- 26 Apr, 2017 2 commits
-
-
Luca Boccassi authored
add simple GSSAPI test for make check
-
Jim Garlick authored
Problem: there is no test coverage for GSSAPI. Solution: add a test structured like the CURVE test. The test is not built if libzmq is not configured with --with-libgssapi_krb5. It will report SKIPPED status if the required environment is missing (see below). Environment: KRB5_KTNAME and KRB5_CLIENT_KTNAME environment variables must point to a keytab file containing creds for a host-based test principal (see comment at top of source for details). Kerberos must be configured and a KDC containing the test principal must be running, otherwise the test will fail/hang. N.B. For now, the test must use the same principal for both client and server roles because it seems impossible to set them to different principals when they are threads in the same process. Once one principal is cached in credential cache, attempts to acquire creds for a different "desired name" seem to be ignored and the cached principal is used instead.
-
- 25 Apr, 2017 4 commits
-
-
Luca Boccassi authored
Clean up after move of GSSAPI NAMETYPE options to DRAFT
-
Jim Garlick authored
Problem: GSSAPI DRAFT code was made conditional on ZMQ_BUILD_DRAFT_API, but zmq_draft.h duplicates the DRAFT symbols definitions from zmq.h so this is unnecessary. Solution: drop the extra ifdefs
-
Jim Garlick authored
Problem: GSSAPI NAMETYPE socket option numbers were modified +1000 when moved to DRAFT section, but should use the definitive values while in DRAFT to minimize disruption later. Solution: renumber the socket options
-
Luca Boccassi authored
move GSSAPI NAMETYPE options to DRAFT, etc.
-
- 24 Apr, 2017 5 commits
-
-
Jim Garlick authored
Problem: GSSAPI NAMETYPE options were not documented in man pages for zmq_getsockopt() and zmq_setsockopt(). Solution: add new options to these manual pages.
-
Jim Garlick authored
Problem: GSSAPI NAMETYPE options were added to zmq_setsockopt() but not zmq_getsockopt(). Add them to zmq_getsockopt().
-
Jim Garlick authored
Problem: The new GSSAPI NAMESPACE options should have been added to the DRAFT section of the API so they can be changed until stabilized. Solution: - Move defines to the DRAFT section of zmq.h - Duplicate them in zmq_draft.h, as is the local custom - Compile only if defined (ZMQ_BUILD_DRAFT_API) - Refactor internals slightly to avoid #ifdef hell
-
Luca Boccassi authored
Targets broken by some parts of f7d1c159
-
Yann Diorcet authored
-
- 23 Apr, 2017 2 commits
-
-
Constantin Rack authored
RELICENSE: Grant from rikvdh
-
Rik van der Heijden authored
-
- 22 Apr, 2017 1 commit
-
-
Luca Boccassi authored
add GSSAPI NAMETYPE socket options
-
- 21 Apr, 2017 5 commits
-
-
Jim Garlick authored
Problem: zmq_gssapi.7 was not mentioned in doc/Makefile.am Solution: add man page to MAN7 in doc/Makefile.am
-
Jim Garlick authored
Problem: new GSSAPI socket options are not documented. Solution: add PRINCIPAL NAMES section to zmq_gssapi.7
-
Jim Garlick authored
Problem: principals are looked up unconditionally with the GSS_C_NT_HOSTBASED_SERVICE name type. Solution: Add two new socket options to set the name type for ZMQ_GSSAPI_PRINCIPAL and ZMQ_GSSAPI_SERVICE_PRINCIPAL: ZMQ_GSSAPI_PRINCIPAL_NAMETYPE ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE They take an integer argument which must be one of ZMQ_GSSAPI_NT_HOSTBASED (0) - default ZMQ_GSSAPI_NT_USER_NAME (1) ZMQ_GSSAPI_NT_KRB5_PRINCIPAL (2) These correspond to GSSAPI name types of: GSS_C_NT_HOSTBASED_SERVICE GSS_C_NT_USER_NAME GSS_KRB5_NT_PRINCIPAL_NAME Fixes #2542
-
Constantin Rack authored
RELICENSE: Hendrik Beskow grant
-
Asmod4n authored
-
- 20 Apr, 2017 8 commits
-
-
Luca Boccassi authored
fix misc. bugs in GSSAPI support
-
Jim Garlick authored
Problem: one call to gss_import_name() includes the terminating NULL in a gss_buffer_desc.length, and one doesn't. According to the examples at: http://docs.oracle.com/cd/E19253-01/816-4863/overview-22/index.html the NULL should be included in the length. Solution: Fix one case to include the terminating NULL in the length.
-
Jim Garlick authored
Problem: if client sets ZMQ_GSSAPI_PRINCIPAL to a name for which credentials cannot be obtained, authentication proceeds with default credentials. Solution: Before initializing the security context, check whether there was a failed attempt to acquire credentials for a specific principal and bail out if so. Fixes #2531
-
Jim Garlick authored
Problem: if client sets the ZMQ_GSSAPI_PRINCIPAL to a valid principal, authentication fails. When an application sets ZMQ_GSSAPI_PRINCIPAL, whether as a client or a server, libzmq internally calls gss_acquire_cred() with cred_usage=GSS_C_ACCEPT. This cred_usage setting is for acceptors (servers) only, thus it doesn't work for initiators (clients). Solution: Change the cred_usage parameter to GSS_C_BOTH to allow initiators to set ZMQ_GSSAPI_PRINCIPAL.
-
Jim Garlick authored
Problem: the ZMQ_GSSAPI_PRINCIPAL socket option is described as mandatory in the zmq_gssapi(7) manual page. In fact it is optional. Solution: Describe ZMQ_GSSAPI_PRINCIPAL as optional. If unspecified, default credentials are used.
-
Jim Garlick authored
Problem: configure.ac is not setting HAVE_LIBGSSAPI_KRB5 in src/platform.hpp when --with-libgssapi_krb5 is specified Commit 09e868b7 switched the libgssapi_krb5 check from AC_CHECK_LIB to AC_SEARCH_LIBS, but neglected to add an AC_DEFINE for HAVE_LIBGSSAPI_KRB5, thus the GSSAPI code is never compiled. Solution: Add missing AC_DEFINE of HAVE_LIBGSSAPI_KRB5.
-
Luca Boccassi authored
Problem: Windows build broken by #if ZMQ_USE_POLL
-
Juan A. Garcia Pardo authored
Solution: use #if defined ZMQ_USE_POLL
-
- 19 Apr, 2017 1 commit
-
-
Asmod4n authored
* change macOS < 10.12 clock to SYSTEM_CLOCK, fixes #2537 * remove clock_id option from alt_clock_gettime since we always want a monotonic clock. * update header definition for alt_clock_gettime * pass clock definition down to host_get_clock_service for macOS < 10.12 * change to monotonic clocks
-
- 17 Apr, 2017 2 commits
-
-
Luca Boccassi authored
Add CMake Build Output Options
-
RPGillespie6 authored
Add two new options to CMakeLists.txt: `BUILD_SHARED` - Whether or not to build the shared object (Default: ON) `BUILD_STATIC` - Whether or not to build the static archive (Default: ON)
-
- 14 Apr, 2017 5 commits
-
-
BJovke authored
* Problem: Minor inconsistency in macro syntax. Solution: Code fixed.
-
Luca Boccassi authored
Problem: FD set copying for Windows still not optimal in some places.
-
bjovke authored
Problem: FD set copying on Windows still not optimal on some places. Solution: Improved memcpy() of FD sets for Windows builds.
-
Luca Boccassi authored
Problem: Stack overflow in Windows VS 2012 builds for simple ZeroMQ u…
-
bjovke authored
Problem: Stack overflow in Windows VS 2012 builds for simple ZeroMQ usage. Solution: Added notice in INSTALL file to mandatory use at least 2 MB stack size in VS 2012 and recommendation to use at least 2 MB in all other Windows builds.
-
- 13 Apr, 2017 1 commit
-
-
Constantin Rack authored
RELICENSE: Pawel Kurdybacha grant
-
- 12 Apr, 2017 3 commits
-
-
Pawel Kurdybacha authored
-
Luca Boccassi authored
Fix compilation on windows using msys2
-
Yann Diorcet authored
-
- 11 Apr, 2017 1 commit
-
-
Luca Boccassi authored
Problem: GCC 6 build fails due to misleading indentation and visually ambiguous if/else block ordering.
-