generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-13 18:55:10 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2541 from garlick/gssapi_fix

Browse Source 
fix misc. bugs in GSSAPI support
This commit is contained in:
Luca Boccassi 2017-04-20 18:49:05 +01:00 committed by GitHub
commit 427292561c
4 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@ -427,7 +427,8 @@ AC_ARG_WITH([libgssapi_krb5], [AS_HELP_STRING([--with-libgssapi_krb5],
# conditionally require libgssapi_krb5 # conditionally require libgssapi_krb5
if test "x$require_libgssapi_krb5_ext" != "xno"; then if test "x$require_libgssapi_krb5_ext" != "xno"; then
AC_CHECK_HEADERS(gssapi/gssapi_generic.h) AC_CHECK_HEADERS(gssapi/gssapi_generic.h)
AC_SEARCH_LIBS([gss_init_sec_context], [gssapi_krb5 gssapi],, AC_SEARCH_LIBS([gss_init_sec_context], [gssapi_krb5 gssapi],
AC_DEFINE(HAVE_LIBGSSAPI_KRB5, [1], [Enabled GSSAPI security]),
AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security)) AC_MSG_ERROR(libgssapi_krb5 is needed for GSSAPI security))
fi fi

17
doc/zmq_gssapi.txt
View File

@ -22,16 +22,17 @@ CLIENT AND SERVER ROLES
----------------------- -----------------------
A socket using GSSAPI can be either client or server, but not both. A socket using GSSAPI can be either client or server, but not both.
To become either a GSSAPI client or server, the application sets the To become a GSSAPI server, the application sets the ZMQ_GSSAPI_SERVER
ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the principal option on the socket.
for whom GSSAPI credentials should be acquired.
To become a GSSAPI server, the application additionally sets the To become a GSSAPI client, the application sets the ZMQ_GSSAPI_SERVICE_PRINCIPAL
ZMQ_GSSAPI_SERVER option on the socket. option to the name of the principal on the server to which it intends to
connect.
To become a GSSAPI client, the application additionally sets the On client or server, the application may additionally set the
ZMQ_GSSAPI_SERVICE_PRINCIPAL option to the name of the principal of the server ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the
to which it intends to connect. principal for whom GSSAPI credentials should be acquired. If this option
is not set, default credentials are used.
OPTIONAL ENCRYPTION OPTIONAL ENCRYPTION

6
src/gssapi_client.cpp
View File

@ -166,10 +166,14 @@ zmq::mechanism_t::status_t zmq::gssapi_client_t::status () const
int zmq::gssapi_client_t::initialize_context () int zmq::gssapi_client_t::initialize_context ()
{ {
// principal was specified but credentials could not be acquired
if (principal_name != NULL && cred == NULL)
return -1;
// First time through, import service_name into target_name // First time through, import service_name into target_name
if (target_name == GSS_C_NO_NAME) { if (target_name == GSS_C_NO_NAME) {
send_tok.value = service_name; send_tok.value = service_name;
send_tok.length = strlen(service_name); send_tok.length = strlen(service_name) + 1;
OM_uint32 maj = gss_import_name(&min_stat, &send_tok, OM_uint32 maj = gss_import_name(&min_stat, &send_tok,
GSS_C_NT_HOSTBASED_SERVICE, GSS_C_NT_HOSTBASED_SERVICE,
&target_name); &target_name);

2
src/gssapi_mechanism_base.cpp
View File

@ -338,7 +338,7 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss
return -1; return -1;
maj_stat = gss_acquire_cred (&min_stat, server_name, 0, maj_stat = gss_acquire_cred (&min_stat, server_name, 0,
GSS_C_NO_OID_SET, GSS_C_ACCEPT, GSS_C_NO_OID_SET, GSS_C_BOTH,
cred_, NULL, NULL); cred_, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE) if (maj_stat != GSS_S_COMPLETE)