mirror of
https://github.com/zeromq/libzmq.git
synced 2025-01-09 11:17:34 +01:00
Make ZAP optional for CURVE mechanism
This commit is contained in:
parent
1b86324396
commit
5975e00fd1
@ -37,6 +37,7 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_,
|
|||||||
mechanism_t (options_),
|
mechanism_t (options_),
|
||||||
session (session_),
|
session (session_),
|
||||||
state (expect_hello),
|
state (expect_hello),
|
||||||
|
expecting_zap_reply (false),
|
||||||
cn_nonce (1)
|
cn_nonce (1)
|
||||||
{
|
{
|
||||||
// Fetch our secret key from socket options
|
// Fetch our secret key from socket options
|
||||||
@ -86,16 +87,8 @@ int zmq::curve_server_t::process_handshake_message (msg_t *msg_)
|
|||||||
break;
|
break;
|
||||||
case expect_initiate:
|
case expect_initiate:
|
||||||
rc = process_initiate (msg_);
|
rc = process_initiate (msg_);
|
||||||
if (rc == 0) {
|
|
||||||
rc = receive_and_process_zap_reply ();
|
|
||||||
if (rc == 0)
|
if (rc == 0)
|
||||||
state = send_ready;
|
state = expecting_zap_reply? expect_zap_reply: send_ready;
|
||||||
else
|
|
||||||
if (errno == EAGAIN) {
|
|
||||||
rc = 0;
|
|
||||||
state = expect_zap_reply;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
errno = EPROTO;
|
errno = EPROTO;
|
||||||
@ -403,20 +396,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Use ZAP protocol (RFC 27) to authenticate user.
|
|
||||||
rc = session->zap_connect ();
|
|
||||||
if (rc == -1) {
|
|
||||||
errno = EPROTO;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check the decrypted client public key
|
|
||||||
const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
|
const uint8_t *client_key = initiate_plaintext + crypto_box_ZEROBYTES;
|
||||||
rc = send_zap_request (client_key);
|
|
||||||
if (rc != 0) {
|
|
||||||
errno = EPROTO;
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint8_t vouch_nonce [crypto_box_NONCEBYTES];
|
uint8_t vouch_nonce [crypto_box_NONCEBYTES];
|
||||||
uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 32];
|
uint8_t vouch_plaintext [crypto_box_ZEROBYTES + 32];
|
||||||
@ -449,6 +429,18 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
|
|||||||
rc = crypto_box_beforenm (cn_precom, cn_client, cn_secret);
|
rc = crypto_box_beforenm (cn_precom, cn_client, cn_secret);
|
||||||
zmq_assert (rc == 0);
|
zmq_assert (rc == 0);
|
||||||
|
|
||||||
|
// Use ZAP protocol (RFC 27) to authenticate the user.
|
||||||
|
rc = session->zap_connect ();
|
||||||
|
if (rc == 0) {
|
||||||
|
send_zap_request (client_key);
|
||||||
|
rc = receive_and_process_zap_reply ();
|
||||||
|
if (rc != 0) {
|
||||||
|
if (errno != EAGAIN)
|
||||||
|
return -1;
|
||||||
|
expecting_zap_reply = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return parse_property_list (initiate_plaintext + crypto_box_ZEROBYTES + 96,
|
return parse_property_list (initiate_plaintext + crypto_box_ZEROBYTES + 96,
|
||||||
clen - crypto_box_ZEROBYTES - 96);
|
clen - crypto_box_ZEROBYTES - 96);
|
||||||
}
|
}
|
||||||
@ -500,7 +492,7 @@ int zmq::curve_server_t::ready_msg (msg_t *msg_)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int zmq::curve_server_t::send_zap_request (const uint8_t *key)
|
void zmq::curve_server_t::send_zap_request (const uint8_t *key)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
msg_t msg;
|
msg_t msg;
|
||||||
@ -549,8 +541,6 @@ int zmq::curve_server_t::send_zap_request (const uint8_t *key)
|
|||||||
memcpy (msg.data (), key, crypto_box_PUBLICKEYBYTES);
|
memcpy (msg.data (), key, crypto_box_PUBLICKEYBYTES);
|
||||||
rc = session->write_zap_msg (&msg);
|
rc = session->write_zap_msg (&msg);
|
||||||
errno_assert (rc == 0);
|
errno_assert (rc == 0);
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int zmq::curve_server_t::parse_property_list (const uint8_t *ptr,
|
int zmq::curve_server_t::parse_property_list (const uint8_t *ptr,
|
||||||
|
@ -77,6 +77,9 @@ namespace zmq
|
|||||||
// Current FSM state
|
// Current FSM state
|
||||||
state_t state;
|
state_t state;
|
||||||
|
|
||||||
|
// True iff we are awaiting reply from ZAP handler.
|
||||||
|
bool expecting_zap_reply;
|
||||||
|
|
||||||
uint64_t cn_nonce;
|
uint64_t cn_nonce;
|
||||||
|
|
||||||
// Our secret key (s)
|
// Our secret key (s)
|
||||||
@ -102,7 +105,7 @@ namespace zmq
|
|||||||
int process_initiate (msg_t *msg_);
|
int process_initiate (msg_t *msg_);
|
||||||
int ready_msg (msg_t *msg_);
|
int ready_msg (msg_t *msg_);
|
||||||
|
|
||||||
int send_zap_request (const uint8_t *key);
|
void send_zap_request (const uint8_t *key);
|
||||||
int receive_and_process_zap_reply ();
|
int receive_and_process_zap_reply ();
|
||||||
int parse_property_list (const uint8_t *ptr, size_t length);
|
int parse_property_list (const uint8_t *ptr, size_t length);
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user