ZMQ_GSSAPI_PLAINTEXT option for disabling encryption

include/zmq.h

@@ -299,6 +299,7 @@ ZMQ_EXPORT char *zmq_msg_gets (zmq_msg_t *msg, char *property);
 #define ZMQ_GSSAPI_SERVER 62
 #define ZMQ_GSSAPI_PRINCIPAL 63
 #define ZMQ_GSSAPI_SERVICE_PRINCIPAL 64
+#define ZMQ_GSSAPI_PLAINTEXT 65
 
 /*  Message options                                                           */
 #define ZMQ_MORE 1

src/gssapi_client.cpp

@@ -133,13 +133,21 @@ int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_)
 int zmq::gssapi_client_t::encode (msg_t *msg_)
 {
     zmq_assert (state == connected);
-    return encode_message (msg_);
+
+    if (do_encryption)
+      return encode_message (msg_);
+
+    return 0;
 }
 
 int zmq::gssapi_client_t::decode (msg_t *msg_)
 {
     zmq_assert (state == connected);
-    return decode_message (msg_);
+
+    if (do_encryption)
+      return decode_message (msg_);
+
+    return 0;
 }
 
 bool zmq::gssapi_client_t::is_handshake_complete () const

src/gssapi_mechanism_base.cpp

@@ -44,7 +44,8 @@ zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options
     ret_flags (0),
     gss_flags (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG),
     cred (GSS_C_NO_CREDENTIAL),
-    context (GSS_C_NO_CONTEXT)
+    context (GSS_C_NO_CONTEXT),
+    do_encryption (!options_.gss_plaintext)
 {
 }
 

src/gssapi_mechanism_base.hpp

@@ -104,6 +104,9 @@ namespace zmq
 
         //  Opaque GSSAPI representation of the security context
         gss_ctx_id_t context;
+
+        //  If true, use gss to encrypt messages. If false, only utilize gss for auth.
+        bool do_encryption;
     };
 
 }

src/gssapi_server.cpp

@@ -281,13 +281,21 @@ error:
 int zmq::gssapi_server_t::encode (msg_t *msg_)
 {
     zmq_assert (state == connected);
-    return encode_message (msg_);
+
+    if (do_encryption)
+      return encode_message (msg_);
+
+    return 0;
 }
 
 int zmq::gssapi_server_t::decode (msg_t *msg_)
 {
     zmq_assert (state == connected);
-    return decode_message (msg_);
+
+    if (do_encryption)
+      return decode_message (msg_);
+
+    return 0;
 }
 
 int zmq::gssapi_server_t::zap_msg_available ()

src/options.cpp

@@ -54,7 +54,8 @@ zmq::options_t::options_t () :
     mechanism (ZMQ_NULL),
     as_server (0),
     socket_id (0),
-    conflate (false)
+    conflate (false),
+    gss_plaintext (false)
 {
 }
 
@@ -427,6 +428,14 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
             }
             break;
 
+        case ZMQ_GSSAPI_PLAINTEXT:
+            if (is_int && (value == 0 || value == 1)) {
+                gss_plaintext = (value != 0);
+                return 0;
+            }
+            break;
+	
+
         default:
             break;
     }
@@ -730,6 +739,14 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
             }
             break;
 
+        case ZMQ_GSSAPI_PLAINTEXT:
+            if (is_int) {
+                *value = gss_plaintext;
+                return 0;
+            }
+            break;
+ 
+
 	}
     errno = EINVAL;
     return -1;

src/options.hpp

@@ -160,6 +160,9 @@ namespace zmq
         std::string gss_principal;
         std::string gss_service_principal;
 
+        //  If true, gss encryption will be disabled
+        bool gss_plaintext;
+
         //  ID of the socket.
         int socket_id;