zmqpp::auth Class Reference

auth - authentication for ZeroMQ security mechanisms More...

#include <auth.hpp>

Collaboration diagram for zmqpp::auth:

Public Member Functions
	auth (context &ctx)
	Constructor. More...
	~auth ()
	Destructor. More...
void	allow (const std::string &address)
	Allow (whitelist) a single IP address. More...
void	deny (const std::string &address)
	Deny (blacklist) a single IP address. More...
void	configure_domain (const std::string &domain)
	Configure a ZAP domain. More...
void	configure_plain (const std::string &username, const std::string &password)
	Configure PLAIN authentication. More...
void	configure_curve (const std::string &client_public_key)
	Configure CURVE authentication. More...
void	configure_gssapi ()
	Configure GSSAPI authentication. More...
void	set_verbose (bool verbose)
	Enable verbose tracing of commands and activity. More...

Private Member Functions
void	handle_command (socket &pipe)
	Handle an authentication command from calling application. More...
bool	authenticate_plain (zap_request &request, std::string &user_id)
	Handle a PLAIN authentication request from libzmq core. More...
bool	authenticate_curve (zap_request &request, std::string &user_id)
	Handle a CURVE authentication request from libzmq core. More...
bool	authenticate_gssapi (zap_request &request)
	Handle a GSSAPI authentication request from libzmq core. More...
void	authenticate (socket &sock)
	Authentication. More...
	auth (auth const &) ZMQPP_EXPLICITLY_DELETED
auth &	operator= (auth const &) NOEXCEPT ZMQPP_EXPLICITLY_DELETED

Private Attributes
std::shared_ptr< actor >	authenticator
poller	auth_poller
std::unordered_set< std::string >	whitelist
std::unordered_set< std::string >	blacklist
std::unordered_map < std::string, std::string >	passwords
std::unordered_set< std::string >	client_keys
std::string	domain
bool	curve_allow_any
bool	terminated
bool	verbose

Static Private Attributes
static constexpr const char *const	zap_endpoint_ = "inproc://zeromq.zap.01"

Detailed Description

auth - authentication for ZeroMQ security mechanisms

An auth actor takes over authentication for all incoming connections in its context. You can whitelist or blacklist peers based on IP address, and define policies for securing PLAIN, CURVE, and GSSAPI connections.

Constructor & Destructor Documentation

zmqpp::auth::auth

(

context &

ctx

)

Constructor.

A auth actor takes over authentication for all incoming connections in its context. You can whitelist or blacklist peers based on IP address, and define policies for securing PLAIN, CURVE, and GSSAPI connections.

zmqpp::auth::~auth

(

)

Destructor.

zmqpp::auth::auth ( auth const &  )

private

Member Function Documentation

void zmqpp::auth::allow

(

const std::string &

address

)

Allow (whitelist) a single IP address.

For NULL, all clients from this address will be accepted. For PLAIN and CURVE, they will be allowed to continue with authentication. You can call this method multiple times to whitelist multiple IP addresses. If you whitelist a single address, any non-whitelisted addresses are treated as blacklisted.

void zmqpp::auth::authenticate ( socket &  sock )

private

Authentication.

bool zmqpp::auth::authenticate_curve ( zap_request &  request, std::string &  user_id  )

private

Handle a CURVE authentication request from libzmq core.

Parameters

user_id

store the public key (z85 encoded) as the User-Id.

bool zmqpp::auth::authenticate_gssapi ( zap_request &  request )

private

Handle a GSSAPI authentication request from libzmq core.

bool zmqpp::auth::authenticate_plain ( zap_request &  request, std::string &  user_id  )

private

Handle a PLAIN authentication request from libzmq core.

Parameters

user_id

store the user as the User-Id.

void zmqpp::auth::configure_curve

(

const std::string &

client_public_key

)

Configure CURVE authentication.

CURVE authentication uses client public keys. This method can be called multiple times. To cover all domains, use "*". To allow all client keys without checking, specify CURVE_ALLOW_ANY for the client_public_key.

void zmqpp::auth::configure_domain

(

const std::string &

domain

)

Configure a ZAP domain.

To cover all domains, use "*".

void zmqpp::auth::configure_gssapi

(

)

Configure GSSAPI authentication.

GSSAPI authentication uses an underlying mechanism (usually Kerberos) to establish a secure context and perform mutual authentication.

void zmqpp::auth::configure_plain	(	const std::string &	username,
		const std::string &	password
	)

Configure PLAIN authentication.

PLAIN authentication uses a plain-text username and password.

void zmqpp::auth::deny

(

const std::string &

address

)

Deny (blacklist) a single IP address.

For all security mechanisms, this rejects the connection without any further authentication. Use either a whitelist, or a blacklist, not not both. If you define both a whitelist and a blacklist, only the whitelist takes effect.

void zmqpp::auth::handle_command ( socket &  pipe )

private

Handle an authentication command from calling application.

auth& zmqpp::auth::operator= ( auth const &  )

private

void zmqpp::auth::set_verbose

(

bool

verbose

)

Enable verbose tracing of commands and activity.

Member Data Documentation

poller zmqpp::auth::auth_poller

private

std::shared_ptr<actor> zmqpp::auth::authenticator

private

std::unordered_set<std::string> zmqpp::auth::blacklist

private

std::unordered_set<std::string> zmqpp::auth::client_keys

private

bool zmqpp::auth::curve_allow_any

private

std::string zmqpp::auth::domain

private

std::unordered_map<std::string, std::string> zmqpp::auth::passwords

private

bool zmqpp::auth::terminated

private

bool zmqpp::auth::verbose

private

std::unordered_set<std::string> zmqpp::auth::whitelist

private

constexpr const char* const zmqpp::auth::zap_endpoint_ = "inproc://zeromq.zap.01"

staticprivate

---

The documentation for this class was generated from the following files:

• src/zmqpp/auth.hpp
• src/zmqpp/auth.cpp