diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-19 01:23:31 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2012-06-19 01:23:31 -0500 |
| commit | 951f353db8f89fdf6949744ae807c43c336b6ba0 (patch) | |
| tree | ea03675528cfdc69e4ac70999c818addf463e0fb | |
| parent | 0c68d7df3940b19ef5690a6ee26cede4e25adf2d (diff) | |
| download | ulab-951f353db8f89fdf6949744ae807c43c336b6ba0.tar.gz ulab-951f353db8f89fdf6949744ae807c43c336b6ba0.zip | |
Remove artificial buffer size limitation on Kerberos client socket
| -rw-r--r-- | lib/libtdekrb/src/tdekrbsocket.cpp | 47 | ||||
| -rw-r--r-- | lib/libtdekrb/src/tdekrbsocket.h | 1 | ||||
| -rw-r--r-- | servers/auth_server_lin/src/auth_conn.cpp | 7 |
3 files changed, 36 insertions, 19 deletions
diff --git a/lib/libtdekrb/src/tdekrbsocket.cpp b/lib/libtdekrb/src/tdekrbsocket.cpp index 30f28d2..19b666a 100644 --- a/lib/libtdekrb/src/tdekrbsocket.cpp +++ b/lib/libtdekrb/src/tdekrbsocket.cpp @@ -40,11 +40,11 @@ class SASLDataPrivate static int logSASLMessages(void *context __attribute__((unused)), int priority, const char *message) { const char *label; - + if (!message) { return SASL_BADPARAM; } - + switch (priority) { case SASL_LOG_ERR: label = "Error"; @@ -56,13 +56,13 @@ static int logSASLMessages(void *context __attribute__((unused)), int priority, label = "Other"; break; } - + printf("[SASL %s] %s\n\r", label, message); return SASL_OK; } -TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false) { +TDEKerberosClientSocket::TDEKerberosClientSocket(TQObject *parent, const char *name) : TQSocket(parent, name), m_kerberosRequested(false), m_negotiatedMaxBufferSize(NET_SEC_BUF_SIZE) { saslData = new SASLDataPrivate; saslData->m_krbConnection = NULL; } @@ -140,11 +140,13 @@ Q_LONG TDEKerberosClientSocket::readLine(char *data, Q_ULONG maxlen) { TQString TDEKerberosClientSocket::readLine() { TQString ret; - char buf[NET_SEC_BUF_SIZE]; + char *buf; if (m_kerberosRequested) { - receiveEncryptedData(buf, NET_SEC_BUF_SIZE); + buf = (char*)malloc(m_negotiatedMaxBufferSize); + receiveEncryptedData(buf, m_negotiatedMaxBufferSize); ret = TQString(buf); + free(buf); } else { ret = TQSocket::readLine(); @@ -173,7 +175,6 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned char *buf; unsigned len, alloclen; int result; - char txbuf[NET_SEC_BUF_SIZE]; alloclen = ((length / 3) + 1) * 4 + 1; buf = (char*)malloc(alloclen); @@ -188,8 +189,10 @@ void TDEKerberosClientSocket::sendSASLDataToNetwork(const char *buffer, unsigned return; } - sprintf(txbuf, "%s\n", buf); - write(netfd, txbuf, strlen(txbuf)); + len = strlen(buf); + buf[len] = '\n'; + buf[len+1] = 0; + write(netfd, buf, len+1); free(buf); } @@ -198,28 +201,31 @@ unsigned int TDEKerberosClientSocket::getSASLDataFromNetwork(char *buf, int trun unsigned int len; int result; + TQByteArray ba(2048); + len = 0; while (1) { tqApp->processEvents(); if (state() != TQSocket::Connected) { return -1; } - if (TQSocket::readBlock(buf+len, 1) > 0) { - if (buf[len] == '\n') { - buf[len] = 0; + if (TQSocket::readBlock(ba.data()+len, 1) > 0) { + if (ba.data()[len] == '\n') { + ba.data()[len] = 0; break; } - if (buf[len] != '\r') { + if (ba.data()[len] != '\r') { len++; } } - if (len >= trunclen) { + if (len >= (ba.size()-1)) { + ba.resize(ba.size()+2048); break; } } - len = strlen(buf); - result = sasl_decode64(buf, (unsigned) strlen(buf), buf, trunclen, &len); + len = strlen(ba.data()); + result = sasl_decode64(ba.data(), strlen(ba.data()), buf, trunclen, &len); if (result != SASL_OK) { printf("[ERROR] Decoding data from base64 returned %s (%d)\n\r", sasl_errstring(result, NULL, NULL), result); return -1; @@ -400,5 +406,14 @@ int TDEKerberosClientSocket::initializeKerberosInterface() { printf("[DEBUG] Authenticated SSF: %d\n", *ssf); } + result = sasl_getprop(saslData->m_krbConnection, SASL_MAXOUTBUF, (const void **)&m_negotiatedMaxBufferSize); + if (result != SASL_OK) { + printf("[WARNING] Unable to determine maximum buffer size!\n\r"); + m_negotiatedMaxBufferSize = NET_SEC_BUF_SIZE; + } + else { + printf("[DEBUG] Maximum buffer size: %d\n", m_negotiatedMaxBufferSize); + } + return 0; }
\ No newline at end of file diff --git a/lib/libtdekrb/src/tdekrbsocket.h b/lib/libtdekrb/src/tdekrbsocket.h index 591b579..5f5f036 100644 --- a/lib/libtdekrb/src/tdekrbsocket.h +++ b/lib/libtdekrb/src/tdekrbsocket.h @@ -62,6 +62,7 @@ class TDEKerberosClientSocket : public TQSocket private: SASLDataPrivate *saslData; + unsigned int m_negotiatedMaxBufferSize; }; #endif // TDEKRBSOCKET_H
\ No newline at end of file diff --git a/servers/auth_server_lin/src/auth_conn.cpp b/servers/auth_server_lin/src/auth_conn.cpp index 517f570..acf8e83 100644 --- a/servers/auth_server_lin/src/auth_conn.cpp +++ b/servers/auth_server_lin/src/auth_conn.cpp @@ -105,7 +105,6 @@ void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length, char *buf; unsigned len, alloclen; int result; - char txbuf[NET_SEC_BUF_SIZE]; alloclen = ((length / 3) + 1) * 4 + 1; buf = (char*)malloc(alloclen); @@ -120,8 +119,10 @@ void AuthSocket::send_sasl_data_to_network(const char *buffer, unsigned length, return; } - sprintf(txbuf, "%s\n", buf); - write(netfd, txbuf, strlen(txbuf)); + len = strlen(buf); + buf[len] = '\n'; + buf[len+1] = 0; + write(netfd, buf, len+1); free(buf); } |