Hi all,
I am trying to use gssapi to encrypt a C++ program's data on the
network.But when I used gss_acquire_cred to get the ticket info, the program
crashed.
I wrote a little example to find the reason. This example is test.cxx at
the last of this email. You can simply create your test.cxx and copy the
content into it.Then compile and run it with the following commands.
I found that if I use this cmd "c++ test.cxx -o test -lgssapi_krb5" to
compile the program, and then run "./test test", I would get the following msg:
[EMAIL PROTECTED] test]# c++ test.cxx -o test -lgssapi_krb5
[EMAIL PROTECTED] test]# ./test aaa
here is the service name: aaa
Service name : aaa/[EMAIL PROTECTED]
段错误 // <-----This refers to a segment error. Sorry for my linux supports
chinese,and this error msg is in chinese.
But if I add the -O flag to optimize the compiling, I will get the right
result. For some reason the -O flag makes it work correctly. The function
gss_acquire_cred will return -1 for there is no such a ticket as aaa/[EMAIL
PROTECTED]
[EMAIL PROTECTED] test]# c++ test.cxx -o test -lgssapi_krb5 -O
[EMAIL PROTECTED] test]# ./test aaa
here is the service name: aaa
Service name : aaa/[EMAIL PROTECTED]
222
-1
I have read and tested the gss-server.c/gss-client.c for many times, and I
know well how dose it work. The sample of gssapi :gss-server/gss-client are
written in C language,not C++. And the makefile of them can both work well with
or without the flag -O.
But my program is in C++ form.Is there other way to avoid the crash?
Because the program I need to modify for security is TOO LARGE, I can hardly
find every place which need the flag -O. I have been struggling this problem
for over two days.
Could anyone help me?
//test.cxx
#include <stdio.h>
#include <string.h>
#include <gssapi/gssapi_generic.h>
int server_acquire_creds(char *service_name, gss_cred_id_t *server_creds)
{
gss_buffer_desc name_buf;
gss_name_t server_name;
OM_uint32 maj_stat, min_stat;
gss_OID oid;
printf("here is the service name: %s\n",service_name);
name_buf.value = service_name;
name_buf.length = strlen(service_name) + 1;
maj_stat = gss_import_name(&min_stat, &name_buf,
(gss_OID) gss_nt_service_name, &server_name);
if (maj_stat != GSS_S_COMPLETE) {
return -1;
}
gss_buffer_desc out_name;
gss_display_name ( &min_stat,server_name,&out_name,&oid);
printf("Service name : %s \n",out_name.value);
maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
server_creds, NULL, NULL);
printf("222\n");
if (maj_stat != GSS_S_COMPLETE) {
return -1;
}
(void) gss_release_name(&min_stat, &server_name);
return 0;
}
int main( int argc, char **argv )
{
gss_cred_id_t *creds;
int result = server_acquire_creds(*(argv+1),creds);
printf("%d\n",result);
return 0;
}________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
