Skip to content

L
libzmq
Commit 09647fa9 authored by Chris Laws's avatar Chris Laws
Browse files
Options

src/gssapi_client.cpp

parent dd64f643
Hide whitespace changes
Inline Side-by-side
Showing with 56 additions and 33 deletions
src/gssapi_client.hpp
View file @ 09647fa9
...@@ -20,6 +20,8 @@ ...@@ -20,6 +20,8 @@
#ifndef __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__ #ifndef __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__
#define __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__ #define __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__
#ifdef HAVE_LIBGSSAPI_KRB5
#include "gssapi_mechanism_base.hpp" #include "gssapi_mechanism_base.hpp"
namespace zmq namespace zmq
...@@ -43,7 +45,7 @@ namespace zmq ...@@ -43,7 +45,7 @@ namespace zmq
virtual bool is_handshake_complete () const; virtual bool is_handshake_complete () const;
private: private:
enum state_t { enum state_t {
call_next_init, call_next_init,
send_next_token, send_next_token,
...@@ -77,3 +79,5 @@ namespace zmq ...@@ -77,3 +79,5 @@ namespace zmq
} }
#endif #endif
#endif
src/gssapi_mechanism_base.cpp
View file @ 09647fa9
...@@ -18,6 +18,9 @@ ...@@ -18,6 +18,9 @@
*/ */
#include "platform.hpp" #include "platform.hpp"
#ifdef HAVE_LIBGSSAPI_KRB5
#ifdef ZMQ_HAVE_WINDOWS #ifdef ZMQ_HAVE_WINDOWS
#include "windows.hpp" #include "windows.hpp"
#endif #endif
...@@ -74,10 +77,10 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_) ...@@ -74,10 +77,10 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_)
plaintext.value = plaintext_buffer; plaintext.value = plaintext_buffer;
plaintext.length = msg_->size ()+1; plaintext.length = msg_->size ()+1;
maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT,
&plaintext, &state, &wrapped); &plaintext, &state, &wrapped);
zmq_assert (maj_stat == GSS_S_COMPLETE); zmq_assert (maj_stat == GSS_S_COMPLETE);
zmq_assert (state); zmq_assert (state);
...@@ -89,7 +92,7 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_) ...@@ -89,7 +92,7 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_)
zmq_assert (rc == 0); zmq_assert (rc == 0);
uint8_t *ptr = static_cast <uint8_t *> (msg_->data ()); uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
// Add command string // Add command string
memcpy (ptr, "\x07MESSAGE", 8); memcpy (ptr, "\x07MESSAGE", 8);
ptr += 8; ptr += 8;
...@@ -129,7 +132,7 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_) ...@@ -129,7 +132,7 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_)
wrapped.length = get_uint32 (ptr); wrapped.length = get_uint32 (ptr);
ptr += 4; ptr += 4;
bytes_left -= 4; bytes_left -= 4;
// Get token value // Get token value
if (bytes_left < wrapped.length) { if (bytes_left < wrapped.length) {
errno = EPROTO; errno = EPROTO;
...@@ -164,9 +167,9 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_) ...@@ -164,9 +167,9 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_)
const uint8_t flags = static_cast <char *> (plaintext.value)[0]; const uint8_t flags = static_cast <char *> (plaintext.value)[0];
if (flags & 0x01) if (flags & 0x01)
msg_->set_flags (msg_t::more); msg_->set_flags (msg_t::more);
memcpy (msg_->data (), static_cast <char *> (plaintext.value)+1, plaintext.length-1); memcpy (msg_->data (), static_cast <char *> (plaintext.value)+1, plaintext.length-1);
gss_release_buffer (&min_stat, &plaintext); gss_release_buffer (&min_stat, &plaintext);
gss_release_buffer (&min_stat, &wrapped); gss_release_buffer (&min_stat, &wrapped);
...@@ -184,12 +187,12 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val ...@@ -184,12 +187,12 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val
zmq_assert (token_length_ <= 0xFFFFFFFFUL); zmq_assert (token_length_ <= 0xFFFFFFFFUL);
const size_t command_size = 9 + 4 + token_length_; const size_t command_size = 9 + 4 + token_length_;
const int rc = msg_->init_size (command_size); const int rc = msg_->init_size (command_size);
errno_assert (rc == 0); errno_assert (rc == 0);
uint8_t *ptr = static_cast <uint8_t *> (msg_->data ()); uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
// Add command string // Add command string
memcpy (ptr, "\x08INITIATE", 9); memcpy (ptr, "\x08INITIATE", 9);
ptr += 9; ptr += 9;
...@@ -208,7 +211,7 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val ...@@ -208,7 +211,7 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val
int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_value_, size_t &token_length_) int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_value_, size_t &token_length_)
{ {
zmq_assert (token_value_); zmq_assert (token_value_);
const uint8_t *ptr = static_cast <uint8_t *> (msg_->data ()); const uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
size_t bytes_left = msg_->size (); size_t bytes_left = msg_->size ();
...@@ -228,7 +231,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va ...@@ -228,7 +231,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va
token_length_ = get_uint32 (ptr); token_length_ = get_uint32 (ptr);
ptr += 4; ptr += 4;
bytes_left -= 4; bytes_left -= 4;
// Get token value // Get token value
if (bytes_left < token_length_) { if (bytes_left < token_length_) {
errno = EPROTO; errno = EPROTO;
...@@ -246,7 +249,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va ...@@ -246,7 +249,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va
errno = EPROTO; errno = EPROTO;
return -1; return -1;
} }
return 0; return 0;
} }
...@@ -287,7 +290,7 @@ int zmq::gssapi_mechanism_base_t::produce_ready (msg_t *msg_) ...@@ -287,7 +290,7 @@ int zmq::gssapi_mechanism_base_t::produce_ready (msg_t *msg_)
int zmq::gssapi_mechanism_base_t::process_ready (msg_t *msg_) int zmq::gssapi_mechanism_base_t::process_ready (msg_t *msg_)
{ {
if (do_encryption) { if (do_encryption) {
const int rc = decode_message (msg_); const int rc = decode_message (msg_);
if (rc != 0) if (rc != 0)
return rc; return rc;
...@@ -310,11 +313,11 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss ...@@ -310,11 +313,11 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss
OM_uint32 maj_stat; OM_uint32 maj_stat;
OM_uint32 min_stat; OM_uint32 min_stat;
gss_name_t server_name; gss_name_t server_name;
gss_buffer_desc name_buf; gss_buffer_desc name_buf;
name_buf.value = service_name_; name_buf.value = service_name_;
name_buf.length = strlen ((char *) name_buf.value) + 1; name_buf.length = strlen ((char *) name_buf.value) + 1;
maj_stat = gss_import_name (&min_stat, &name_buf, maj_stat = gss_import_name (&min_stat, &name_buf,
gss_nt_service_name, &server_name); gss_nt_service_name, &server_name);
...@@ -333,3 +336,4 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss ...@@ -333,3 +336,4 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss
return 0; return 0;
} }
#endif
src/gssapi_mechanism_base.hpp
View file @ 09647fa9
...@@ -20,6 +20,10 @@ ...@@ -20,6 +20,10 @@
#ifndef __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__ #ifndef __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
#define __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__ #define __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
#include "platform.hpp"
#ifdef HAVE_LIBGSSAPI_KRB5
#include <gssapi/gssapi_generic.h> #include <gssapi/gssapi_generic.h>
#include <gssapi/gssapi_krb5.h> #include <gssapi/gssapi_krb5.h>
...@@ -46,7 +50,7 @@ namespace zmq ...@@ -46,7 +50,7 @@ namespace zmq
// Produce a context-level GSSAPI token (INITIATE command) // Produce a context-level GSSAPI token (INITIATE command)
// during security context initialization. // during security context initialization.
int produce_initiate (msg_t *msg_, void *data_, size_t data_len_); int produce_initiate (msg_t *msg_, void *data_, size_t data_len_);
// Process a context-level GSSAPI token (INITIATE command) // Process a context-level GSSAPI token (INITIATE command)
// during security context initialization. // during security context initialization.
int process_initiate (msg_t *msg_, void **data_, size_t &data_len_); int process_initiate (msg_t *msg_, void **data_, size_t &data_len_);
...@@ -56,15 +60,15 @@ namespace zmq ...@@ -56,15 +60,15 @@ namespace zmq
// Process a metadata ready msg (READY) // Process a metadata ready msg (READY)
int process_ready (msg_t *msg_); int process_ready (msg_t *msg_);
// Encode a per-message GSSAPI token (MESSAGE command) using // Encode a per-message GSSAPI token (MESSAGE command) using
// the established security context. // the established security context.
int encode_message (msg_t *msg_); int encode_message (msg_t *msg_);
// Decode a per-message GSSAPI token (MESSAGE command) using // Decode a per-message GSSAPI token (MESSAGE command) using
// the established security context. // the established security context.
int decode_message (msg_t *msg_); int decode_message (msg_t *msg_);
// Acquire security context credentials from the // Acquire security context credentials from the
// underlying mechanism. // underlying mechanism.
static int acquire_credentials (char * principal_name_, static int acquire_credentials (char * principal_name_,
...@@ -73,13 +77,13 @@ namespace zmq ...@@ -73,13 +77,13 @@ namespace zmq
protected: protected:
// Opaque GSSAPI token for outgoing data // Opaque GSSAPI token for outgoing data
gss_buffer_desc send_tok; gss_buffer_desc send_tok;
// Opaque GSSAPI token for incoming data // Opaque GSSAPI token for incoming data
gss_buffer_desc recv_tok; gss_buffer_desc recv_tok;
// Opaque GSSAPI representation of principal // Opaque GSSAPI representation of principal
gss_name_t target_name; gss_name_t target_name;
// Human-readable principal name // Human-readable principal name
char * principal_name; char * principal_name;
...@@ -95,10 +99,10 @@ namespace zmq ...@@ -95,10 +99,10 @@ namespace zmq
// Flags returned by GSSAPI (ignored) // Flags returned by GSSAPI (ignored)
OM_uint32 ret_flags; OM_uint32 ret_flags;
// Flags returned by GSSAPI (ignored) // Flags returned by GSSAPI (ignored)
OM_uint32 gss_flags; OM_uint32 gss_flags;
// Credentials used to establish security context // Credentials used to establish security context
gss_cred_id_t cred; gss_cred_id_t cred;
...@@ -110,6 +114,7 @@ namespace zmq ...@@ -110,6 +114,7 @@ namespace zmq
}; };
} }
#endif #endif
#endif
src/gssapi_server.cpp
View file @ 09647fa9
...@@ -18,6 +18,9 @@ ...@@ -18,6 +18,9 @@
*/ */
#include "platform.hpp" #include "platform.hpp"
#ifdef HAVE_LIBGSSAPI_KRB5
#ifdef ZMQ_HAVE_WINDOWS #ifdef ZMQ_HAVE_WINDOWS
#include "windows.hpp" #include "windows.hpp"
#endif #endif
...@@ -98,7 +101,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_) ...@@ -98,7 +101,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
{ {
if (state == recv_ready) { if (state == recv_ready) {
int rc = process_ready(msg_); int rc = process_ready(msg_);
if (rc == 0) if (rc == 0)
state = connected; state = connected;
return rc; return rc;
...@@ -138,7 +141,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_) ...@@ -138,7 +141,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
return 0; return 0;
} }
void zmq::gssapi_server_t::send_zap_request () void zmq::gssapi_server_t::send_zap_request ()
{ {
int rc; int rc;
msg_t msg; msg_t msg;
...@@ -358,3 +361,4 @@ void zmq::gssapi_server_t::accept_context () ...@@ -358,3 +361,4 @@ void zmq::gssapi_server_t::accept_context ()
} }
} }
#endif
src/gssapi_server.hpp
View file @ 09647fa9
...@@ -20,6 +20,8 @@ ...@@ -20,6 +20,8 @@
#ifndef __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__ #ifndef __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__
#define __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__ #define __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__
#ifdef HAVE_LIBGSSAPI_KRB5
#include "gssapi_mechanism_base.hpp" #include "gssapi_mechanism_base.hpp"
namespace zmq namespace zmq
...@@ -58,9 +60,9 @@ namespace zmq ...@@ -58,9 +60,9 @@ namespace zmq
}; };
session_base_t * const session; session_base_t * const session;
const std::string peer_address; const std::string peer_address;
// Current FSM state // Current FSM state
state_t state; state_t state;
...@@ -80,3 +82,5 @@ namespace zmq ...@@ -80,3 +82,5 @@ namespace zmq
} }
#endif #endif
#endif
src/stream_engine.cpp
View file @ 09647fa9
...@@ -55,7 +55,7 @@ ...@@ -55,7 +55,7 @@
#include "likely.hpp" #include "likely.hpp"
#include "wire.hpp" #include "wire.hpp"
zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_, zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
const std::string &endpoint_) : const std::string &endpoint_) :
s (fd_), s (fd_),
inpos (NULL), inpos (NULL),
...@@ -82,7 +82,7 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_, ...@@ -82,7 +82,7 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
{ {
int rc = tx_msg.init (); int rc = tx_msg.init ();
errno_assert (rc == 0); errno_assert (rc == 0);
// Put the socket into non-blocking mode. // Put the socket into non-blocking mode.
unblock_socket (s); unblock_socket (s);
...@@ -595,6 +595,7 @@ bool zmq::stream_engine_t::handshake () ...@@ -595,6 +595,7 @@ bool zmq::stream_engine_t::handshake ()
alloc_assert (mechanism); alloc_assert (mechanism);
} }
#endif #endif
#ifdef HAVE_LIBGSSAPI_KRB5
else else
if (memcmp (greeting_recv + 12, "GSSAPI\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { if (memcmp (greeting_recv + 12, "GSSAPI\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
if (options.as_server) if (options.as_server)
...@@ -604,6 +605,7 @@ bool zmq::stream_engine_t::handshake () ...@@ -604,6 +605,7 @@ bool zmq::stream_engine_t::handshake ()
mechanism = new (std::nothrow) gssapi_client_t (options); mechanism = new (std::nothrow) gssapi_client_t (options);
alloc_assert (mechanism); alloc_assert (mechanism);
} }
#endif
else { else {
error (); error ();
return false; return false;
...@@ -829,7 +831,7 @@ int zmq::stream_engine_t::write (const void *data_, size_t size_) ...@@ -829,7 +831,7 @@ int zmq::stream_engine_t::write (const void *data_, size_t size_)
// we'll get an error (this may happen during the speculative write). // we'll get an error (this may happen during the speculative write).
if (nbytes == SOCKET_ERROR && WSAGetLastError () == WSAEWOULDBLOCK) if (nbytes == SOCKET_ERROR && WSAGetLastError () == WSAEWOULDBLOCK)
return 0; return 0;
// Signalise peer failure. // Signalise peer failure.
if (nbytes == SOCKET_ERROR && ( if (nbytes == SOCKET_ERROR && (
WSAGetLastError () == WSAENETDOWN || WSAGetLastError () == WSAENETDOWN ||
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment