Luca Boccassi
f6ce019fff
Problem: incompatible parameter passed to send_zap_request
...
Solution: cast from void* to uint8_t* to match new definition
2017-08-19 17:40:15 +01:00
Luca Boccassi
7c85bf2f88
Problem: uninitialised variables in gssapi_server constructor
...
Solution: initialise session and peer_address
2017-08-19 17:40:15 +01:00
Luca Boccassi
2ba0149ee4
Problem: gssapi_mechanism_base_t initialisation misses one param
...
Solution: pass the session as well as the options
2017-08-19 17:40:15 +01:00
sigiesec
44f6aa3de6
Problem: gssapi_* do not emit ZMQ_EVENT_HANDSHAKE_FAILED_PROTOCOL events
...
Solution: emit appropriate events
2017-08-18 10:30:48 +02:00
sigiesec
c66ae4656f
Problem: curve_client_t may emit misleading event on bad data processed by curve_client_t::decode
...
Solution: use check_basic_command_structure in curve_client_t::decode, also prepare other client mechanisms to use that method by rearranging inheritance hierarchy
2017-08-18 10:04:58 +02:00
sigiesec
f9985708b7
Problem: unreachable code in zap_client_t
...
Solution: replaced unreachable code by assertions and adapted uses
2017-08-17 12:54:05 +02:00
sigiesec
8dce0396fb
Problem: inconsistent handling of ZAP replies
...
Solution: unification, pulled up common behaviour to zap_client_t/zap_client_common_handshake_t
2017-08-17 09:44:05 +02:00
sigiesec
414c6f45b8
Problem: receive_and_process_zap_reply is duplicated in all mechanisms
...
Solution: extract receive_and_process_zap_reply into zap_client_t and convert zap_client_t into base class of the server mechanism classes
2017-08-16 18:05:35 +02:00
sigiesec
f3884f3380
Problem: gssapi_server_t duplicates zap_client_t::send_zap_request
...
Solution: Use zap_client_t::send_zap_request
2017-08-16 18:04:31 +02:00
Luca Boccassi
6ad0b08da9
Problem: GSSAPI can no longer be used without ZAP
...
Solution: do not fail if ZAP is not enabled.
GSSAPI already provides authentication and can be used separately,
so it is a valid use case.
2017-06-13 22:56:49 +01:00
Luca Boccassi
33695d1da8
Problem: ZAP is allowed to be configured incorrectly or not to work
...
Solution: if inproc://zeromq.zap.01 exists, which means ZAP is
enabled, abort immediately if it cannot be used (eg: out of memory)
or it is configured incorrectly (eg: wrong socket type).
Otherwise authentication failures will simply be ignored and
unauthorised peers will be allowed to slip in.
2017-06-13 22:56:31 +01:00
Jim Garlick
53918fc115
gssapi: drop unnecessary ifdefs
...
Problem: GSSAPI DRAFT code was made conditional on
ZMQ_BUILD_DRAFT_API, but zmq_draft.h duplicates the DRAFT
symbols definitions from zmq.h so this is unnecessary.
Solution: drop the extra ifdefs
2017-04-25 13:50:12 -07:00
Jim Garlick
9fbf2e2eb6
gssapi: move new options to DRAFT section
...
Problem: The new GSSAPI NAMESPACE options should have been
added to the DRAFT section of the API so they can be changed
until stabilized.
Solution:
- Move defines to the DRAFT section of zmq.h
- Duplicate them in zmq_draft.h, as is the local custom
- Compile only if defined (ZMQ_BUILD_DRAFT_API)
- Refactor internals slightly to avoid #ifdef hell
2017-04-24 16:12:27 -07:00
Jim Garlick
0b185e8297
gssapi: add NAMETYPE socket options
...
Problem: principals are looked up unconditionally
with the GSS_C_NT_HOSTBASED_SERVICE name type.
Solution: Add two new socket options to set the name type
for ZMQ_GSSAPI_PRINCIPAL and ZMQ_GSSAPI_SERVICE_PRINCIPAL:
ZMQ_GSSAPI_PRINCIPAL_NAMETYPE
ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE
They take an integer argument which must be one of
ZMQ_GSSAPI_NT_HOSTBASED (0) - default
ZMQ_GSSAPI_NT_USER_NAME (1)
ZMQ_GSSAPI_NT_KRB5_PRINCIPAL (2)
These correspond to GSSAPI name types of:
GSS_C_NT_HOSTBASED_SERVICE
GSS_C_NT_USER_NAME
GSS_KRB5_NT_PRINCIPAL_NAME
Fixes #2542
2017-04-21 13:08:45 -07:00
evoskuil
4ea7d01803
Problem: send_failure() util name undergeneralized (for read success).
2017-03-30 13:57:47 -07:00
evoskuil
a014e77ef7
Problem: leaks on send_zap_request fail, use of goto idiom is fragile.
2017-03-29 16:48:40 -07:00
evoskuil
a0ccdc866e
Problem: secure servers ignore zap_connect failre code and set ready.
2017-03-29 14:31:47 -07:00
evoskuil
f44300cb00
Problem: assert used for ZAP error handling aborts process.
2017-03-29 10:43:56 -07:00
evoskuil
2b798e486a
Problem: name conflicts from windows.h, draft API declared in pch.
2016-05-13 20:41:26 -07:00
Osiris
4a5af9d58b
Problem: Precompiled headers not being used
...
Solution: Phase I - make precompiled.hpp be first file included in every source file
2016-02-18 10:56:52 -06:00
Constantin Rack
a539b0c6e8
Problem: copyright year is still 2015
...
Solution: update to 2016
2016-01-28 15:07:31 +01:00
Joe Eli McIlvain
61217a2686
Problem: Source files contain mixed tabs and spaces.
...
Solution: Convert to spaces and remove trailing whitespace in these files.
2015-08-20 07:46:34 -07:00
Pieter Hintjens
8620c3e032
Problem: source file headers are somewhat confusing about LGPLv3
...
Of course people still "can" distributed the sources under the
LGPLv3. However we provide COPYING.LESSER with additional grants.
Solution: specify these grants in the header of each source file.
2015-06-02 22:33:55 +02:00
Pieter Hintjens
94d9a4ffdf
Problem: copyright statements are out of date
...
Solution: update for 2015
Fixes #1320
2015-01-22 10:32:37 +01:00
Martin Hurton
43d8252446
Update gssapi mechanism
2014-05-06 17:49:26 +02:00
Pieter Hintjens
bd4a76cc2a
Problem: GSSAPI server doesn't parse ZAP user id
...
Solution: add this to ZAP reply processing.
2014-05-02 23:12:53 +02:00
Martin Hurton
b9c2748146
Add metadata to received messages
2014-05-01 17:30:51 +02:00
Chris Laws
09647fa916
src/gssapi_client.cpp
2014-04-25 13:47:07 +09:30
Chris Busbey
d1334d9df8
using latest copyright header
2014-04-24 14:39:29 -07:00
Chris Busbey
27591d2da6
ZMQ_GSSAPI_PLAINTEXT option for disabling encryption
2014-04-24 14:21:33 -07:00
Chris Busbey
2e1645a519
principle->principal
2014-04-24 14:20:53 -07:00
Chris Busbey
87834dd63f
fixed up comments from pr
2014-04-24 14:18:58 -07:00
Chris Busbey
5441db3d7d
configurable principle and service principle (for client)
2014-04-24 14:18:58 -07:00
Chris Busbey
4e6880ec95
gss mech sends principle as part of zap request
2014-04-24 14:17:36 -07:00
Chris Busbey
04db842dcc
added ready for meta data exchange at end of gss handshake
2014-04-24 14:17:36 -07:00
Mike Gatny
3c414c4aac
GSSAPI mechanism now fully working with encryption
2014-04-24 14:17:36 -07:00
Mike Gatny
eb2862525b
Methods to send/recv gssapi-wrapped messages
2014-04-24 14:17:36 -07:00
Mike Gatny
1445516c41
Establishing GSSAPI sec context is working now
2014-04-24 14:17:36 -07:00
Mike Gatny
6290ba168f
Added gss produce/process routines.
...
For exchanging tokens.
2014-04-24 14:17:05 -07:00
Mike Gatny
c00b8c347b
Refactored common impl into gssapi_mechanism_base.
...
E.g., both client and server need to produce and process GSSAPI tokens.
2014-04-24 14:17:05 -07:00
Mike Gatny
a4a0dc6644
Split up gssapi mechanism into client and server.
2014-04-24 14:17:05 -07:00