From 09647fa916134209564ebc1526c00c3423c8e2c2 Mon Sep 17 00:00:00 2001 From: Chris Laws Date: Fri, 25 Apr 2014 13:47:07 +0930 Subject: [PATCH 1/2] src/gssapi_client.cpp --- src/gssapi_client.hpp | 6 +++++- src/gssapi_mechanism_base.cpp | 34 +++++++++++++++++++--------------- src/gssapi_mechanism_base.hpp | 25 +++++++++++++++---------- src/gssapi_server.cpp | 8 ++++++-- src/gssapi_server.hpp | 8 ++++++-- src/stream_engine.cpp | 8 +++++--- 6 files changed, 56 insertions(+), 33 deletions(-) diff --git a/src/gssapi_client.hpp b/src/gssapi_client.hpp index 1e0d1dea..a7ef227b 100644 --- a/src/gssapi_client.hpp +++ b/src/gssapi_client.hpp @@ -20,6 +20,8 @@ #ifndef __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__ #define __ZMQ_GSSAPI_CLIENT_HPP_INCLUDED__ +#ifdef HAVE_LIBGSSAPI_KRB5 + #include "gssapi_mechanism_base.hpp" namespace zmq @@ -43,7 +45,7 @@ namespace zmq virtual bool is_handshake_complete () const; private: - + enum state_t { call_next_init, send_next_token, @@ -77,3 +79,5 @@ namespace zmq } #endif + +#endif diff --git a/src/gssapi_mechanism_base.cpp b/src/gssapi_mechanism_base.cpp index 67427da2..647200f6 100644 --- a/src/gssapi_mechanism_base.cpp +++ b/src/gssapi_mechanism_base.cpp @@ -18,6 +18,9 @@ */ #include "platform.hpp" + +#ifdef HAVE_LIBGSSAPI_KRB5 + #ifdef ZMQ_HAVE_WINDOWS #include "windows.hpp" #endif @@ -74,10 +77,10 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_) plaintext.value = plaintext_buffer; plaintext.length = msg_->size ()+1; - + maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT, &plaintext, &state, &wrapped); - + zmq_assert (maj_stat == GSS_S_COMPLETE); zmq_assert (state); @@ -89,7 +92,7 @@ int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_) zmq_assert (rc == 0); uint8_t *ptr = static_cast (msg_->data ()); - + // Add command string memcpy (ptr, "\x07MESSAGE", 8); ptr += 8; @@ -129,7 +132,7 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_) wrapped.length = get_uint32 (ptr); ptr += 4; bytes_left -= 4; - + // Get token value if (bytes_left < wrapped.length) { errno = EPROTO; @@ -164,9 +167,9 @@ int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_) const uint8_t flags = static_cast (plaintext.value)[0]; if (flags & 0x01) msg_->set_flags (msg_t::more); - + memcpy (msg_->data (), static_cast (plaintext.value)+1, plaintext.length-1); - + gss_release_buffer (&min_stat, &plaintext); gss_release_buffer (&min_stat, &wrapped); @@ -184,12 +187,12 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val zmq_assert (token_length_ <= 0xFFFFFFFFUL); const size_t command_size = 9 + 4 + token_length_; - + const int rc = msg_->init_size (command_size); errno_assert (rc == 0); - + uint8_t *ptr = static_cast (msg_->data ()); - + // Add command string memcpy (ptr, "\x08INITIATE", 9); ptr += 9; @@ -208,7 +211,7 @@ int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_val int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_value_, size_t &token_length_) { zmq_assert (token_value_); - + const uint8_t *ptr = static_cast (msg_->data ()); size_t bytes_left = msg_->size (); @@ -228,7 +231,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va token_length_ = get_uint32 (ptr); ptr += 4; bytes_left -= 4; - + // Get token value if (bytes_left < token_length_) { errno = EPROTO; @@ -246,7 +249,7 @@ int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_va errno = EPROTO; return -1; } - + return 0; } @@ -287,7 +290,7 @@ int zmq::gssapi_mechanism_base_t::produce_ready (msg_t *msg_) int zmq::gssapi_mechanism_base_t::process_ready (msg_t *msg_) { - if (do_encryption) { + if (do_encryption) { const int rc = decode_message (msg_); if (rc != 0) return rc; @@ -310,11 +313,11 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss OM_uint32 maj_stat; OM_uint32 min_stat; gss_name_t server_name; - + gss_buffer_desc name_buf; name_buf.value = service_name_; name_buf.length = strlen ((char *) name_buf.value) + 1; - + maj_stat = gss_import_name (&min_stat, &name_buf, gss_nt_service_name, &server_name); @@ -333,3 +336,4 @@ int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss return 0; } +#endif diff --git a/src/gssapi_mechanism_base.hpp b/src/gssapi_mechanism_base.hpp index 572cc900..170f9a32 100644 --- a/src/gssapi_mechanism_base.hpp +++ b/src/gssapi_mechanism_base.hpp @@ -20,6 +20,10 @@ #ifndef __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__ #define __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__ +#include "platform.hpp" + +#ifdef HAVE_LIBGSSAPI_KRB5 + #include #include @@ -46,7 +50,7 @@ namespace zmq // Produce a context-level GSSAPI token (INITIATE command) // during security context initialization. int produce_initiate (msg_t *msg_, void *data_, size_t data_len_); - + // Process a context-level GSSAPI token (INITIATE command) // during security context initialization. int process_initiate (msg_t *msg_, void **data_, size_t &data_len_); @@ -56,15 +60,15 @@ namespace zmq // Process a metadata ready msg (READY) int process_ready (msg_t *msg_); - + // Encode a per-message GSSAPI token (MESSAGE command) using // the established security context. int encode_message (msg_t *msg_); - + // Decode a per-message GSSAPI token (MESSAGE command) using // the established security context. int decode_message (msg_t *msg_); - + // Acquire security context credentials from the // underlying mechanism. static int acquire_credentials (char * principal_name_, @@ -73,13 +77,13 @@ namespace zmq protected: // Opaque GSSAPI token for outgoing data gss_buffer_desc send_tok; - + // Opaque GSSAPI token for incoming data gss_buffer_desc recv_tok; - + // Opaque GSSAPI representation of principal gss_name_t target_name; - + // Human-readable principal name char * principal_name; @@ -95,10 +99,10 @@ namespace zmq // Flags returned by GSSAPI (ignored) OM_uint32 ret_flags; - + // Flags returned by GSSAPI (ignored) OM_uint32 gss_flags; - + // Credentials used to establish security context gss_cred_id_t cred; @@ -110,6 +114,7 @@ namespace zmq }; } - + #endif +#endif diff --git a/src/gssapi_server.cpp b/src/gssapi_server.cpp index 2a2bd351..c1fabf88 100644 --- a/src/gssapi_server.cpp +++ b/src/gssapi_server.cpp @@ -18,6 +18,9 @@ */ #include "platform.hpp" + +#ifdef HAVE_LIBGSSAPI_KRB5 + #ifdef ZMQ_HAVE_WINDOWS #include "windows.hpp" #endif @@ -98,7 +101,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_) { if (state == recv_ready) { int rc = process_ready(msg_); - if (rc == 0) + if (rc == 0) state = connected; return rc; @@ -138,7 +141,7 @@ int zmq::gssapi_server_t::process_handshake_command (msg_t *msg_) return 0; } -void zmq::gssapi_server_t::send_zap_request () +void zmq::gssapi_server_t::send_zap_request () { int rc; msg_t msg; @@ -358,3 +361,4 @@ void zmq::gssapi_server_t::accept_context () } } +#endif diff --git a/src/gssapi_server.hpp b/src/gssapi_server.hpp index 47fd4db7..84e9a5d7 100644 --- a/src/gssapi_server.hpp +++ b/src/gssapi_server.hpp @@ -20,6 +20,8 @@ #ifndef __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__ #define __ZMQ_GSSAPI_SERVER_HPP_INCLUDED__ +#ifdef HAVE_LIBGSSAPI_KRB5 + #include "gssapi_mechanism_base.hpp" namespace zmq @@ -58,9 +60,9 @@ namespace zmq }; session_base_t * const session; - + const std::string peer_address; - + // Current FSM state state_t state; @@ -80,3 +82,5 @@ namespace zmq } #endif + +#endif diff --git a/src/stream_engine.cpp b/src/stream_engine.cpp index 51ab55f6..dc2c0bfc 100644 --- a/src/stream_engine.cpp +++ b/src/stream_engine.cpp @@ -55,7 +55,7 @@ #include "likely.hpp" #include "wire.hpp" -zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_, +zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_, const std::string &endpoint_) : s (fd_), inpos (NULL), @@ -82,7 +82,7 @@ zmq::stream_engine_t::stream_engine_t (fd_t fd_, const options_t &options_, { int rc = tx_msg.init (); errno_assert (rc == 0); - + // Put the socket into non-blocking mode. unblock_socket (s); @@ -595,6 +595,7 @@ bool zmq::stream_engine_t::handshake () alloc_assert (mechanism); } #endif +#ifdef HAVE_LIBGSSAPI_KRB5 else if (memcmp (greeting_recv + 12, "GSSAPI\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { if (options.as_server) @@ -604,6 +605,7 @@ bool zmq::stream_engine_t::handshake () mechanism = new (std::nothrow) gssapi_client_t (options); alloc_assert (mechanism); } +#endif else { error (); return false; @@ -829,7 +831,7 @@ int zmq::stream_engine_t::write (const void *data_, size_t size_) // we'll get an error (this may happen during the speculative write). if (nbytes == SOCKET_ERROR && WSAGetLastError () == WSAEWOULDBLOCK) return 0; - + // Signalise peer failure. if (nbytes == SOCKET_ERROR && ( WSAGetLastError () == WSAENETDOWN || From 7abf2564f8923dde3d5fba9d32596d765e2cd181 Mon Sep 17 00:00:00 2001 From: Chris Laws Date: Fri, 25 Apr 2014 13:48:39 +0930 Subject: [PATCH 2/2] fixes for gssapi build issue --- src/gssapi_client.cpp | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/gssapi_client.cpp b/src/gssapi_client.cpp index e958d140..6fd8d894 100644 --- a/src/gssapi_client.cpp +++ b/src/gssapi_client.cpp @@ -18,6 +18,9 @@ */ #include "platform.hpp" + +#ifdef HAVE_LIBGSSAPI_KRB5 + #ifdef ZMQ_HAVE_WINDOWS #include "windows.hpp" #endif @@ -71,7 +74,7 @@ int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_) { if (state == send_ready) { int rc = produce_ready(msg_); - if (rc == 0) + if (rc == 0) state = connected; return rc; @@ -84,7 +87,7 @@ int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_) if (initialize_context () < 0) return -1; - + if (produce_next_token (msg_) < 0) return -1; @@ -97,7 +100,7 @@ int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_) } else state = recv_next_token; - + return 0; } @@ -126,7 +129,7 @@ int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_) errno_assert (msg_->close () == 0); errno_assert (msg_->init () == 0); - + return 0; } @@ -163,7 +166,7 @@ int zmq::gssapi_client_t::initialize_context () send_tok.length = strlen(service_name); OM_uint32 maj = gss_import_name(&min_stat, &send_tok, gss_nt_service_name, &target_name); - + if (maj != GSS_S_COMPLETE) return -1; } @@ -175,7 +178,7 @@ int zmq::gssapi_client_t::initialize_context () if (token_ptr != GSS_C_NO_BUFFER) free(recv_tok.value); - + return 0; } @@ -213,3 +216,4 @@ int zmq::gssapi_client_t::process_next_token (msg_t *msg_) return 0; } +#endif