Class: CZTop::Authenticator

Inherits:
Object
  • Object
show all
Includes:
CZMQ::FFI
Defined in:
lib/cztop/authenticator.rb

Overview

Authentication for ZeroMQ security mechanisms.

This is implemented using an Actor.

Constant Summary collapse

ZAUTH_FPTR =

function pointer to the zauth() function

::CZMQ::FFI.ffi_libraries.each do |dl|
  fptr = dl.find_function("zauth")
  break fptr if fptr
end
ALLOW_ANY =

used to allow any CURVE client

"*"

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cert_store = nil) ⇒ Authenticator

This installs authentication on all Sockets and CZTop::Actors. Until you add policies, all incoming NULL connections are allowed, and all PLAIN and CURVE connections are denied.

Parameters:

  • cert_store (CertStore) (defaults to: nil)

    a custom certificate store


23
24
25
26
27
28
29
30
# File 'lib/cztop/authenticator.rb', line 23

def initialize(cert_store = nil)
  if cert_store
    raise ArgumentError unless cert_store.is_a?(CertStore)
    cert_store = cert_store.ffi_delegate
    cert_store.__undef_finalizer # native object is now owned by zauth() actor
  end
  @actor = Actor.new(ZAUTH_FPTR, cert_store)
end

Instance Attribute Details

#actorActor (readonly)

Returns the actor behind this authenticator.

Returns:

  • (Actor)

    the actor behind this authenticator


33
34
35
# File 'lib/cztop/authenticator.rb', line 33

def actor
  @actor
end

Instance Method Details

#allow(*addrs) ⇒ void

This method returns an undefined value.

Add a list of IP addresses to the whitelist. For NULL, all clients from these addresses will be accepted. For PLAIN and CURVE, they will be allowed to continue with authentication.

Parameters:

  • addrs (String)

    IP address(es) to allow


54
55
56
57
# File 'lib/cztop/authenticator.rb', line 54

def allow(*addrs)
  @actor << ["ALLOW", *addrs]
  @actor.wait
end

#curve(directory = ALLOW_ANY) ⇒ void

This method returns an undefined value.

Configure CURVE authentication, using a directory that holds all public client certificates, i.e. their public keys. The certificates must have been created using Certificate#save/Certificate#save_public. You can add and remove certificates in that directory at any time.

Parameters:

  • directory (String) (defaults to: ALLOW_ANY)

    the directory to take the keys from


92
93
94
95
# File 'lib/cztop/authenticator.rb', line 92

def curve(directory = ALLOW_ANY)
  @actor << ["CURVE", directory]
  @actor.wait
end

#deny(*addrs) ⇒ void

This method returns an undefined value.

Add a list of IP addresses to the blacklist. For all security mechanisms, this rejects the connection without any further authentication. Use either a whitelist, or a blacklist, not not both. If you define both a whitelist and a blacklist, only the whitelist takes effect.

Parameters:

  • addrs (String)

    IP address(es) to deny


67
68
69
70
# File 'lib/cztop/authenticator.rb', line 67

def deny(*addrs)
  @actor << ["DENY", *addrs]
  @actor.wait
end

#gssapivoid

This method returns an undefined value.

Configure GSSAPI authentication.


99
100
101
102
# File 'lib/cztop/authenticator.rb', line 99

def gssapi
  @actor << "GSSAPI"
  @actor.wait
end

#plain(filename) ⇒ void

This method returns an undefined value.

Configure PLAIN security mechanism using a plain-text password file. The password file will be reloaded automatically if modified externally.

Parameters:

  • filename (String)

    path to the password file


77
78
79
80
# File 'lib/cztop/authenticator.rb', line 77

def plain(filename)
  @actor << ["PLAIN", *filename]
  @actor.wait
end

#terminatevoid

This method returns an undefined value.

Terminates the authenticator.


37
38
39
# File 'lib/cztop/authenticator.rb', line 37

def terminate
  @actor.terminate
end

#verbose!void

This method returns an undefined value.

Enable verbose logging of commands and activity.


43
44
45
46
# File 'lib/cztop/authenticator.rb', line 43

def verbose!
  @actor << "VERBOSE"
  @actor.wait
end