[zeromq-dev] pyzmq curve example code

MinRK benjaminrk at gmail.com
Wed Feb 26 01:00:40 CET 2014


The weird errno should be fixed in
master<https://github.com/zeromq/pyzmq/pull/483>.
But this should only affect the case when libzmq is not linked against
libsodium. Are you sure that it is?

What is the output of ldd /path/to/libzmq.so?

-MinRK


On Tue, Feb 25, 2014 at 2:09 PM, Greg Ward <greg at gerg.ca> wrote:

> On 25 February 2014, To ZeroMQ development list said:
> > But that seems to have decayed somewhat. I noticed an error from
> > pyzmq's setup script about libsodium in the umpteenth build yesterday.
> > I think maybe I'll start from scratch with a fresh prefix dir and see
> > if that clarifies things.
>
> OK I've updated libsodium, libzmq, and pyzmq from git master, rebuilt
> and reinstalled everything to a fresh prefix (/usr/local/zmq4).
> Building pyzmq ("python setup.py build --zmq=/usr/local/zmq4") printed
>
>   Warning: Detected ZMQ version: 4.1.0. pyzmq's support for libzmq-dev is
> experimental.
>
> but what the hell, I'm gonna barge on past that and take a chance. I
> saw no warnings about curve or libsodium.
>
> Now I have three problems in examples/security:
>
> 1) strawhouse succeeds but logs an error:
>
>      $ python strawhouse.py
>      [ERROR] Failed to deny [u'127.0.0.1']
>      Traceback (most recent call last):
>        File
> "/usr/local/zmq4/lib/python2.7/site-packages/zmq/auth/thread.py", line 97,
> in _handle_pipe
>          self.authenticator.deny(*addresses)
>        File
> "/usr/local/zmq4/lib/python2.7/site-packages/zmq/auth/base.py", line 85, in
> deny
>          raise ValueError("Only use a whitelist or a blacklist, not both")
>      ValueError: Only use a whitelist or a blacklist, not both
>      [INFO] Strawhouse test OK
>
>    (I didn't see this yesterday; unclear what has changed -- except
>    I'm now linking with latest upstream libzmq)
>
> 2) stonehouse.py refers to the wrong script:
>
>      $ python stonehouse.py
>      [CRITICAL] Certificates are missing - run generate_certificates
> script first
>
>    (https://github.com/zeromq/pyzmq/pull/480)
>    (I saw this yesterday, so today I thought I'd fix it)
>
> 3) generate_keys.py still crashes mysteriously:
>
>      $ python generate_keys.py
>      Traceback (most recent call last):
>        File "generate_keys.py", line 49, in <module>
>          generate_certificates(os.path.dirname(__file__))
>        File "generate_keys.py", line 30, in generate_certificates
>          server_public_file, server_secret_file =
> zmq.auth.create_certificates(keys_dir, "server")
>        File
> "/usr/local/zmq4/lib/python2.7/site-packages/zmq/auth/certs.py", line 67,
> in create_certificates
>          public_key, secret_key = zmq.curve_keypair()
>        File "utils.pyx", line 51, in
> zmq.backend.cython.utils.curve_keypair (zmq/backend/cython/utils.c:762)
>        File "/usr/local/zmq4/lib/python2.7/site-packages/zmq/error.py",
> line 128, in _check_rc
>          raise ZMQError(errno)
>      zmq.error.ZMQError: No such file or directory
>
>    (same problem as yesterday)
>
> So I've dug in a little bit, and it looks like something is
> incorrectly reusing errno. Evidence: I hacked
> zmq/backend/cython/utils.py as follows:
>
> --- a/zmq/backend/cython/utils.pyx
> +++ b/zmq/backend/cython/utils.pyx
> @@ -44,10 +44,16 @@ def curve_keypair():
>      (public, secret) : two bytestrings
>          The public and private keypair as 40 byte z85-encoded bytestrings.
>      """
> +    import os, signal
>      cdef int rc
>      cdef char[64] public_key
>      cdef char[64] secret_key
> +    print('calling zmq_curve_keypair(%r, %r)' % (public_key, secret_key))
> +    pid = os.getpid()
> +    print('sudo strace -f -tt -p %d' % pid)
> +    os.kill(pid, signal.SIGSTOP)
>      rc = zmq_curve_keypair (public_key, secret_key)
> +    print('zmq_curve_keypair() = %r' % rc)
>      _check_rc(rc)
>      return public_key, secret_key
>
>
> This gives me:
>
>   * the opportunity to strace (in another terminal window) starting
>     from just before the mysterious error
>   * clear indicators (write() to stdout) before and after the error
>
> So I run generate_keys.py with the hacked utils.pyx:
>
>   $ python generate_keys.py
>   calling zmq_curve_keypair('P\xc4X', '')
>   sudo strace -f -tt -p 14453
>   zsh: suspended (signal)  python generate_keys.py
>
> In another window, I run the suggested strace command. Then I "fg"
> generate_keys.py. Here's what strace reports:
>
>   $ sudo strace -f -tt -p 14391
>   Process 14391 attached
>   16:58:05.345389 --- stopped by SIGSTOP ---
>   16:58:08.518451 --- SIGCONT {si_signo=SIGCONT, si_code=SI_USER,
> si_pid=13915, si_uid=1554} ---
>   16:58:08.518662 write(1, "zmq_curve_keypair() = -1\n", 25) = 25
>   16:58:08.518989
> stat("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno",
> 0x7fff9e5fa630) = -1 ENOENT (No such file or directory)
>   16:58:08.519254 open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/
> errno.x86_64-linux-gnu.so", O_RDONLY) = -1 ENOENT (No such file or
> directory)
>   16:58:08.519508
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.so", O_RDONLY) =
> -1 ENOENT (No such file or directory)
>   16:58:08.519722
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errnomodule.so",
> O_RDONLY) = -1 ENOENT (No such file or directory)
>   16:58:08.519888
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.py", O_RDONLY) =
> -1 ENOENT (No such file or directory)
>   16:58:08.520011
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.pyc", O_RDONLY)
> = -1 ENOENT (No such file or directory)
>   16:58:08.520338 write(2, "Traceback (most recent call last"..., 35) = 35
>
> Bingo. The only file I/O in the call to zmq_curve_keypair() is some
> Python code trying to import errno (the module). So errno (the C
> global variable) is left at ENOENT, which causes _check_rc() to
> generate a misleading exception.
>
> Just to confirm, I made it so the last file Python tries to open fails
> differently:
>
>   $ touch /data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.pyc
>   $ chmod 000 /data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.pyc
>   $ cat /data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.pyc
>   cat: /data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.pyc:
> Permission denied
>
> When I run the whole thing again, strace reports:
>
>   Process 14405 attached
>   17:00:00.913494 --- stopped by SIGSTOP ---
>   17:00:02.679923 --- SIGCONT {si_signo=SIGCONT, si_code=SI_USER,
> si_pid=13915, si_uid=1554} ---
>   17:00:02.680118 write(1, "zmq_curve_keypair() = -1\n", 25) = 25
>   17:00:02.680430
> stat("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno",
> 0x7fff0adee750) = -1 ENOENT (No such file or directory)
>   17:00:02.680792 open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/
> errno.x86_64-linux-gnu.so", O_RDONLY) = -1 ENOENT (No such file or
> directory)
>   17:00:02.681013
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.so", O_RDONLY) =
> -1 ENOENT (No such file or directory)
>   17:00:02.681201
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errnomodule.so",
> O_RDONLY) = -1 ENOENT (No such file or directory)
>   17:00:02.681312
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.py", O_RDONLY) =
> -1 ENOENT (No such file or directory)
>   17:00:02.681412
> open("/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/errno.pyc", O_RDONLY)
> = -1 EACCES (Permission denied)
>   17:00:02.681719 write(2, "Traceback (most recent call last"..., 35) = 35
>
> and the exception printed by python is now:
>
>   Traceback (most recent call last):
>     File "generate_keys.py", line 49, in <module>
>       generate_certificates(os.path.dirname(__file__))
>     File "generate_keys.py", line 30, in generate_certificates
>       server_public_file, server_secret_file =
> zmq.auth.create_certificates(keys_dir, "server")
>     File "/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/auth/certs.py",
> line 67, in create_certificates
>       public_key, secret_key = zmq.curve_keypair()
>     File "utils.pyx", line 57, in zmq.backend.cython.utils.curve_keypair
> (zmq/backend/cython/utils.c:905)
>     File "/data/src/pyzmq/build/lib.linux-x86_64-2.7/zmq/error.py", line
> 128, in _check_rc
>       raise ZMQError(errno)
>   zmq.error.ZMQError: Permission denied
>
> I'm slightly stumped. Next step?
>
>         Greg
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20140225/a0fa8b5e/attachment.htm>


More information about the zeromq-dev mailing list