Add Kerberos server socket and change authserver skeleton to use it

12 years ago · 86a80bf3f8
parent 951f353db8
commit 86a80bf3f8
9 changed files with 543 additions and 302 deletions
--- a/clients/tde/src/app/remotemdi.h
+++ b/clients/tde/src/app/remotemdi.h
@ -11,7 +11,7 @@
 #include <tqvaluelist.h>
 #include <kmdimainfrm.h>

-#include "tdekrbsocket.h"
+#include "tdekrbclientsocket.h"

 class KMdiChildView;
 class KListBox;
--- a/lib/libtdekrb/src/Makefile.am
+++ b/lib/libtdekrb/src/Makefile.am
@ -4,10 +4,8 @@ METASOURCES = AUTO
 # Create a shared library file
 lib_LTLIBRARIES = libtdekrbsocket.la

-include_HEADERS = tdekrbsocket.h
+include_HEADERS = tdekrbclientsocket.h tdekrbserversocket.h

-libtdekrbsocket_la_SOURCES = tdekrbsocket.cpp
+libtdekrbsocket_la_SOURCES = tdekrbclientsocket.cpp tdekrbserversocket.cpp
 libtdekrbsocket_la_LIBADD = -lkio $(LIB_TDEUI) -lsasl2
-libtdekrbsocket_la_LDFLAGS = -avoid-version -module -no-undefined \
-	$(all_libraries)
-
+libtdekrbsocket_la_LDFLAGS = -avoid-version -module -no-undefined $(all_libraries)
--- a/lib/libtdekrb/src/tdekrbclientsocket.cpp
+++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp
@ -27,7 +27,7 @@
 #include <saslplug.h>
 #include <saslutil.h>

-#include "tdekrbsocket.h"
+#include "tdekrbclientsocket.h"

 #define NET_SEC_BUF_SIZE (2048)

@ -58,7 +58,7 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority,
 	}

 	printf("[SASL %s] %s\n\r", label, message);
-	
+
 	return SASL_OK;
 }

@ -116,12 +116,28 @@ void TDEKerberosClientSocket::setServerFQDN(TQString name) {
 }

 Q_LONG TDEKerberosClientSocket::readBlock(char *data, Q_ULONG maxlen) {
-	Q_LONG ret = TQSocket::readBlock(data, maxlen);
+	Q_LONG ret;
+
+	if (m_kerberosRequested) {
+		ret = receiveEncryptedData(data, maxlen);
+	}
+	else {
+		ret = TQSocket::readBlock(data, maxlen);
+	}
+
 	return ret;
 }

 Q_LONG TDEKerberosClientSocket::writeBlock(const char *data, Q_ULONG len) {
-	Q_LONG ret = TQSocket::writeBlock(data, len);
+	Q_LONG ret;
+
+	if (m_kerberosRequested) {
+		ret = transmitEncryptedData(socket(), data, len);
+	}
+	else {
+		ret = TQSocket::writeBlock(data, len);
+	}
+
 	return ret;
 }

--- a/lib/libtdekrb/src/tdekrbclientsocket.h
+++ b/lib/libtdekrb/src/tdekrbclientsocket.h
@ -18,8 +18,8 @@
 *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
 ***************************************************************************/

-#ifndef TDEKRBSOCKET_H
-#define TDEKRBSOCKET_H
+#ifndef TDEKRBCLIENTSOCKET_H
+#define TDEKRBCLIENTSOCKET_H

 #include <tqsocket.h>

@ -65,4 +65,4 @@ class TDEKerberosClientSocket : public TQSocket
 		unsigned int m_negotiatedMaxBufferSize;
 };

-#endif // TDEKRBSOCKET_H
+#endif // TDEKRBCLIENTSOCKET_H
--- a/lib/libtdekrb/src/tdekrbserversocket.cpp
+++ b/lib/libtdekrb/src/tdekrbserversocket.cpp
@ -0,0 +1,434 @@
+/***************************************************************************
+ *   Copyright (C) 2012 by Timothy Pearson                                 *
+ *   kb9vqf@pearsoncomputing.net                                           *
+ *                                                                         *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU General Public License as published by  *
+ *   the Free Software Foundation; either version 2 of the License, or     *
+ *   (at your option) any later version.                                   *
+ *                                                                         *
+ *   This program is distributed in the hope that it will be useful,       *
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ *   GNU General Public License for more details.                          *
+ *                                                                         *
+ *   You should have received a copy of the GNU General Public License     *
+ *   along with this program; if not, write to the                         *
+ *   Free Software Foundation, Inc.,                                       *
+ *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ ***************************************************************************/
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <tqapplication.h>
+
+#include <sasl.h>
+#include <saslplug.h>
+#include <saslutil.h>
+
+#include "tdekrbserversocket.h"
+
+#define NET_SEC_BUF_SIZE (2048)
+
+class SASLDataPrivate
+{
+	public:
+		sasl_callback_t m_callbacks[N_CALLBACKS];
+		sasl_conn_t *m_krbConnection;
+};
+
+static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
+	const char *label;
+
+	if (!message) {
+		return SASL_BADPARAM;
+	}
+
+	switch (priority) {
+		case SASL_LOG_ERR:
+			label = "Error";
+			break;
+		case SASL_LOG_NOTE:
+			label = "Info";
+			break;
+		default:
+			label = "Other";
+			break;
+	}
+
+	printf("[SASL %s] %s\n\r", label, message);
+
+	return SASL_OK;
+}
+
+TDEKerberosServerSocket::TDEKerberosServerSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) {
+	saslData = new SASLDataPrivate;
+	saslData->m_krbConnection = NULL;
+}
+
+TDEKerberosServerSocket::~TDEKerberosServerSocket() {
+	delete saslData;
+}
+
+bool TDEKerberosServerSocket::open(int mode) {
+	bool ret = TQSocket::open(mode);
+	if (m_kerberosRequested) {
+		initializeKerberosInterface();
+	}
+	return ret;
+}
+
+void TDEKerberosServerSocket::close() {
+	TQSocket::close();
+}
+
+int TDEKerberosServerSocket::setUsingKerberos(bool krbactive) {
+	int ret = 0;
+
+	if (m_serviceName == "") {
+		printf("[ERROR] No service name set!\n\r"); fflush(stdout);
+		return -1;
+	}
+
+	if (krbactive) {
+		m_kerberosRequested = true;
+		if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) {
+			ret = initializeKerberosInterface();
+		}
+	}
+	else {
+		m_kerberosRequested = false;
+		if (saslData->m_krbConnection) {
+			freeKerberosConnection();
+		}
+	}
+
+	return ret;
+}
+
+void TDEKerberosServerSocket::setServiceName(TQString name) {
+	m_serviceName = name;
+}
+
+void TDEKerberosServerSocket::setServerFQDN(TQString name) {
+	m_serverFQDN = name;
+}
+
+Q_LONG TDEKerberosServerSocket::readBlock(char *data, Q_ULONG maxlen) {
+	Q_LONG ret;
+
+	if (m_kerberosRequested) {
+		ret = receiveEncryptedData(data, maxlen);
+	}
+	else {
+		ret = TQSocket::readBlock(data, maxlen);
+	}
+
+	return ret;
+}
+
+Q_LONG TDEKerberosServerSocket::writeBlock(const char *data, Q_ULONG len) {
+	Q_LONG ret;
+
+	if (m_kerberosRequested) {
+		ret = transmitEncryptedData(socket(), data, len);
+	}
+	else {
+		ret = TQSocket::writeBlock(data, len);
+	}
+
+	return ret;
+}
+
+Q_LONG TDEKerberosServerSocket::readLine(char *data, Q_ULONG maxlen) {
+	Q_LONG ret;
+
+	if (m_kerberosRequested) {
+		ret = getSASLDataFromNetwork(data, maxlen);
+	}
+	else {
+		ret = TQSocket::readLine(data, maxlen);
+	}
+
+	return ret;
+}
+
+TQString TDEKerberosServerSocket::readLine() {
+	TQString ret;
+	char *buf;
+
+	if (m_kerberosRequested) {
+		buf = (char*)malloc(m_negotiatedMaxBufferSize);
+		receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
+		ret = TQString(buf);
+		free(buf);
+	}
+	else {
+		ret = TQSocket::readLine();
+	}
+
+	return ret;
+}
+
+void TDEKerberosServerSocket::writeLine(TQString str) {
+	if (m_kerberosRequested) {
+		transmitEncryptedData(socket(), str.ascii(), str.length());
+	}
+	else {
+		TQSocket::writeBlock(str.ascii(), str.length());
+	}
+}
+
+void TDEKerberosServerSocket::freeKerberosConnection(void) {
+	if (saslData->m_krbConnection) {
+		sasl_dispose(&saslData->m_krbConnection);
+	}
+	saslData->m_krbConnection = 0;
+}
+
+void TDEKerberosServerSocket::sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd) {
+	char *buf;
+	unsigned len, alloclen;
+	int result;
+
+	alloclen = ((length / 3) + 1) * 4 + 1;
+	buf = (char*)malloc(alloclen);
+	if (!buf) {
+		printf("[ERROR] Unable to malloc()!\n\r");
+		return;
+	}
+
+	result = sasl_encode64(buffer, length, buf, alloclen, &len);
+	if (result != SASL_OK) {
+		printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		return;
+	}
+
+	len = strlen(buf);
+	buf[len] = '\n';
+	buf[len+1] = 0;
+	write(netfd, buf, len+1);
+
+	free(buf);
+}
+
+unsigned int TDEKerberosServerSocket::getSASLDataFromNetwork(char *buf, int trunclen) {
+	unsigned int len;
+	int result;
+
+	TQByteArray ba(2048);
+
+	len = 0;
+	while (1) {
+		tqApp->processEvents();
+		if (state() != TQSocket::Connected) {
+			return -1;
+		}
+		if (TQSocket::readBlock(ba.data()+len, 1) > 0) {
+			if (ba.data()[len] == '\n') {
+				ba.data()[len] = 0;
+				break;
+			}
+			if (ba.data()[len] != '\r') {
+				len++;
+			}
+		}
+		if (len >= (ba.size()-1)) {
+			ba.resize(ba.size()+2048);
+			break;
+		}
+	}
+
+	len = strlen(ba.data());
+	result = sasl_decode64(ba.data(), strlen(ba.data()), buf, trunclen, &len);
+	if (result != SASL_OK) {
+		printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
+		return -1;
+	}
+	buf[len] = '\0';
+
+	return len;
+}
+
+int TDEKerberosServerSocket::transmitEncryptedData(int fd, const char* readbuf, int cc) {
+	int result = 0;
+	unsigned int len;
+	const char *data;
+
+	result=sasl_encode(saslData->m_krbConnection, readbuf, cc, &data, &len);
+	if (result != SASL_OK) {
+		printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+		return -1;
+	}
+	sendSASLDataToNetwork(data, len, fd);
+
+	return 0;
+}
+
+int TDEKerberosServerSocket::receiveEncryptedData(char *buf, int trunclen) {
+	unsigned int recv_len;
+	const char *recv_data;
+	int result;
+	int len;
+
+	len = getSASLDataFromNetwork(buf, trunclen);
+	if (len >= 0) {
+		result=sasl_decode(saslData->m_krbConnection, buf, len, &recv_data, &recv_len);
+		if (result != SASL_OK) {
+			printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+			return -1;
+		}
+		strncpy(buf, recv_data, trunclen);
+	}
+
+	return 0;
+}
+
+int TDEKerberosServerSocket::initializeKerberosInterface() {
+	if (state() != TQSocket::Connected) {
+		saslData->m_krbConnection = false;
+		return -1;
+	}
+
+	sasl_callback_t *callback;
+	char buf[NET_SEC_BUF_SIZE];
+	int result = 0;
+	int serverlast = 0;
+	sasl_security_properties_t secprops;
+	const char *ext_authid = NULL;
+	unsigned int len;
+	int count;
+	const char *data;
+	char user_authorized = 0;
+	sasl_ssf_t *ssf;
+
+	// FIXME
+	// Populate these fields!
+	char *iplocal = NULL;
+	char *ipremote = NULL;
+	char *localdomain = NULL;
+	char *userdomain = NULL;
+
+	callback = saslData->m_callbacks;
+
+	// log
+	callback->id = SASL_CB_LOG;
+	callback->proc = (sasl_callback_ft)&logSASLMessages;
+	callback->context = NULL;
+	++callback;
+
+	// end of callback list
+	callback->id = SASL_CB_LIST_END;
+	callback->proc = NULL;
+	callback->context = NULL;
+	++callback;
+
+	// Initialize default data structures
+	memset(&secprops, 0L, sizeof(secprops));
+	secprops.maxbufsize = NET_SEC_BUF_SIZE;
+	secprops.max_ssf = UINT_MAX;
+
+	result = sasl_server_init(saslData->m_callbacks, m_serviceName.ascii());
+	if (result != SASL_OK) {
+		printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+		return -1;
+	}
+
+	result = sasl_server_new(m_serviceName.ascii(), localdomain, userdomain, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection);
+	if (result != SASL_OK) {
+		printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+		return -1;
+	}
+
+	result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops);
+
+	if (result != SASL_OK) {
+		printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+		freeKerberosConnection();
+		return -1;
+	}
+
+	puts("[DEBUG] Generating client mechanism list...");
+	result = sasl_listmech(saslData->m_krbConnection, ext_authid, NULL, " ", NULL, &data, &len, &count);
+	if (result != SASL_OK) {
+		printf("[ERROR] Generating client mechanism list returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+		freeKerberosConnection();
+		return -1;
+	}
+
+	printf("[DEBUG] Sending list of %d mechanism(s)\n\r", count);
+	sendSASLDataToNetwork(data, len, socket());
+
+	printf("[DEBUG] Waiting for client mechanism...\n\r");
+	len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
+	if (strlen(buf) < len) {
+		printf("[DEBUG] Initial response received (%d < %d) [%s]\n\r", strlen(buf), len, buf);
+		// An initial response is present
+		data = buf + strlen(buf) + 1;
+		len = len - (unsigned) strlen(buf) - 1;
+	}
+	else {
+		data = NULL;
+		len = 0;
+	}
+	result = sasl_server_start(saslData->m_krbConnection, buf, data, len, &data, &len);
+	if (result != SASL_OK && result != SASL_CONTINUE) {
+		printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+		freeKerberosConnection();
+		return -1;
+	}
+
+	while (result == SASL_CONTINUE) {
+		if (data) {
+			printf("[DEBUG] Sending response...\n\r");
+			sendSASLDataToNetwork(data, len, socket());
+		}
+		else {
+			printf("[ERROR] No data to send!\n\r");
+			freeKerberosConnection();
+			return -1;
+		}
+		printf("[DEBUG] Waiting for client reply...\n\r");
+		len = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE);
+		data = NULL;
+		result = sasl_server_step(saslData->m_krbConnection, buf, len, &data, &len);
+		if (result != SASL_OK && result != SASL_CONTINUE) {
+			printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errdetail(saslData->m_krbConnection), result);
+			freeKerberosConnection();
+			return -1;
+		}
+	}
+	printf("[DEBUG] Negotiation complete\n\r");
+
+	if(serverlast && data) {
+		printf("[DEBUG] Additional information needed to be sent\n\r");
+		sendSASLDataToNetwork(data, len, socket());
+	}
+
+	result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data);
+	if (result != SASL_OK) {
+		printf("[WARNING] Unable to determine authenticated username!\n\r");
+	}
+	else {
+		printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
+	}
+
+	result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data);
+	if (result != SASL_OK) {
+		printf("[WARNING] Unable to determine authenticated realm!\n\r");
+	}
+	else {
+		printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
+	}
+
+	result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf);
+	if (result != SASL_OK) {
+		printf("[WARNING] Unable to determine SSF!\n\r");
+	}
+	else {
+		printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
+	}
+
+	return 0;
+}
--- a/lib/libtdekrb/src/tdekrbserversocket.h
+++ b/lib/libtdekrb/src/tdekrbserversocket.h
@ -0,0 +1,68 @@
+/***************************************************************************
+ *   Copyright (C) 2012 by Timothy Pearson                                 *
+ *   kb9vqf@pearsoncomputing.net                                           *
+ *                                                                         *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU General Public License as published by  *
+ *   the Free Software Foundation; either version 2 of the License, or     *
+ *   (at your option) any later version.                                   *
+ *                                                                         *
+ *   This program is distributed in the hope that it will be useful,       *
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ *   GNU General Public License for more details.                          *
+ *                                                                         *
+ *   You should have received a copy of the GNU General Public License     *
+ *   along with this program; if not, write to the                         *
+ *   Free Software Foundation, Inc.,                                       *
+ *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ ***************************************************************************/
+
+#ifndef TDEKRBSERVERSOCKET_H
+#define TDEKRBSERVERSOCKET_H
+
+#include <tqsocket.h>
+
+#define N_CALLBACKS 3
+
+class SASLDataPrivate;
+
+class TDEKerberosServerSocket : public TQSocket
+{
+	Q_OBJECT
+
+	public:
+		TDEKerberosServerSocket(TQObject *parent=0, const char *name=0);
+		virtual ~TDEKerberosServerSocket();
+
+		bool open(int mode);
+		void close();
+		Q_LONG readBlock(char *data, Q_ULONG maxlen);
+		Q_LONG writeBlock(const char *data, Q_ULONG len);
+		Q_LONG readLine(char *data, Q_ULONG maxlen);
+		TQString readLine();
+		void writeLine(TQString);
+
+		int setUsingKerberos(bool krbactive);
+		void setServiceName(TQString name);
+		void setServerFQDN(TQString name);
+
+	private:
+		int initializeKerberosInterface();
+		void freeKerberosConnection();
+		void sendSASLDataToNetwork(const char *buffer, unsigned length, int netfd);
+		unsigned int getSASLDataFromNetwork(char *buf, int trunclen);
+		int transmitEncryptedData(int fd, const char* readbuf, int cc);
+		int receiveEncryptedData(char *buf, int trunclen);
+
+	private:
+		bool m_kerberosRequested;
+		TQString m_serviceName;
+		TQString m_serverFQDN;
+
+	private:
+		SASLDataPrivate *saslData;
+		unsigned int m_negotiatedMaxBufferSize;
+};
+
+#endif // TDEKRBSERVERSOCKET_H
--- a/servers/auth_server_lin/src/Makefile.am
+++ b/servers/auth_server_lin/src/Makefile.am
@ -5,6 +5,6 @@ bin_PROGRAMS = remotefpga_authserver
 remotefpga_authserver_SOURCES = main.cpp auth_conn.cpp

 remotefpga_authserver_METASOURCES = AUTO
-remotefpga_authserver_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -lsasl2
+remotefpga_authserver_LDFLAGS = $(all_libraries) $(KDE_RPATH) $(LIB_QT) -lDCOP $(LIB_TDECORE) $(LIB_TDEUI) -ltdefx $(LIB_KIO) -lktexteditor -ltdekrbsocket

 KDE_OPTIONS = nofinal
--- a/servers/auth_server_lin/src/auth_conn.cpp
+++ b/servers/auth_server_lin/src/auth_conn.cpp
@ -30,15 +30,9 @@
  instance of this class.
 */
 AuthSocket::AuthSocket(int sock, TQObject *parent, const char *name) :
-	TQSocket( parent, name ) {
+	TDEKerberosServerSocket( parent, name ) {

-	iplocal = NULL;
-	ipremote = NULL;
-	searchpath = NULL;
-	service = "remotefpga";
-	localdomain = NULL;
-	userdomain = NULL;
-	conn = NULL;
+	setServiceName("remotefpga");

 	line = 0;
 	connect(this, SIGNAL(connectionClosed()), SLOT(deleteLater()));
@ -60,270 +54,22 @@ void AuthSocket::connectionClosedHandler() {
 }

 int AuthSocket::initiateKerberosHandshake() {
-	return authenticate_connection_with_kerberos(socket());
-}
-
-#define NET_SEC_BUF_SIZE (2048)
+	bool user_authorized = false;

-static int sasl_my_log(void *context __attribute__((unused)), int priority, const char *message) {
-	const char *label;
-	
-	if (!message) {
-		return SASL_BADPARAM;
-	}
-	
-	switch (priority) {
-		case SASL_LOG_ERR:
-			label = "Error";
-			break;
-		case SASL_LOG_NOTE:
-			label = "Info";
-			break;
-		default:
-			label = "Other";
-			break;
-	}
+	if (setUsingKerberos(true) == 0) {
+		// RAJA FIXME
+		if (user_authorized == 1) {
+			// Send list of available servers...
+			writeBlock("OK<EFBFBD>", strlen("OK<EFBFBD>"));
+		}
 	
-	printf("[SASL %s] %s\n\r", label, message);
+		writeBlock("TESTING", strlen("TESTING"));
 	
-	return SASL_OK;
-}
-
-sasl_callback_t callbacks[] = {
-	{SASL_CB_LOG, (sasl_callback_ft)&sasl_my_log, NULL},
-	{SASL_CB_LIST_END, NULL, NULL}
-};
-
-void AuthSocket::free_conn(void) {
-	if (conn) {
-		sasl_dispose(&conn);
-	}
-}
-
-void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length, int netfd)
-{
-	char *buf;
-	unsigned len, alloclen;
-	int result;
-
-	alloclen = ((length / 3) + 1) * 4 + 1;
-	buf = (char*)malloc(alloclen);
-	if (!buf) {
-		printf("[ERROR] Unable to malloc()!\n\r");
-		return;
-	}
-
-	result = sasl_encode64(buffer, length, buf, alloclen, &len);
-	if (result != SASL_OK) {
-		printf("[ERROR] Encoding data in base64 returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		return;
-	}
-
-	len = strlen(buf);
-	buf[len] = '\n';
-	buf[len+1] = 0;
-	write(netfd, buf, len+1);
-
-	free(buf);
-}
-
-unsigned int AuthSocket::get_sasl_data_from_network(char *buf) {
-	unsigned int len;
-	int result;
-
-	len = 0;
-	while (1) {
-		tqApp->processEvents();
-		if (state() != TQSocket::Connected) {
-			return -1;
-		}
-		if (readBlock(buf+len, 1) > 0) {
-			if (buf[len] == '\n') {
-				buf[len] = 0;
-				break;
-			}
-			if (buf[len] != '\r') {
-				len++;
-			}
-		}
-		if (len >= NET_SEC_BUF_SIZE) {
-			break;
-		}
-	}
-
-	len = strlen(buf);
-	result = sasl_decode64(buf, (unsigned) strlen(buf), buf, NET_SEC_BUF_SIZE, &len);
-	if (result != SASL_OK) {
-		printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		return -1;
-	}
-	buf[len] = '\0';
-
-	return len;
-}
-
-int AuthSocket::write_data_to_client(int fd, const char* readbuf, int cc) {
-	int result = 0;
-	unsigned int len;
-	const char *data;
-
-	result=sasl_encode(conn, readbuf, cc, &data, &len);
-	if (result != SASL_OK) {
-		printf("[ERROR] Encrypting data returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		return -1;
-	}
-	send_sasl_data_to_network(data, len, fd);
-
-	return 0;
-}
-
-int AuthSocket::receive_data_from_client(char *buf, int netfd) {
-	unsigned int recv_len;
-	const char *recv_data;
-	int result;
-	int len;
-
-	len = get_sasl_data_from_network(buf);
-	if (len >= 0) {
-		result=sasl_decode(conn, buf, len, &recv_data, &recv_len);
-		if (result != SASL_OK) {
-			printf("[ERROR] Decrypting data returned %s (%d)\n\r", sasl_errdetail(conn), result);
-			return -1;
-		}
-		strncpy(buf, recv_data, NET_SEC_BUF_SIZE);
-	}
-
-	return 0;
- }
-
-int AuthSocket::authenticate_connection_with_kerberos(int netfd) {
-	char buf[NET_SEC_BUF_SIZE];
-	int result = 0;
-	int serverlast = 0;
-	sasl_security_properties_t secprops;
-	const char *ext_authid = NULL;
-	unsigned int len;
-	int count;
-	const char *data;
-	char user_authorized = 0;
-	sasl_ssf_t *ssf;
-
-	// FIXME
-	// Initialize default data structures
-	memset(&secprops, 0L, sizeof(secprops));
-	secprops.maxbufsize = NET_SEC_BUF_SIZE;
-	secprops.max_ssf = UINT_MAX;
-
-	result = sasl_server_init(callbacks, "remotefpga");
-	if (result != SASL_OK) {
-		printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		return -1;
-	}
-
-	result = sasl_server_new(service, localdomain, userdomain, iplocal, ipremote, NULL, serverlast, &conn);
-	if (result != SASL_OK) {
-		printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		return -1;
-	}
-
-	result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
-
-	if (result != SASL_OK) {
-		printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		free_conn();
-		return -1;
-	}
-
-	puts("[DEBUG] Generating client mechanism list...");
-	result = sasl_listmech(conn, ext_authid, NULL, " ", NULL, &data, &len, &count);
-	if (result != SASL_OK) {
-		printf("[ERROR] Generating client mechanism list returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		free_conn();
-		return -1;
-	}
-
-	printf("[DEBUG] Sending list of %d mechanism(s)\n\r", count);
-	send_sasl_data_to_network(data, len, netfd);
-
-	printf("[DEBUG] Waiting for client mechanism...\n\r");
-	len = get_sasl_data_from_network(buf);
-	if (strlen(buf) < len) {
-		printf("[DEBUG] Initial response received (%d < %d) [%s]\n\r", strlen(buf), len, buf);
-		// An initial response is present
-		data = buf + strlen(buf) + 1;
-		len = len - (unsigned) strlen(buf) - 1;
+		return 0;
 	}
 	else {
-		data = NULL;
-		len = 0;
-	}
-	result = sasl_server_start(conn, buf, data, len, &data, &len);
-	if (result != SASL_OK && result != SASL_CONTINUE) {
-		printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errdetail(conn), result);
-		free_conn();
 		return -1;
 	}
-
-	while (result == SASL_CONTINUE) {
-		if (data) {
-			printf("[DEBUG] Sending response...\n\r");
-			send_sasl_data_to_network(data, len, netfd);
-		}
-		else {
-			printf("[ERROR] No data to send!\n\r");
-			free_conn();
-			return -1;
-		}
-		printf("[DEBUG] Waiting for client reply...\n\r");
-		len = get_sasl_data_from_network(buf);
-		data = NULL;
-		result = sasl_server_step(conn, buf, len, &data, &len);
-		if (result != SASL_OK && result != SASL_CONTINUE) {
-			printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errdetail(conn), result);
-			free_conn();
-			return -1;
-		}
-	}
-	printf("[DEBUG] Negotiation complete\n\r");
-
-	if(serverlast && data) {
-		printf("[DEBUG] Additional information needed to be sent\n\r");
-		send_sasl_data_to_network(data, len, netfd);
-	}
-
-	result = sasl_getprop(conn, SASL_USERNAME, (const void **)&data);
-	if (result != SASL_OK) {
-		printf("[WARNING] Unable to determine authenticated username!\n\r");
-	}
-	else {
-		printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)");
-	}
-
-	result = sasl_getprop(conn, SASL_DEFUSERREALM, (const void **)&data);
-	if (result != SASL_OK) {
-		printf("[WARNING] Unable to determine authenticated realm!\n\r");
-	}
-	else {
-		printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)");
-	}
-
-	result = sasl_getprop(conn, SASL_SSF, (const void **)&ssf);
-	if (result != SASL_OK) {
-		printf("[WARNING] Unable to determine SSF!\n\r");
-	}
-	else {
-		printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
-	}
-
-	// RAJA FIXME
-	if (user_authorized == 1) {
-		// Send list of available servers...
-		write_data_to_client(netfd, "OK<EFBFBD>", strlen("OK<EFBFBD>"));
-	}
-
-	write_data_to_client(netfd, "TESTING", strlen("TESTING"));
-
-	return 0;
 }

 /*
--- a/servers/auth_server_lin/src/auth_conn.h
+++ b/servers/auth_server_lin/src/auth_conn.h
@ -29,11 +29,9 @@
 #include <tqpushbutton.h>
 #include <tqtextstream.h>

-#include <sasl.h>
-#include <saslplug.h>
-#include <saslutil.h>
+#include <tdekrbserversocket.h>

-class AuthSocket : public TQSocket
+class AuthSocket : public TDEKerberosServerSocket
 {
 	Q_OBJECT

@ -45,27 +43,8 @@ class AuthSocket : public TQSocket
 		void close();
 		int initiateKerberosHandshake();

-	private:
-		void free_conn(void);
-		void send_sasl_data_to_network(const char *buffer, unsigned length, int netfd);
-		unsigned int get_sasl_data_from_network(char *buf);
-		int write_data_to_client(int fd, const char* readbuf, int cc);
-		int receive_data_from_client(char *buf, int netfd);
-		int authenticate_connection_with_kerberos(int netfd);
-
-		sasl_callback_t callbacks[];
-
 	private slots:
 		void connectionClosedHandler();
-
-	private:
-		char *iplocal;
-		char *ipremote;
-		char *searchpath;
-		const char *service;
-		char *localdomain;
-		char *userdomain;
-		sasl_conn_t *conn;
 	
 	private:
 		int line;