ZMQ_GSSAPI_PLAINTEXT option for disabling encryption

27591d2d · Chris Busbey · 18da8a74 · 27591d2d · 27591d2d · 27591d2d
Commit 27591d2d authored Apr 23, 2014 by Chris Busbey
7 changed files
--- a/include/zmq.h
+++ b/include/zmq.h
@@ -299,6 +299,7 @@ ZMQ_EXPORT char *zmq_msg_gets (zmq_msg_t *msg, char *property);
 #define ZMQ_GSSAPI_SERVER 62
 #define ZMQ_GSSAPI_PRINCIPAL 63
 #define ZMQ_GSSAPI_SERVICE_PRINCIPAL 64
+#define ZMQ_GSSAPI_PLAINTEXT 65
 /*  Message options                                                           */
 #define ZMQ_MORE 1

--- a/src/gssapi_client.cpp
+++ b/src/gssapi_client.cpp
@@ -133,13 +133,21 @@ int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_)
 int zmq::gssapi_client_t::encode (msg_t *msg_)
 {
    zmq_assert (state == connected);
-    return encode_message (msg_);
+    if (do_encryption)
+      return encode_message (msg_);
+    return 0;
 }
 int zmq::gssapi_client_t::decode (msg_t *msg_)
 {
    zmq_assert (state == connected);
-    return decode_message (msg_);
+    if (do_encryption)
+      return decode_message (msg_);
+    return 0;
 }
 bool zmq::gssapi_client_t::is_handshake_complete () const

--- a/src/gssapi_mechanism_base.cpp
+++ b/src/gssapi_mechanism_base.cpp
@@ -44,7 +44,8 @@ zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options
    ret_flags (0),
    gss_flags (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG),
    cred (GSS_C_NO_CREDENTIAL),
-    context (GSS_C_NO_CONTEXT)
+    context (GSS_C_NO_CONTEXT),
+    do_encryption (!options_.gss_plaintext)
 {
 }

--- a/src/gssapi_mechanism_base.hpp
+++ b/src/gssapi_mechanism_base.hpp
@@ -104,6 +104,9 @@ namespace zmq
        //  Opaque GSSAPI representation of the security context
        gss_ctx_id_t context;
+        //  If true, use gss to encrypt messages. If false, only utilize gss for auth.
+        bool do_encryption;
    };
 }

--- a/src/gssapi_server.cpp
+++ b/src/gssapi_server.cpp
@@ -281,13 +281,21 @@ error:
 int zmq::gssapi_server_t::encode (msg_t *msg_)
 {
    zmq_assert (state == connected);
-    return encode_message (msg_);
+    if (do_encryption)
+      return encode_message (msg_);
+    return 0;
 }
 int zmq::gssapi_server_t::decode (msg_t *msg_)
 {
    zmq_assert (state == connected);
-    return decode_message (msg_);
+    if (do_encryption)
+      return decode_message (msg_);
+    return 0;
 }
 int zmq::gssapi_server_t::zap_msg_available ()

--- a/src/options.cpp
+++ b/src/options.cpp
@@ -54,7 +54,8 @@ zmq::options_t::options_t () :
    mechanism (ZMQ_NULL),
    as_server (0),
    socket_id (0),
-    conflate (false)
+    conflate (false),
+    gss_plaintext (false)
 {
 }
@@ -427,6 +428,14 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
            }
            break;
+        case ZMQ_GSSAPI_PLAINTEXT:
+            if (is_int && (value == 0 || value == 1)) {
+                gss_plaintext = (value != 0);
+                return 0;
+            }
+            break;
        default:
            break;
    }
@@ -730,6 +739,14 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
            }
            break;
+        case ZMQ_GSSAPI_PLAINTEXT:
+            if (is_int) {
+                *value = gss_plaintext;
+                return 0;
+            }
+            break;
 	}
    errno = EINVAL;
    return -1;

--- a/src/options.hpp
+++ b/src/options.hpp
@@ -160,6 +160,9 @@ namespace zmq
        std::string gss_principal;
        std::string gss_service_principal;
+        //  If true, gss encryption will be disabled
+        bool gss_plaintext;
        //  ID of the socket.
        int socket_id;