Skip to content

Instantly share code, notes, and snippets.

@microo8

microo8/gssapi-client.c

Forked from cbusbey/gssapi-client.c
Created June 6, 2016 07:51
Show Gist options
  • Save microo8/ba997d25b3afdc280e9c5a1799eb5798 to your computer and use it in GitHub Desktop.
Save microo8/ba997d25b3afdc280e9c5a1799eb5798 to your computer and use it in GitHub Desktop.
Download ZIP
GSSAPI "house"
Raw
gssapi-client.c
// The GSSAPI security mechanism
#include <czmq.h>
#include <zmq.h>
void zsocket_set_gssapi_client(void * zocket)
{
int rc = zmq_setsockopt (zocket, ZMQ_GSSAPI_SERVICE_PRINCIPAL, "host", 4);
assert (rc == 0 || zmq_errno () == ETERM);
rc = zmq_setsockopt (zocket, ZMQ_GSSAPI_PRINCIPAL, "cbusbey", 7);
assert (rc == 0 || zmq_errno () == ETERM);
}
int main (void)
{
// Create context and start authentication engine
zctx_t *ctx = zctx_new ();
zauth_t *auth = zauth_new (ctx);
zauth_set_verbose (auth, true);
zauth_allow (auth, "127.0.0.1");
zauth_configure_gssapi (auth, "*");
// Create and connect client socket
void *client = zsocket_new (ctx, ZMQ_PULL);
zsocket_set_gssapi_client(client);
zsocket_connect (client, "tcp://127.0.0.1:9000");
puts ("[gss-client] waiting for msg...");
// Send a single message from server to client
char *message = zstr_recv (client);
if (message && streq (message, "Hello"))
puts ("[gssapi-client ] GSSAPI test OK");
else
puts ("[gssapi-client ] GSSAPI test FAILED");
free (message);
zauth_destroy (&auth);
zctx_destroy (&ctx);
return 0;
}
~
Raw
gssapi-server.c
// The GSSAPI security mechanism
#include <czmq.h>
void
zsocket_set_gssapi_server(void * zocket, int gssapi_server)
{
int rc = zmq_setsockopt (zocket, ZMQ_GSSAPI_SERVER, &gssapi_server, sizeof (int));
assert (rc == 0 || zmq_errno () == ETERM);
rc = zmq_setsockopt (zocket, ZMQ_GSSAPI_PRINCIPAL, "host", 4);
assert (rc == 0 || zmq_errno () == ETERM);
}
int main (void)
{
// Create context and start authentication engine
zctx_t *ctx = zctx_new ();
zauth_t *auth = zauth_new (ctx);
zauth_set_verbose (auth, true);
zauth_allow (auth, "127.0.0.1");
zauth_configure_gssapi (auth, "*");
// Create and bind server socket
void *server = zsocket_new (ctx, ZMQ_PUSH);
zsocket_set_gssapi_server (server, 1);
zsocket_bind (server, "tcp://*:9000");
puts ("[gss-server] sending...");
// Send a single message from server to client
zstr_send (server, "Hello");
// Give client a chance to finish
zclock_sleep(2000);
zauth_destroy (&auth);
zctx_destroy (&ctx);
return 0;
}
Raw
output
cbusbey@kerberos:~/ZmqSecurity$ kinit
cbusbey@kerberos:~/ZmqSecurity$ sudo ./gssapi-client&
cbusbey@kerberos:~/ZmqSecurity$ [gss-client] waiting for msg...
cbusbey@kerberos:~/ZmqSecurity$ sudo ./gssapi-server
[gss-server] sending...
I: PASSED (whitelist) address=127.0.0.1
I: ALLOWED (GSSAPI) [email protected] identity=
[gssapi-client ] GSSAPI test OK
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment