/// <summary> /// Receive a valid ZAP request from the handler socket /// </summary> /// <param name="handler"></param> /// <param name="request"></param> /// <param name="verbose"></param> public ZAP(ZSocket handler, ZMessage request, bool verbose) { // Store handler socket so we can send a reply easily this.handler = handler; Verbose = verbose; if (request.Count == 0) { return; } // Get all standard frames off the handler socket Version = request.Pop().ReadLine(); Sequence = request.Pop().ReadLine(); Domain = request.Pop().ReadLine(); Address = request.Pop().ReadLine(); Identity = request.Pop().ReadLine(); Mechanism = request.Pop().ReadLine(); Mechanism = string.IsNullOrEmpty(Mechanism) ? "" : Mechanism; Version = string.IsNullOrEmpty(Version) ? "" : Version; Sequence = string.IsNullOrEmpty(Sequence) ? "" : Sequence; Domain = string.IsNullOrEmpty(Domain) ? "" : Domain; Address = string.IsNullOrEmpty(Address) ? "" : Address; Identity = string.IsNullOrEmpty(Identity) ? "" : Identity; // If the version is wrong, we're linked with a bogus libzmq, so die if (Version != "1.0") { return; } // Get mechanism-specific frames if (Mechanism == "PLAIN") { Username = request.Pop().ReadLine(); Password = request.Pop().ReadLine(); Username = string.IsNullOrEmpty(Username) ? "" : Username; Password = string.IsNullOrEmpty(Password) ? "" : Password; } else if (Mechanism == "CURVE") { ZFrame frame = request.Pop(); if (frame.Length != 32) { return; } ZCert cert = new ZCert(frame.Read(), new byte[32]); ClientTxt = cert.PublicTxt; } else if (Mechanism == "GSSAPI") { Principal = request.Pop().ReadLine(); } if (Verbose) { ZAuth.Info(string.Format("zauth: ZAP request mechanism={0} ipaddress={1}", Mechanism, Address)); } }
private int HandlePipe(ZMessage request) { if (request.Count == 0) { return(-1); // Interrupted } ZFrame commandFrame = request.Pop(); string command = commandFrame.ReadLine(); if (verbose) { Info("zauth: API command=" + command); } if (command == "ALLOW") { while (request.Count > 0) { ZFrame frame = request.Pop(); string address = frame.ReadLine(); if (verbose) { Info("zauth: - whitelisting ipaddress=" + address); } if (!whitelist.Contains(address)) { whitelist.Add(address); } } // sockets[PIPE].SendFrame(new ZFrame(0)); } else if (command == "DENY") { while (request.Count > 0) { ZFrame frame = request.Pop(); string address = frame.ReadLine(); if (verbose) { Info("zauth: - blacklisting ipaddress=" + address); } if (!blacklist.Contains(address)) { blacklist.Add(address); } if (whitelist.Contains(address)) { whitelist.Remove(address); } } sockets[PIPE].SendFrame(new ZFrame(0)); } else if (command == "PLAIN") { // Get password file and load into zhash table // If the file doesn't exist we'll get an empty table ZFrame frame = request.Pop(); string filename = frame.ReadLine(); if (Load(out passwords, filename) != 0 && verbose) { Info("zauth: could not load file=" + filename); } sockets[PIPE].SendFrame(new ZFrame(0)); } else if (command == "CURVE") { // If location is CURVE_ALLOW_ANY, allow all clients. Otherwise // treat location as a directory that holds the certificates. ZFrame frame = request.Pop(); string location = frame.ReadLine(); if (location == CURVE_ALLOW_ANY) { allowAny = true; } else { certStore = new ZCertStore(location); allowAny = false; } sockets[PIPE].SendFrame(new ZFrame(0)); } else if (command == "GSSAPI") { // GSSAPI authentication is not yet implemented here sockets[PIPE].SendFrame(new ZFrame(0)); } else if (command == "VERBOSE") { verbose = true; sockets[PIPE].SendFrame(new ZFrame(0)); } else if (command == "$TERM") { Terminated = true; } else { Error("zauth: - invalid command: " + command); } return(0); }