class CZTop::Authenticator

Authentication for ZeroMQ security mechanisms.

This is implemented using an {Actor}.

@see api.zeromq.org/czmq3-0:zauth

Constants

ALLOW_ANY

used to allow any CURVE client

ZAUTH_FPTR

function pointer to the +zauth()+ function

Attributes

actor[R]

@return [Actor] the actor behind this authenticator

Public Class Methods

new(cert_store = nil) click to toggle source

This installs authentication on all {Socket}s and {Actor}s. Until you add policies, all incoming NULL connections are allowed, and all PLAIN and CURVE connections are denied.

@param cert_store [CertStore] a custom certificate store

# File lib/cztop/authenticator.rb, line 25
def initialize(cert_store = nil)
  if cert_store
    raise ArgumentError unless cert_store.is_a?(CertStore)

    cert_store = cert_store.ffi_delegate
    cert_store.__undef_finalizer # native object is now owned by zauth() actor
  end
  @actor = Actor.new(ZAUTH_FPTR, cert_store)
end

Public Instance Methods

allow(*addrs) click to toggle source

Add a list of IP addresses to the whitelist. For NULL, all clients from these addresses will be accepted. For PLAIN and CURVE, they will be allowed to continue with authentication.

@param addrs [String] IP address(es) to allow @return [void]

# File lib/cztop/authenticator.rb, line 59
def allow(*addrs)
  @actor << ['ALLOW', *addrs]
  @actor.wait
end
curve(directory = ALLOW_ANY) click to toggle source

Configure CURVE authentication, using a directory that holds all public client certificates, i.e. their public keys. The certificates must have been created using {Certificate#save}/{Certificate#save_public}. You can add and remove certificates in that directory at any time.

@param directory [String] the directory to take the keys from @return [void]

# File lib/cztop/authenticator.rb, line 99
def curve(directory = ALLOW_ANY)
  @actor << ['CURVE', directory]
  @actor.wait
end
deny(*addrs) click to toggle source

Add a list of IP addresses to the blacklist. For all security mechanisms, this rejects the connection without any further authentication. Use either a whitelist, or a blacklist, not not both. If you define both a whitelist and a blacklist, only the whitelist takes effect.

@param addrs [String] IP address(es) to deny @return [void]

# File lib/cztop/authenticator.rb, line 73
def deny(*addrs)
  @actor << ['DENY', *addrs]
  @actor.wait
end
gssapi() click to toggle source

Configure GSSAPI authentication. @return [void]

# File lib/cztop/authenticator.rb, line 107
def gssapi
  @actor << 'GSSAPI'
  @actor.wait
end
plain(filename) click to toggle source

Configure PLAIN security mechanism using a plain-text password file. The password file will be reloaded automatically if modified externally.

@param filename [String] path to the password file @return [void]

# File lib/cztop/authenticator.rb, line 84
def plain(filename)
  @actor << ['PLAIN', *filename]
  @actor.wait
end
terminate() click to toggle source

Terminates the authenticator. @return [void]

# File lib/cztop/authenticator.rb, line 40
def terminate
  @actor.terminate
end
verbose!() click to toggle source

Enable verbose logging of commands and activity. @return [void]

# File lib/cztop/authenticator.rb, line 47
def verbose!
  @actor << 'VERBOSE'
  @actor.wait
end