generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-10-26 10:32:58 +01:00
Code Issues Projects Releases Wiki Activity

Problem: secure servers ignore zap_connect failre code and set ready.

Browse Source
This commit is contained in:
evoskuil
2017-03-29 14:30:00 -07:00
parent 9c6fb09929
commit a0ccdc866e
3 changed files with 42 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/curve_server.cpp
View File

@@ -491,23 +491,21 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_)
// Use ZAP protocol (RFC 27) to authenticate the user. // Use ZAP protocol (RFC 27) to authenticate the user.
rc = session->zap_connect (); rc = session->zap_connect ();
if (rc == 0) { if (rc != 0)
rc = send_zap_request (client_key); return -1;
if (rc != 0) rc = send_zap_request (client_key);
return -1; if (rc != 0)
rc = receive_and_process_zap_reply (); return -1;
if (rc == 0) rc = receive_and_process_zap_reply ();
state = status_code == "200" if (rc == 0)
? send_ready state = status_code == "200"
: send_error; ? send_ready
else : send_error;
if (errno == EAGAIN)
state = expect_zap_reply;
else
return -1;
}
else else
state = send_ready; if (errno == EAGAIN)
state = expect_zap_reply;
else
return -1;
return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128, return parse_metadata (initiate_plaintext + crypto_box_ZEROBYTES + 128,
clen - crypto_box_ZEROBYTES - 128); clen - crypto_box_ZEROBYTES - 128);

27
src/gssapi_server.cpp
View File

@@ -120,20 +120,21 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_)
if (security_context_established) { if (security_context_established) {
// Use ZAP protocol (RFC 27) to authenticate the user. // Use ZAP protocol (RFC 27) to authenticate the user.
bool expecting_zap_reply = false;
int rc = session->zap_connect (); int rc = session->zap_connect ();
if (rc == 0) { if (rc != 0)
rc = send_zap_request (); return -1;
if (rc != 0) rc = send_zap_request ();
return -1; if (rc != 0)
rc = receive_and_process_zap_reply (); return -1;
if (rc != 0) { rc = receive_and_process_zap_reply ();
if (errno != EAGAIN) if (rc == 0)
return -1; state = send_ready;
expecting_zap_reply = true; else
} if (errno == EAGAIN)
} state = expect_zap_reply;
state = expecting_zap_reply? expect_zap_reply: send_ready; else
return -1;
return 0; return 0;
} }

30
src/plain_server.cpp
View File

@@ -190,23 +190,21 @@ int zmq::plain_server_t::process_hello (msg_t *msg_)
// Use ZAP protocol (RFC 27) to authenticate the user. // Use ZAP protocol (RFC 27) to authenticate the user.
int rc = session->zap_connect (); int rc = session->zap_connect ();
if (rc == 0) { if (rc != 0)
rc = send_zap_request (username, password); return -1;
if (rc != 0) rc = send_zap_request (username, password);
return -1; if (rc != 0)
rc = receive_and_process_zap_reply (); return -1;
if (rc == 0) rc = receive_and_process_zap_reply ();
state = status_code == "200" if (rc == 0)
? sending_welcome state = status_code == "200"
: sending_error; ? sending_welcome
else : sending_error;
if (errno == EAGAIN)
state = waiting_for_zap_reply;
else
return -1;
}
else else
state = sending_welcome; if (errno == EAGAIN)
state = waiting_for_zap_reply;
else
return -1;
return 0; return 0;
} }