diff --git a/include/zmq.h b/include/zmq.h index 305517d9..dbcdd4db 100644 --- a/include/zmq.h +++ b/include/zmq.h @@ -368,13 +368,6 @@ ZMQ_EXPORT const char *zmq_msg_gets (const zmq_msg_t *msg, const char *property) #define ZMQ_VMCI_BUFFER_MAX_SIZE 87 #define ZMQ_VMCI_CONNECT_TIMEOUT 88 #define ZMQ_USE_FD 89 -#define ZMQ_GSSAPI_PRINCIPAL_NAMETYPE 90 -#define ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE 91 - -/* GSSAPI principal name types */ -#define ZMQ_GSSAPI_NT_HOSTBASED 0 -#define ZMQ_GSSAPI_NT_USER_NAME 1 -#define ZMQ_GSSAPI_NT_KRB5_PRINCIPAL 2 /* Message options */ #define ZMQ_MORE 1 @@ -638,6 +631,18 @@ ZMQ_EXPORT int zmq_timers_reset (void *timers, int timer_id); ZMQ_EXPORT long zmq_timers_timeout (void *timers); ZMQ_EXPORT int zmq_timers_execute (void *timers); +/******************************************************************************/ +/* GSSAPI socket options to set name type */ +/******************************************************************************/ + +#define ZMQ_GSSAPI_PRINCIPAL_NAMETYPE 1090 +#define ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE 1091 + +/* GSSAPI principal name types */ +#define ZMQ_GSSAPI_NT_HOSTBASED 0 +#define ZMQ_GSSAPI_NT_USER_NAME 1 +#define ZMQ_GSSAPI_NT_KRB5_PRINCIPAL 2 + #endif // ZMQ_BUILD_DRAFT_API diff --git a/src/gssapi_client.cpp b/src/gssapi_client.cpp index e92b4408..08fb3184 100644 --- a/src/gssapi_client.cpp +++ b/src/gssapi_client.cpp @@ -51,8 +51,12 @@ zmq::gssapi_client_t::gssapi_client_t (const options_t &options_) : service_name = static_cast (malloc(service_size+1)); assert(service_name); memcpy(service_name, options_.gss_service_principal.c_str(), service_size+1 ); - service_name_type = convert_nametype (options_.gss_service_principal_nt); +#ifdef ZMQ_BUILD_DRAFT_API + service_name_type = convert_nametype (options_.gss_service_principal_nt); +#else + service_name_type = GSS_C_NT_HOSTBASED_SERVICE; +#endif maj_stat = GSS_S_COMPLETE; if(!options_.gss_principal.empty()) { @@ -61,8 +65,12 @@ zmq::gssapi_client_t::gssapi_client_t (const options_t &options_) : assert(principal_name); memcpy(principal_name, options_.gss_principal.c_str(), principal_size+1 ); - if (acquire_credentials (principal_name, &cred, - options_.gss_principal_nt) != 0) +#ifdef ZMQ_BUILD_DRAFT_API + gss_OID name_type = convert_nametype (options_.gss_principal_nt); +#else + gss_OID name_type = GSS_C_NT_HOSTBASED_SERVICE; +#endif + if (acquire_credentials (principal_name, &cred, name_type) != 0) maj_stat = GSS_S_FAILURE; } diff --git a/src/gssapi_mechanism_base.cpp b/src/gssapi_mechanism_base.cpp index 1a5f6383..e14fa89e 100644 --- a/src/gssapi_mechanism_base.cpp +++ b/src/gssapi_mechanism_base.cpp @@ -320,9 +320,9 @@ int zmq::gssapi_mechanism_base_t::process_ready (msg_t *msg_) bytes_left -= 6; return parse_metadata (ptr, bytes_left); } - const gss_OID zmq::gssapi_mechanism_base_t::convert_nametype (int zmq_nametype) { +#ifdef ZMQ_BUILD_DRAFT_API switch (zmq_nametype) { case ZMQ_GSSAPI_NT_HOSTBASED: return GSS_C_NT_HOSTBASED_SERVICE; @@ -335,22 +335,22 @@ const gss_OID zmq::gssapi_mechanism_base_t::convert_nametype (int zmq_nametype) return GSS_C_NT_USER_NAME; #endif } +#endif return NULL; } -int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss_cred_id_t * cred_, int zmq_name_type_) +int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss_cred_id_t * cred_, gss_OID name_type_) { OM_uint32 maj_stat; OM_uint32 min_stat; gss_name_t server_name; - gss_OID name_type = convert_nametype (zmq_name_type_); gss_buffer_desc name_buf; name_buf.value = service_name_; name_buf.length = strlen ((char *) name_buf.value) + 1; maj_stat = gss_import_name (&min_stat, &name_buf, - name_type, &server_name); + name_type_, &server_name); if (maj_stat != GSS_S_COMPLETE) return -1; diff --git a/src/gssapi_mechanism_base.hpp b/src/gssapi_mechanism_base.hpp index ea5a6def..8861c058 100644 --- a/src/gssapi_mechanism_base.hpp +++ b/src/gssapi_mechanism_base.hpp @@ -86,7 +86,7 @@ namespace zmq // underlying mechanism. static int acquire_credentials (char * principal_name_, gss_cred_id_t * cred_, - int zmq_name_type_); + gss_OID name_type_); protected: // Opaque GSSAPI token for outgoing data diff --git a/src/gssapi_server.cpp b/src/gssapi_server.cpp index 882f9a19..00d96f82 100644 --- a/src/gssapi_server.cpp +++ b/src/gssapi_server.cpp @@ -58,9 +58,12 @@ zmq::gssapi_server_t::gssapi_server_t (session_base_t *session_, principal_name = static_cast (malloc(principal_size+1)); assert(principal_name); memcpy(principal_name, options_.gss_principal.c_str(), principal_size+1 ); - - if (acquire_credentials (principal_name, &cred, - options_.gss_principal_nt) != 0) +#ifdef ZMQ_BUILD_DRAFT_API + gss_OID name_type = convert_nametype (options_.gss_principal_nt); +#else + gss_OID name_type = GSS_C_NT_HOSTBASED_SERVICE; +#endif + if (acquire_credentials (principal_name, &cred, name_type) != 0) maj_stat = GSS_S_FAILURE; } } diff --git a/src/options.cpp b/src/options.cpp index 61400eaa..c8154959 100644 --- a/src/options.cpp +++ b/src/options.cpp @@ -69,8 +69,10 @@ zmq::options_t::options_t () : tcp_keepalive_intvl (-1), mechanism (ZMQ_NULL), as_server (0), +#ifdef ZMQ_BUILD_DRAFT_API gss_principal_nt (ZMQ_GSSAPI_NT_HOSTBASED), gss_service_principal_nt (ZMQ_GSSAPI_NT_HOSTBASED), +#endif gss_plaintext (false), socket_id (0), conflate (false), @@ -511,6 +513,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, return 0; } break; +#ifdef ZMQ_BUILD_DRAFT_API case ZMQ_GSSAPI_PRINCIPAL_NAMETYPE: if (is_int && (value == ZMQ_GSSAPI_NT_HOSTBASED || value == ZMQ_GSSAPI_NT_USER_NAME @@ -527,6 +530,7 @@ int zmq::options_t::setsockopt (int option_, const void *optval_, return 0; } break; +#endif #endif case ZMQ_HANDSHAKE_IVL: diff --git a/src/options.hpp b/src/options.hpp index 267341ca..2f666a12 100644 --- a/src/options.hpp +++ b/src/options.hpp @@ -198,11 +198,11 @@ namespace zmq // Principals for GSSAPI mechanism std::string gss_principal; std::string gss_service_principal; - +#ifdef ZMQ_BUILD_DRAFT_API // Name types GSSAPI principals int gss_principal_nt; int gss_service_principal_nt; - +#endif // If true, gss encryption will be disabled bool gss_plaintext; diff --git a/src/zmq_draft.h b/src/zmq_draft.h index 0c8aa71f..2e93974b 100644 --- a/src/zmq_draft.h +++ b/src/zmq_draft.h @@ -116,6 +116,18 @@ int zmq_timers_reset (void *timers, int timer_id); long zmq_timers_timeout (void *timers); int zmq_timers_execute (void *timers); +/******************************************************************************/ +/* GSSAPI socket options to set name type */ +/******************************************************************************/ + +#define ZMQ_GSSAPI_PRINCIPAL_NAMETYPE 1090 +#define ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE 1091 + +/* GSSAPI principal name types */ +#define ZMQ_GSSAPI_NT_HOSTBASED 0 +#define ZMQ_GSSAPI_NT_USER_NAME 1 +#define ZMQ_GSSAPI_NT_KRB5_PRINCIPAL 2 + #endif // ZMQ_BUILD_DRAFT_API #endif //ifndef __ZMQ_DRAFT_H_INCLUDED__