uLab
/
remotelaboratory
mirror of https://mirror.git.trinitydesktop.org/gitea/uLab/remotelaboratory
0
0
Fork 0
Code Issues Releases Wiki Activity

Remove artificial buffer size limitation on Kerberos client socket

Browse Source
master
Timothy Pearson 12 years ago
parent 0c68d7df39
commit 951f353db8
3 changed files with 36 additions and 19 deletions
Show Stats Download Patch File Download Diff File

47
lib/libtdekrb/src/tdekrbsocket.cpp
Unescape View File

@ -40,11 +40,11 @@ class SASLDataPrivate
static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) { static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) {
const char *label; const char *label;
if (!message) { if (!message) {
return SASL_BADPARAM; return SASL_BADPARAM;
} }
switch (priority) { switch (priority) {
case SASL_LOG_ERR: case SASL_LOG_ERR:
label = "Error"; label = "Error";
@ -56,13 +56,13 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority,
label = "Other"; label = "Other";
break; break;
} }
printf("[SASL %s] %s\n\r", label, message); printf("[SASL %s] %s\n\r", label, message);
return SASL_OK; return SASL_OK;
} }
TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false) { TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) {
saslData = new SASLDataPrivate; saslData = new SASLDataPrivate;
saslData->m_krbConnection = NULL; saslData->m_krbConnection = NULL;
} }
@ -140,11 +140,13 @@ Q_LONG TDEKerberosClientSocket::readLine(char *data, Q_ULONG maxlen) {
TQString TDEKerberosClientSocket::readLine() { TQString TDEKerberosClientSocket::readLine() {
TQString ret; TQString ret;
char buf[NET_SEC_BUF_SIZE]; char *buf;
if (m_kerberosRequested) { if (m_kerberosRequested) {
receiveEncryptedData(buf, NET_SEC_BUF_SIZE); buf = (char*)malloc(m_negotiatedMaxBufferSize);
receiveEncryptedData(buf, m_negotiatedMaxBufferSize);
ret = TQString(buf); ret = TQString(buf);
free(buf);
} }
else { else {
ret = TQSocket::readLine(); ret = TQSocket::readLine();
@ -173,7 +175,6 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned
char *buf; char *buf;
unsigned len, alloclen; unsigned len, alloclen;
int result; int result;
char txbuf[NET_SEC_BUF_SIZE];
alloclen = ((length / 3) + 1) * 4 + 1; alloclen = ((length / 3) + 1) * 4 + 1;
buf = (char*)malloc(alloclen); buf = (char*)malloc(alloclen);
@ -188,8 +189,10 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned
return; return;
} }
sprintf(txbuf, "%s\n", buf); len = strlen(buf);
write(netfd, txbuf, strlen(txbuf)); buf[len] = '\n';
buf[len+1] = 0;
write(netfd, buf, len+1);
free(buf); free(buf);
} }
@ -198,28 +201,31 @@ unsigned int TDEKerberosClientSocket::getSASLDataFromNetwork(char *buf, int trun
unsigned int len; unsigned int len;
int result; int result;
TQByteArray ba(2048);
len = 0; len = 0;
while (1) { while (1) {
tqApp->processEvents(); tqApp->processEvents();
if (state() != TQSocket::Connected) { if (state() != TQSocket::Connected) {
return -1; return -1;
} }
if (TQSocket::readBlock(buf+len, 1) > 0) { if (TQSocket::readBlock(ba.data()+len, 1) > 0) {
if (buf[len] == '\n') { if (ba.data()[len] == '\n') {
buf[len] = 0; ba.data()[len] = 0;
break; break;
} }
if (buf[len] != '\r') { if (ba.data()[len] != '\r') {
len++; len++;
} }
} }
if (len >= trunclen) { if (len >= (ba.size()-1)) {
ba.resize(ba.size()+2048);
break; break;
} }
} }
len = strlen(buf); len = strlen(ba.data());
result = sasl_decode64(buf, (unsigned) strlen(buf), buf, trunclen, &len); result = sasl_decode64(ba.data(), strlen(ba.data()), buf, trunclen, &len);
if (result != SASL_OK) { if (result != SASL_OK) {
printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result); printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result);
return -1; return -1;
@ -400,5 +406,14 @@ int TDEKerberosClientSocket::initializeKerberosInterface() {
printf("[DEBUG] Authenticated SSF: %d\n", *ssf); printf("[DEBUG] Authenticated SSF: %d\n", *ssf);
} }
result = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize);
if (result != SASL_OK) {
printf("[WARNING] Unable to determine maximum buffer size!\n\r");
m_negotiatedMaxBufferSize = NET_SEC_BUF_SIZE;
}
else {
printf("[DEBUG] Maximum buffer size: %d\n", m_negotiatedMaxBufferSize);
}
return 0; return 0;
} }

1
lib/libtdekrb/src/tdekrbsocket.h
Unescape View File

@ -62,6 +62,7 @@ class TDEKerberosClientSocket : public TQSocket
private: private:
SASLDataPrivate *saslData; SASLDataPrivate *saslData;
unsigned int m_negotiatedMaxBufferSize;
}; };
#endif // TDEKRBSOCKET_H #endif // TDEKRBSOCKET_H

7
servers/auth_server_lin/src/auth_conn.cpp
Unescape View File

@ -105,7 +105,6 @@ void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length,
char *buf; char *buf;
unsigned len, alloclen; unsigned len, alloclen;
int result; int result;
char txbuf[NET_SEC_BUF_SIZE];
alloclen = ((length / 3) + 1) * 4 + 1; alloclen = ((length / 3) + 1) * 4 + 1;
buf = (char*)malloc(alloclen); buf = (char*)malloc(alloclen);
@ -120,8 +119,10 @@ void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length,
return; return;
} }
sprintf(txbuf, "%s\n", buf); len = strlen(buf);
write(netfd, txbuf, strlen(txbuf)); buf[len] = '\n';
buf[len+1] = 0;
write(netfd, buf, len+1);
free(buf); free(buf);
} }

Write Preview
Loading…
Cancel
Save