Class: CZTop::Authenticator

Inherits:
Object
  • Object
show all
Includes:
CZMQ::FFI
Defined in:
lib/cztop/authenticator.rb

Overview

Authentication for ZeroMQ security mechanisms.

This is implemented using an Actor.

See Also:

Constant Summary collapse

ZAUTH_FPTR =

function pointer to the zauth() function

::CZMQ::FFI.ffi_libraries.each do |dl|
  fptr = dl.find_function('zauth')
  break fptr if fptr
end
ALLOW_ANY =

used to allow any CURVE client

'*'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cert_store = nil) ⇒ Authenticator

This installs authentication on all Sockets and CZTop::Actors. Until you add policies, all incoming NULL connections are allowed, and all PLAIN and CURVE connections are denied.

Parameters:

  • cert_store (CertStore) (defaults to: nil)

    a custom certificate store



25
26
27
28
29
30
31
32
33
 
# File 'lib/cztop/authenticator.rb', line 25

def initialize(cert_store = nil)
  if cert_store
    raise ArgumentError unless cert_store.is_a?(CertStore)

    cert_store = cert_store.ffi_delegate
    cert_store.__undef_finalizer # native object is now owned by zauth() actor
  end
  @actor = Actor.new(ZAUTH_FPTR, cert_store)
end

Instance Attribute Details

#actorActor (readonly)

Returns the actor behind this authenticator.

Returns:

  • (Actor)

    the actor behind this authenticator



36
37
38
 
# File 'lib/cztop/authenticator.rb', line 36

def actor
  @actor
end

Instance Method Details

#allow(*addrs) ⇒ void

This method returns an undefined value.

Add a list of IP addresses to the whitelist. For NULL, all clients from these addresses will be accepted. For PLAIN and CURVE, they will be allowed to continue with authentication.

Parameters:

  • addrs (String)

    IP address(es) to allow



59
60
61
62
 
# File 'lib/cztop/authenticator.rb', line 59

def allow(*addrs)
  @actor << ['ALLOW', *addrs]
  @actor.wait
end

#curve(directory = ALLOW_ANY) ⇒ void

This method returns an undefined value.

Configure CURVE authentication, using a directory that holds all public client certificates, i.e. their public keys. The certificates must have been created using Certificate#save/Certificate#save_public. You can add and remove certificates in that directory at any time.

Parameters:

  • directory (String) (defaults to: ALLOW_ANY)

    the directory to take the keys from



99
100
101
102
 
# File 'lib/cztop/authenticator.rb', line 99

def curve(directory = ALLOW_ANY)
  @actor << ['CURVE', directory]
  @actor.wait
end

#deny(*addrs) ⇒ void

This method returns an undefined value.

Add a list of IP addresses to the blacklist. For all security mechanisms, this rejects the connection without any further authentication. Use either a whitelist, or a blacklist, not not both. If you define both a whitelist and a blacklist, only the whitelist takes effect.

Parameters:

  • addrs (String)

    IP address(es) to deny



73
74
75
76
 
# File 'lib/cztop/authenticator.rb', line 73

def deny(*addrs)
  @actor << ['DENY', *addrs]
  @actor.wait
end

#gssapivoid

This method returns an undefined value.

Configure GSSAPI authentication.



107
108
109
110
 
# File 'lib/cztop/authenticator.rb', line 107

def gssapi
  @actor << 'GSSAPI'
  @actor.wait
end

#plain(filename) ⇒ void

This method returns an undefined value.

Configure PLAIN security mechanism using a plain-text password file. The password file will be reloaded automatically if modified externally.

Parameters:

  • filename (String)

    path to the password file



84
85
86
87
 
# File 'lib/cztop/authenticator.rb', line 84

def plain(filename)
  @actor << ['PLAIN', *filename]
  @actor.wait
end

#terminatevoid

This method returns an undefined value.

Terminates the authenticator.



40
41
42
 
# File 'lib/cztop/authenticator.rb', line 40

def terminate
  @actor.terminate
end

#verbose!void

This method returns an undefined value.

Enable verbose logging of commands and activity.



47
48
49
50
 
# File 'lib/cztop/authenticator.rb', line 47

def verbose!
  @actor << 'VERBOSE'
  @actor.wait
end