2013-09-30 15:51:20 -05:00
|
|
|
/*
|
2015-01-22 10:32:06 +01:00
|
|
|
Copyright (c) 2007-2015 Contributors as noted in the AUTHORS file
|
2013-09-30 15:51:20 -05:00
|
|
|
|
2015-06-02 22:33:55 +02:00
|
|
|
This file is part of libzmq, the ZeroMQ core engine in C++.
|
2013-09-30 15:51:20 -05:00
|
|
|
|
2015-06-02 22:33:55 +02:00
|
|
|
libzmq is free software; you can redistribute it and/or modify it under
|
|
|
|
the terms of the GNU Lesser General Public License (LGPL) as published
|
|
|
|
by the Free Software Foundation; either version 3 of the License, or
|
2013-09-30 15:51:20 -05:00
|
|
|
(at your option) any later version.
|
|
|
|
|
2015-06-02 22:33:55 +02:00
|
|
|
As a special exception, the Contributors give you permission to link
|
|
|
|
this library with independent modules to produce an executable,
|
|
|
|
regardless of the license terms of these independent modules, and to
|
|
|
|
copy and distribute the resulting executable under terms of your choice,
|
|
|
|
provided that you also meet, for each linked independent module, the
|
|
|
|
terms and conditions of the license of that module. An independent
|
|
|
|
module is a module which is not derived from or based on this library.
|
|
|
|
If you modify this library, you must extend this exception to your
|
|
|
|
version of the library.
|
|
|
|
|
|
|
|
libzmq is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
|
|
License for more details.
|
2013-09-30 15:51:20 -05:00
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
|
|
|
|
#define __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
|
|
|
|
|
2014-04-25 13:47:07 +09:30
|
|
|
#include "platform.hpp"
|
|
|
|
|
|
|
|
#ifdef HAVE_LIBGSSAPI_KRB5
|
|
|
|
|
2014-05-05 21:59:11 +02:00
|
|
|
#ifndef ZMQ_HAVE_FREEBSD
|
2013-10-02 22:09:36 -05:00
|
|
|
#include <gssapi/gssapi_generic.h>
|
2014-05-05 21:59:11 +02:00
|
|
|
#endif
|
2013-10-02 22:09:36 -05:00
|
|
|
#include <gssapi/gssapi_krb5.h>
|
2013-11-07 11:49:45 -08:00
|
|
|
|
|
|
|
#include "mechanism.hpp"
|
|
|
|
#include "options.hpp"
|
2013-10-02 22:09:36 -05:00
|
|
|
|
2013-09-30 15:51:20 -05:00
|
|
|
namespace zmq
|
|
|
|
{
|
|
|
|
|
|
|
|
class msg_t;
|
|
|
|
|
2013-10-08 00:12:50 -05:00
|
|
|
/// Commonalities between clients and servers are captured here.
|
2013-10-08 00:25:18 -05:00
|
|
|
/// For example, clients and servers both need to produce and
|
|
|
|
/// process context-level GSSAPI tokens (via INITIATE commands)
|
|
|
|
/// and per-message GSSAPI tokens (via MESSAGE commands).
|
2013-11-07 11:49:45 -08:00
|
|
|
class gssapi_mechanism_base_t:
|
|
|
|
public mechanism_t
|
2013-09-30 15:51:20 -05:00
|
|
|
{
|
|
|
|
public:
|
2013-11-07 11:49:45 -08:00
|
|
|
gssapi_mechanism_base_t (const options_t &options_);
|
2013-09-30 15:51:20 -05:00
|
|
|
virtual ~gssapi_mechanism_base_t () = 0;
|
|
|
|
|
|
|
|
protected:
|
2013-10-08 00:25:18 -05:00
|
|
|
// Produce a context-level GSSAPI token (INITIATE command)
|
|
|
|
// during security context initialization.
|
2013-10-08 00:12:50 -05:00
|
|
|
int produce_initiate (msg_t *msg_, void *data_, size_t data_len_);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Process a context-level GSSAPI token (INITIATE command)
|
|
|
|
// during security context initialization.
|
2013-10-08 00:12:50 -05:00
|
|
|
int process_initiate (msg_t *msg_, void **data_, size_t &data_len_);
|
2013-11-07 11:49:45 -08:00
|
|
|
|
|
|
|
// Produce a metadata ready msg (READY) to conclude handshake
|
2014-04-23 12:19:19 -07:00
|
|
|
int produce_ready (msg_t *msg_);
|
2013-11-07 11:49:45 -08:00
|
|
|
|
|
|
|
// Process a metadata ready msg (READY)
|
|
|
|
int process_ready (msg_t *msg_);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Encode a per-message GSSAPI token (MESSAGE command) using
|
|
|
|
// the established security context.
|
2013-10-08 00:12:50 -05:00
|
|
|
int encode_message (msg_t *msg_);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Decode a per-message GSSAPI token (MESSAGE command) using
|
|
|
|
// the established security context.
|
2013-10-08 00:12:50 -05:00
|
|
|
int decode_message (msg_t *msg_);
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Acquire security context credentials from the
|
|
|
|
// underlying mechanism.
|
2014-04-23 10:20:22 -07:00
|
|
|
static int acquire_credentials (char * principal_name_,
|
2013-10-08 00:12:50 -05:00
|
|
|
gss_cred_id_t * cred_);
|
2013-10-03 13:43:20 -05:00
|
|
|
|
|
|
|
protected:
|
2013-10-08 00:25:18 -05:00
|
|
|
// Opaque GSSAPI token for outgoing data
|
2013-10-03 13:43:20 -05:00
|
|
|
gss_buffer_desc send_tok;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Opaque GSSAPI token for incoming data
|
2013-10-03 13:43:20 -05:00
|
|
|
gss_buffer_desc recv_tok;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2014-04-23 10:20:22 -07:00
|
|
|
// Opaque GSSAPI representation of principal
|
2013-10-03 13:43:20 -05:00
|
|
|
gss_name_t target_name;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-11-20 14:01:16 -08:00
|
|
|
// Human-readable principal name
|
2014-04-23 10:20:22 -07:00
|
|
|
char * principal_name;
|
2013-10-08 00:12:50 -05:00
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Status code returned by GSSAPI functions
|
2013-10-03 13:43:20 -05:00
|
|
|
OM_uint32 maj_stat;
|
2013-10-08 00:12:50 -05:00
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Status code returned by the underlying mechanism
|
2013-10-03 13:43:20 -05:00
|
|
|
OM_uint32 min_stat;
|
2013-10-08 00:12:50 -05:00
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Status code returned by the underlying mechanism
|
|
|
|
// during context initialization
|
2013-10-03 13:43:20 -05:00
|
|
|
OM_uint32 init_sec_min_stat;
|
2013-10-08 00:12:50 -05:00
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Flags returned by GSSAPI (ignored)
|
2013-10-03 13:43:20 -05:00
|
|
|
OM_uint32 ret_flags;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Flags returned by GSSAPI (ignored)
|
2013-10-03 13:43:20 -05:00
|
|
|
OM_uint32 gss_flags;
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Credentials used to establish security context
|
2013-10-03 13:43:20 -05:00
|
|
|
gss_cred_id_t cred;
|
2013-10-08 00:12:50 -05:00
|
|
|
|
2013-10-08 00:25:18 -05:00
|
|
|
// Opaque GSSAPI representation of the security context
|
2013-10-03 13:43:20 -05:00
|
|
|
gss_ctx_id_t context;
|
2014-04-23 11:01:54 -07:00
|
|
|
|
|
|
|
// If true, use gss to encrypt messages. If false, only utilize gss for auth.
|
|
|
|
bool do_encryption;
|
2013-09-30 15:51:20 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
}
|
2014-04-25 13:47:07 +09:30
|
|
|
|
2013-09-30 15:51:20 -05:00
|
|
|
#endif
|
2013-10-08 00:12:50 -05:00
|
|
|
|
2014-04-25 13:47:07 +09:30
|
|
|
#endif
|