我正在实施Windows - >使用Kerberos的Linux透明身份验证。在Windows端我使用SSPI。我成功地在Windows客户端和Windows服务器之间建立了上下文,检索客户端的用户名:
SecPkgContext_Names extraData;
res = QueryContextAttributes(&context, SECPKG_ATTR_NAMES, &extraData);
现在是时候做同样的事了,但是在Linux上。我使用gss_accept_sec_context并返回GSS_S_COMPLETE,并且类型为gss_ctx_id_t的变量被填充。 但我很难获得客户名称。我除了可以使用gss_inquire_sec_context_by_oid完成,但是,我无法找到要传递的内容
const gss_OID /*desired_object*/
有人能指点我吗?
答案 0 :(得分:0)
好的,我终于找到了解决方案。它总是在表面上 - 愚蠢的我。
static gss_OID_desc mechDescKERBEROS = { 9, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
static gss_OID mechKERBEROS = &mechDescKERBEROS;
gss_ctx_id_t serverContext = GSS_C_NO_CONTEXT;
// Establish context....
// Now we have established context. All lines below are for getting source user name in form of username@DOMAIN.COM (I got it capitalized, yes)
gss_name_t srcName = NULL;
gss_name_t targetName = NULL;
OM_uint32 lifetime;
OM_uint32 ctxFlags = 0;
int locallyInitiated = 0;
int open = 0;
maj_stat = gss_inquire_context(&min_stat, serverContext, &srcName, &targetName, &lifetime, &mechKERBEROS, &ctxFlags, &locallyInitiated, &open);
if (maj_stat == GSS_S_COMPLETE)
{
gss_buffer_desc buff = GSS_C_EMPTY_BUFFER;
maj_stat = gss_display_name(&min_stat, srcName, &buff, &GSS_C_NT_USER_NAME);
if (maj_stat == GSS_S_COMPLETE)
{
std::string tmp((char*)buff.value);
// tmp now contains our name
// Release buffer
maj_stat = gss_release_buffer(&min_stat, &buff);
}
// Release names
if (srcName != NULL)
maj_stat = gss_release_name(&min_stat, &srcName);
if (targetName != NULL)
maj_stat = gss_release_name(&min_stat, &targetName);
}