/// <summary>
/// Start an authorization action on the default context by polling the backend socket of a ZActor.
/// </summary>
/// <param name="backend">ZActor backend socket.</param>
/// <param name="cancellor">Thread cancellation called when ZActor is disposed.</param>
/// <param name="args">Arguments given to the ZActor. If the first object in this list is a a ZCertStore
/// this ZCertStore is used for ZCert handling.</param>
public static void Action0(ZSocket backend, System.Threading.CancellationTokenSource cancellor, object[] args)
{
ZCertStore certStore = args != null && args.Length > 0 && args[0] is ZCertStore ? args[0] as ZCertStore : null;
using (ZAuth self = new ZAuth(backend, certStore))
{
Run(cancellor, self);
}
}
/// <summary>
/// Construct authourization handler
/// </summary>
/// <param name="context"></param>
/// <param name="pipe"></param>
/// <param name="certStore"></param>
private ZAuth(ZContext context, ZSocket pipe, ZCertStore certStore = null)
{
if (context != null)
{
sockets = new ZSocket[] { pipe, new ZSocket(context, ZSocketType.REP) };
}
else
{
sockets = new ZSocket[] { pipe, new ZSocket(ZSocketType.REP) };
}
sockets[HANDLER].Bind(ZAP_ENDPOINT);
pollers = new ZPollItem[] { ZPollItem.CreateReceiver(), ZPollItem.CreateReceiver() };
allowAny = true;
verbose = false;
Terminated = false;
this.certStore = certStore;
}
private int HandlePipe(ZMessage request)
{
if (request.Count == 0)
{
return(-1); // Interrupted
}
ZFrame commandFrame = request.Pop();
string command = commandFrame.ReadLine();
if (verbose)
{
Info("zauth: API command=" + command);
}
if (command == "ALLOW")
{
while (request.Count > 0)
{
ZFrame frame = request.Pop();
string address = frame.ReadLine();
if (verbose)
{
Info("zauth: - whitelisting ipaddress=" + address);
}
if (!whitelist.Contains(address))
{
whitelist.Add(address);
}
}
//
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "DENY")
{
while (request.Count > 0)
{
ZFrame frame = request.Pop();
string address = frame.ReadLine();
if (verbose)
{
Info("zauth: - blacklisting ipaddress=" + address);
}
if (!blacklist.Contains(address))
{
blacklist.Add(address);
}
if (whitelist.Contains(address))
{
whitelist.Remove(address);
}
}
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "PLAIN")
{
// Get password file and load into zhash table
// If the file doesn't exist we'll get an empty table
ZFrame frame = request.Pop();
string filename = frame.ReadLine();
if (Load(out passwords, filename) != 0 && verbose)
{
Info("zauth: could not load file=" + filename);
}
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "CURVE")
{
// If location is CURVE_ALLOW_ANY, allow all clients. Otherwise
// treat location as a directory that holds the certificates.
ZFrame frame = request.Pop();
string location = frame.ReadLine();
if (location == CURVE_ALLOW_ANY)
{
allowAny = true;
}
else
{
certStore = new ZCertStore(location);
allowAny = false;
}
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "GSSAPI")
{
// GSSAPI authentication is not yet implemented here
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "VERBOSE")
{
verbose = true;
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "$TERM")
{
Terminated = true;
}
else
{
Error("zauth: - invalid command: " + command);
}
return(0);
}
private ZAuth(ZSocket pipe, ZCertStore certStore = null) : this(null, pipe, certStore)
{
}