Add ability to set client socket SASL mechanism

Fix a couple of build warnings
master
Timothy Pearson 10 years ago
parent 3b2621f9fe
commit 74d8f852cb

@ -546,6 +546,18 @@ void TDEKerberosClientSocket::writeLine(TQString str) {
} }
} }
void TDEKerberosClientSocket::setAllowedMechanisms(TQStringList mechanisms) {
m_allowedMechanisms = mechanisms;
}
void TDEKerberosClientSocket::setDisallowedMechanisms(TQStringList mechanisms) {
m_disallowedMechanisms = mechanisms;
}
void TDEKerberosClientSocket::setMechanismOverrideList(TQStringList mechanisms) {
m_overrideMechanisms = mechanisms;
}
void TDEKerberosClientSocket::freeKerberosConnection(void) { void TDEKerberosClientSocket::freeKerberosConnection(void) {
if (saslData->m_krbConnection) { if (saslData->m_krbConnection) {
sasl_dispose(&saslData->m_krbConnection); sasl_dispose(&saslData->m_krbConnection);
@ -666,7 +678,7 @@ int TDEKerberosClientSocket::transmitEncryptedData(const char* readbuf, int cc)
remnant_position = 0; remnant_position = 0;
while ((data_remaining > 0) && (dataTimeoutTimer.isActive() || (m_dataTimeout < 0))) { while ((data_remaining > 0) && (dataTimeoutTimer.isActive() || (m_dataTimeout < 0))) {
int data_to_write_len; int data_to_write_len;
if (data_remaining > (m_negotiatedMaxBufferSize/2)) { if ((unsigned long)data_remaining > (m_negotiatedMaxBufferSize/2)) {
data_to_write_len = m_negotiatedMaxBufferSize/2; data_to_write_len = m_negotiatedMaxBufferSize/2;
} }
else { else {
@ -815,9 +827,50 @@ void TDEKerberosClientSocket::continueKerberosInitialization() {
} }
len = slen; len = slen;
printf("Choosing best mechanism from: %s\n", buf); printf("[DEBUG] Server and client support mechanisms: %s\n", buf);
TQStringList krbMechList = TQStringList::split(" ", buf, false);
// If mechanism override is set then use it1
if (m_overrideMechanisms.count() > 0) {
printf("[DEBUG] Overriding mechanisms list: %s\n", m_overrideMechanisms.join(" ").ascii());
TQStringList supportedMechanisms = krbMechList;
krbMechList = m_overrideMechanisms;
// Remove all mechanisms not supported by the client and server
for (TQStringList::Iterator it = krbMechList.begin(); it != krbMechList.end(); ++it ) {
if (supportedMechanisms.find(*it) == supportedMechanisms.end()) {
krbMechList.remove(*it);
it = krbMechList.begin();
}
}
}
else {
// Remove all mechanisms not listed in the allowed list
if (m_allowedMechanisms.count() > 0) {
for (TQStringList::Iterator it = krbMechList.begin(); it != krbMechList.end(); ++it ) {
if (m_allowedMechanisms.find(*it) == m_allowedMechanisms.end()) {
printf("[DEBUG] Removing implicitly disallowed mechanism %s from list\n", (*it).ascii());
krbMechList.remove(*it);
it = krbMechList.begin();
}
}
}
// Remove all mechanisms listed in the disallowed list
if (m_disallowedMechanisms.count() > 0) {
for (TQStringList::Iterator it = m_disallowedMechanisms.begin(); it != m_disallowedMechanisms.end(); ++it ) {
printf("[DEBUG] Removing explicitly disallowed mechanism %s from list\n", (*it).ascii());
krbMechList.remove(*it);
}
}
}
TQString krbMechListString = krbMechList.join(" ");
printf("Choosing best mechanism from: %s\n", krbMechListString.ascii());
m_krbInitResult = sasl_client_start(saslData->m_krbConnection, buf, NULL, &data, &len, &chosenmech); m_krbInitResult = sasl_client_start(saslData->m_krbConnection, krbMechListString.ascii(), NULL, &data, &len, &chosenmech);
if (m_krbInitResult != SASL_OK && m_krbInitResult != SASL_CONTINUE) { if (m_krbInitResult != SASL_OK && m_krbInitResult != SASL_CONTINUE) {
printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult);
freeKerberosConnection(); freeKerberosConnection();

@ -22,6 +22,7 @@
#define TDEKRBCLIENTSOCKET_H #define TDEKRBCLIENTSOCKET_H
#include <tqsocket.h> #include <tqsocket.h>
#include <tqstringlist.h>
#define N_CALLBACKS 3 #define N_CALLBACKS 3
@ -78,6 +79,10 @@ class TDEKerberosClientSocket : public TQSocket
void clearFrameTail(); void clearFrameTail();
void writeBufferedData(); void writeBufferedData();
void setAllowedMechanisms(TQStringList mechanisms);
void setDisallowedMechanisms(TQStringList mechanisms);
void setMechanismOverrideList(TQStringList mechanisms);
public slots: public slots:
int processPendingData(); int processPendingData();
@ -112,6 +117,9 @@ class TDEKerberosClientSocket : public TQSocket
TQString m_prevStatusMessage; TQString m_prevStatusMessage;
int m_dataTimeout; int m_dataTimeout;
TQTimer* kerberosInitLoopTimer; TQTimer* kerberosInitLoopTimer;
TQStringList m_allowedMechanisms;
TQStringList m_disallowedMechanisms;
TQStringList m_overrideMechanisms;
bool* m_canary; bool* m_canary;
private: private:

@ -675,7 +675,7 @@ int TDEKerberosServerSocket::transmitEncryptedData(const char* readbuf, int cc)
remnant_position = 0; remnant_position = 0;
while ((data_remaining > 0) && (dataTimeoutTimer.isActive() || (m_dataTimeout < 0))) { while ((data_remaining > 0) && (dataTimeoutTimer.isActive() || (m_dataTimeout < 0))) {
int data_to_write_len; int data_to_write_len;
if (data_remaining > (m_negotiatedMaxBufferSize/2)) { if ((unsigned long)data_remaining > (m_negotiatedMaxBufferSize/2)) {
data_to_write_len = m_negotiatedMaxBufferSize/2; data_to_write_len = m_negotiatedMaxBufferSize/2;
} }
else { else {

Loading…
Cancel
Save