Linux 如何使用已建立的GSS API上下文获取客户端用户名
我正在使用Kerberos实现Windows->Linux透明身份验证。在Windows端,我使用SSPI。我成功地在Windows客户端和Windows服务器之间建立上下文,检索客户端的用户名,如下所示:Linux 如何使用已建立的GSS API上下文获取客户端用户名,linux,kerberos,gssapi,sspi,Linux,Kerberos,Gssapi,Sspi,我正在使用Kerberos实现Windows->Linux透明身份验证。在Windows端,我使用SSPI。我成功地在Windows客户端和Windows服务器之间建立上下文,检索客户端的用户名,如下所示: SecPkgContext_Names extraData; res = QueryContextAttributes(&context, SECPKG_ATTR_NAMES, &extraData); 现在是时候做同样的事情了,但是在Linux机器上。我使用gss_acc
SecPkgContext_Names extraData;
res = QueryContextAttributes(&context, SECPKG_ATTR_NAMES, &extraData);
现在是时候做同样的事情了,但是在Linux机器上。我使用gss_accept_sec_上下文,它返回gss_S_COMPLETE,并填充类型为gss_ctx_id_t的变量。
但我很难得到客户的名字。我希望它可以使用gss_inquire_sec_context_by_oid来完成,但是,我找不到要传递的内容
const gss_OID /*desired_object*/
谁能告诉我方向吗?好的,我终于找到了解决办法。这一切都是表面上的——愚蠢的我
static gss_OID_desc mechDescKERBEROS = { 9, (void*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
static gss_OID mechKERBEROS = &mechDescKERBEROS;
gss_ctx_id_t serverContext = GSS_C_NO_CONTEXT;
// Establish context....
// Now we have established context. All lines below are for getting source user name in form of username@DOMAIN.COM (I got it capitalized, yes)
gss_name_t srcName = NULL;
gss_name_t targetName = NULL;
OM_uint32 lifetime;
OM_uint32 ctxFlags = 0;
int locallyInitiated = 0;
int open = 0;
maj_stat = gss_inquire_context(&min_stat, serverContext, &srcName, &targetName, &lifetime, &mechKERBEROS, &ctxFlags, &locallyInitiated, &open);
if (maj_stat == GSS_S_COMPLETE)
{
gss_buffer_desc buff = GSS_C_EMPTY_BUFFER;
maj_stat = gss_display_name(&min_stat, srcName, &buff, &GSS_C_NT_USER_NAME);
if (maj_stat == GSS_S_COMPLETE)
{
std::string tmp((char*)buff.value);
// tmp now contains our name
// Release buffer
maj_stat = gss_release_buffer(&min_stat, &buff);
}
// Release names
if (srcName != NULL)
maj_stat = gss_release_name(&min_stat, &srcName);
if (targetName != NULL)
maj_stat = gss_release_name(&min_stat, &targetName);
}