31 #include "platform.hpp" 33 #ifdef HAVE_LIBGSSAPI_KRB5 35 #ifdef ZMQ_HAVE_WINDOWS 48 zmq::gssapi_client_t::gssapi_client_t (
const options_t &options_) :
49 gssapi_mechanism_base_t (options_),
50 state (call_next_init),
51 token_ptr (GSS_C_NO_BUFFER),
53 security_context_established (false)
55 const std::string::size_type service_size = options_.gss_service_principal.size();
56 service_name = static_cast <
char *>(malloc(service_size+1));
58 memcpy(service_name, options_.gss_service_principal.c_str(), service_size+1 );
60 maj_stat = GSS_S_COMPLETE;
61 if(!options_.gss_principal.empty())
63 const std::string::size_type principal_size = options_.gss_principal.size();
64 principal_name = static_cast <
char *>(malloc(principal_size+1));
65 assert(principal_name);
66 memcpy(principal_name, options_.gss_principal.c_str(), principal_size+1 );
68 if (acquire_credentials (principal_name, &cred) != 0)
69 maj_stat = GSS_S_FAILURE;
72 mechs.elements = NULL;
76 zmq::gssapi_client_t::~gssapi_client_t ()
81 gss_release_cred(&min_stat, &cred);
84 int zmq::gssapi_client_t::next_handshake_command (msg_t *msg_)
86 if (state == send_ready) {
87 int rc = produce_ready(msg_);
94 if (state != call_next_init) {
99 if (initialize_context () < 0)
102 if (produce_next_token (msg_) < 0)
105 if (maj_stat != GSS_S_CONTINUE_NEEDED && maj_stat != GSS_S_COMPLETE)
108 if (maj_stat == GSS_S_COMPLETE) {
109 security_context_established =
true;
113 state = recv_next_token;
118 int zmq::gssapi_client_t::process_handshake_command (msg_t *msg_)
120 if (state == recv_ready) {
121 int rc = process_ready(msg_);
128 if (state != recv_next_token) {
133 if (process_next_token (msg_) < 0)
136 if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)
139 state = call_next_init;
147 int zmq::gssapi_client_t::encode (msg_t *msg_)
152 return encode_message (msg_);
157 int zmq::gssapi_client_t::decode (msg_t *msg_)
162 return decode_message (msg_);
172 int zmq::gssapi_client_t::initialize_context ()
175 if (target_name == GSS_C_NO_NAME) {
176 send_tok.value = service_name;
177 send_tok.length = strlen(service_name);
178 OM_uint32 maj = gss_import_name(&min_stat, &send_tok,
179 GSS_C_NT_HOSTBASED_SERVICE,
182 if (maj != GSS_S_COMPLETE)
186 maj_stat = gss_init_sec_context(&init_sec_min_stat, cred, &context,
187 target_name, mechs.elements,
188 gss_flags, 0, NULL, token_ptr, NULL,
189 &send_tok, &ret_flags, NULL);
191 if (token_ptr != GSS_C_NO_BUFFER)
192 free(recv_tok.value);
197 int zmq::gssapi_client_t::produce_next_token (msg_t *msg_)
199 if (send_tok.length != 0) {
200 if (produce_initiate(msg_, send_tok.value, send_tok.length) < 0) {
201 gss_release_buffer(&min_stat, &send_tok);
202 gss_release_name(&min_stat, &target_name);
206 gss_release_buffer(&min_stat, &send_tok);
208 if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
209 gss_release_name(&min_stat, &target_name);
210 if (context != GSS_C_NO_CONTEXT)
211 gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
218 int zmq::gssapi_client_t::process_next_token (msg_t *msg_)
220 if (maj_stat == GSS_S_CONTINUE_NEEDED) {
221 if (process_initiate(msg_, &recv_tok.value, recv_tok.length) < 0) {
222 gss_release_name(&min_stat, &target_name);
225 token_ptr = &recv_tok;