2013-09-30 15:51:20 -05:00
|
|
|
/*
|
2015-01-22 10:32:06 +01:00
|
|
|
Copyright (c) 2007-2015 Contributors as noted in the AUTHORS file
|
2013-09-30 15:51:20 -05:00
|
|
|
|
2015-06-02 22:33:55 +02:00
|
|
|
This file is part of libzmq, the ZeroMQ core engine in C++.
|
2013-09-30 15:51:20 -05:00
|
|
|
|
2015-06-02 22:33:55 +02:00
|
|
|
libzmq is free software; you can redistribute it and/or modify it under
|
|
|
|
the terms of the GNU Lesser General Public License (LGPL) as published
|
|
|
|
by the Free Software Foundation; either version 3 of the License, or
|
2013-09-30 15:51:20 -05:00
|
|
|
(at your option) any later version.
|
|
|
|
|
2015-06-02 22:33:55 +02:00
|
|
|
As a special exception, the Contributors give you permission to link
|
|
|
|
this library with independent modules to produce an executable,
|
|
|
|
regardless of the license terms of these independent modules, and to
|
|
|
|
copy and distribute the resulting executable under terms of your choice,
|
|
|
|
provided that you also meet, for each linked independent module, the
|
|
|
|
terms and conditions of the license of that module. An independent
|
|
|
|
module is a module which is not derived from or based on this library.
|
|
|
|
If you modify this library, you must extend this exception to your
|
|
|
|
version of the library.
|
|
|
|
|
|
|
|
libzmq is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
|
|
License for more details.
|
2013-09-30 15:51:20 -05:00
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "platform.hpp"
|
2014-04-25 13:47:07 +09:30
|
|
|
|
|
|
|
#ifdef HAVE_LIBGSSAPI_KRB5
|
|
|
|
|
2013-09-30 15:51:20 -05:00
|
|
|
#ifdef ZMQ_HAVE_WINDOWS
|
|
|
|
#include "windows.hpp"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <string>
|
|
|
|
|
|
|
|
#include "msg.hpp"
|
|
|
|
#include "session_base.hpp"
|
|
|
|
#include "err.hpp"
|
|
|
|
#include "gssapi_mechanism_base.hpp"
|
|
|
|
#include "wire.hpp"
|
|
|
|
|
2013-11-07 11:49:45 -08:00
|
|
|
zmq::gssapi_mechanism_base_t::gssapi_mechanism_base_t (const options_t & options_) :
|
|
|
|
mechanism_t(options_),
|
2013-10-03 13:43:20 -05:00
|
|
|
send_tok (),
|
|
|
|
recv_tok (),
|
2013-10-08 00:12:50 -05:00
|
|
|
/// FIXME remove? in_buf (),
|
2013-10-03 13:43:20 -05:00
|
|
|
target_name (GSS_C_NO_NAME),
|
2014-04-23 10:20:22 -07:00
|
|
|
principal_name (NULL),
|
2013-11-21 12:46:23 -06:00
|
|
|
maj_stat (GSS_S_COMPLETE),
|
2013-10-03 13:43:20 -05:00
|
|
|
min_stat (0),
|
|
|
|
init_sec_min_stat (0),
|
|
|
|
ret_flags (0),
|
|
|
|
gss_flags (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG),
|
|
|
|
cred (GSS_C_NO_CREDENTIAL),
|
2014-04-23 11:01:54 -07:00
|
|
|
context (GSS_C_NO_CONTEXT),
|
|
|
|
do_encryption (!options_.gss_plaintext)
|
2013-09-30 15:51:20 -05:00
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
zmq::gssapi_mechanism_base_t::~gssapi_mechanism_base_t ()
|
|
|
|
{
|
2013-10-03 13:43:20 -05:00
|
|
|
if(target_name)
|
|
|
|
gss_release_name(&min_stat, &target_name);
|
|
|
|
if(context)
|
|
|
|
gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
|
2013-09-30 15:51:20 -05:00
|
|
|
}
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
int zmq::gssapi_mechanism_base_t::encode_message (msg_t *msg_)
|
2013-09-30 15:51:20 -05:00
|
|
|
{
|
2013-10-08 00:12:50 -05:00
|
|
|
// Wrap the token value
|
|
|
|
int state;
|
|
|
|
gss_buffer_desc plaintext;
|
|
|
|
gss_buffer_desc wrapped;
|
2013-11-08 11:15:51 -06:00
|
|
|
|
|
|
|
uint8_t flags = 0;
|
|
|
|
if (msg_->flags () & msg_t::more)
|
|
|
|
flags |= 0x01;
|
|
|
|
|
|
|
|
uint8_t *plaintext_buffer = static_cast <uint8_t *>(malloc(msg_->size ()+1));
|
|
|
|
plaintext_buffer[0] = flags;
|
|
|
|
memcpy (plaintext_buffer+1, msg_->data(), msg_->size());
|
|
|
|
|
|
|
|
plaintext.value = plaintext_buffer;
|
|
|
|
plaintext.length = msg_->size ()+1;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
maj_stat = gss_wrap(&min_stat, context, 1, GSS_C_QOP_DEFAULT,
|
|
|
|
&plaintext, &state, &wrapped);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
zmq_assert (maj_stat == GSS_S_COMPLETE);
|
|
|
|
zmq_assert (state);
|
2013-10-02 22:09:36 -05:00
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Re-initialize msg_ for wrapped text
|
|
|
|
int rc = msg_->close ();
|
|
|
|
zmq_assert (rc == 0);
|
2013-09-30 15:51:20 -05:00
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
rc = msg_->init_size (8 + 4 + wrapped.length);
|
|
|
|
zmq_assert (rc == 0);
|
2013-09-30 15:51:20 -05:00
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Add command string
|
|
|
|
memcpy (ptr, "\x07MESSAGE", 8);
|
|
|
|
ptr += 8;
|
2013-10-02 22:09:36 -05:00
|
|
|
|
|
|
|
// Add token length
|
2013-10-08 00:12:50 -05:00
|
|
|
put_uint32 (ptr, static_cast <uint32_t> (wrapped.length));
|
2013-10-02 22:09:36 -05:00
|
|
|
ptr += 4;
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Add wrapped token value
|
|
|
|
memcpy (ptr, wrapped.value, wrapped.length);
|
|
|
|
ptr += wrapped.length;
|
2013-10-02 22:09:36 -05:00
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
gss_release_buffer (&min_stat, &wrapped);
|
2013-09-30 15:51:20 -05:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
int zmq::gssapi_mechanism_base_t::decode_message (msg_t *msg_)
|
2013-09-30 15:51:20 -05:00
|
|
|
{
|
2013-10-08 00:12:50 -05:00
|
|
|
const uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
|
2013-09-30 15:51:20 -05:00
|
|
|
size_t bytes_left = msg_->size ();
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Get command string
|
|
|
|
if (bytes_left < 8 || memcmp (ptr, "\x07MESSAGE", 8)) {
|
2013-10-02 22:09:36 -05:00
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
2013-10-08 00:12:50 -05:00
|
|
|
ptr += 8;
|
|
|
|
bytes_left -= 8;
|
2013-10-02 22:09:36 -05:00
|
|
|
|
|
|
|
// Get token length
|
|
|
|
if (bytes_left < 4) {
|
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
2013-10-08 00:12:50 -05:00
|
|
|
gss_buffer_desc wrapped;
|
|
|
|
wrapped.length = get_uint32 (ptr);
|
2013-10-02 22:09:36 -05:00
|
|
|
ptr += 4;
|
|
|
|
bytes_left -= 4;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Get token value
|
|
|
|
if (bytes_left < wrapped.length) {
|
2013-10-02 22:09:36 -05:00
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
2013-10-08 00:12:50 -05:00
|
|
|
// TODO: instead of malloc/memcpy, can we just do: wrapped.value = ptr;
|
|
|
|
const size_t alloc_length = wrapped.length? wrapped.length: 1;
|
|
|
|
wrapped.value = static_cast <char *> (malloc (alloc_length));
|
|
|
|
if (wrapped.length) {
|
|
|
|
alloc_assert (wrapped.value);
|
|
|
|
memcpy(wrapped.value, ptr, wrapped.length);
|
|
|
|
ptr += wrapped.length;
|
|
|
|
bytes_left -= wrapped.length;
|
2013-10-02 22:09:36 -05:00
|
|
|
}
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Unwrap the token value
|
|
|
|
int state;
|
|
|
|
gss_buffer_desc plaintext;
|
|
|
|
maj_stat = gss_unwrap(&min_stat, context, &wrapped, &plaintext,
|
|
|
|
&state, (gss_qop_t *) NULL);
|
|
|
|
|
|
|
|
zmq_assert(maj_stat == GSS_S_COMPLETE);
|
|
|
|
zmq_assert(state);
|
|
|
|
|
|
|
|
// Re-initialize msg_ for plaintext
|
|
|
|
int rc = msg_->close ();
|
|
|
|
zmq_assert (rc == 0);
|
|
|
|
|
2013-11-08 11:15:51 -06:00
|
|
|
rc = msg_->init_size (plaintext.length-1);
|
2013-10-08 00:12:50 -05:00
|
|
|
zmq_assert (rc == 0);
|
2013-11-08 11:15:51 -06:00
|
|
|
|
|
|
|
const uint8_t flags = static_cast <char *> (plaintext.value)[0];
|
|
|
|
if (flags & 0x01)
|
|
|
|
msg_->set_flags (msg_t::more);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-11-08 11:15:51 -06:00
|
|
|
memcpy (msg_->data (), static_cast <char *> (plaintext.value)+1, plaintext.length-1);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
gss_release_buffer (&min_stat, &plaintext);
|
|
|
|
gss_release_buffer (&min_stat, &wrapped);
|
|
|
|
|
2013-10-02 22:09:36 -05:00
|
|
|
if (bytes_left > 0) {
|
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
2013-09-30 15:51:20 -05:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
int zmq::gssapi_mechanism_base_t::produce_initiate (msg_t *msg_, void *token_value_, size_t token_length_)
|
2013-10-03 15:44:26 -05:00
|
|
|
{
|
2013-10-08 00:12:50 -05:00
|
|
|
zmq_assert (token_value_);
|
|
|
|
zmq_assert (token_length_ <= 0xFFFFFFFFUL);
|
2013-10-03 15:44:26 -05:00
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
const size_t command_size = 9 + 4 + token_length_;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
const int rc = msg_->init_size (command_size);
|
|
|
|
errno_assert (rc == 0);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Add command string
|
|
|
|
memcpy (ptr, "\x08INITIATE", 9);
|
|
|
|
ptr += 9;
|
|
|
|
|
|
|
|
// Add token length
|
|
|
|
put_uint32 (ptr, static_cast <uint32_t> (token_length_));
|
|
|
|
ptr += 4;
|
|
|
|
|
|
|
|
// Add token value
|
|
|
|
memcpy (ptr, token_value_, token_length_);
|
|
|
|
ptr += token_length_;
|
|
|
|
|
2013-10-03 15:44:26 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
int zmq::gssapi_mechanism_base_t::process_initiate (msg_t *msg_, void **token_value_, size_t &token_length_)
|
2013-10-03 15:44:26 -05:00
|
|
|
{
|
2013-10-08 00:12:50 -05:00
|
|
|
zmq_assert (token_value_);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
const uint8_t *ptr = static_cast <uint8_t *> (msg_->data ());
|
|
|
|
size_t bytes_left = msg_->size ();
|
2013-10-03 15:44:26 -05:00
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Get command string
|
|
|
|
if (bytes_left < 9 || memcmp (ptr, "\x08INITIATE", 9)) {
|
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
ptr += 9;
|
|
|
|
bytes_left -= 9;
|
2013-10-03 15:44:26 -05:00
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Get token length
|
|
|
|
if (bytes_left < 4) {
|
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
token_length_ = get_uint32 (ptr);
|
|
|
|
ptr += 4;
|
|
|
|
bytes_left -= 4;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
// Get token value
|
|
|
|
if (bytes_left < token_length_) {
|
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
*token_value_ = static_cast <char *> (malloc (token_length_ ? token_length_ : 1));
|
|
|
|
if (token_length_) {
|
|
|
|
alloc_assert (*token_value_);
|
|
|
|
memcpy(*token_value_, ptr, token_length_);
|
|
|
|
ptr += token_length_;
|
|
|
|
bytes_left -= token_length_;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bytes_left > 0) {
|
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-03 15:44:26 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-04-23 12:19:19 -07:00
|
|
|
int zmq::gssapi_mechanism_base_t::produce_ready (msg_t *msg_)
|
2013-11-07 11:49:45 -08:00
|
|
|
{
|
|
|
|
unsigned char * const command_buffer = (unsigned char *) malloc (512);
|
|
|
|
alloc_assert (command_buffer);
|
|
|
|
|
|
|
|
unsigned char *ptr = command_buffer;
|
|
|
|
|
|
|
|
// Add command name
|
|
|
|
memcpy (ptr, "\x05READY", 6);
|
|
|
|
ptr += 6;
|
|
|
|
|
|
|
|
// Add socket type property
|
|
|
|
const char *socket_type = socket_type_string (options.type);
|
|
|
|
ptr += add_property (ptr, "Socket-Type", socket_type, strlen (socket_type));
|
|
|
|
|
|
|
|
// Add identity property
|
|
|
|
if (options.type == ZMQ_REQ
|
|
|
|
|| options.type == ZMQ_DEALER
|
2014-05-02 22:19:30 +02:00
|
|
|
|| options.type == ZMQ_ROUTER)
|
|
|
|
ptr += add_property (ptr, "Identity", options.identity, options.identity_size);
|
2013-11-07 11:49:45 -08:00
|
|
|
|
|
|
|
const size_t command_size = ptr - command_buffer;
|
|
|
|
const int rc = msg_->init_size (command_size);
|
|
|
|
errno_assert (rc == 0);
|
|
|
|
memcpy (msg_->data (), command_buffer, command_size);
|
|
|
|
free (command_buffer);
|
|
|
|
|
2014-04-23 12:45:13 -07:00
|
|
|
if (do_encryption)
|
|
|
|
return encode_message (msg_);
|
|
|
|
|
|
|
|
return 0;
|
2013-11-07 11:49:45 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
int zmq::gssapi_mechanism_base_t::process_ready (msg_t *msg_)
|
|
|
|
{
|
2014-04-25 13:47:07 +09:30
|
|
|
if (do_encryption) {
|
2014-04-23 12:45:13 -07:00
|
|
|
const int rc = decode_message (msg_);
|
|
|
|
if (rc != 0)
|
|
|
|
return rc;
|
|
|
|
}
|
2014-04-23 12:19:19 -07:00
|
|
|
|
2013-11-07 11:49:45 -08:00
|
|
|
const unsigned char *ptr = static_cast <unsigned char *> (msg_->data ());
|
|
|
|
size_t bytes_left = msg_->size ();
|
|
|
|
|
|
|
|
if (bytes_left < 6 || memcmp (ptr, "\x05READY", 6)) {
|
|
|
|
errno = EPROTO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
ptr += 6;
|
|
|
|
bytes_left -= 6;
|
|
|
|
return parse_metadata (ptr, bytes_left);
|
|
|
|
}
|
|
|
|
|
2013-10-03 13:43:20 -05:00
|
|
|
int zmq::gssapi_mechanism_base_t::acquire_credentials (char * service_name_, gss_cred_id_t * cred_)
|
|
|
|
{
|
|
|
|
OM_uint32 maj_stat;
|
|
|
|
OM_uint32 min_stat;
|
|
|
|
gss_name_t server_name;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-03 13:43:20 -05:00
|
|
|
gss_buffer_desc name_buf;
|
|
|
|
name_buf.value = service_name_;
|
|
|
|
name_buf.length = strlen ((char *) name_buf.value) + 1;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-03 13:43:20 -05:00
|
|
|
maj_stat = gss_import_name (&min_stat, &name_buf,
|
2014-05-05 21:59:11 +02:00
|
|
|
GSS_C_NT_HOSTBASED_SERVICE, &server_name);
|
2013-10-03 13:43:20 -05:00
|
|
|
|
|
|
|
if (maj_stat != GSS_S_COMPLETE)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
maj_stat = gss_acquire_cred (&min_stat, server_name, 0,
|
|
|
|
GSS_C_NO_OID_SET, GSS_C_ACCEPT,
|
|
|
|
cred_, NULL, NULL);
|
|
|
|
|
|
|
|
if (maj_stat != GSS_S_COMPLETE)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
gss_release_name(&min_stat, &server_name);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-04-25 13:47:07 +09:30
|
|
|
#endif
|