[zeromq-dev] Using Strawhouse security pattern with ZeroMQ

Check Peck comptechgeeky at gmail.com
Mon Dec 15 21:57:28 CET 2014


Thanks Pieter, Yes it worked fine after I remove older version of libzmq.

One question I have on Strawhouse pattern is - Does it always work with IP
Address? I cannot use hostname to white list it? If I try to replace
127.0.0.1 with localhost or the actual machine name, then it doesn't work.

zauth_allow (auth, "127.0.0.1"); // this works fine
zauth_allow (auth, "localhost"); // this doesn't works
zauth_allow (auth, "machineA.dev.com"); // this doesn't works

// The Strawhouse Pattern
//
// We allow or deny clients according to their IP address. It may keep
// spammers and idiots away, but won't stop a real attacker for more
// than a heartbeat.

#include <czmq.h>

int main (void)
{
 *// Create context*
 zctx_t *ctx = zctx_new ();

 *// Start an authentication engine for this context. This engine*
 *// allows or denies incoming connections (talking to the libzmq*
 *// core over a protocol called ZAP).*
 zauth_t *auth = zauth_new (ctx);

 *// Get some indication of what the authenticator is deciding*
 zauth_set_verbose (auth, true);

 *// Whitelist our address; any other address will be rejected*
 zauth_allow (auth, "127.0.0.1");

 *// Create and bind server socket*
 void *server = zsocket_new (ctx, ZMQ_PUSH);
 zsocket_set_zap_domain (server, "global");
 zsocket_bind (server, "tcp://*:9000");

*// Create and connect client socket*
 void *client = zsocket_new (ctx, ZMQ_PULL);
 zsocket_connect (client, "tcp://127.0.0.1:9000");

 *// Send a single message from server to client*
 zstr_send (server, "Hello");
 char *message = zstr_recv (client);
 assert (streq (message, "Hello"));
 free (message);
 puts ("Strawhouse test OK");

zauth_destroy (&auth);
 zctx_destroy (&ctx);
 *return* 0;
}


On Sat, Dec 13, 2014 at 1:04 AM, Pieter Hintjens <ph at imatix.com> wrote:
>
> You presumably have two versions of libzmq installed on your system,
> and gcc is complaining they both have the same symbols. I'd recommend
> removing the older version.
>
> On Sat, Dec 13, 2014 at 1:29 AM, Check Peck <comptechgeeky at gmail.com>
> wrote:
> > I am trying to use Strawhouse security pattern in my zero-mq
> development. I
> > was following this wiki http://hintjens.com/blog:49 and when I try to
> run
> > below simple program to make sure I have everything installed, I got an
> > error -
> >
> > #include <czmq.h>
> >
> > int main (void) {
> > zctx_t *ctx = zctx_new ();
> > void *publisher = zsocket_new (ctx, ZMQ_PUB);
> > zsocket_set_curve_server (publisher, true);
> > puts ("Hello, Curve!");
> > zctx_destroy (&ctx);
> > return 0;
> > }
> >
> > I tried to compile it like this -
> >
> > gcc -o hello hello.c -lczmq -lzmq -lsodium
> >
> > And the error I got -
> >
> > /usr/bin/ld: warning: libzmq.so.4, needed by /usr/local/lib/libczmq.so,
> may
> > conflict with libzmq.so.3
> >
> > Does anyone know what does this mean and what wrong I am doing?
> >
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> >
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20141215/a9d072af/attachment.htm>


More information about the zeromq-dev mailing list