/// <summary>
/// Receive a valid ZAP request from the handler socket
/// </summary>
/// <param name="handler"></param>
/// <param name="request"></param>
/// <param name="verbose"></param>
public ZAP(ZSocket handler, ZMessage request, bool verbose)
{
// Store handler socket so we can send a reply easily
this.handler = handler;
Verbose = verbose;
if (request.Count == 0)
{
return;
}
// Get all standard frames off the handler socket
Version = request.Pop().ReadLine();
Sequence = request.Pop().ReadLine();
Domain = request.Pop().ReadLine();
Address = request.Pop().ReadLine();
Identity = request.Pop().ReadLine();
Mechanism = request.Pop().ReadLine();
Mechanism = string.IsNullOrEmpty(Mechanism) ? "" : Mechanism;
Version = string.IsNullOrEmpty(Version) ? "" : Version;
Sequence = string.IsNullOrEmpty(Sequence) ? "" : Sequence;
Domain = string.IsNullOrEmpty(Domain) ? "" : Domain;
Address = string.IsNullOrEmpty(Address) ? "" : Address;
Identity = string.IsNullOrEmpty(Identity) ? "" : Identity;
// If the version is wrong, we're linked with a bogus libzmq, so die
if (Version != "1.0")
{
return;
}
// Get mechanism-specific frames
if (Mechanism == "PLAIN")
{
Username = request.Pop().ReadLine();
Password = request.Pop().ReadLine();
Username = string.IsNullOrEmpty(Username) ? "" : Username;
Password = string.IsNullOrEmpty(Password) ? "" : Password;
}
else
if (Mechanism == "CURVE")
{
ZFrame frame = request.Pop();
if (frame.Length != 32)
{
return;
}
ZCert cert = new ZCert(frame.Read(), new byte[32]);
ClientTxt = cert.PublicTxt;
}
else
if (Mechanism == "GSSAPI")
{
Principal = request.Pop().ReadLine();
}
if (Verbose)
{
ZAuth.Info(string.Format("zauth: ZAP request mechanism={0} ipaddress={1}", Mechanism, Address));
}
}
private int HandlePipe(ZMessage request)
{
if (request.Count == 0)
{
return(-1); // Interrupted
}
ZFrame commandFrame = request.Pop();
string command = commandFrame.ReadLine();
if (verbose)
{
Info("zauth: API command=" + command);
}
if (command == "ALLOW")
{
while (request.Count > 0)
{
ZFrame frame = request.Pop();
string address = frame.ReadLine();
if (verbose)
{
Info("zauth: - whitelisting ipaddress=" + address);
}
if (!whitelist.Contains(address))
{
whitelist.Add(address);
}
}
//
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "DENY")
{
while (request.Count > 0)
{
ZFrame frame = request.Pop();
string address = frame.ReadLine();
if (verbose)
{
Info("zauth: - blacklisting ipaddress=" + address);
}
if (!blacklist.Contains(address))
{
blacklist.Add(address);
}
if (whitelist.Contains(address))
{
whitelist.Remove(address);
}
}
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "PLAIN")
{
// Get password file and load into zhash table
// If the file doesn't exist we'll get an empty table
ZFrame frame = request.Pop();
string filename = frame.ReadLine();
if (Load(out passwords, filename) != 0 && verbose)
{
Info("zauth: could not load file=" + filename);
}
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "CURVE")
{
// If location is CURVE_ALLOW_ANY, allow all clients. Otherwise
// treat location as a directory that holds the certificates.
ZFrame frame = request.Pop();
string location = frame.ReadLine();
if (location == CURVE_ALLOW_ANY)
{
allowAny = true;
}
else
{
certStore = new ZCertStore(location);
allowAny = false;
}
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "GSSAPI")
{
// GSSAPI authentication is not yet implemented here
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "VERBOSE")
{
verbose = true;
sockets[PIPE].SendFrame(new ZFrame(0));
}
else
if (command == "$TERM")
{
Terminated = true;
}
else
{
Error("zauth: - invalid command: " + command);
}
return(0);
}
