From e89735d72ae3b320c33f7ad95c3cbc9ea6d42f6c Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Thu, 28 Jun 2012 22:30:14 -0500 Subject: [PATCH] Convert krb client socket to stateful init --- clients/tde/src/app/remotemdi.cpp | 12 +- clients/tde/src/part/fpgaview/part.cpp | 6 +- lib/libtdekrb/src/tdekrbclientsocket.cpp | 330 +++++++++++++--------- lib/libtdekrb/src/tdekrbclientsocket.h | 17 ++ lib/libtdekrb/src/tdekrbserversocket.cpp | 23 +- servers/auth_server_lin/src/auth_conn.cpp | 30 +- 6 files changed, 260 insertions(+), 158 deletions(-) diff --git a/clients/tde/src/app/remotemdi.cpp b/clients/tde/src/app/remotemdi.cpp index 3ecf181..3e5c075 100644 --- a/clients/tde/src/app/remotemdi.cpp +++ b/clients/tde/src/app/remotemdi.cpp @@ -168,7 +168,11 @@ void RemoteMDI::connectToServer() { connectionTimeout.stop(); if (m_rsvSvrSocket->state() == TQSocket::Connected) { printf("[DEBUG] Initial connection established...\n\r"); fflush(stdout); - if (m_rsvSvrSocket->setUsingKerberos(true) != 0) { + m_rsvSvrSocket->setUsingKerberos(true); + while (m_rsvSvrSocket->kerberosStatus() == TDEKerberosClientSocket::KerberosInitializing) { + tqApp->processEvents(); + } + if (m_rsvSvrSocket->kerberosStatus() != TDEKerberosClientSocket::KerberosInUse) { disconnectFromServer(); KMessageBox::error(this, i18n("Unable to establish Kerberos protocol with remote server

Please verify that you currently hold a valid Kerberos ticket"), i18n("Connection Failed")); } @@ -344,11 +348,7 @@ void RemoteMDI::childWindowCloseRequest(KMdiChildView *pWnd) { iview->closeConnections(); iview->hide(); - // RAJA FIXME - // Executing KMdiMainFrm::childWindowCloseRequest(pWnd) here will probably cause a crash - // We need to call this AFTER control has been returned to the main event loop at least once - // This is related to my lack of proper returning to the event loop, which MUST BE FIXED -// KMdiMainFrm::childWindowCloseRequest(pWnd); // RAJA UNCOMMENT ME + KMdiMainFrm::childWindowCloseRequest(pWnd); } } diff --git a/clients/tde/src/part/fpgaview/part.cpp b/clients/tde/src/part/fpgaview/part.cpp index 52a1d92..2b3cf8d 100644 --- a/clients/tde/src/part/fpgaview/part.cpp +++ b/clients/tde/src/part/fpgaview/part.cpp @@ -158,8 +158,12 @@ printf("[RAJA DEBUG 200.1] In FPGAViewPart::connectToServer TRIED TO CONNECT TWI if (m_socket->state() != TQSocket::Connected) { return -1; } - if (m_socket->setUsingKerberos(true) != 0) { + m_socket->setUsingKerberos(true); + while (m_socket->kerberosStatus() == TDEKerberosClientSocket::KerberosInitializing) { + tqApp->eventLoop()->processEvents(TQEventLoop::AllEvents); if (!m_socket) return -1; // Any entry into the event loop could end up deleting the socket object depending on user interaction + } + if (m_socket->kerberosStatus() != TDEKerberosClientSocket::KerberosInUse) { m_socket->close(); KMessageBox::error(0, i18n("Unable to establish Kerberos protocol with remote server

Please verify that you currently hold a valid Kerberos ticket"), i18n("Connection Failed")); return -1; diff --git a/lib/libtdekrb/src/tdekrbclientsocket.cpp b/lib/libtdekrb/src/tdekrbclientsocket.cpp index 2736f5a..24acb29 100644 --- a/lib/libtdekrb/src/tdekrbclientsocket.cpp +++ b/lib/libtdekrb/src/tdekrbclientsocket.cpp @@ -23,6 +23,8 @@ #include #include +#include +#include #include #include @@ -33,17 +35,17 @@ #define NET_SEC_BUF_SIZE (2048) // When control comes back from processEvents() my object may be completely gone! This attempts to mitigate the risk -#define SAFELY_PROCESS_EVENTS if (!m_canary) { \ - m_canary = new bool; \ - *m_canary = false; \ - } \ - bool* canary = m_canary; \ - tqApp->processEvents(); \ - if (*canary == true) { \ - delete canary; \ - return -1; \ - } \ - delete m_canary; \ +#define SAFELY_PROCESS_EVENTS if (!m_canary) { \ + m_canary = new bool; \ + *m_canary = false; \ + } \ + bool* canary = m_canary; \ + tqApp->eventLoop()->processEvents(TQEventLoop::ExcludeUserInput); \ + if (*canary == true) { \ + delete canary; \ + return -1; \ + } \ + delete m_canary; \ m_canary = NULL; /* exception handling */ @@ -93,7 +95,7 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority, return SASL_OK; } -TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_criticalSection(0), m_bufferLength(0), m_canary(NULL), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) { +TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_criticalSection(0), m_bufferLength(0), m_krbInitRunning(false), m_krbInitState(-1), m_canary(NULL), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) { saslData = new SASLDataPrivate; saslData->m_krbConnection = NULL; m_buffer = new TQBuffer(); @@ -122,7 +124,7 @@ void TDEKerberosClientSocket::close() { } void TDEKerberosClientSocket::flush() { - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { // FIXME // If a write buffer is implemented, it will need to be flushed before the following call is made TQSocket::flush(); @@ -135,7 +137,7 @@ void TDEKerberosClientSocket::flush() { TQIODevice::Offset TDEKerberosClientSocket::size() const { TQIODevice::Offset ret; - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { ret = m_bufferLength; } else { @@ -153,7 +155,7 @@ bool TDEKerberosClientSocket::at(TQIODevice::Offset off) { long i; bool ret; - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { if (off > 0) { // Prevent overflow if (off > (unsigned long)m_bufferLength) { @@ -184,7 +186,7 @@ bool TDEKerberosClientSocket::at(TQIODevice::Offset off) { bool TDEKerberosClientSocket::atEnd() const { bool ret; - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { ret = TQSocket::atEnd(); } else { @@ -205,7 +207,7 @@ int TDEKerberosClientSocket::setUsingKerberos(bool krbactive) { if (krbactive) { m_kerberosRequested = true; if ((!saslData->m_krbConnection) && (state() == TQSocket::Connected)) { - ret = initializeKerberosInterface(); + initializeKerberosInterface(); } } else { @@ -230,7 +232,7 @@ TQ_LONG TDEKerberosClientSocket::readBlock(char *data, TQ_ULONG maxlen) { long i; TQ_LONG ret; - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { int reclen; int wrlen; char* buf = (char*)malloc(m_negotiatedMaxBufferSize); @@ -277,7 +279,7 @@ TQ_LONG TDEKerberosClientSocket::readBlock(char *data, TQ_ULONG maxlen) { TQ_LONG TDEKerberosClientSocket::writeBlock(const char *data, TQ_ULONG len) { TQ_LONG ret; - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { ret = transmitEncryptedData(socket(), data, len); } else { @@ -291,7 +293,7 @@ TQ_LONG TDEKerberosClientSocket::readLine(char *data, TQ_ULONG maxlen) { long i; TQ_LONG ret; - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { int reclen; int wrlen; char* buf = (char*)malloc(m_negotiatedMaxBufferSize); @@ -340,7 +342,7 @@ TQString TDEKerberosClientSocket::readLine() { TQString ret; long maxlen; - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { int reclen; int wrlen; int readlen; @@ -393,7 +395,7 @@ TQString TDEKerberosClientSocket::readLine() { } void TDEKerberosClientSocket::writeLine(TQString str) { - if (m_kerberosRequested) { + if (kerberosStatus() == KerberosInUse) { transmitEncryptedData(socket(), str.ascii(), str.length()); } else { @@ -561,6 +563,168 @@ int TDEKerberosClientSocket::receiveEncryptedData(char *buf, unsigned int truncl return recv_len; } +TDEKerberosClientSocket::KerberosStatus TDEKerberosClientSocket::kerberosStatus() const { + if (!m_kerberosRequested) { + return KerberosNotRequested; + } + if (m_krbInitRunning) { + return KerberosInitializing; + } + if (m_krbInitState < 0) { + return KerberosFailure; + } + return KerberosInUse; +} + +void TDEKerberosClientSocket::continueKerberosInitialization() { + int slen; + char buf[NET_SEC_BUF_SIZE]; + unsigned int len; + const char *data; + const char *chosenmech; + sasl_ssf_t *ssf; + + if (m_krbInitRunning) { + switch (m_krbInitState) { + case 0: + if (state() == TQSocket::Connected) { + if (canReadLine()) { + printf("[DEBUG] Waiting for mechanism list from server...\n\r"); + slen = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE); + if (slen < 0) { + m_krbInitState = -2; + m_krbInitRunning = false; + return; + } + len = slen; + + printf("Choosing best mechanism from: %s\n", buf); + + m_krbInitResult = sasl_client_start(saslData->m_krbConnection, buf, NULL, &data, &len, &chosenmech); + if (m_krbInitResult != SASL_OK && m_krbInitResult != SASL_CONTINUE) { + printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); + freeKerberosConnection(); + m_krbInitState = -1; + m_krbInitRunning = false; + return; + } + + printf("[DEBUG] Using mechanism %s\n\r", chosenmech); + strcpy(buf, chosenmech); + if (data) { + if (NET_SEC_BUF_SIZE - strlen(buf) - 1 < len) { + printf("[ERROR] Insufficient buffer space to construct initial response!\n\r"); + freeKerberosConnection(); + m_krbInitState = -1; + m_krbInitRunning = false; + return; + } + printf("[DEBUG] Preparing initial response...\n\r"); + memcpy(buf + strlen(buf) + 1, data, len); + len += (unsigned) strlen(buf) + 1; + data = NULL; + } + else { + len = (unsigned) strlen(buf); + } + + printf("[DEBUG] Sending initial response...\n\r"); + sendSASLDataToNetwork(buf, len, socket()); + + m_krbInitState = 1; + } + } + else { + m_krbInitState = -3; + m_krbInitRunning = false; + } + break; + case 1: + if (state() == TQSocket::Connected) { + if (m_krbInitResult == SASL_CONTINUE) { + if (canReadLine()) { + printf("[DEBUG] Waiting for server reply...\n\r"); + slen = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE); + if (slen < 0) { + m_krbInitState = -2; + m_krbInitRunning = false; + return; + } + len = slen; + m_krbInitResult = sasl_client_step(saslData->m_krbConnection, buf, len, NULL, &data, &len); + if (m_krbInitResult != SASL_OK && m_krbInitResult != SASL_CONTINUE) { + printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); + freeKerberosConnection(); + m_krbInitState = -1; + m_krbInitRunning = false; + return; + } + if (data && len) { + printf("[DEBUG] Sending response...\n\r"); + sendSASLDataToNetwork(data, len, socket()); + } + else if (m_krbInitResult != SASL_OK || !m_krbInitServerLast) { + sendSASLDataToNetwork("", 0, socket()); + } + } + } + else { + printf("[DEBUG] Negotiation complete!\n\r"); + m_krbInitState = 2; + } + } + else { + m_krbInitState = -3; + m_krbInitRunning = false; + } + break; + case 2: + if (state() == TQSocket::Connected) { + m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data); + if (m_krbInitResult != SASL_OK) { + printf("[WARNING] Unable to determine authenticated username!\n\r"); + } + else { + printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)"); + } + + m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data); + if (m_krbInitResult != SASL_OK) { + printf("[WARNING] Unable to determine authenticated realm!\n\r"); + } + else { + printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)"); + } + + m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf); + if (m_krbInitResult != SASL_OK) { + printf("[WARNING] Unable to determine SSF!\n\r"); + } + else { + printf("[DEBUG] Authenticated SSF: %d\n", *ssf); + } + + m_krbInitResult = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize); + if (m_krbInitResult != SASL_OK) { + printf("[WARNING] Unable to determine maximum buffer size!\n\r"); + m_negotiatedMaxBufferSize = NET_SEC_BUF_SIZE; + } + else { + printf("[DEBUG] Maximum buffer size: %d\n", m_negotiatedMaxBufferSize); + } + m_krbInitState = 3; + m_krbInitRunning = false; + } + else { + m_krbInitState = -3; + m_krbInitRunning = false; + } + break; + } + TQTimer::singleShot(0, this, SLOT(continueKerberosInitialization())); + } +} + int TDEKerberosClientSocket::initializeKerberosInterface() { if (state() != TQSocket::Connected) { saslData->m_krbConnection = false; @@ -568,15 +732,9 @@ int TDEKerberosClientSocket::initializeKerberosInterface() { } sasl_callback_t *callback; - char buf[NET_SEC_BUF_SIZE]; - int result = 0; - int serverlast = 0; + m_krbInitResult = 0; + m_krbInitServerLast = 0; sasl_security_properties_t secprops; - const char *chosenmech; - unsigned int len; - int slen; - const char *data; - sasl_ssf_t *ssf; char *iplocal = NULL; char *ipremote = NULL; const char *service = m_serviceName.ascii(); @@ -601,116 +759,28 @@ int TDEKerberosClientSocket::initializeKerberosInterface() { secprops.maxbufsize = NET_SEC_BUF_SIZE; secprops.max_ssf = UINT_MAX; - result = sasl_client_init(saslData->m_callbacks); - if (result != SASL_OK) { - printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result); - return -1; - } - - result = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, serverlast, &saslData->m_krbConnection); - if (result != SASL_OK) { - printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result); + m_krbInitResult = sasl_client_init(saslData->m_callbacks); + if (m_krbInitResult != SASL_OK) { + printf("[ERROR] Initializing libsasl returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); return -1; } - result = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops); - if (result != SASL_OK) { - printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result); - freeKerberosConnection(); + m_krbInitResult = sasl_client_new(service, fqdn, iplocal, ipremote, NULL, m_krbInitServerLast, &saslData->m_krbConnection); + if (m_krbInitResult != SASL_OK) { + printf("[ERROR] Allocating sasl connection state returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); return -1; } - printf("[DEBUG] Waiting for mechanism list from server...\n\r"); - slen = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE); - if (slen < 0) { - return -2; - } - len = slen; - - printf("Choosing best mechanism from: %s\n", buf); - - result = sasl_client_start(saslData->m_krbConnection, buf, NULL, &data, &len, &chosenmech); - if (result != SASL_OK && result != SASL_CONTINUE) { - printf("[ERROR] Starting SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result); + m_krbInitResult = sasl_setprop(saslData->m_krbConnection, SASL_SEC_PROPS, &secprops); + if (m_krbInitResult != SASL_OK) { + printf("[ERROR] Setting security properties returned %s (%d)\n\r", sasl_errstring(m_krbInitResult, NULL, NULL), m_krbInitResult); freeKerberosConnection(); return -1; } - printf("[DEBUG] Using mechanism %s\n\r", chosenmech); - strcpy(buf, chosenmech); - if (data) { - if (NET_SEC_BUF_SIZE - strlen(buf) - 1 < len) { - printf("[ERROR] Insufficient buffer space to construct initial response!\n\r"); - freeKerberosConnection(); - return -1; - } - printf("[DEBUG] Preparing initial response...\n\r"); - memcpy(buf + strlen(buf) + 1, data, len); - len += (unsigned) strlen(buf) + 1; - data = NULL; - } - else { - len = (unsigned) strlen(buf); - } - - printf("[DEBUG] Sending initial response...\n\r"); - sendSASLDataToNetwork(buf, len, socket()); - - while (result == SASL_CONTINUE) { - printf("[DEBUG] Waiting for server reply...\n\r"); - slen = getSASLDataFromNetwork(buf, NET_SEC_BUF_SIZE); - if (slen < 0) { - return -2; - } - len = slen; - result = sasl_client_step(saslData->m_krbConnection, buf, len, NULL, &data, &len); - if (result != SASL_OK && result != SASL_CONTINUE) { - printf("[ERROR] Performing SASL negotiation returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result); - freeKerberosConnection(); - return -1; - } - if (data && len) { - printf("[DEBUG] Sending response...\n\r"); - sendSASLDataToNetwork(data, len, socket()); - } - else if (result != SASL_OK || !serverlast) { - sendSASLDataToNetwork("", 0, socket()); - } - } - printf("[DEBUG] Negotiation complete!\n\r"); - - result = sasl_getprop(saslData->m_krbConnection, SASL_USERNAME, (const void **)&data); - if (result != SASL_OK) { - printf("[WARNING] Unable to determine authenticated username!\n\r"); - } - else { - printf("[DEBUG] Authenticated username: %s\n\r", data ? data : "(NULL)"); - } - - result = sasl_getprop(saslData->m_krbConnection, SASL_DEFUSERREALM, (const void **)&data); - if (result != SASL_OK) { - printf("[WARNING] Unable to determine authenticated realm!\n\r"); - } - else { - printf("[DEBUG] Authenticated realm: %s\n\r", data ? data : "(NULL)"); - } - - result = sasl_getprop(saslData->m_krbConnection, SASL_SSF, (const void **)&ssf); - if (result != SASL_OK) { - printf("[WARNING] Unable to determine SSF!\n\r"); - } - else { - printf("[DEBUG] Authenticated SSF: %d\n", *ssf); - } - - result = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize); - if (result != SASL_OK) { - printf("[WARNING] Unable to determine maximum buffer size!\n\r"); - m_negotiatedMaxBufferSize = NET_SEC_BUF_SIZE; - } - else { - printf("[DEBUG] Maximum buffer size: %d\n", m_negotiatedMaxBufferSize); - } + m_krbInitRunning = true; + m_krbInitState = 0; + TQTimer::singleShot(0, this, SLOT(continueKerberosInitialization())); return 0; } \ No newline at end of file diff --git a/lib/libtdekrb/src/tdekrbclientsocket.h b/lib/libtdekrb/src/tdekrbclientsocket.h index ddba47a..48ec09a 100644 --- a/lib/libtdekrb/src/tdekrbclientsocket.h +++ b/lib/libtdekrb/src/tdekrbclientsocket.h @@ -32,6 +32,14 @@ class TDEKerberosClientSocket : public TQSocket { Q_OBJECT + public: + enum KerberosStatus { + KerberosNotRequested, + KerberosFailure, + KerberosInitializing, + KerberosInUse + }; + public: TDEKerberosClientSocket(TQObject *parent=0, const char *name=0); virtual ~TDEKerberosClientSocket(); @@ -54,6 +62,8 @@ class TDEKerberosClientSocket : public TQSocket void setServiceName(TQString name); void setServerFQDN(TQString name); + KerberosStatus kerberosStatus() const; + private: int initializeKerberosInterface(); void freeKerberosConnection(); @@ -62,6 +72,9 @@ class TDEKerberosClientSocket : public TQSocket int transmitEncryptedData(int fd, const char* readbuf, int cc); int receiveEncryptedData(char *buf, unsigned int trunclen, bool shouldblock=true); + private slots: + void continueKerberosInitialization(); + private: bool m_kerberosRequested; TQString m_serviceName; @@ -69,11 +82,15 @@ class TDEKerberosClientSocket : public TQSocket int m_criticalSection; TQBuffer* m_buffer; long m_bufferLength; + bool m_krbInitRunning; + int m_krbInitState; bool* m_canary; private: SASLDataPrivate *saslData; unsigned int m_negotiatedMaxBufferSize; + int m_krbInitResult; + int m_krbInitServerLast; }; #endif // TDEKRBCLIENTSOCKET_H \ No newline at end of file diff --git a/lib/libtdekrb/src/tdekrbserversocket.cpp b/lib/libtdekrb/src/tdekrbserversocket.cpp index e1e2c02..8e5c071 100644 --- a/lib/libtdekrb/src/tdekrbserversocket.cpp +++ b/lib/libtdekrb/src/tdekrbserversocket.cpp @@ -23,6 +23,7 @@ #include #include +#include #include #include @@ -33,17 +34,17 @@ #define NET_SEC_BUF_SIZE (2048) // When control comes back from processEvents() my object may be completely gone! This attempts to mitigate the risk -#define SAFELY_PROCESS_EVENTS if (!m_canary) { \ - m_canary = new bool; \ - *m_canary = false; \ - } \ - bool* canary = m_canary; \ - tqApp->processEvents(); \ - if (*canary == true) { \ - delete canary; \ - return -1; \ - } \ - delete m_canary; \ +#define SAFELY_PROCESS_EVENTS if (!m_canary) { \ + m_canary = new bool; \ + *m_canary = false; \ + } \ + bool* canary = m_canary; \ + tqApp->eventLoop()->processEvents(TQEventLoop::ExcludeUserInput); \ + if (*canary == true) { \ + delete canary; \ + return -1; \ + } \ + delete m_canary; \ m_canary = NULL; /* exception handling */ diff --git a/servers/auth_server_lin/src/auth_conn.cpp b/servers/auth_server_lin/src/auth_conn.cpp index 451b8d9..87eb314 100644 --- a/servers/auth_server_lin/src/auth_conn.cpp +++ b/servers/auth_server_lin/src/auth_conn.cpp @@ -125,6 +125,7 @@ void AuthSocket::servLoop() { if (m_servActive) { TQString command; TQDataStream ds(this); + TDEKerberosClientSocket::KerberosStatus krbstat; switch (m_servState) { case 0: @@ -153,14 +154,7 @@ void AuthSocket::servLoop() { break; case 1: if (m_servClientSocket->state() == TQSocket::Connected) { - if (m_servClientSocket->setUsingKerberos(true) != 0) { - m_servClientSocket->close(); - ds << TQString("ERRNOTAVL"); - printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to Kerberos failure\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout); - m_servActive = false; - delete m_servClientTimeout; - m_servClientTimeout = NULL; - } + m_servClientSocket->setUsingKerberos(true); m_servState = 2; } else { @@ -173,6 +167,22 @@ void AuthSocket::servLoop() { } break; case 2: + krbstat = m_servClientSocket->kerberosStatus(); + if ((krbstat == TDEKerberosClientSocket::KerberosInitializing) || (krbstat == TDEKerberosClientSocket::KerberosInUse)) { + if (krbstat == TDEKerberosClientSocket::KerberosInUse) { + m_servState = 3; + } + } + else { + m_servClientSocket->close(); + ds << TQString("ERRNOTAVL"); + printf("[DEBUG] Connection failed to %s:%d for user %s@%s due to Kerberos failure\n\r", m_srvServiceHostName.ascii(), m_srvServicePort, m_authenticatedUserName.ascii(), m_authenticatedRealmName.ascii()); fflush(stdout); + m_servActive = false; + delete m_servClientTimeout; + m_servClientTimeout = NULL; + } + break; + case 3: if (!m_servClientTimeout) { m_servClientTimeout = new TQTimer(); m_servClientTimeout->start(5000, TRUE); @@ -185,7 +195,7 @@ void AuthSocket::servLoop() { clientDS >> server_reply; if (server_reply == "OK") { ds << TQString("OK"); - m_servState = 3; + m_servState = 4; } else { m_servClientSocket->close(); @@ -217,7 +227,7 @@ void AuthSocket::servLoop() { m_servClientTimeout = NULL; } break; - case 3: + case 4: if (m_servClientSocket->state() == TQSocket::Connected) { TQByteArray ba(8192); TQ_ULONG reclen;