[zeromq-dev] Using Strawhouse security pattern with ZeroMQ

Check Peck comptechgeeky at gmail.com
Mon Dec 15 22:21:47 CET 2014


Ok got it. I have another question on zauth which I have asked separately
in another question with the subject name.
How to use ZeroMQ context with zauth?

See if you can help me out.

On Mon, Dec 15, 2014 at 1:17 PM, Pieter Hintjens <ph at imatix.com> wrote:
>
> You can't white/blacklist on domain names without a lot more work. The
> zauth class uses the IP address as provided by the network.
>
> On Mon, Dec 15, 2014 at 9:57 PM, Check Peck <comptechgeeky at gmail.com>
> wrote:
> > Thanks Pieter, Yes it worked fine after I remove older version of libzmq.
> >
> > One question I have on Strawhouse pattern is - Does it always work with
> IP
> > Address? I cannot use hostname to white list it? If I try to replace
> > 127.0.0.1 with localhost or the actual machine name, then it doesn't
> work.
> >
> > zauth_allow (auth, "127.0.0.1"); // this works fine
> > zauth_allow (auth, "localhost"); // this doesn't works
> > zauth_allow (auth, "machineA.dev.com"); // this doesn't works
> >
> > // The Strawhouse Pattern
> > //
> > // We allow or deny clients according to their IP address. It may keep
> > // spammers and idiots away, but won't stop a real attacker for more
> > // than a heartbeat.
> >
> > #include <czmq.h>
> >
> > int main (void)
> > {
> > // Create context
> > zctx_t *ctx = zctx_new ();
> >
> > // Start an authentication engine for this context. This engine
> > // allows or denies incoming connections (talking to the libzmq
> > // core over a protocol called ZAP).
> > zauth_t *auth = zauth_new (ctx);
> >
> > // Get some indication of what the authenticator is deciding
> > zauth_set_verbose (auth, true);
> >
> > // Whitelist our address; any other address will be rejected
> > zauth_allow (auth, "127.0.0.1");
> >
> > // Create and bind server socket
> > void *server = zsocket_new (ctx, ZMQ_PUSH);
> > zsocket_set_zap_domain (server, "global");
> > zsocket_bind (server, "tcp://*:9000");
> >
> > // Create and connect client socket
> > void *client = zsocket_new (ctx, ZMQ_PULL);
> > zsocket_connect (client, "tcp://127.0.0.1:9000");
> >
> > // Send a single message from server to client
> > zstr_send (server, "Hello");
> > char *message = zstr_recv (client);
> > assert (streq (message, "Hello"));
> > free (message);
> > puts ("Strawhouse test OK");
> >
> > zauth_destroy (&auth);
> > zctx_destroy (&ctx);
> > return 0;
> > }
> >
> >
> >
> > On Sat, Dec 13, 2014 at 1:04 AM, Pieter Hintjens <ph at imatix.com> wrote:
> >>
> >> You presumably have two versions of libzmq installed on your system,
> >> and gcc is complaining they both have the same symbols. I'd recommend
> >> removing the older version.
> >>
> >> On Sat, Dec 13, 2014 at 1:29 AM, Check Peck <comptechgeeky at gmail.com>
> >> wrote:
> >> > I am trying to use Strawhouse security pattern in my zero-mq
> >> > development. I
> >> > was following this wiki http://hintjens.com/blog:49 and when I try to
> >> > run
> >> > below simple program to make sure I have everything installed, I got
> an
> >> > error -
> >> >
> >> > #include <czmq.h>
> >> >
> >> > int main (void) {
> >> > zctx_t *ctx = zctx_new ();
> >> > void *publisher = zsocket_new (ctx, ZMQ_PUB);
> >> > zsocket_set_curve_server (publisher, true);
> >> > puts ("Hello, Curve!");
> >> > zctx_destroy (&ctx);
> >> > return 0;
> >> > }
> >> >
> >> > I tried to compile it like this -
> >> >
> >> > gcc -o hello hello.c -lczmq -lzmq -lsodium
> >> >
> >> > And the error I got -
> >> >
> >> > /usr/bin/ld: warning: libzmq.so.4, needed by
> /usr/local/lib/libczmq.so,
> >> > may
> >> > conflict with libzmq.so.3
> >> >
> >> > Does anyone know what does this mean and what wrong I am doing?
> >> >
> >> > _______________________________________________
> >> > zeromq-dev mailing list
> >> > zeromq-dev at lists.zeromq.org
> >> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> >> >
> >> _______________________________________________
> >> zeromq-dev mailing list
> >> zeromq-dev at lists.zeromq.org
> >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> >
> >
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> >
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20141215/8c4bdd32/attachment.htm>


More information about the zeromq-dev mailing list