Skip to content

L
libzmq
Commit a0ccdc86 authored by evoskuil's avatar evoskuil
Browse files
Options

Problem: secure servers ignore zap_connect failre code and set ready.

parent 9c6fb099
Show whitespace changes
Inline Side-by-side
Showing with 13 additions and 16 deletions
src/curve_server.cpp
View file @ a0ccdc86
...@@ -491,7 +491,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) ...@@ -491,7 +491,8 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
// Use ZAP protocol (RFC 27) to authenticate the user. // Use ZAP protocol (RFC 27) to authenticate the user.
rc = session->zap_connect (); rc = session->zap_connect ();
if (rc == 0) { if (rc != 0)
return -1;
rc = send_zap_request (client_key); rc = send_zap_request (client_key);
if (rc != 0) if (rc != 0)
return -1; return -1;
...@@ -505,9 +506,6 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) ...@@ -505,9 +506,6 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
state = expect_zap_reply; state = expect_zap_reply;
else else
return -1; return -1;
}
else
state = send_ready;
return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128, return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
clen - crypto_box_ZEROBYTES - 128); clen - crypto_box_ZEROBYTES - 128);
......
src/gssapi_server.cpp
View file @ a0ccdc86
...@@ -120,20 +120,21 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_) ...@@ -120,20 +120,21 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
if (security_context_established) { if (security_context_established) {
// Use ZAP protocol (RFC 27) to authenticate the user. // Use ZAP protocol (RFC 27) to authenticate the user.
bool expecting_zap_reply = false;
int rc = session->zap_connect (); int rc = session->zap_connect ();
if (rc == 0) { if (rc != 0)
return -1;
rc = send_zap_request (); rc = send_zap_request ();
if (rc != 0) if (rc != 0)
return -1; return -1;
rc = receive_and_process_zap_reply (); rc = receive_and_process_zap_reply ();
if (rc != 0) { if (rc == 0)
if (errno != EAGAIN) state = send_ready;
else
if (errno == EAGAIN)
state = expect_zap_reply;
else
return -1; return -1;
expecting_zap_reply = true;
}
}
state = expecting_zap_reply? expect_zap_reply: send_ready;
return 0; return 0;
} }
......
src/plain_server.cpp
View file @ a0ccdc86
...@@ -190,7 +190,8 @@ int zmq::plain_server_t::process_hello (msg_t *msg_) ...@@ -190,7 +190,8 @@ int zmq::plain_server_t::process_hello (msg_t *msg_)
// Use ZAP protocol (RFC 27) to authenticate the user. // Use ZAP protocol (RFC 27) to authenticate the user.
int rc = session->zap_connect (); int rc = session->zap_connect ();
if (rc == 0) { if (rc != 0)
return -1;
rc = send_zap_request (username, password); rc = send_zap_request (username, password);
if (rc != 0) if (rc != 0)
return -1; return -1;
...@@ -204,9 +205,6 @@ int zmq::plain_server_t::process_hello (msg_t *msg_) ...@@ -204,9 +205,6 @@ int zmq::plain_server_t::process_hello (msg_t *msg_)
state = waiting_for_zap_reply; state = waiting_for_zap_reply;
else else
return -1; return -1;
}
else
state = sending_welcome;
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment