generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-10-08 04:05:29 +02:00
Code Issues Projects Releases Wiki Activity

added ready for meta data exchange at end of gss handshake

Browse Source
This commit is contained in:
Chris Busbey
2013-11-07 11:49:45 -08:00
parent 761508bf4b
commit 04db842dcc
6 changed files with 113 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/gssapi_client.cpp
View File

@@ -32,8 +32,7 @@
#include "wire.hpp" #include "wire.hpp"
zmq::gssapi_client_t::gssapi_client_t (const options_t &options_) : zmq::gssapi_client_t::gssapi_client_t (const options_t &options_) :
gssapi_mechanism_base_t (), gssapi_mechanism_base_t (options_),
mechanism_t (options_),
state (call_next_init), state (call_next_init),
token_ptr (GSS_C_NO_BUFFER), token_ptr (GSS_C_NO_BUFFER),
mechs (), mechs (),
@@ -55,6 +54,14 @@ zmq::gssapi_client_t::~gssapi_client_t ()
int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_) int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_)
{ {
if (state == send_ready) {
int rc = produce_ready(msg_);
if (rc == 0)
state = connected;
return rc;
}
if (security_context_established) { if (security_context_established) {
state = connected; state = connected;
return 0; return 0;
@@ -74,8 +81,10 @@ int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_)
if (maj_stat != GSS_S_CONTINUE_NEEDED && maj_stat != GSS_S_COMPLETE) if (maj_stat != GSS_S_CONTINUE_NEEDED && maj_stat != GSS_S_COMPLETE)
return -1; return -1;
if (maj_stat == GSS_S_COMPLETE) if (maj_stat == GSS_S_COMPLETE) {
security_context_established = true; security_context_established = true;
state = recv_ready;
}
else else
state = recv_next_token; state = recv_next_token;
@@ -84,6 +93,14 @@ int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_)
int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_) int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_)
{ {
if (state == recv_ready) {
int rc = process_ready(msg_);
if (rc == 0)
state = send_ready;
return rc;
}
if (state != recv_next_token) { if (state != recv_next_token) {
errno = EPROTO; errno = EPROTO;
return -1; return -1;
@@ -92,13 +109,11 @@ int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_)
if (process_next_token (msg_) < 0) if (process_next_token (msg_) < 0)
return -1; return -1;
if (maj_stat == GSS_S_COMPLETE) if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)
security_context_established = true;
else if (maj_stat == GSS_S_CONTINUE_NEEDED)
state = call_next_init;
else
return -1; return -1;
state = call_next_init;
errno_assert (msg_->close () == 0); errno_assert (msg_->close () == 0);
errno_assert (msg_->init () == 0); errno_assert (msg_->init () == 0);

7
src/gssapi_client.hpp
View File

@@ -21,8 +21,6 @@
#define __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__ #define __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__
#include "gssapi_mechanism_base.hpp" #include "gssapi_mechanism_base.hpp"
#include "mechanism.hpp"
#include "options.hpp"
namespace zmq namespace zmq
{ {
@@ -30,8 +28,7 @@ namespace zmq
class msg_t; class msg_t;
class gssapi_client_t : class gssapi_client_t :
public gssapi_mechanism_base_t, public gssapi_mechanism_base_t
public mechanism_t
{ {
public: public:
@@ -51,6 +48,8 @@ namespace zmq
call_next_init, call_next_init,
send_next_token, send_next_token,
recv_next_token, recv_next_token,
send_ready,
recv_ready,
connected connected
}; };

49
src/gssapi_mechanism_base.cpp
View File

@@ -31,7 +31,8 @@
#include "gssapi_mechanism_base.hpp" #include "gssapi_mechanism_base.hpp"
#include "wire.hpp" #include "wire.hpp"
zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t () : zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options_) :
mechanism_t(options_),
send_tok (), send_tok (),
recv_tok (), recv_tok (),
/// FIXME remove? in_buf (), /// FIXME remove? in_buf (),
@@ -235,6 +236,52 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va
return 0; return 0;
} }
int zmq::gssapi_mechanism_base_t::produce_ready (msg_t *msg_) const
{
unsigned char * const command_buffer = (unsigned char *) malloc (512);
alloc_assert (command_buffer);
unsigned char *ptr = command_buffer;
// Add command name
memcpy (ptr, "\x05READY", 6);
ptr += 6;
// Add socket type property
const char *socket_type = socket_type_string (options.type);
ptr += add_property (ptr, "Socket-Type", socket_type, strlen (socket_type));
// Add identity property
if (options.type == ZMQ_REQ
|| options.type == ZMQ_DEALER
|| options.type == ZMQ_ROUTER) {
ptr += add_property (ptr, "Identity",
options.identity, options.identity_size);
}
const size_t command_size = ptr - command_buffer;
const int rc = msg_->init_size (command_size);
errno_assert (rc == 0);
memcpy (msg_->data (), command_buffer, command_size);
free (command_buffer);
return 0;
}
int zmq::gssapi_mechanism_base_t::process_ready (msg_t *msg_)
{
const unsigned char *ptr = static_cast <unsigned char *> (msg_->data ());
size_t bytes_left = msg_->size ();
if (bytes_left < 6 || memcmp (ptr, "\x05READY", 6)) {
errno = EPROTO;
return -1;
}
ptr += 6;
bytes_left -= 6;
return parse_metadata (ptr, bytes_left);
}
int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss_cred_id_t * cred_) int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss_cred_id_t * cred_)
{ {
OM_uint32 maj_stat; OM_uint32 maj_stat;

15
src/gssapi_mechanism_base.hpp
View File

@@ -22,7 +22,9 @@
#include <gssapi/gssapi_generic.h> #include <gssapi/gssapi_generic.h>
#include <gssapi/gssapi_krb5.h> #include <gssapi/gssapi_krb5.h>
#include <gssapi/gssapi_ext.h>
#include "mechanism.hpp"
#include "options.hpp"
namespace zmq namespace zmq
{ {
@@ -33,10 +35,11 @@ namespace zmq
/// For example, clients and servers both need to produce and /// For example, clients and servers both need to produce and
/// process context-level GSSAPI tokens (via INITIATE commands) /// process context-level GSSAPI tokens (via INITIATE commands)
/// and per-message GSSAPI tokens (via MESSAGE commands). /// and per-message GSSAPI tokens (via MESSAGE commands).
class gssapi_mechanism_base_t class gssapi_mechanism_base_t:
public mechanism_t
{ {
public: public:
gssapi_mechanism_base_t (); gssapi_mechanism_base_t (const options_t &options_);
virtual ~gssapi_mechanism_base_t () = 0; virtual ~gssapi_mechanism_base_t () = 0;
protected: protected:
@@ -47,6 +50,12 @@ namespace zmq
// Process a context-level GSSAPI token (INITIATE command) // Process a context-level GSSAPI token (INITIATE command)
// during security context initialization. // during security context initialization.
int process_initiate (msg_t *msg_, void **data_, size_t &data_len_); int process_initiate (msg_t *msg_, void **data_, size_t &data_len_);
// Produce a metadata ready msg (READY) to conclude handshake
int produce_ready (msg_t *msg_) const;
// Process a metadata ready msg (READY)
int process_ready (msg_t *msg_);
// Encode a per-message GSSAPI token (MESSAGE command) using // Encode a per-message GSSAPI token (MESSAGE command) using
// the established security context. // the established security context.

30
src/gssapi_server.cpp
View File

@@ -34,8 +34,7 @@
zmq::gssapi_server_t::gssapi_server_t (session_base_t *session_, zmq::gssapi_server_t::gssapi_server_t (session_base_t *session_,
const std::string &peer_address_, const std::string &peer_address_,
const options_t &options_) : const options_t &options_) :
gssapi_mechanism_base_t (), gssapi_mechanism_base_t (options_),
mechanism_t (options_),
session (session_), session (session_),
peer_address (peer_address_), peer_address (peer_address_),
state (recv_next_token), state (recv_next_token),
@@ -57,6 +56,14 @@ zmq::gssapi_server_t::~gssapi_server_t ()
int zmq::gssapi_server_t::next_handshake_command (msg_t *msg_) int zmq::gssapi_server_t::next_handshake_command (msg_t *msg_)
{ {
if (state == send_ready) {
int rc = produce_ready(msg_);
if (rc == 0)
state = recv_ready;
return rc;
}
if (state != send_next_token) { if (state != send_next_token) {
errno = EAGAIN; errno = EAGAIN;
return -1; return -1;
@@ -71,22 +78,33 @@ int zmq::gssapi_server_t::next_handshake_command (msg_t *msg_)
if (maj_stat == GSS_S_COMPLETE) { if (maj_stat == GSS_S_COMPLETE) {
gss_release_name(&min_stat, &target_name); gss_release_name(&min_stat, &target_name);
security_context_established = true; security_context_established = true;
state = connected;
}
else {
state = recv_next_token;
} }
state = recv_next_token;
return 0; return 0;
} }
int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_) int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
{ {
if (state == recv_ready) {
int rc = process_ready(msg_);
if (rc == 0)
state = connected;
return rc;
}
if (state != recv_next_token) { if (state != recv_next_token) {
errno = EPROTO; errno = EPROTO;
return -1; return -1;
} }
if (security_context_established) {
state = send_ready;
return 0;
}
if (process_next_token (msg_) < 0) if (process_next_token (msg_) < 0)
return -1; return -1;

7
src/gssapi_server.hpp
View File

@@ -21,8 +21,6 @@
#define __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__ #define __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__
#include "gssapi_mechanism_base.hpp" #include "gssapi_mechanism_base.hpp"
#include "mechanism.hpp"
#include "options.hpp"
namespace zmq namespace zmq
{ {
@@ -31,8 +29,7 @@ namespace zmq
class session_base_t; class session_base_t;
class gssapi_server_t : class gssapi_server_t :
public gssapi_mechanism_base_t, public gssapi_mechanism_base_t
public mechanism_t
{ {
public: public:
@@ -54,6 +51,8 @@ namespace zmq
enum state_t { enum state_t {
send_next_token, send_next_token,
recv_next_token, recv_next_token,
send_ready,
recv_ready,
connected connected
}; };