How to use gssapi between a java client and a C server?

lizhong lizhong at ncic.ac.cn
Tue Sep 26 10:11:37 EDT 2006 

Hi all,
    As we know, jdk 1.4 and 1.5 have added supports for gssapi.Now I'm trying to mofidy a java client and a C server for security with gssapi.But when I tried to establish the security context between the server and the client, I found that gssapi in java acts differently from gssapi in C form.
    With gssapi offered by jdk, the client tries to establish the context with the server like this:
 byte[] token = new byte[0];
 
 while (!context.isEstablished()) {

     // token is ignored on the first call
     token = context.initSecContext(token, 0, token.length);

     // Send a token to the server if one was generated by
     // initSecContext
     if (token != null) {
  System.out.println("Will send token of size "
       + token.length
       + " from initSecContext.");
  outStream.writeInt(token.length);
  outStream.write(token);
  outStream.flush();
     }

     // If the client is done with context establishment
     // then there will be no more tokens to read in this loop
     if (!context.isEstablished()) {
  token = new byte[inStream.readInt()];
  System.out.println("Will read input token of size "
       + token.length
       + " for processing by initSecContext");
  inStream.readFully(token);
     }
 }

    But the C server (the gss-server.c in kerberos/app/gss-sample), recvs tokens like this(I have deleted many codes which are not so necessary just in order to show the main code more clearly):
int recv_token(s, flags, tok)
    int     s;
    int    *flags;
    gss_buffer_t tok;
{
    int     ret;
    unsigned char char_flags;
    unsigned char lenbuf[4];

    ret = read_all(s, (char *) &char_flags, 1);
     *flags = (int) char_flags;

    tok->length = ((lenbuf[0] << 24)
     | (lenbuf[1] << 16)
     | (lenbuf[2] << 8)
     | lenbuf[3]);
    tok->value = (char *) malloc(tok->length ? tok->length : 1);

    ret = read_all(s, (char *) tok->value, tok->length);

    return 0;
}

    You can see that the "token" in jdk and C lib in linux are a little different.The msg sent by the java client is like this:
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    |  token.length(4Bytes)   |   token("token.length" bytes)      |
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    
    But the C server receives msgs in this form:
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    |  flags(1Byte)  |  token->length(4bytes)  |  token("token->length" bytes)  |    
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    I can change the code of C server to meet the form of the token generated by java, but I don't know how are the tokens generated by java. The "token" of java implements obviously includes the "flag" value, and the "flag" value is not a part of token in C implements. 
    Could someone help me with this ? Thank you !

--
Lizhong

More information about the Kerberos mailing list