Esempio n. 1
0
        /// <summary>
        /// Start an authorization action on the default context by polling the backend socket of a ZActor.
        /// </summary>
        /// <param name="backend">ZActor backend socket.</param>
        /// <param name="cancellor">Thread cancellation called when ZActor is disposed.</param>
        /// <param name="args">Arguments given to the ZActor. If the first object in this list is a a ZCertStore
        /// this ZCertStore is used for ZCert handling.</param>
        public static void Action0(ZSocket backend, System.Threading.CancellationTokenSource cancellor, object[] args)
        {
            ZCertStore certStore = args != null && args.Length > 0 && args[0] is ZCertStore ? args[0] as ZCertStore : null;

            using (ZAuth self = new ZAuth(backend, certStore))
            {
                Run(cancellor, self);
            }
        }
Esempio n. 2
0
 /// <summary>
 /// Construct authourization handler
 /// </summary>
 /// <param name="context"></param>
 /// <param name="pipe"></param>
 /// <param name="certStore"></param>
 private ZAuth(ZContext context, ZSocket pipe, ZCertStore certStore = null)
 {
     if (context != null)
     {
         sockets = new ZSocket[] { pipe, new ZSocket(context, ZSocketType.REP) };
     }
     else
     {
         sockets = new ZSocket[] { pipe, new ZSocket(ZSocketType.REP) };
     }
     sockets[HANDLER].Bind(ZAP_ENDPOINT);
     pollers        = new ZPollItem[] { ZPollItem.CreateReceiver(), ZPollItem.CreateReceiver() };
     allowAny       = true;
     verbose        = false;
     Terminated     = false;
     this.certStore = certStore;
 }
Esempio n. 3
0
        private int HandlePipe(ZMessage request)
        {
            if (request.Count == 0)
            {
                return(-1);                  //  Interrupted
            }
            ZFrame commandFrame = request.Pop();
            string command      = commandFrame.ReadLine();

            if (verbose)
            {
                Info("zauth: API command=" + command);
            }

            if (command == "ALLOW")
            {
                while (request.Count > 0)
                {
                    ZFrame frame   = request.Pop();
                    string address = frame.ReadLine();
                    if (verbose)
                    {
                        Info("zauth: - whitelisting ipaddress=" + address);
                    }

                    if (!whitelist.Contains(address))
                    {
                        whitelist.Add(address);
                    }
                }
                //
                sockets[PIPE].SendFrame(new ZFrame(0));
            }
            else
            if (command == "DENY")
            {
                while (request.Count > 0)
                {
                    ZFrame frame   = request.Pop();
                    string address = frame.ReadLine();
                    if (verbose)
                    {
                        Info("zauth: - blacklisting ipaddress=" + address);
                    }

                    if (!blacklist.Contains(address))
                    {
                        blacklist.Add(address);
                    }
                    if (whitelist.Contains(address))
                    {
                        whitelist.Remove(address);
                    }
                }
                sockets[PIPE].SendFrame(new ZFrame(0));
            }
            else
            if (command == "PLAIN")
            {
                //  Get password file and load into zhash table
                //  If the file doesn't exist we'll get an empty table
                ZFrame frame    = request.Pop();
                string filename = frame.ReadLine();
                if (Load(out passwords, filename) != 0 && verbose)
                {
                    Info("zauth: could not load file=" + filename);
                }
                sockets[PIPE].SendFrame(new ZFrame(0));
            }
            else
            if (command == "CURVE")
            {
                //  If location is CURVE_ALLOW_ANY, allow all clients. Otherwise
                //  treat location as a directory that holds the certificates.
                ZFrame frame    = request.Pop();
                string location = frame.ReadLine();
                if (location == CURVE_ALLOW_ANY)
                {
                    allowAny = true;
                }
                else
                {
                    certStore = new ZCertStore(location);
                    allowAny  = false;
                }
                sockets[PIPE].SendFrame(new ZFrame(0));
            }
            else
            if (command == "GSSAPI")
            {
                //  GSSAPI authentication is not yet implemented here
                sockets[PIPE].SendFrame(new ZFrame(0));
            }
            else
            if (command == "VERBOSE")
            {
                verbose = true;
                sockets[PIPE].SendFrame(new ZFrame(0));
            }
            else
            if (command == "$TERM")
            {
                Terminated = true;
            }
            else
            {
                Error("zauth: - invalid command: " + command);
            }
            return(0);
        }
Esempio n. 4
0
 private ZAuth(ZSocket pipe, ZCertStore certStore = null) : this(null, pipe, certStore)
 {
 }