diff --git a/include/zmq.h b/include/zmq.h index d92986af..f93b7a7c 100644 --- a/include/zmq.h +++ b/include/zmq.h @@ -299,6 +299,7 @@ ZMQ_EXPORT char *zmq_msg_gets (zmq_msg_t *msg, char *property); #define ZMQ_GSSAPI_SERVER 62 #define ZMQ_GSSAPI_PRINCIPAL 63 #define ZMQ_GSSAPI_SERVICE_PRINCIPAL 64 +#define ZMQ_GSSAPI_PLAINTEXT 65 /* Message options */ #define ZMQ_MORE 1 diff --git a/src/gssapi_client.cpp b/src/gssapi_client.cpp index 187e6294..73a0189d 100644 --- a/src/gssapi_client.cpp +++ b/src/gssapi_client.cpp @@ -133,13 +133,21 @@ int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_) int zmq::gssapi_client_t::encode (msg_t *msg_) { zmq_assert (state == connected); - return encode_message (msg_); + + if (do_encryption) + return encode_message (msg_); + + return 0; } int zmq::gssapi_client_t::decode (msg_t *msg_) { zmq_assert (state == connected); - return decode_message (msg_); + + if (do_encryption) + return decode_message (msg_); + + return 0; } bool zmq::gssapi_client_t::is_handshake_complete () const diff --git a/src/gssapi_mechanism_base.cpp b/src/gssapi_mechanism_base.cpp index c88136a9..a006a6bc 100644 --- a/src/gssapi_mechanism_base.cpp +++ b/src/gssapi_mechanism_base.cpp @@ -44,7 +44,8 @@ zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options ret_flags (0), gss_flags (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG), cred (GSS_C_NO_CREDENTIAL), - context (GSS_C_NO_CONTEXT) + context (GSS_C_NO_CONTEXT), + do_encryption (!options_.gss_plaintext) { } diff --git a/src/gssapi_mechanism_base.hpp b/src/gssapi_mechanism_base.hpp index 6a9941a3..16736983 100644 --- a/src/gssapi_mechanism_base.hpp +++ b/src/gssapi_mechanism_base.hpp @@ -104,6 +104,9 @@ namespace zmq // Opaque GSSAPI representation of the security context gss_ctx_id_t context; + + // If true, use gss to encrypt messages. If false, only utilize gss for auth. + bool do_encryption; }; } diff --git a/src/gssapi_server.cpp b/src/gssapi_server.cpp index 1e681e54..d28504f6 100644 --- a/src/gssapi_server.cpp +++ b/src/gssapi_server.cpp @@ -281,13 +281,21 @@ error: int zmq::gssapi_server_t::encode (msg_t *msg_) { zmq_assert (state == connected); - return encode_message (msg_); + + if (do_encryption) + return encode_message (msg_); + + return 0; } int zmq::gssapi_server_t::decode (msg_t *msg_) { zmq_assert (state == connected); - return decode_message (msg_); + + if (do_encryption) + return decode_message (msg_); + + return 0; } int zmq::gssapi_server_t::zap_msg_available () diff --git a/src/options.cpp b/src/options.cpp index f60dae5f..95137e97 100644 --- a/src/options.cpp +++ b/src/options.cpp @@ -54,7 +54,8 @@ zmq::options_t::options_t () : mechanism (ZMQ_NULL), as_server (0), socket_id (0), - conflate (false) + conflate (false), + gss_plaintext (false) { } @@ -427,6 +428,14 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, } break; + case ZMQ_GSSAPI_PLAINTEXT: + if (is_int && (value == 0 || value == 1)) { + gss_plaintext = (value != 0); + return 0; + } + break; + + default: break; } @@ -730,6 +739,14 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_) } break; + case ZMQ_GSSAPI_PLAINTEXT: + if (is_int) { + *value = gss_plaintext; + return 0; + } + break; + + } errno = EINVAL; return -1; diff --git a/src/options.hpp b/src/options.hpp index 83489255..6adecfde 100644 --- a/src/options.hpp +++ b/src/options.hpp @@ -160,6 +160,9 @@ namespace zmq std::string gss_principal; std::string gss_service_principal; + // If true, gss encryption will be disabled + bool gss_plaintext; + // ID of the socket. int socket_id;