Remove artificial buffer size limitation on Kerberos client socket

13 years ago · 951f353db8
parent 0c68d7df39
commit 951f353db8
3 changed files with 36 additions and 19 deletions
--- a/lib/libtdekrb/src/tdekrbsocket.cpp
+++ b/lib/libtdekrb/src/tdekrbsocket.cpp
@ -40,11 +40,11 @@ class SASLDataPrivate

 static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
 	const char *label;
-	
+
 	if (!message) {
 		return SASL_BADPARAM;
 	}
-	
+
 	switch (priority) {
 		case SASL_LOG_ERR:
 			label = "Error";
@ -56,13 +56,13 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority,
 			label = "Other";
 			break;
 	}
-	
+
 	printf("[SASL %s] %s\n\r", label, message);
 	
 	return SASL_OK;
 }

-TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false) {
+TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) {
 	saslData = new SASLDataPrivate;
 	saslData->m_krbConnection = NULL;
 }
@ -140,11 +140,13 @@ Q_LONG TDEKerberosClientSocket::readLine(char *data, Q_ULONG maxlen) {

 TQString TDEKerberosClientSocket::readLine() {
 	TQString ret;
-	char buf[NET_SEC_BUF_SIZE];
+	char *buf;

 	if (m_kerberosRequested) {
-		receiveEncryptedData(buf, NET_SEC_BUF_SIZE);
+		buf = (char*)malloc(m_negotiatedMaxBufferSize);
+		receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
 		ret = TQString(buf);
+		free(buf);
 	}
 	else {
 		ret = TQSocket::readLine();
@ -173,7 +175,6 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned
 	char *buf;
 	unsigned len, alloclen;
 	int result;
-	char txbuf[NET_SEC_BUF_SIZE];

 	alloclen = ((length / 3) + 1) * 4 + 1;
 	buf = (char*)malloc(alloclen);
@ -188,8 +189,10 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned
 		return;
 	}

-	sprintf(txbuf, "%s\n", buf);
-	write(netfd, txbuf, strlen(txbuf));
+	len = strlen(buf);
+	buf[len] = '\n';
+	buf[len+1] = 0;
+	write(netfd, buf, len+1);

 	free(buf);
 }
@ -198,28 +201,31 @@ unsigned int TDEKerberosClientSocket::getSASLDataFromNetwork(char *buf, int trun
 	unsigned int len;
 	int result;

+	TQByteArray ba(2048);
+
 	len = 0;
 	while (1) {
 		tqApp->processEvents();
 		if (state() != TQSocket::Connected) {
 			return -1;
 		}
-		if (TQSocket::readBlock(buf+len, 1) > 0) {
-			if (buf[len] == '\n') {
-				buf[len] = 0;
+		if (TQSocket::readBlock(ba.data()+len, 1) > 0) {
+			if (ba.data()[len] == '\n') {
+				ba.data()[len] = 0;
 				break;
 			}
-			if (buf[len] != '\r') {
+			if (ba.data()[len] != '\r') {
 				len++;
 			}
 		}
-		if (len >= trunclen) {
+		if (len >= (ba.size()-1)) {
+			ba.resize(ba.size()+2048);
 			break;
 		}
 	}

-	len = strlen(buf);
-	result = sasl_decode64(buf, (unsigned) strlen(buf), buf, trunclen, &len);
+	len = strlen(ba.data());
+	result = sasl_decode64(ba.data(), strlen(ba.data()), buf, trunclen, &len);
 	if (result != SASL_OK) {
 		printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
 		return -1;
@ -400,5 +406,14 @@ int TDEKerberosClientSocket::initializeKerberosInterface() {
 		printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
 	}

+	result = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize);
+	if (result != SASL_OK) {
+		printf("[WARNING] Unable to determine maximum buffer size!\n\r");
+		m_negotiatedMaxBufferSize = NET_SEC_BUF_SIZE;
+	}
+	else {
+		printf("[DEBUG] Maximum buffer size: %d\n", m_negotiatedMaxBufferSize);
+	}
+
 	return 0;
 }
--- a/lib/libtdekrb/src/tdekrbsocket.h
+++ b/lib/libtdekrb/src/tdekrbsocket.h
@ -62,6 +62,7 @@ class TDEKerberosClientSocket : public TQSocket

 	private:
 		SASLDataPrivate *saslData;
+		unsigned int m_negotiatedMaxBufferSize;
 };

 #endif // TDEKRBSOCKET_H
--- a/servers/auth_server_lin/src/auth_conn.cpp
+++ b/servers/auth_server_lin/src/auth_conn.cpp
@ -105,7 +105,6 @@ void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length,
 	char *buf;
 	unsigned len, alloclen;
 	int result;
-	char txbuf[NET_SEC_BUF_SIZE];

 	alloclen = ((length / 3) + 1) * 4 + 1;
 	buf = (char*)malloc(alloclen);
@ -120,8 +119,10 @@ void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length,
 		return;
 	}

-	sprintf(txbuf, "%s\n", buf);
-	write(netfd, txbuf, strlen(txbuf));
+	len = strlen(buf);
+	buf[len] = '\n';
+	buf[len+1] = 0;
+	write(netfd, buf, len+1);

 	free(buf);
 }