[zeromq-dev] stonehouse and ironhouse examples - crypto being ignored in examples?

Turkey Breast turkeybreast at yahoo.com
Fri Mar 7 19:46:44 CET 2014


I have, and it's a synchronisation issue in ironhouse2. The server thread is exiting and the auth module is being destroyed. If I add a sleep after the zstr_send() in the server_task() then the example works.





On Friday, March 7, 2014 7:36 PM, Pieter Hintjens <ph at imatix.com> wrote:
Well, since you can reproduce the problem, you can try debugging it.
zauth is a little subtle but not bizarre. It has a front-end API that
sends commands like VERBOSE through to the authentication agent
thread. You can trace what's going on by adding puts() calls in
appropriate places. At the least, you will be sure you're linking
against the correct version of czmq.


On Fri, Mar 7, 2014 at 7:15 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
> Yes, I've now updated to git libzmq and ironhouse2 isn't showing the auth output like ironhouse is (eventhough both have zauth debug enabled). I'm refreshing the shared library cache using ldconfig and have tried on 2 different Debian Wheezy boxes.
>
>
>
>
>
> On Friday, March 7, 2014 6:54 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
> Yes, and I updated the library cache using ldconfig.
>
>
>
>
> On Friday, March 7, 2014 6:52 PM, Pieter Hintjens <ph at imatix.com> wrote:
> You are testing this with CZMQ git master?
>
> On Fri, Mar 7, 2014 at 6:43 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
>> There's still a problem with ironhouse2 (the other examples work).
>>
>> genjix at debian7:~/czmq/examples/security$ ./ironhouse
>> I: PASSED (whitelist) address=127.0.0.1
>> I: ALLOWED (CURVE) client_key=wfvY}{1?v*S#DP7+n2}L:?!rWfY at L*GprRr>?Ig7
>> Ironhouse test OK
>> genjix at debian7:~/czmq/examples/security$ ./ironhouse2
>> Ironhouse test OK
>>
>> ironhouse2 is ignoring the auth settings still.
>>
>>
>>
>>
>>
>> On , Turkey Breast <turkeybreast at yahoo.com> wrote:
>> OK, I'll test the new release once it's ready.
>>
>>
>>
>>
>>
>>
>> On Friday, March 7, 2014 6:20 PM, Pieter Hintjens <ph at imatix.com> wrote:
>> OK... that took a little longer than I expected to hunt down.
>>
>> There is a not small error in the current CZMQ stable release. zauth.c
>> and zsockopt.c do not include platform.h, yet test HAVE_LIBSODIUM for
>> CURVE conditional code. As a result, no encryption is enabled in that
>> stable release, period.
>>
>> Easy to patch: add
>>
>> include "platform.h"
>>
>> to zsockopt.c and zauth.c
>>
>> Better, take GitHub master. I'll make a new stable release for CZMQ asap.
>>
>> Thanks for point me to this error.
>>
>> -Pieter
>>
>>
>> On Fri, Mar 7, 2014 at 5:43 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
>>> Relevant output using czmq git (but ZMQ 4.0.3 and libsodium 0.4.5):
>>>
>>> $ ./ironhouse
>>> I: DENIED (not in whitelist) address=127.0.0.1
>>> I: DENIED (not in whitelist) address=127.0.0.1
>>>
>>> And:
>>>
>>> $ ./ironhouse
>>> I: PASSED (whitelist) address=127.0.0.1
>>> I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc- at XetsEc:)O76PQP
>>> I: PASSED (whitelist) address=127.0.0.1
>>> I: DENIED (CURVE) client_key=4tFk&Q=V]MN4]b$IY]>*L/wc- at XetsEc:)O76PQP
>>>
>>> (as expected)
>>>
>>>
>>>
>>>
>>>
>>> On , Turkey Breast <turkeybreast at yahoo.com> wrote:
>>> Yes it works with czmq master.
>>>
>>> I noticed before that the zap handler (inproc://zeromq.zap.01) wasn't being called in the poller but it was working with plain. I thought maybe it was a ZMQ problem, but since it works with git seems to indicate a czmq problem.
>>>
>>> Also the HAVE_LIBSODIUM macro wasn't exposed in zsockopt.c so I added #include "platform.h" to get that working, but it still didn't help.
>>>
>>> Thanks.
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Friday, March 7, 2014 5:26 PM, Pieter Hintjens <ph at imatix.com> wrote:
>>> I'm using the latest git master.
>>>
>>> Changing the zauth_allow() call as you suggest gives me this response:
>>>
>>> I: DENIED (not in whitelist) address=127.0.0.1
>>> CURVE I: ZAP handler rejected client authentication
>>> I: DENIED (not in whitelist) address=127.0.0.1
>>> CURVE I: ZAP handler rejected client authentication
>>> I: DENIED (not in whitelist) address=127.0.0.1
>>> ...
>>>
>>> (with "I: DENIED" trace output from libzmq, and CURVE I: output from CZMQ)
>>>
>>> I might prefix the libzmq output to make it clearer.
>>>
>>> Next step, I'll try the older packages.
>>>
>>> -Pieter
>>>
>>>
>>> On Fri, Mar 7, 2014 at 3:06 PM, Turkey Breast <turkeybreast at yahoo.com> wrote:
>>>> I've installed a brand new Debian wheezy, and installed these packages:
>>>>
>>>> czmq-2.0.3.tar.gz
>>>> libsodium-0.4.5.tar.gz
>>>> zeromq-4.0.3.tar.gz
>>>>
>>>> If I change the zauth_allow() call to a random IP address then the example still passes. Normally I expect it to refuse the connection from localhost since it isn't part of the whitelist:
>>>>
>>>>   zauth_allow (auth, "8.5.3.6");
>>>>
>>>> And in ironhouse2.c if I comment out the line where it saves the client's public key (which is loaded by the server_task), the server still accepts the client connection despite not having the public key!
>>>>
>>>> This is a standard Debian wheezy install from scratch (nothing configured) using all the latest stable packages.
>>>> _______________________________________________
>>>> zeromq-dev mailing list
>>>> zeromq-dev at lists.zeromq.org
>>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>>
>>> _______________________________________________
>>> zeromq-dev mailing list
>>> zeromq-dev at lists.zeromq.org
>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev




More information about the zeromq-dev mailing list