[zeromq-dev] Using Strawhouse security pattern with ZeroMQ

Check Peck comptechgeeky at gmail.com
Mon Dec 15 23:40:00 CET 2014 

Hi Pieter,

Is there any example for Strawhouse security pattern using C++ czmq
wrapper? This link http://hintjens.com/blog:49 only talks about c way of
doing it.

I found github repository https://github.com/zeromq/czmqpp which looks like
it's a C++ wrapper for czmq but not able to find any example how to use
Strawhouse security pattern.


On Mon, Dec 15, 2014 at 1:21 PM, Check Peck <comptechgeeky at gmail.com> wrote:
>
> Ok got it. I have another question on zauth which I have asked separately
> in another question with the subject name.
> How to use ZeroMQ context with zauth?
>
> See if you can help me out.
>
> On Mon, Dec 15, 2014 at 1:17 PM, Pieter Hintjens <ph at imatix.com> wrote:
>>
>> You can't white/blacklist on domain names without a lot more work. The
>> zauth class uses the IP address as provided by the network.
>>
>> On Mon, Dec 15, 2014 at 9:57 PM, Check Peck <comptechgeeky at gmail.com>
>> wrote:
>> > Thanks Pieter, Yes it worked fine after I remove older version of
>> libzmq.
>> >
>> > One question I have on Strawhouse pattern is - Does it always work with
>> IP
>> > Address? I cannot use hostname to white list it? If I try to replace
>> > 127.0.0.1 with localhost or the actual machine name, then it doesn't
>> work.
>> >
>> > zauth_allow (auth, "127.0.0.1"); // this works fine
>> > zauth_allow (auth, "localhost"); // this doesn't works
>> > zauth_allow (auth, "machineA.dev.com"); // this doesn't works
>> >
>> > // The Strawhouse Pattern
>> > //
>> > // We allow or deny clients according to their IP address. It may keep
>> > // spammers and idiots away, but won't stop a real attacker for more
>> > // than a heartbeat.
>> >
>> > #include <czmq.h>
>> >
>> > int main (void)
>> > {
>> > // Create context
>> > zctx_t *ctx = zctx_new ();
>> >
>> > // Start an authentication engine for this context. This engine
>> > // allows or denies incoming connections (talking to the libzmq
>> > // core over a protocol called ZAP).
>> > zauth_t *auth = zauth_new (ctx);
>> >
>> > // Get some indication of what the authenticator is deciding
>> > zauth_set_verbose (auth, true);
>> >
>> > // Whitelist our address; any other address will be rejected
>> > zauth_allow (auth, "127.0.0.1");
>> >
>> > // Create and bind server socket
>> > void *server = zsocket_new (ctx, ZMQ_PUSH);
>> > zsocket_set_zap_domain (server, "global");
>> > zsocket_bind (server, "tcp://*:9000");
>> >
>> > // Create and connect client socket
>> > void *client = zsocket_new (ctx, ZMQ_PULL);
>> > zsocket_connect (client, "tcp://127.0.0.1:9000");
>> >
>> > // Send a single message from server to client
>> > zstr_send (server, "Hello");
>> > char *message = zstr_recv (client);
>> > assert (streq (message, "Hello"));
>> > free (message);
>> > puts ("Strawhouse test OK");
>> >
>> > zauth_destroy (&auth);
>> > zctx_destroy (&ctx);
>> > return 0;
>> > }
>> >
>> >
>> >
>> > On Sat, Dec 13, 2014 at 1:04 AM, Pieter Hintjens <ph at imatix.com> wrote:
>> >>
>> >> You presumably have two versions of libzmq installed on your system,
>> >> and gcc is complaining they both have the same symbols. I'd recommend
>> >> removing the older version.
>> >>
>> >> On Sat, Dec 13, 2014 at 1:29 AM, Check Peck <comptechgeeky at gmail.com>
>> >> wrote:
>> >> > I am trying to use Strawhouse security pattern in my zero-mq
>> >> > development. I
>> >> > was following this wiki http://hintjens.com/blog:49 and when I try
>> to
>> >> > run
>> >> > below simple program to make sure I have everything installed, I got
>> an
>> >> > error -
>> >> >
>> >> > #include <czmq.h>
>> >> >
>> >> > int main (void) {
>> >> > zctx_t *ctx = zctx_new ();
>> >> > void *publisher = zsocket_new (ctx, ZMQ_PUB);
>> >> > zsocket_set_curve_server (publisher, true);
>> >> > puts ("Hello, Curve!");
>> >> > zctx_destroy (&ctx);
>> >> > return 0;
>> >> > }
>> >> >
>> >> > I tried to compile it like this -
>> >> >
>> >> > gcc -o hello hello.c -lczmq -lzmq -lsodium
>> >> >
>> >> > And the error I got -
>> >> >
>> >> > /usr/bin/ld: warning: libzmq.so.4, needed by
>> /usr/local/lib/libczmq.so,
>> >> > may
>> >> > conflict with libzmq.so.3
>> >> >
>> >> > Does anyone know what does this mean and what wrong I am doing?
>> >> >
>> >> > _______________________________________________
>> >> > zeromq-dev mailing list
>> >> > zeromq-dev at lists.zeromq.org
>> >> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> >> >
>> >> _______________________________________________
>> >> zeromq-dev mailing list
>> >> zeromq-dev at lists.zeromq.org
>> >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> >
>> >
>> > _______________________________________________
>> > zeromq-dev mailing list
>> > zeromq-dev at lists.zeromq.org
>> > http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>> >
>> _______________________________________________
>> zeromq-dev mailing list
>> zeromq-dev at lists.zeromq.org
>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20141215/a71aa846/attachment.htm>

More information about the zeromq-dev mailing list