auth.hpp

Go to the documentation of this file.

/*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * This file is part of zmqpp.
 * Copyright (c) 2011-2015 Contributors as noted in the AUTHORS file.
 */

#ifndef ZMQPP_AUTH_HPP_
#define ZMQPP_AUTH_HPP_

#include <string>
#include <memory>
#include <unordered_set>
#include <unordered_map>

#include "actor.hpp"
#include "poller.hpp"
#include "socket.hpp"
#include "context.hpp"
#include "zap_request.hpp"


// Authentication is something from zmq 4
#if (ZMQ_VERSION_MAJOR > 3)

namespace zmqpp
{

class auth 
{
public:
    auth(context& ctx);

        ~auth();

        void allow(const std::string &address);

        void deny(const std::string &address);

        void configure_domain(const std::string &domain);

        void configure_plain(const std::string &username, const std::string &password);

        void configure_curve(const std::string &client_public_key);

        void configure_gssapi();

        void set_verbose(bool verbose);

private:
        void handle_command(socket& pipe);

        bool authenticate_plain(zap_request& request, std::string &user_id);

        bool authenticate_curve(zap_request& request, std::string &user_id);

        bool authenticate_gssapi(zap_request& request);

        void authenticate(socket& sock);
    
        std::shared_ptr<actor>              authenticator;  // ZAP authentication actor
        poller                              auth_poller;     // Socket poller
        std::unordered_set<std::string>         whitelist;      // Whitelisted addresses
        std::unordered_set<std::string>         blacklist;      // Blacklisted addresses
        std::unordered_map<std::string, std::string>    passwords;      // PLAIN passwords, if loaded
        std::unordered_set<std::string>         client_keys;    // Client public keys
        std::string                     domain;         // ZAP domain
        bool                        curve_allow_any;      // CURVE allows arbitrary clients
        bool                        terminated;     // Did caller ask us to quit?
        bool                        verbose;        // Verbose logging enabled?

#   if defined(ZMQPP_NO_CONSTEXPR)
        static const char * const zap_endpoint_;
#   else
        constexpr static const char * const zap_endpoint_ = "inproc://zeromq.zap.01";
#   endif
  
        // No copy - private and not implemented
        auth(auth const&) ZMQPP_EXPLICITLY_DELETED;
        auth& operator=(auth const&) NOEXCEPT ZMQPP_EXPLICITLY_DELETED;
};

}

#endif

#endif /* ZMQPP_AUTH_HPP_ */