我尝试在我的应用程序中使用 gssapi32.dll 但我收到应用启动时异常
名称如"HTTP/proxy.domain.com@domain.com我在 Kerberos 票务工具中看到这个名字
但我收到"找不到凭据缓存"
也许有人已经有类似的问题了?并且可以提供帮助
视窗 7 (x64)MSVS C++ 2010 Express
谢谢你的建议,对不起我的英语
char* cHttp::getNegotiateToken(const char *service, const char *server) {
char *token = 0;
OM_uint32 major, minor;
gss_buffer_desc gss_buffer;
gss_buffer_desc gss_buffer_user;
gss_name_t gss_name;
gss_name_t gss_user_name;
gss_ctx_id_t gss_context = GSS_C_NO_CONTEXT;
gss_buffer_desc gss_input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc gss_output_token = GSS_C_EMPTY_BUFFER;
OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
static gss_OID_desc gss_krb5_mech_oid_desc =
{ 9, (void *) "x2ax86x48x86xf7x12x01x02x02" };
if(!service || !server) {
Logger.writeLogHead(llError) << "Service and server values cannot be NULL!" << EndOfLine;
return 0;
}
gss_buffer.length = 28;//strln(service) + strln(server) + 2;
gss_buffer.value = malloc(gss_buffer.length);
gss_buffer_user.length = 26;
gss_buffer_user.value = malloc(gss_buffer_user.length);
Logger.writeLogHead(llError) << "service "" << service << "" server "" << server << "" length " << (int)gss_buffer.length << EndOfLine;
if(!gss_buffer.value) {
Logger.writeLogHead(llError) << "malloc failed" << EndOfLine;
return 0;
}
sprintf((char *)gss_buffer.value, "%s", "HTTP/proxy.domain.com@domain.com");
major = gss_import_name(&minor, &gss_buffer, GSS_C_NT_HOSTBASED_SERVICE, &gss_name);
free(gss_buffer.value);
if (major != GSS_S_COMPLETE) {
logGssError(major, minor, "gss_import_name");
return 0;
}
gss_buffer_desc out_name;
major = gss_display_name(&minor, gss_name, &out_name, NULL);
if (major != GSS_S_COMPLETE) {
logGssError(major, minor, "gss_display_name");
return 0;
}
Logger.writeLogHead(llWarning) << "Service name : " << (const char*)out_name.value << EndOfLine;
major = gss_init_sec_context(
&minor,
GSS_C_NO_CREDENTIAL,
&gss_context,
gss_name,
&gss_krb5_mech_oid_desc,
req_flags,
GSS_C_INDEFINITE,
GSS_C_NO_CHANNEL_BINDINGS,
&gss_input_token,
NULL,
&gss_output_token,
NULL,
NULL);
if (major == GSS_S_NO_CRED) {
Logger.writeLogHead(llError) << "gss_init_sec_context GSS_S_NO_CRED" << EndOfLine;
}
if (major != GSS_S_COMPLETE) {
logGssError(major, minor, "gss_init_sec_context");
return 0;
}
if (gss_output_token.length == 0) {
Logger.writeLogHead(llError) << "Token don't need to be send." << EndOfLine;
return 0;
}
// TODO: Need to make SPNEGO token (spnegohelp)
token = base64_encode((const char *)gss_output_token.value, gss_output_token.length);
major = gss_delete_sec_context(&minor, &gss_context, GSS_C_NO_BUFFER);
if (major != GSS_S_COMPLETE) {
logGssError(major, minor, "gss_delete_sec_context");
return 0;
}
major = gss_release_name(&minor,&gss_name);
if (major != GSS_S_COMPLETE) {
logGssError(major, minor, "gss_release_name");
return 0;
}
return token;
}
--编辑谢谢你朋友 - 我想我会继续提议的方式
在我的情况下需要使用 spnego 机制而不是gss_krb5_mech_oid_desc
static gss_OID_desc gss_spnego_mech_oid_desc =
{ 6, (void *) "x2bx06x01x05x05x02" };
//{ 9, (void*) "x06x06x2bx06x01x05x05x02xa0" };
gss_OID mMechOID;
mMechOID = &gss_krb5_mech_oid_desc;
你真的需要Windows下的GSS-API吗?您应该宁愿使用 SSPI。GSS-API 无法直接访问内存中的票证缓存。在这里查看我的答案。