[zeromq-dev] Using Strawhouse security pattern with ZeroMQ

Pieter Hintjens ph at imatix.com
Mon Dec 15 22:17:53 CET 2014


You can't white/blacklist on domain names without a lot more work. The
zauth class uses the IP address as provided by the network.

On Mon, Dec 15, 2014 at 9:57 PM, Check Peck <comptechgeeky at gmail.com> wrote:
> Thanks Pieter, Yes it worked fine after I remove older version of libzmq.
>
> One question I have on Strawhouse pattern is - Does it always work with IP
> Address? I cannot use hostname to white list it? If I try to replace
> 127.0.0.1 with localhost or the actual machine name, then it doesn't work.
>
> zauth_allow (auth, "127.0.0.1"); // this works fine
> zauth_allow (auth, "localhost"); // this doesn't works
> zauth_allow (auth, "machineA.dev.com"); // this doesn't works
>
> // The Strawhouse Pattern
> //
> // We allow or deny clients according to their IP address. It may keep
> // spammers and idiots away, but won't stop a real attacker for more
> // than a heartbeat.
>
> #include <czmq.h>
>
> int main (void)
> {
> // Create context
> zctx_t *ctx = zctx_new ();
>
> // Start an authentication engine for this context. This engine
> // allows or denies incoming connections (talking to the libzmq
> // core over a protocol called ZAP).
> zauth_t *auth = zauth_new (ctx);
>
> // Get some indication of what the authenticator is deciding
> zauth_set_verbose (auth, true);
>
> // Whitelist our address; any other address will be rejected
> zauth_allow (auth, "127.0.0.1");
>
> // Create and bind server socket
> void *server = zsocket_new (ctx, ZMQ_PUSH);
> zsocket_set_zap_domain (server, "global");
> zsocket_bind (server, "tcp://*:9000");
>
> // Create and connect client socket
> void *client = zsocket_new (ctx, ZMQ_PULL);
> zsocket_connect (client, "tcp://127.0.0.1:9000");
>
> // Send a single message from server to client
> zstr_send (server, "Hello");
> char *message = zstr_recv (client);
> assert (streq (message, "Hello"));
> free (message);
> puts ("Strawhouse test OK");
>
> zauth_destroy (&auth);
> zctx_destroy (&ctx);
> return 0;
> }
>
>
>
> On Sat, Dec 13, 2014 at 1:04 AM, Pieter Hintjens <ph at imatix.com> wrote:
>>
>> You presumably have two versions of libzmq installed on your system,
>> and gcc is complaining they both have the same symbols. I'd recommend
>> removing the older version.
>>
>> On Sat, Dec 13, 2014 at 1:29 AM, Check Peck <comptechgeeky at gmail.com>
>> wrote:
>> > I am trying to use Strawhouse security pattern in my zero-mq
>> > development. I
>> > was following this wiki http://hintjens.com/blog:49 and when I try to
>> > run
>> > below simple program to make sure I have everything installed, I got an
>> > error -
>> >
>> > #include <czmq.h>
>> >
>> > int main (void) {
>> > zctx_t *ctx = zctx_new ();
>> > void *publisher = zsocket_new (ctx, ZMQ_PUB);
>> > zsocket_set_curve_server (publisher, true);
>> > puts ("Hello, Curve!");
>> > zctx_destroy (&ctx);
>> > return 0;
>> > }
>> >
>> > I tried to compile it like this -
>> >
>> > gcc -o hello hello.c -lczmq -lzmq -lsodium
>> >
>> > And the error I got -
>> >
>> > /usr/bin/ld: warning: libzmq.so.4, needed by /usr/local/lib/libczmq.so,
>> > may
>> > conflict with libzmq.so.3
>> >
>> > Does anyone know what does this mean and what wrong I am doing?
>> >
>> > _______________________________________________
>> > zeromq-dev mailing list
>> > zeromq-dev at lists.zeromq.org
>> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> >
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list