Class: CZTop::Authenticator

Inherits:
Object
  • Object
show all
Includes:
CZMQ::FFI
Defined in:
lib/cztop/authenticator.rb

Overview

Authentication for ZeroMQ security mechanisms.

This is implemented using an Actor.

See Also:

Constant Summary collapse

ZAUTH_FPTR =

function pointer to the zauth() function

::CZMQ::FFI.ffi_libraries.each do |dl|
  fptr = dl.find_function('zauth')
  break fptr if fptr
end
ALLOW_ANY =

used to allow any CURVE client

'*'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cert_store = nil) ⇒ Authenticator

This installs authentication on all Sockets and CZTop::Actors. Until you add policies, all incoming NULL connections are allowed, and all PLAIN and CURVE connections are denied.



25
26
27
28
29
30
31
32
33
 
# File 'lib/cztop/authenticator.rb', line 25

def initialize(cert_store = nil)
  if cert_store
    raise ArgumentError unless cert_store.is_a?(CertStore)

    cert_store = cert_store.ffi_delegate
    cert_store.__undef_finalizer # native object is now owned by zauth() actor
  end
  @actor = Actor.new(ZAUTH_FPTR, cert_store)
end

Instance Attribute Details

#actorActor (readonly) 



36
37
38
 
# File 'lib/cztop/authenticator.rb', line 36

def actor
  @actor
end

Instance Method Details

#allow(*addrs) ⇒ void

This method returns an undefined value.

Add a list of IP addresses to the whitelist. For NULL, all clients from these addresses will be accepted. For PLAIN and CURVE, they will be allowed to continue with authentication.



59
60
61
62
 
# File 'lib/cztop/authenticator.rb', line 59

def allow(*addrs)
  @actor << ['ALLOW', *addrs]
  @actor.wait
end

#curve(directory = ALLOW_ANY) ⇒ void

This method returns an undefined value.

Configure CURVE authentication, using a directory that holds all public client certificates, i.e. their public keys. The certificates must have been created using Certificate#save/Certificate#save_public. You can add and remove certificates in that directory at any time.



99
100
101
102
 
# File 'lib/cztop/authenticator.rb', line 99

def curve(directory = ALLOW_ANY)
  @actor << ['CURVE', directory]
  @actor.wait
end

#deny(*addrs) ⇒ void

This method returns an undefined value.

Add a list of IP addresses to the blacklist. For all security mechanisms, this rejects the connection without any further authentication. Use either a whitelist, or a blacklist, not not both. If you define both a whitelist and a blacklist, only the whitelist takes effect.



73
74
75
76
 
# File 'lib/cztop/authenticator.rb', line 73

def deny(*addrs)
  @actor << ['DENY', *addrs]
  @actor.wait
end

#gssapivoid

This method returns an undefined value.

Configure GSSAPI authentication.



107
108
109
110
 
# File 'lib/cztop/authenticator.rb', line 107

def gssapi
  @actor << 'GSSAPI'
  @actor.wait
end

#plain(filename) ⇒ void

This method returns an undefined value.

Configure PLAIN security mechanism using a plain-text password file. The password file will be reloaded automatically if modified externally.



84
85
86
87
 
# File 'lib/cztop/authenticator.rb', line 84

def plain(filename)
  @actor << ['PLAIN', *filename]
  @actor.wait
end

#terminatevoid

This method returns an undefined value.

Terminates the authenticator.



40
41
42
 
# File 'lib/cztop/authenticator.rb', line 40

def terminate
  @actor.terminate
end

#verbose!void

This method returns an undefined value.

Enable verbose logging of commands and activity.



47
48
49
50
 
# File 'lib/cztop/authenticator.rb', line 47

def verbose!
  @actor << 'VERBOSE'
  @actor.wait
end