
||||||
|
unsigned int len;
|
||||||
|
const char *data;
|
||||||
|
|
||||||
|
result=sasl_encode(saslData->m_krbConnection, readbuf, cc, &data, &len);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
sendSASLDataToNetwork(data, len, fd);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int TDEKerberosClientSocket::receiveEncryptedData(char *buf, int trunclen) {
|
||||||
|
unsigned int recv_len;
|
||||||
|
const char *recv_data;
|
||||||
|
int result;
|
||||||
|
int len;
|
||||||
|
|
||||||
|
len = getSASLDataFromNetwork(buf, trunclen);
|
||||||
|
if (len >= 0) {
|
||||||
|
result=sasl_decode(saslData->m_krbConnection, buf, len, &recv_data, &recv_len);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
strncpy(buf, recv_data, trunclen);
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int TDEKerberosClientSocket::initializeKerberosInterface() {
|
||||||
|
if (state() != TQSocket::Connected) {
|
||||||
|
saslData->m_krbConnection = false;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
sasl_callback_t *callback;
|
||||||
|
char buf[NET_SEC_BUF_SIZE];
|
||||||
|
int result = 0;
|
||||||
|
int serverlast = 0;
|
||||||
|
sasl_security_properties_t secprops;
|
||||||
|
const char *chosenmech;
|
||||||
|
unsigned int len;
|
||||||
|
const char *data;
|
||||||
|
char user_authorized = 0;
|
||||||
|
sasl_ssf_t *ssf;
|
||||||
|
char *iplocal = NULL;
|
||||||
|
char *ipremote = NULL;
|
||||||
|
const char *service = m_serviceName.ascii();
|
||||||
|
const char *fqdn = m_serverFQDN.ascii();
|
||||||
|
|
||||||
|
callback = saslData->m_callbacks;
|
||||||
|
|
||||||
|
// log
|
||||||
|
callback->id = SASL_CB_LOG;
|
||||||
|
callback->proc = (sasl_callback_ft)&logSASLMessages;
|
||||||
|
callback->context = NULL;
|
||||||
|
++callback;
|
||||||
|
|
||||||
|
// end of callback list
|
||||||
|
callback->id = SASL_CB_LIST_END;
|
||||||
|
callback->proc = NULL;
|
||||||
|
callback->context = NULL;
|
||||||
|
++callback;
|
||||||
|
|
||||||
|
// Initialize default data structures
|
||||||
|
memset(&secprops, 0L, sizeof(secprops));
|
||||||
|
secprops.maxbufsize = NET_SEC_BUF_SIZE;
|
||||||
|
secprops.max_ssf = UINT_MAX;
|
||||||
|
|
||||||
|
result = sasl_client_init(saslData->m_callbacks);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
result = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||||
|
freeKerberosConnection();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("[DEBUG] Waiting for mechanism list from server...\n\r");
|
||||||
|
len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
|
||||||
|
|
||||||
|
printf("Choosing best mechanism from: %s\n", buf);
|
||||||
|
|
||||||
|
result = sasl_client_start(saslData->m_krbConnection, buf, NULL, &data, &len, &chosenmech);
|
||||||
|
if (result != SASL_OK && result != SASL_CONTINUE) {
|
||||||
|
printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||||
|
freeKerberosConnection();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("[DEBUG] Using mechanism %s\n\r", chosenmech);
|
||||||
|
strcpy(buf, chosenmech);
|
||||||
|
if (data) {
|
||||||
|
if (NET_SEC_BUF_SIZE - strlen(buf) - 1 < len) {
|
||||||
|
printf("[ERROR] Insufficient buffer space to construct initial response!\n\r");
|
||||||
|
freeKerberosConnection();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
printf("[DEBUG] Preparing initial response...\n\r");
|
||||||
|
memcpy(buf + strlen(buf) + 1, data, len);
|
||||||
|
len += (unsigned) strlen(buf) + 1;
|
||||||
|
data = NULL;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
len = (unsigned) strlen(buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("[DEBUG] Sending initial response...\n\r");
|
||||||
|
sendSASLDataToNetwork(buf, len, socket());
|
||||||
|
|
||||||
|
while (result == SASL_CONTINUE) {
|
||||||
|
printf("[DEBUG] Waiting for server reply...\n\r");
|
||||||
|
len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
|
||||||
|
if (state() != TQSocket::Connected) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
result = sasl_client_step(saslData->m_krbConnection, buf, len, NULL, &data, &len);
|
||||||
|
if (result != SASL_OK && result != SASL_CONTINUE) {
|
||||||
|
printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
|
||||||
|
freeKerberosConnection();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (data && len) {
|
||||||
|
printf("[DEBUG] Sending response...\n\r");
|
||||||
|
sendSASLDataToNetwork(data, len, socket());
|
||||||
|
}
|
||||||
|
else if (result != SASL_OK || !serverlast) {
|
||||||
|
sendSASLDataToNetwork("", 0, socket());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
printf("[DEBUG] Negotiation complete!\n\r");
|
||||||
|
|
||||||
|
result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[WARNING] Unable to determine authenticated username!\n\r");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
|
||||||
|
}
|
||||||
|
|
||||||
|
result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[WARNING] Unable to determine authenticated realm!\n\r");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
|
||||||
|
}
|
||||||
|
|
||||||
|
result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
|
||||||
|
if (result != SASL_OK) {
|
||||||
|
printf("[WARNING] Unable to determine SSF!\n\r");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
@ -0,0 +1,67 @@
|
|||||||
|
/***************************************************************************
|
||||||
|
* Copyright (C) 2012 by Timothy Pearson *
|
||||||
|
* kb9vqf@pearsoncomputing.net *
|
||||||
|
* *
|
||||||
|
* This program is free software; you can redistribute it and/or modify *
|
||||||
|
* it under the terms of the GNU General Public License as published by *
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or *
|
||||||
|
* (at your option) any later version. *
|
||||||
|
* *
|
||||||
|
* This program is distributed in the hope that it will be useful, *
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
||||||
|
* GNU General Public License for more details. *
|
||||||
|
* *
|
||||||
|
* You should have received a copy of the GNU General Public License *
|
||||||
|
* along with this program; if not, write to the *
|
||||||
|
* Free Software Foundation, Inc., *
|
||||||
|
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
||||||
|
***************************************************************************/
|
||||||
|
|
||||||
|
#ifndef TDEKRBSOCKET_H
|
||||||
|
#define TDEKRBSOCKET_H
|
||||||
|
|
||||||
|
#include <tqsocket.h>
|
||||||
|
|
||||||
|
#define N_CALLBACKS 3
|
||||||
|
|
||||||
|
class SASLDataPrivate;
|
||||||
|
|
||||||
|
class TDEKerberosClientSocket : public TQSocket
|
||||||
|
{
|
||||||
|
Q_OBJECT
|
||||||
|
|
||||||
|
public:
|
||||||
|
TDEKerberosClientSocket(TQObject *parent=0, const char *name=0);
|
||||||
|
virtual ~TDEKerberosClientSocket();
|
||||||
|
|
||||||
|
bool open(int mode);
|
||||||
|
void close();
|
||||||
|
Q_LONG readBlock(char *data, Q_ULONG maxlen);
|
||||||
|
Q_LONG writeBlock(const char *data, Q_ULONG len);
|
||||||
|
Q_LONG readLine(char *data, Q_ULONG maxlen);
|
||||||
|
TQString readLine();
|
||||||
|
void writeLine(TQString);
|
||||||
|
|
||||||
|
int setUsingKerberos(bool krbactive);
|
||||||
|
void setServiceName(TQString name);
|
||||||
|
void setServerFQDN(TQString name);
|
||||||
|
|
||||||
|
private:
|
||||||
|
int initializeKerberosInterface();
|
||||||
|
void freeKerberosConnection();
|
||||||
|
void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
|
||||||
|
unsigned int getSASLDataFromNetwork(char *buf, int trunclen);
|
||||||
|
int transmitEncryptedData(int fd, const char* readbuf, int cc);
|
||||||
|
int receiveEncryptedData(char *buf, int trunclen);
|
||||||
|
|
||||||
|
private:
|
||||||
|
bool m_kerberosRequested;
|
||||||
|
TQString m_serviceName;
|
||||||
|
TQString m_serverFQDN;
|
||||||
|
|
||||||
|
private:
|
||||||
|
SASLDataPrivate *saslData;
|
||||||
|
};
|
||||||
|
|
||||||
|
#endif // TDEKRBSOCKET_H
|
@ -0,0 +1,3 @@
|
|||||||
|
doc
|
||||||
|
po
|
||||||
|
src
|
Loading…
Reference in new issue