Line data Source code
1 : /*
2 : Copyright (c) 2007-2016 Contributors as noted in the AUTHORS file
3 :
4 : This file is part of libzmq, the ZeroMQ core engine in C++.
5 :
6 : libzmq is free software; you can redistribute it and/or modify it under
7 : the terms of the GNU Lesser General Public License (LGPL) as published
8 : by the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : As a special exception, the Contributors give you permission to link
12 : this library with independent modules to produce an executable,
13 : regardless of the license terms of these independent modules, and to
14 : copy and distribute the resulting executable under terms of your choice,
15 : provided that you also meet, for each linked independent module, the
16 : terms and conditions of the license of that module. An independent
17 : module is a module which is not derived from or based on this library.
18 : If you modify this library, you must extend this exception to your
19 : version of the library.
20 :
21 : libzmq is distributed in the hope that it will be useful, but WITHOUT
22 : ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
23 : FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
24 : License for more details.
25 :
26 : You should have received a copy of the GNU Lesser General Public License
27 : along with this program. If not, see <http://www.gnu.org/licenses/>.
28 : */
29 :
30 : #include "precompiled.hpp"
31 : #include "platform.hpp"
32 : #ifdef ZMQ_HAVE_WINDOWS
33 : #include "windows.hpp"
34 : #endif
35 :
36 : #include <string>
37 :
38 : #include "msg.hpp"
39 : #include "session_base.hpp"
40 : #include "err.hpp"
41 : #include "plain_server.hpp"
42 : #include "wire.hpp"
43 :
44 12 : zmq::plain_server_t::plain_server_t (session_base_t *session_,
45 : const std::string &peer_address_,
46 : const options_t &options_) :
47 : mechanism_t (options_),
48 : session (session_),
49 : peer_address (peer_address_),
50 24 : state (waiting_for_hello)
51 : {
52 12 : }
53 :
54 48 : zmq::plain_server_t::~plain_server_t ()
55 : {
56 24 : }
57 :
58 31 : int zmq::plain_server_t::next_handshake_command (msg_t *msg_)
59 : {
60 31 : int rc = 0;
61 :
62 31 : switch (state) {
63 : case sending_welcome:
64 3 : rc = produce_welcome (msg_);
65 3 : if (rc == 0)
66 3 : state = waiting_for_initiate;
67 : break;
68 : case sending_ready:
69 3 : rc = produce_ready (msg_);
70 3 : if (rc == 0)
71 3 : state = ready;
72 : break;
73 : case sending_error:
74 3 : rc = produce_error (msg_);
75 3 : if (rc == 0)
76 3 : state = error_command_sent;
77 : break;
78 : default:
79 22 : errno = EAGAIN;
80 22 : rc = -1;
81 : }
82 31 : return rc;
83 : }
84 :
85 9 : int zmq::plain_server_t::process_handshake_command (msg_t *msg_)
86 : {
87 9 : int rc = 0;
88 :
89 9 : switch (state) {
90 : case waiting_for_hello:
91 6 : rc = process_hello (msg_);
92 6 : break;
93 : case waiting_for_initiate:
94 3 : rc = process_initiate (msg_);
95 3 : break;
96 : default:
97 : // Temporary support for security debugging
98 0 : puts ("PLAIN I: invalid handshake command");
99 0 : errno = EPROTO;
100 0 : rc = -1;
101 0 : break;
102 : }
103 9 : if (rc == 0) {
104 9 : rc = msg_->close ();
105 9 : errno_assert (rc == 0);
106 9 : rc = msg_->init ();
107 9 : errno_assert (rc == 0);
108 : }
109 9 : return rc;
110 : }
111 :
112 95 : zmq::mechanism_t::status_t zmq::plain_server_t::status () const
113 : {
114 95 : if (state == ready)
115 : return mechanism_t::ready;
116 : else
117 92 : if (state == error_command_sent)
118 : return mechanism_t::error;
119 : else
120 80 : return mechanism_t::handshaking;
121 : }
122 :
123 4 : int zmq::plain_server_t::zap_msg_available ()
124 : {
125 4 : if (state != waiting_for_zap_reply) {
126 0 : errno = EFSM;
127 0 : return -1;
128 : }
129 4 : const int rc = receive_and_process_zap_reply ();
130 4 : if (rc == 0)
131 4 : state = status_code == "200"
132 : ? sending_welcome
133 4 : : sending_error;
134 4 : return rc;
135 : }
136 :
137 6 : int zmq::plain_server_t::process_hello (msg_t *msg_)
138 : {
139 6 : const unsigned char *ptr = static_cast <unsigned char *> (msg_->data ());
140 6 : size_t bytes_left = msg_->size ();
141 :
142 6 : if (bytes_left < 6 || memcmp (ptr, "\x05HELLO", 6)) {
143 : // Temporary support for security debugging
144 0 : puts ("PLAIN I: invalid PLAIN client, did not send HELLO");
145 0 : errno = EPROTO;
146 0 : return -1;
147 : }
148 6 : ptr += 6;
149 6 : bytes_left -= 6;
150 :
151 6 : if (bytes_left < 1) {
152 : // Temporary support for security debugging
153 0 : puts ("PLAIN I: invalid PLAIN client, did not send username");
154 0 : errno = EPROTO;
155 0 : return -1;
156 : }
157 6 : const size_t username_length = static_cast <size_t> (*ptr++);
158 6 : bytes_left -= 1;
159 :
160 6 : if (bytes_left < username_length) {
161 : // Temporary support for security debugging
162 0 : puts ("PLAIN I: invalid PLAIN client, sent malformed username");
163 0 : errno = EPROTO;
164 0 : return -1;
165 : }
166 6 : const std::string username = std::string ((char *) ptr, username_length);
167 6 : ptr += username_length;
168 6 : bytes_left -= username_length;
169 6 : if (bytes_left < 1) {
170 : // Temporary support for security debugging
171 0 : puts ("PLAIN I: invalid PLAIN client, did not send password");
172 0 : errno = EPROTO;
173 0 : return -1;
174 : }
175 :
176 6 : const size_t password_length = static_cast <size_t> (*ptr++);
177 6 : bytes_left -= 1;
178 6 : if (bytes_left < password_length) {
179 : // Temporary support for security debugging
180 0 : puts ("PLAIN I: invalid PLAIN client, sent malformed password");
181 0 : errno = EPROTO;
182 0 : return -1;
183 : }
184 :
185 6 : const std::string password = std::string ((char *) ptr, password_length);
186 6 : ptr += password_length;
187 6 : bytes_left -= password_length;
188 6 : if (bytes_left > 0) {
189 : // Temporary support for security debugging
190 0 : puts ("PLAIN I: invalid PLAIN client, sent extraneous data");
191 0 : errno = EPROTO;
192 0 : return -1;
193 : }
194 :
195 : // Use ZAP protocol (RFC 27) to authenticate the user.
196 6 : int rc = session->zap_connect ();
197 6 : if (rc == 0) {
198 6 : send_zap_request (username, password);
199 6 : rc = receive_and_process_zap_reply ();
200 6 : if (rc == 0)
201 2 : state = status_code == "200"
202 : ? sending_welcome
203 2 : : sending_error;
204 : else
205 4 : if (errno == EAGAIN)
206 4 : state = waiting_for_zap_reply;
207 : else
208 : return -1;
209 : }
210 : else
211 0 : state = sending_welcome;
212 :
213 : return 0;
214 : }
215 :
216 3 : int zmq::plain_server_t::produce_welcome (msg_t *msg_) const
217 : {
218 3 : const int rc = msg_->init_size (8);
219 3 : errno_assert (rc == 0);
220 3 : memcpy (msg_->data (), "\x07WELCOME", 8);
221 3 : return 0;
222 : }
223 :
224 3 : int zmq::plain_server_t::process_initiate (msg_t *msg_)
225 : {
226 3 : const unsigned char *ptr = static_cast <unsigned char *> (msg_->data ());
227 3 : const size_t bytes_left = msg_->size ();
228 :
229 3 : if (bytes_left < 9 || memcmp (ptr, "\x08INITIATE", 9)) {
230 : // Temporary support for security debugging
231 0 : puts ("PLAIN I: invalid PLAIN client, did not send INITIATE");
232 0 : errno = EPROTO;
233 0 : return -1;
234 : }
235 3 : const int rc = parse_metadata (ptr + 9, bytes_left - 9);
236 3 : if (rc == 0)
237 3 : state = sending_ready;
238 3 : return rc;
239 : }
240 :
241 3 : int zmq::plain_server_t::produce_ready (msg_t *msg_) const
242 : {
243 3 : unsigned char * const command_buffer = (unsigned char *) malloc (512);
244 3 : alloc_assert (command_buffer);
245 :
246 3 : unsigned char *ptr = command_buffer;
247 :
248 : // Add command name
249 : memcpy (ptr, "\x05READY", 6);
250 3 : ptr += 6;
251 :
252 : // Add socket type property
253 3 : const char *socket_type = socket_type_string (options.type);
254 3 : ptr += add_property (ptr, "Socket-Type", socket_type, strlen (socket_type));
255 :
256 : // Add identity property
257 3 : if (options.type == ZMQ_REQ
258 3 : || options.type == ZMQ_DEALER
259 0 : || options.type == ZMQ_ROUTER)
260 : ptr += add_property (
261 3 : ptr, "Identity", options.identity, options.identity_size);
262 :
263 3 : const size_t command_size = ptr - command_buffer;
264 3 : const int rc = msg_->init_size (command_size);
265 3 : errno_assert (rc == 0);
266 3 : memcpy (msg_->data (), command_buffer, command_size);
267 3 : free (command_buffer);
268 :
269 3 : return 0;
270 : }
271 :
272 3 : int zmq::plain_server_t::produce_error (msg_t *msg_) const
273 : {
274 6 : zmq_assert (status_code.length () == 3);
275 6 : const int rc = msg_->init_size (6 + 1 + status_code.length ());
276 3 : zmq_assert (rc == 0);
277 3 : char *msg_data = static_cast <char *> (msg_->data ());
278 : memcpy (msg_data, "\5ERROR", 6);
279 6 : msg_data [6] = (char) status_code.length ();
280 6 : memcpy (msg_data + 7, status_code.c_str (), status_code.length ());
281 3 : return 0;
282 : }
283 :
284 6 : void zmq::plain_server_t::send_zap_request (const std::string &username,
285 : const std::string &password)
286 : {
287 : int rc;
288 : msg_t msg;
289 :
290 : // Address delimiter frame
291 6 : rc = msg.init ();
292 6 : errno_assert (rc == 0);
293 6 : msg.set_flags (msg_t::more);
294 6 : rc = session->write_zap_msg (&msg);
295 6 : errno_assert (rc == 0);
296 :
297 : // Version frame
298 6 : rc = msg.init_size (3);
299 6 : errno_assert (rc == 0);
300 6 : memcpy (msg.data (), "1.0", 3);
301 6 : msg.set_flags (msg_t::more);
302 6 : rc = session->write_zap_msg (&msg);
303 6 : errno_assert (rc == 0);
304 :
305 : // Request id frame
306 6 : rc = msg.init_size (1);
307 6 : errno_assert (rc == 0);
308 6 : memcpy (msg.data (), "1", 1);
309 6 : msg.set_flags (msg_t::more);
310 6 : rc = session->write_zap_msg (&msg);
311 6 : errno_assert (rc == 0);
312 :
313 : // Domain frame
314 12 : rc = msg.init_size (options.zap_domain.length ());
315 6 : errno_assert (rc == 0);
316 12 : memcpy (msg.data (), options.zap_domain.c_str (), options.zap_domain.length ());
317 6 : msg.set_flags (msg_t::more);
318 6 : rc = session->write_zap_msg (&msg);
319 6 : errno_assert (rc == 0);
320 :
321 : // Address frame
322 12 : rc = msg.init_size (peer_address.length ());
323 6 : errno_assert (rc == 0);
324 12 : memcpy (msg.data (), peer_address.c_str (), peer_address.length ());
325 6 : msg.set_flags (msg_t::more);
326 6 : rc = session->write_zap_msg (&msg);
327 6 : errno_assert (rc == 0);
328 :
329 : // Identity frame
330 6 : rc = msg.init_size (options.identity_size);
331 6 : errno_assert (rc == 0);
332 6 : memcpy (msg.data (), options.identity, options.identity_size);
333 6 : msg.set_flags (msg_t::more);
334 6 : rc = session->write_zap_msg (&msg);
335 6 : errno_assert (rc == 0);
336 :
337 : // Mechanism frame
338 6 : rc = msg.init_size (5);
339 6 : errno_assert (rc == 0);
340 6 : memcpy (msg.data (), "PLAIN", 5);
341 6 : msg.set_flags (msg_t::more);
342 6 : rc = session->write_zap_msg (&msg);
343 6 : errno_assert (rc == 0);
344 :
345 : // Username frame
346 6 : rc = msg.init_size (username.length ());
347 6 : errno_assert (rc == 0);
348 6 : memcpy (msg.data (), username.c_str (), username.length ());
349 6 : msg.set_flags (msg_t::more);
350 6 : rc = session->write_zap_msg (&msg);
351 6 : errno_assert (rc == 0);
352 :
353 : // Password frame
354 6 : rc = msg.init_size (password.length ());
355 6 : errno_assert (rc == 0);
356 6 : memcpy (msg.data (), password.c_str (), password.length ());
357 6 : rc = session->write_zap_msg (&msg);
358 6 : errno_assert (rc == 0);
359 6 : }
360 :
361 10 : int zmq::plain_server_t::receive_and_process_zap_reply ()
362 : {
363 10 : int rc = 0;
364 : msg_t msg [7]; // ZAP reply consists of 7 frames
365 :
366 : // Initialize all reply frames
367 80 : for (int i = 0; i < 7; i++) {
368 70 : rc = msg [i].init ();
369 70 : errno_assert (rc == 0);
370 : }
371 :
372 42 : for (int i = 0; i < 7; i++) {
373 46 : rc = session->read_zap_msg (&msg [i]);
374 46 : if (rc == -1)
375 : break;
376 42 : if ((msg [i].flags () & msg_t::more) == (i < 6? 0: msg_t::more)) {
377 : // Temporary support for security debugging
378 0 : puts ("PLAIN I: ZAP handler sent incomplete reply message");
379 0 : errno = EPROTO;
380 0 : rc = -1;
381 0 : break;
382 : }
383 : }
384 :
385 10 : if (rc != 0)
386 : goto error;
387 :
388 : // Address delimiter frame
389 6 : if (msg [0].size () > 0) {
390 : // Temporary support for security debugging
391 0 : puts ("PLAIN I: ZAP handler sent malformed reply message");
392 0 : errno = EPROTO;
393 0 : rc = -1;
394 0 : goto error;
395 : }
396 :
397 : // Version frame
398 6 : if (msg [1].size () != 3 || memcmp (msg [1].data (), "1.0", 3)) {
399 : // Temporary support for security debugging
400 0 : puts ("PLAIN I: ZAP handler sent bad version number");
401 0 : errno = EPROTO;
402 0 : rc = -1;
403 0 : goto error;
404 : }
405 :
406 : // Request id frame
407 6 : if (msg [2].size () != 1 || memcmp (msg [2].data (), "1", 1)) {
408 : // Temporary support for security debugging
409 0 : puts ("PLAIN I: ZAP handler sent bad request ID");
410 0 : rc = -1;
411 0 : errno = EPROTO;
412 0 : goto error;
413 : }
414 :
415 : // Status code frame
416 6 : if (msg [3].size () != 3) {
417 : // Temporary support for security debugging
418 0 : puts ("PLAIN I: ZAP handler rejected client authentication");
419 0 : errno = EACCES;
420 0 : rc = -1;
421 0 : goto error;
422 : }
423 :
424 : // Save status code
425 6 : status_code.assign (static_cast <char *> (msg [3].data ()), 3);
426 :
427 : // Save user id
428 6 : set_user_id (msg [5].data (), msg [5].size ());
429 :
430 : // Process metadata frame
431 6 : rc = parse_metadata (static_cast <const unsigned char*> (msg [6].data ()),
432 12 : msg [6].size (), true);
433 :
434 : error:
435 80 : for (int i = 0; i < 7; i++) {
436 70 : const int rc2 = msg [i].close ();
437 70 : errno_assert (rc2 == 0);
438 : }
439 :
440 10 : return rc;
441 : }
|