generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-02-20 22:31:34 +01:00
Code Issues Projects Releases Wiki Activity

src/gssapi_client.cpp

Browse Source
This commit is contained in:
Chris Laws 2014-04-25 13:47:07 +09:30
parent dd64f6432c
commit 09647fa916
6 changed files with 56 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/gssapi_client.hpp
View File

@ -20,6 +20,8 @@
#ifndef __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__
#define __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__
#ifdef HAVE_LIBGSSAPI_KRB5
#include "gssapi_mechanism_base.hpp"
namespace zmq
@ -43,7 +45,7 @@ namespace zmq
virtual bool is_handshake_complete () const;
private:
enum state_t {
call_next_init,
send_next_token,
@ -77,3 +79,5 @@ namespace zmq
}
#endif
#endif

34
src/gssapi_mechanism_base.cpp
View File

@ -18,6 +18,9 @@
*/
#include "platform.hpp"
#ifdef HAVE_LIBGSSAPI_KRB5
#ifdef ZMQ_HAVE_WINDOWS
#include "windows.hpp"
#endif
@ -74,10 +77,10 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_)
plaintext.value = plaintext_buffer;
plaintext.length = msg_->size ()+1;
maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT,
&plaintext, &state, &wrapped);
zmq_assert (maj_stat == GSS_S_COMPLETE);
zmq_assert (state);
@ -89,7 +92,7 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_)
zmq_assert (rc == 0);
uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
// Add command string
memcpy (ptr, "\x07MESSAGE", 8);
ptr += 8;
@ -129,7 +132,7 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_)
wrapped.length = get_uint32 (ptr);
ptr += 4;
bytes_left -= 4;
// Get token value
if (bytes_left < wrapped.length) {
errno = EPROTO;
@ -164,9 +167,9 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_)
const uint8_t flags = static_cast <char *> (plaintext.value)[0];
if (flags & 0x01)
msg_->set_flags (msg_t::more);
memcpy (msg_->data (), static_cast <char *> (plaintext.value)+1, plaintext.length-1);
gss_release_buffer (&min_stat, &plaintext);
gss_release_buffer (&min_stat, &wrapped);
@ -184,12 +187,12 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val
zmq_assert (token_length_ <= 0xFFFFFFFFUL);
const size_t command_size = 9 + 4 + token_length_;
const int rc = msg_->init_size (command_size);
errno_assert (rc == 0);
uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
// Add command string
memcpy (ptr, "\x08INITIATE", 9);
ptr += 9;
@ -208,7 +211,7 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val
int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_value_, size_t &token_length_)
{
zmq_assert (token_value_);
const uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
size_t bytes_left = msg_->size ();
@ -228,7 +231,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va
token_length_ = get_uint32 (ptr);
ptr += 4;
bytes_left -= 4;
// Get token value
if (bytes_left < token_length_) {
errno = EPROTO;
@ -246,7 +249,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va
errno = EPROTO;
return -1;
}
return 0;
}
@ -287,7 +290,7 @@ int zmq::gssapi_mechanism_base_t::produce_ready (msg_t *msg_)
int zmq::gssapi_mechanism_base_t::process_ready (msg_t *msg_)
{
if (do_encryption) {
if (do_encryption) {
const int rc = decode_message (msg_);
if (rc != 0)
return rc;
@ -310,11 +313,11 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_name_t server_name;
gss_buffer_desc name_buf;
name_buf.value = service_name_;
name_buf.length = strlen ((char *) name_buf.value) + 1;
maj_stat = gss_import_name (&min_stat, &name_buf,
gss_nt_service_name, &server_name);
@ -333,3 +336,4 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss
return 0;
}
#endif

25
src/gssapi_mechanism_base.hpp
View File

@ -20,6 +20,10 @@
#ifndef __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
#define __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
#include "platform.hpp"
#ifdef HAVE_LIBGSSAPI_KRB5
#include <gssapi/gssapi_generic.h>
#include <gssapi/gssapi_krb5.h>
@ -46,7 +50,7 @@ namespace zmq
// Produce a context-level GSSAPI token (INITIATE command)
// during security context initialization.
int produce_initiate (msg_t *msg_, void *data_, size_t data_len_);
// Process a context-level GSSAPI token (INITIATE command)
// during security context initialization.
int process_initiate (msg_t *msg_, void **data_, size_t &data_len_);
@ -56,15 +60,15 @@ namespace zmq
// Process a metadata ready msg (READY)
int process_ready (msg_t *msg_);
// Encode a per-message GSSAPI token (MESSAGE command) using
// the established security context.
int encode_message (msg_t *msg_);
// Decode a per-message GSSAPI token (MESSAGE command) using
// the established security context.
int decode_message (msg_t *msg_);
// Acquire security context credentials from the
// underlying mechanism.
static int acquire_credentials (char * principal_name_,
@ -73,13 +77,13 @@ namespace zmq
protected:
// Opaque GSSAPI token for outgoing data
gss_buffer_desc send_tok;
// Opaque GSSAPI token for incoming data
gss_buffer_desc recv_tok;
// Opaque GSSAPI representation of principal
gss_name_t target_name;
// Human-readable principal name
char * principal_name;
@ -95,10 +99,10 @@ namespace zmq
// Flags returned by GSSAPI (ignored)
OM_uint32 ret_flags;
// Flags returned by GSSAPI (ignored)
OM_uint32 gss_flags;
// Credentials used to establish security context
gss_cred_id_t cred;
@ -110,6 +114,7 @@ namespace zmq
};
}
#endif
#endif

8
src/gssapi_server.cpp
View File

@ -18,6 +18,9 @@
*/
#include "platform.hpp"
#ifdef HAVE_LIBGSSAPI_KRB5
#ifdef ZMQ_HAVE_WINDOWS
#include "windows.hpp"
#endif
@ -98,7 +101,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
{
if (state == recv_ready) {
int rc = process_ready(msg_);
if (rc == 0)
if (rc == 0)
state = connected;
return rc;
@ -138,7 +141,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
return 0;
}
void zmq::gssapi_server_t::send_zap_request ()
void zmq::gssapi_server_t::send_zap_request ()
{
int rc;
msg_t msg;
@ -358,3 +361,4 @@ void zmq::gssapi_server_t::accept_context ()
}
}
#endif

8
src/gssapi_server.hpp
View File

@ -20,6 +20,8 @@
#ifndef __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__
#define __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__
#ifdef HAVE_LIBGSSAPI_KRB5
#include "gssapi_mechanism_base.hpp"
namespace zmq
@ -58,9 +60,9 @@ namespace zmq
};
session_base_t * const session;
const std::string peer_address;
// Current FSM state
state_t state;
@ -80,3 +82,5 @@ namespace zmq
}
#endif
#endif

8
src/stream_engine.cpp
View File

@ -55,7 +55,7 @@
#include "likely.hpp"
#include "wire.hpp"
zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
const std::string &endpoint_) :
s (fd_),
inpos (NULL),
@ -82,7 +82,7 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_,
{
int rc = tx_msg.init ();
errno_assert (rc == 0);
// Put the socket into non-blocking mode.
unblock_socket (s);
@ -595,6 +595,7 @@ bool zmq::stream_engine_t::handshake ()
alloc_assert (mechanism);
}
#endif
#ifdef HAVE_LIBGSSAPI_KRB5
else
if (memcmp (greeting_recv + 12, "GSSAPI\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) {
if (options.as_server)
@ -604,6 +605,7 @@ bool zmq::stream_engine_t::handshake ()
mechanism = new (std::nothrow) gssapi_client_t (options);
alloc_assert (mechanism);
}
#endif
else {
error ();
return false;
@ -829,7 +831,7 @@ int zmq::stream_engine_t::write (const void *data_, size_t size_)
// we'll get an error (this may happen during the speculative write).
if (nbytes == SOCKET_ERROR && WSAGetLastError () == WSAEWOULDBLOCK)
return 0;
// Signalise peer failure.
if (nbytes == SOCKET_ERROR && (
WSAGetLastError () == WSAENETDOWN ||