1 /* 2 Copyright (c) 2007-2016 Contributors as noted in the AUTHORS file 3 4 This file is part of libzmq, the ZeroMQ core engine in C++. 5 6 libzmq is free software; you can redistribute it and/or modify it under 7 the terms of the GNU Lesser General Public License (LGPL) as published 8 by the Free Software Foundation; either version 3 of the License, or 9 (at your option) any later version. 10 11 As a special exception, the Contributors give you permission to link 12 this library with independent modules to produce an executable, 13 regardless of the license terms of these independent modules, and to 14 copy and distribute the resulting executable under terms of your choice, 15 provided that you also meet, for each linked independent module, the 16 terms and conditions of the license of that module. An independent 17 module is a module which is not derived from or based on this library. 18 If you modify this library, you must extend this exception to your 19 version of the library. 20 21 libzmq is distributed in the hope that it will be useful, but WITHOUT 22 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 23 FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 24 License for more details. 25 26 You should have received a copy of the GNU Lesser General Public License 27 along with this program. If not, see <http://www.gnu.org/licenses/>. 28 */ 29 30 #ifndef __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__ 31 #define __ZMQ_GSSAPI_MECHANISM_BASE_HPP_INCLUDED__ 32 33 #ifdef HAVE_LIBGSSAPI_KRB5 34 35 #if HAVE_GSSAPI_GSSAPI_GENERIC_H 36 #include <gssapi/gssapi_generic.h> 37 #endif 38 #include <gssapi/gssapi_krb5.h> 39 40 #include "mechanism_base.hpp" 41 #include "options.hpp" 42 43 namespace zmq 44 { 45 class msg_t; 46 47 /// Commonalities between clients and servers are captured here. 48 /// For example, clients and servers both need to produce and 49 /// process context-level GSSAPI tokens (via INITIATE commands) 50 /// and per-message GSSAPI tokens (via MESSAGE commands). 51 class gssapi_mechanism_base_t : public virtual mechanism_base_t 52 { 53 public: 54 gssapi_mechanism_base_t (session_base_t *session_, 55 const options_t &options_); 56 ~gssapi_mechanism_base_t () ZMQ_OVERRIDE = 0; 57 58 protected: 59 // Produce a context-level GSSAPI token (INITIATE command) 60 // during security context initialization. 61 int produce_initiate (msg_t *msg_, void *data_, size_t data_len_); 62 63 // Process a context-level GSSAPI token (INITIATE command) 64 // during security context initialization. 65 int process_initiate (msg_t *msg_, void **data_, size_t &data_len_); 66 67 // Produce a metadata ready msg (READY) to conclude handshake 68 int produce_ready (msg_t *msg_); 69 70 // Process a metadata ready msg (READY) 71 int process_ready (msg_t *msg_); 72 73 // Encode a per-message GSSAPI token (MESSAGE command) using 74 // the established security context. 75 int encode_message (msg_t *msg_); 76 77 // Decode a per-message GSSAPI token (MESSAGE command) using 78 // the established security context. 79 int decode_message (msg_t *msg_); 80 81 // Convert ZMQ_GSSAPI_NT values to GSSAPI name_type 82 static const gss_OID convert_nametype (int zmq_name_type_); 83 84 // Acquire security context credentials from the 85 // underlying mechanism. 86 static int acquire_credentials (char *principal_name_, 87 gss_cred_id_t *cred_, 88 gss_OID name_type_); 89 90 protected: 91 // Opaque GSSAPI token for outgoing data 92 gss_buffer_desc send_tok; 93 94 // Opaque GSSAPI token for incoming data 95 gss_buffer_desc recv_tok; 96 97 // Opaque GSSAPI representation of principal 98 gss_name_t target_name; 99 100 // Human-readable principal name 101 char *principal_name; 102 103 // Status code returned by GSSAPI functions 104 OM_uint32 maj_stat; 105 106 // Status code returned by the underlying mechanism 107 OM_uint32 min_stat; 108 109 // Status code returned by the underlying mechanism 110 // during context initialization 111 OM_uint32 init_sec_min_stat; 112 113 // Flags returned by GSSAPI (ignored) 114 OM_uint32 ret_flags; 115 116 // Flags returned by GSSAPI (ignored) 117 OM_uint32 gss_flags; 118 119 // Credentials used to establish security context 120 gss_cred_id_t cred; 121 122 // Opaque GSSAPI representation of the security context 123 gss_ctx_id_t context; 124 125 // If true, use gss to encrypt messages. If false, only utilize gss for auth. 126 bool do_encryption; 127 }; 128 } 129 130 #endif 131 132 #endif 133