Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in / Register
Toggle navigation
L
libzmq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Packages
Packages
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
submodule
libzmq
Commits
0ff896d0
Commit
0ff896d0
authored
Sep 02, 2013
by
Ian Barber
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #642 from hintjens/master
Fixed ZAP authentication
parents
3a50aa44
fb67e160
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
50 additions
and
30 deletions
+50
-30
curve_server.cpp
src/curve_server.cpp
+4
-0
plain_mechanism.cpp
src/plain_mechanism.cpp
+4
-0
test_security_curve.cpp
tests/test_security_curve.cpp
+24
-12
test_security_plain.cpp
tests/test_security_plain.cpp
+12
-13
testutil.hpp
tests/testutil.hpp
+6
-5
No files found.
src/curve_server.cpp
View file @
0ff896d0
...
@@ -588,24 +588,28 @@ int zmq::curve_server_t::receive_and_process_zap_reply ()
...
@@ -588,24 +588,28 @@ int zmq::curve_server_t::receive_and_process_zap_reply ()
// Address delimiter frame
// Address delimiter frame
if
(
msg
[
0
].
size
()
>
0
)
{
if
(
msg
[
0
].
size
()
>
0
)
{
rc
=
-
1
;
errno
=
EPROTO
;
errno
=
EPROTO
;
goto
error
;
goto
error
;
}
}
// Version frame
// Version frame
if
(
msg
[
1
].
size
()
!=
3
||
memcmp
(
msg
[
1
].
data
(),
"1.0"
,
3
))
{
if
(
msg
[
1
].
size
()
!=
3
||
memcmp
(
msg
[
1
].
data
(),
"1.0"
,
3
))
{
rc
=
-
1
;
errno
=
EPROTO
;
errno
=
EPROTO
;
goto
error
;
goto
error
;
}
}
// Request id frame
// Request id frame
if
(
msg
[
2
].
size
()
!=
1
||
memcmp
(
msg
[
2
].
data
(),
"1"
,
1
))
{
if
(
msg
[
2
].
size
()
!=
1
||
memcmp
(
msg
[
2
].
data
(),
"1"
,
1
))
{
rc
=
-
1
;
errno
=
EPROTO
;
errno
=
EPROTO
;
goto
error
;
goto
error
;
}
}
// Status code frame
// Status code frame
if
(
msg
[
3
].
size
()
!=
3
||
memcmp
(
msg
[
3
].
data
(),
"200"
,
3
))
{
if
(
msg
[
3
].
size
()
!=
3
||
memcmp
(
msg
[
3
].
data
(),
"200"
,
3
))
{
rc
=
-
1
;
errno
=
EACCES
;
errno
=
EACCES
;
goto
error
;
goto
error
;
}
}
...
...
src/plain_mechanism.cpp
View file @
0ff896d0
...
@@ -439,24 +439,28 @@ int zmq::plain_mechanism_t::receive_and_process_zap_reply ()
...
@@ -439,24 +439,28 @@ int zmq::plain_mechanism_t::receive_and_process_zap_reply ()
// Address delimiter frame
// Address delimiter frame
if
(
msg
[
0
].
size
()
>
0
)
{
if
(
msg
[
0
].
size
()
>
0
)
{
rc
=
-
1
;
errno
=
EPROTO
;
errno
=
EPROTO
;
goto
error
;
goto
error
;
}
}
// Version frame
// Version frame
if
(
msg
[
1
].
size
()
!=
3
||
memcmp
(
msg
[
1
].
data
(),
"1.0"
,
3
))
{
if
(
msg
[
1
].
size
()
!=
3
||
memcmp
(
msg
[
1
].
data
(),
"1.0"
,
3
))
{
rc
=
-
1
;
errno
=
EPROTO
;
errno
=
EPROTO
;
goto
error
;
goto
error
;
}
}
// Request id frame
// Request id frame
if
(
msg
[
2
].
size
()
!=
1
||
memcmp
(
msg
[
2
].
data
(),
"1"
,
1
))
{
if
(
msg
[
2
].
size
()
!=
1
||
memcmp
(
msg
[
2
].
data
(),
"1"
,
1
))
{
rc
=
-
1
;
errno
=
EPROTO
;
errno
=
EPROTO
;
goto
error
;
goto
error
;
}
}
// Status code frame
// Status code frame
if
(
msg
[
3
].
size
()
!=
3
||
memcmp
(
msg
[
3
].
data
(),
"200"
,
3
))
{
if
(
msg
[
3
].
size
()
!=
3
||
memcmp
(
msg
[
3
].
data
(),
"200"
,
3
))
{
rc
=
-
1
;
errno
=
EACCES
;
errno
=
EACCES
;
goto
error
;
goto
error
;
}
}
...
...
tests/test_security_curve.cpp
View file @
0ff896d0
...
@@ -18,10 +18,17 @@
...
@@ -18,10 +18,17 @@
*/
*/
#include "platform.hpp"
#include "platform.hpp"
#include "../include/zmq_utils.h"
#include <string.h>
#include <string.h>
#include <stdlib.h>
#include <stdlib.h>
#include "testutil.hpp"
#include "testutil.hpp"
#include "../include/zmq_utils.h"
#include "../src/z85_codec.hpp"
// Test keys from the zmq_curve man page
static
char
client_public
[]
=
"Yne@$w-vo<fVvi]a<NY6T1ed:M$fCG*[IaLV{hID"
;
static
char
client_secret
[]
=
"D:)Q[IlAW!ahhC2ac:9*A}h:p?([4%wOTJ%JR%cs"
;
static
char
server_public
[]
=
"rq:rM>}U?@Lns47E1%kR.o@n%FcmmsL/@{H8]yf7"
;
static
char
server_secret
[]
=
"JTKVSB%%)wK0E.X)V>+}o?pNmC{O&4W4b!Ni{Lh6"
;
static
void
zap_handler
(
void
*
ctx
)
static
void
zap_handler
(
void
*
ctx
)
{
{
...
@@ -42,7 +49,12 @@ static void zap_handler (void *ctx)
...
@@ -42,7 +49,12 @@ static void zap_handler (void *ctx)
char
*
address
=
s_recv
(
zap
);
char
*
address
=
s_recv
(
zap
);
char
*
identity
=
s_recv
(
zap
);
char
*
identity
=
s_recv
(
zap
);
char
*
mechanism
=
s_recv
(
zap
);
char
*
mechanism
=
s_recv
(
zap
);
char
*
client_key
=
s_recv
(
zap
);
uint8_t
client_key
[
32
];
int
size
=
zmq_recv
(
zap
,
client_key
,
32
,
0
);
assert
(
size
==
32
);
char
client_key_text
[
40
];
Z85_encode
(
client_key_text
,
client_key
,
32
);
assert
(
streq
(
version
,
"1.0"
));
assert
(
streq
(
version
,
"1.0"
));
assert
(
streq
(
mechanism
,
"CURVE"
));
assert
(
streq
(
mechanism
,
"CURVE"
));
...
@@ -50,18 +62,25 @@ static void zap_handler (void *ctx)
...
@@ -50,18 +62,25 @@ static void zap_handler (void *ctx)
s_sendmore
(
zap
,
version
);
s_sendmore
(
zap
,
version
);
s_sendmore
(
zap
,
sequence
);
s_sendmore
(
zap
,
sequence
);
if
(
streq
(
client_key_text
,
client_public
))
{
s_sendmore
(
zap
,
"200"
);
s_sendmore
(
zap
,
"200"
);
s_sendmore
(
zap
,
"OK"
);
s_sendmore
(
zap
,
"OK"
);
s_sendmore
(
zap
,
"anonymous"
);
s_sendmore
(
zap
,
"anonymous"
);
s_send
(
zap
,
""
);
s_send
(
zap
,
""
);
}
else
{
s_sendmore
(
zap
,
"400"
);
s_sendmore
(
zap
,
"Invalid username or password"
);
s_sendmore
(
zap
,
""
);
s_send
(
zap
,
""
);
}
free
(
version
);
free
(
version
);
free
(
sequence
);
free
(
sequence
);
free
(
domain
);
free
(
domain
);
free
(
address
);
free
(
address
);
free
(
identity
);
free
(
identity
);
free
(
mechanism
);
free
(
mechanism
);
free
(
client_key
);
}
}
rc
=
zmq_close
(
zap
);
rc
=
zmq_close
(
zap
);
assert
(
rc
==
0
);
assert
(
rc
==
0
);
...
@@ -81,12 +100,6 @@ int main (void)
...
@@ -81,12 +100,6 @@ int main (void)
// Spawn ZAP handler
// Spawn ZAP handler
void
*
zap_thread
=
zmq_threadstart
(
&
zap_handler
,
ctx
);
void
*
zap_thread
=
zmq_threadstart
(
&
zap_handler
,
ctx
);
// Test keys from the zmq_curve man page
char
client_public
[]
=
"Yne@$w-vo<fVvi]a<NY6T1ed:M$fCG*[IaLV{hID"
;
char
client_secret
[]
=
"D:)Q[IlAW!ahhC2ac:9*A}h:p?([4%wOTJ%JR%cs"
;
char
server_public
[]
=
"rq:rM>}U?@Lns47E1%kR.o@n%FcmmsL/@{H8]yf7"
;
char
server_secret
[]
=
"JTKVSB%%)wK0E.X)V>+}o?pNmC{O&4W4b!Ni{Lh6"
;
// Server socket will accept connections
// Server socket will accept connections
void
*
server
=
zmq_socket
(
ctx
,
ZMQ_DEALER
);
void
*
server
=
zmq_socket
(
ctx
,
ZMQ_DEALER
);
assert
(
server
);
assert
(
server
);
...
@@ -176,8 +189,7 @@ int main (void)
...
@@ -176,8 +189,7 @@ int main (void)
assert
(
rc
==
0
);
assert
(
rc
==
0
);
rc
=
zmq_connect
(
client
,
"tcp://localhost:9998"
);
rc
=
zmq_connect
(
client
,
"tcp://localhost:9998"
);
assert
(
rc
==
0
);
assert
(
rc
==
0
);
// TODO: does not handle ZAP failures properly
expect_bounce_fail
(
server
,
client
);
// expect_bounce_fail (server, client);
close_zero_linger
(
client
);
close_zero_linger
(
client
);
// Shutdown
// Shutdown
...
...
tests/test_security_plain.cpp
View file @
0ff896d0
...
@@ -114,31 +114,30 @@ int main (void)
...
@@ -114,31 +114,30 @@ int main (void)
rc
=
zmq_close
(
client
);
rc
=
zmq_close
(
client
);
assert
(
rc
==
0
);
assert
(
rc
==
0
);
// Check PLAIN security -- failed authentication
// Check PLAIN security with badly configured client (as_server)
// This will be caught by the plain_server class, not passed to ZAP
client
=
zmq_socket
(
ctx
,
ZMQ_DEALER
);
client
=
zmq_socket
(
ctx
,
ZMQ_DEALER
);
assert
(
client
);
assert
(
client
);
strcpy
(
username
,
"wronguser"
);
as_server
=
1
;
strcpy
(
password
,
"wrongpass"
);
rc
=
zmq_setsockopt
(
client
,
ZMQ_PLAIN_SERVER
,
&
as_server
,
sizeof
(
int
));
rc
=
zmq_setsockopt
(
client
,
ZMQ_PLAIN_USERNAME
,
username
,
strlen
(
username
));
assert
(
rc
==
0
);
rc
=
zmq_setsockopt
(
client
,
ZMQ_PLAIN_PASSWORD
,
password
,
strlen
(
password
));
assert
(
rc
==
0
);
assert
(
rc
==
0
);
rc
=
zmq_connect
(
client
,
"tcp://localhost:9998"
);
rc
=
zmq_connect
(
client
,
"tcp://localhost:9998"
);
assert
(
rc
==
0
);
assert
(
rc
==
0
);
// TODO: this does not fail as it should
expect_bounce_fail
(
server
,
client
);
// expect_bounce_fail (server, client);
close_zero_linger
(
client
);
close_zero_linger
(
client
);
// Check PLAIN security
with badly configured client (as_server)
// Check PLAIN security
-- failed authentication
client
=
zmq_socket
(
ctx
,
ZMQ_DEALER
);
client
=
zmq_socket
(
ctx
,
ZMQ_DEALER
);
assert
(
client
);
assert
(
client
);
as_server
=
1
;
strcpy
(
username
,
"wronguser"
);
rc
=
zmq_setsockopt
(
client
,
ZMQ_PLAIN_SERVER
,
&
as_server
,
sizeof
(
int
));
strcpy
(
password
,
"wrongpass"
);
rc
=
zmq_setsockopt
(
client
,
ZMQ_PLAIN_USERNAME
,
username
,
strlen
(
username
));
assert
(
rc
==
0
);
rc
=
zmq_setsockopt
(
client
,
ZMQ_PLAIN_PASSWORD
,
password
,
strlen
(
password
));
assert
(
rc
==
0
);
assert
(
rc
==
0
);
rc
=
zmq_connect
(
client
,
"tcp://localhost:9998"
);
rc
=
zmq_connect
(
client
,
"tcp://localhost:9998"
);
assert
(
rc
==
0
);
assert
(
rc
==
0
);
// TODO: this does not fail as it should
expect_bounce_fail
(
server
,
client
);
// expect_bounce_fail (server, client);
close_zero_linger
(
client
);
close_zero_linger
(
client
);
// Shutdown
// Shutdown
...
...
tests/testutil.hpp
View file @
0ff896d0
...
@@ -102,21 +102,22 @@ expect_bounce_fail (void *server, void *client)
...
@@ -102,21 +102,22 @@ expect_bounce_fail (void *server, void *client)
int
timeout
=
150
;
int
timeout
=
150
;
rc
=
zmq_setsockopt
(
server
,
ZMQ_RCVTIMEO
,
&
timeout
,
sizeof
(
int
));
rc
=
zmq_setsockopt
(
server
,
ZMQ_RCVTIMEO
,
&
timeout
,
sizeof
(
int
));
assert
(
rc
==
0
);
assert
(
rc
==
0
);
rc
=
zmq_setsockopt
(
client
,
ZMQ_RCVTIMEO
,
&
timeout
,
sizeof
(
int
));
assert
(
rc
==
0
);
rc
=
zmq_recv
(
server
,
buffer
,
32
,
0
);
rc
=
zmq_recv
(
server
,
buffer
,
32
,
0
);
assert
(
rc
==
-
1
);
assert
(
rc
==
-
1
);
assert
(
zmq_errno
()
==
EAGAIN
);
assert
(
zmq_errno
()
==
EAGAIN
);
// Send message from server to client to test other direction
rc
=
zmq_send
(
server
,
content
,
32
,
ZMQ_SNDMORE
);
rc
=
zmq_send
(
server
,
content
,
32
,
ZMQ_SNDMORE
);
assert
(
rc
==
32
);
assert
(
rc
==
32
);
rc
=
zmq_send
(
server
,
content
,
32
,
0
);
rc
=
zmq_send
(
server
,
content
,
32
,
0
);
assert
(
rc
==
32
);
assert
(
rc
==
32
);
// Receive message at client side (should not succeed)
rc
=
zmq_setsockopt
(
client
,
ZMQ_RCVTIMEO
,
&
timeout
,
sizeof
(
int
));
assert
(
rc
==
0
);
rc
=
zmq_recv
(
client
,
buffer
,
32
,
0
);
rc
=
zmq_recv
(
client
,
buffer
,
32
,
0
);
assert
(
rc
==
-
1
);
assert
(
rc
==
-
1
);
assert
(
zmq_errno
()
==
EAGAIN
);
assert
(
zmq_errno
()
==
EAGAIN
);
}
}
// Receive 0MQ string from socket and convert into C string
// Receive 0MQ string from socket and convert into C string
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment