Skip to content

L
libzmq
Commit 5441db3d authored by Chris Busbey's avatar Chris Busbey
Browse files
Options

configurable principle and service principle (for client)

parent 4e6880ec
Hide whitespace changes
Inline Side-by-side
Showing with 52 additions and 22 deletions
include/zmq.h
View file @ 5441db3d
...@@ -297,7 +297,8 @@ ZMQ_EXPORT char *zmq_msg_gets (zmq_msg_t *msg, char *property); ...@@ -297,7 +297,8 @@ ZMQ_EXPORT char *zmq_msg_gets (zmq_msg_t *msg, char *property);
#define ZMQ_IPC_FILTER_GID 60 #define ZMQ_IPC_FILTER_GID 60
#define ZMQ_CONNECT_RID 61 #define ZMQ_CONNECT_RID 61
#define ZMQ_GSSAPI_SERVER 62 #define ZMQ_GSSAPI_SERVER 62
#define ZMQ_GSSAPI_CLIENT 63 #define ZMQ_GSSAPI_PRINCIPLE 63
#define ZMQ_GSSAPI_SERVICE_PRINCIPLE 64
/* Message options */ /* Message options */
#define ZMQ_MORE 1 #define ZMQ_MORE 1
......
src/gssapi_client.cpp
View file @ 5441db3d
...@@ -38,8 +38,10 @@ zmq::gssapi_client_t::gssapi_client_t (const options_t &options_) : ...@@ -38,8 +38,10 @@ zmq::gssapi_client_t::gssapi_client_t (const options_t &options_) :
mechs (), mechs (),
security_context_established (false) security_context_established (false)
{ {
maj_stat = GSS_S_COMPLETE; const std::string::size_type service_size = options_.gss_service_principle.size();
service_name = strdup("host"); // TODO: add service_name to options service_name = new char[service_size+1];
memcpy(service_name, options_.gss_service_principle.c_str(), service_size+1 );
mechs.elements = NULL; mechs.elements = NULL;
mechs.count = 0; mechs.count = 0;
} }
......
src/gssapi_client.hpp
View file @ 5441db3d
...@@ -53,6 +53,9 @@ namespace zmq ...@@ -53,6 +53,9 @@ namespace zmq
connected connected
}; };
// Human-readable principle name of the service we are connecting to
char * service_name;
// Current FSM state // Current FSM state
state_t state; state_t state;
......
src/gssapi_mechanism_base.cpp
View file @ 5441db3d
...@@ -37,8 +37,8 @@ zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options ...@@ -37,8 +37,8 @@ zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options
recv_tok (), recv_tok (),
/// FIXME remove? in_buf (), /// FIXME remove? in_buf (),
target_name (GSS_C_NO_NAME), target_name (GSS_C_NO_NAME),
service_name (NULL), principle_name (NULL),
maj_stat (GSS_S_COMPLETE), maj_stat (GSS_S_CONTINUE_NEEDED),
min_stat (0), min_stat (0),
init_sec_min_stat (0), init_sec_min_stat (0),
ret_flags (0), ret_flags (0),
...@@ -46,6 +46,15 @@ zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options ...@@ -46,6 +46,15 @@ zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options
cred (GSS_C_NO_CREDENTIAL), cred (GSS_C_NO_CREDENTIAL),
context (GSS_C_NO_CONTEXT) context (GSS_C_NO_CONTEXT)
{ {
if(!options_.gss_principle.empty())
{
const std::string::size_type principle_size = options_.gss_principle.size();
principle_name = new char[principle_size+1];
memcpy(principle_name, options_.gss_principle.c_str(), principle_size+1 );
if (acquire_credentials (principle_name, &cred) != 0)
maj_stat = GSS_S_FAILURE;
}
} }
zmq::gssapi_mechanism_base_t::~gssapi_mechanism_base_t () zmq::gssapi_mechanism_base_t::~gssapi_mechanism_base_t ()
......
src/gssapi_mechanism_base.hpp
View file @ 5441db3d
...@@ -67,7 +67,7 @@ namespace zmq ...@@ -67,7 +67,7 @@ namespace zmq
// Acquire security context credentials from the // Acquire security context credentials from the
// underlying mechanism. // underlying mechanism.
static int acquire_credentials (char * service_name_, static int acquire_credentials (char * principle_name_,
gss_cred_id_t * cred_); gss_cred_id_t * cred_);
protected: protected:
...@@ -77,11 +77,11 @@ namespace zmq ...@@ -77,11 +77,11 @@ namespace zmq
// Opaque GSSAPI token for incoming data // Opaque GSSAPI token for incoming data
gss_buffer_desc recv_tok; gss_buffer_desc recv_tok;
// Opaque GSSAPI representation of service_name // Opaque GSSAPI representation of principle
gss_name_t target_name; gss_name_t target_name;
// Human-readable service principal name // Human-readable principal name
char * service_name; char * principle_name;
// Status code returned by GSSAPI functions // Status code returned by GSSAPI functions
OM_uint32 maj_stat; OM_uint32 maj_stat;
......
src/gssapi_server.cpp
View file @ 5441db3d
...@@ -42,12 +42,6 @@ zmq::gssapi_server_t::gssapi_server_t (session_base_t *session_, ...@@ -42,12 +42,6 @@ zmq::gssapi_server_t::gssapi_server_t (session_base_t *session_,
state (recv_next_token), state (recv_next_token),
security_context_established (false) security_context_established (false)
{ {
service_name = (char *) "host"; // TODO: add service_name to options
int rc = acquire_credentials (service_name, &cred); // TODO: add creds to options too?
if (rc == 0)
maj_stat = GSS_S_CONTINUE_NEEDED;
else
maj_stat = GSS_S_FAILURE;
} }
zmq::gssapi_server_t::~gssapi_server_t () zmq::gssapi_server_t::~gssapi_server_t ()
......
src/options.cpp
View file @ 5441db3d
...@@ -410,10 +410,19 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, ...@@ -410,10 +410,19 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
} }
break; break;
case ZMQ_GSSAPI_CLIENT: case ZMQ_GSSAPI_PRINCIPLE:
if (is_int && (value == 0 || value == 1)) { if (optvallen_ > 0 && optvallen_ < 256 && optval_ != NULL) {
as_server = (value == 0); gss_principle.assign ((const char *) optval_, optvallen_);
mechanism = ZMQ_GSSAPI;
return 0;
}
break;
case ZMQ_GSSAPI_SERVICE_PRINCIPLE:
if (optvallen_ > 0 && optvallen_ < 256 && optval_ != NULL) {
gss_service_principle.assign ((const char *) optval_, optvallen_);
mechanism = ZMQ_GSSAPI; mechanism = ZMQ_GSSAPI;
as_server = 1;
return 0; return 0;
} }
break; break;
...@@ -704,14 +713,22 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) ...@@ -704,14 +713,22 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
return 0; return 0;
} }
break; break;
case ZMQ_GSSAPI_CLIENT: case ZMQ_GSSAPI_PRINCIPLE:
if (is_int) { if (*optvallen_ >= gss_principle.size () + 1) {
*value = (as_server == 0) && mechanism == ZMQ_GSSAPI; memcpy (optval_, gss_principle.c_str (), gss_principle.size () + 1);
*optvallen_ = gss_principle.size () + 1;
return 0; return 0;
} }
break; break;
case ZMQ_GSSAPI_SERVICE_PRINCIPLE:
if (*optvallen_ >= gss_service_principle.size () + 1) {
memcpy (optval_, gss_service_principle.c_str (), gss_service_principle.size () + 1);
*optvallen_ = gss_service_principle.size () + 1;
return 0;
}
break;
} }
errno = EINVAL; errno = EINVAL;
......
src/options.hpp
View file @ 5441db3d
...@@ -156,6 +156,10 @@ namespace zmq ...@@ -156,6 +156,10 @@ namespace zmq
uint8_t curve_secret_key [CURVE_KEYSIZE]; uint8_t curve_secret_key [CURVE_KEYSIZE];
uint8_t curve_server_key [CURVE_KEYSIZE]; uint8_t curve_server_key [CURVE_KEYSIZE];
// Principles for GSSAPI mechanism
std::string gss_principle;
std::string gss_service_principle;
// ID of the socket. // ID of the socket.
int socket_id; int socket_id;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment