libzmq  master
ZeroMQ C++ Core Engine (LIBZMQ)
gssapi_mechanism_base.hpp
Go to the documentation of this file.
1 /*
2  Copyright (c) 2007-2016 Contributors as noted in the AUTHORS file
3 
4  This file is part of libzmq, the ZeroMQ core engine in C++.
5 
6  libzmq is free software; you can redistribute it and/or modify it under
7  the terms of the GNU Lesser General Public License (LGPL) as published
8  by the Free Software Foundation; either version 3 of the License, or
9  (at your option) any later version.
10 
11  As a special exception, the Contributors give you permission to link
12  this library with independent modules to produce an executable,
13  regardless of the license terms of these independent modules, and to
14  copy and distribute the resulting executable under terms of your choice,
15  provided that you also meet, for each linked independent module, the
16  terms and conditions of the license of that module. An independent
17  module is a module which is not derived from or based on this library.
18  If you modify this library, you must extend this exception to your
19  version of the library.
20 
21  libzmq is distributed in the hope that it will be useful, but WITHOUT
22  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
23  FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
24  License for more details.
25 
26  You should have received a copy of the GNU Lesser General Public License
27  along with this program. If not, see <http://www.gnu.org/licenses/>.
28 */
29 
30 #ifndef __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
31 #define __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__
32 
33 #include "platform.hpp"
34 
35 #ifdef HAVE_LIBGSSAPI_KRB5
36 
37 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
38 #include <gssapi/gssapi_generic.h>
39 #endif
40 #include <gssapi/gssapi_krb5.h>
41 
42 #include "mechanism.hpp"
43 #include "options.hpp"
44 
45 namespace zmq
46 {
47 
48  class msg_t;
49 
50  /// Commonalities between clients and servers are captured here.
51  /// For example, clients and servers both need to produce and
52  /// process context-level GSSAPI tokens (via INITIATE commands)
53  /// and per-message GSSAPI tokens (via MESSAGE commands).
54  class gssapi_mechanism_base_t:
55  public mechanism_t
56  {
57  public:
58  gssapi_mechanism_base_t (const options_t &options_);
59  virtual ~gssapi_mechanism_base_t () = 0;
60 
61  protected:
62  // Produce a context-level GSSAPI token (INITIATE command)
63  // during security context initialization.
64  int produce_initiate (msg_t *msg_, void *data_, size_t data_len_);
65 
66  // Process a context-level GSSAPI token (INITIATE command)
67  // during security context initialization.
68  int process_initiate (msg_t *msg_, void **data_, size_t &data_len_);
69 
70  // Produce a metadata ready msg (READY) to conclude handshake
71  int produce_ready (msg_t *msg_);
72 
73  // Process a metadata ready msg (READY)
74  int process_ready (msg_t *msg_);
75 
76  // Encode a per-message GSSAPI token (MESSAGE command) using
77  // the established security context.
78  int encode_message (msg_t *msg_);
79 
80  // Decode a per-message GSSAPI token (MESSAGE command) using
81  // the established security context.
82  int decode_message (msg_t *msg_);
83 
84  // Acquire security context credentials from the
85  // underlying mechanism.
86  static int acquire_credentials (char * principal_name_,
87  gss_cred_id_t * cred_);
88 
89  protected:
90  // Opaque GSSAPI token for outgoing data
91  gss_buffer_desc send_tok;
92 
93  // Opaque GSSAPI token for incoming data
94  gss_buffer_desc recv_tok;
95 
96  // Opaque GSSAPI representation of principal
97  gss_name_t target_name;
98 
99  // Human-readable principal name
100  char * principal_name;
101 
102  // Status code returned by GSSAPI functions
103  OM_uint32 maj_stat;
104 
105  // Status code returned by the underlying mechanism
106  OM_uint32 min_stat;
107 
108  // Status code returned by the underlying mechanism
109  // during context initialization
110  OM_uint32 init_sec_min_stat;
111 
112  // Flags returned by GSSAPI (ignored)
113  OM_uint32 ret_flags;
114 
115  // Flags returned by GSSAPI (ignored)
116  OM_uint32 gss_flags;
117 
118  // Credentials used to establish security context
119  gss_cred_id_t cred;
120 
121  // Opaque GSSAPI representation of the security context
122  gss_ctx_id_t context;
123 
124  // If true, use gss to encrypt messages. If false, only utilize gss for auth.
125  bool do_encryption;
126  };
127 
128 }
129 
130 #endif
131 
132 #endif
zmq
Definition: address.hpp:35