class CZTop::Authenticator
Authentication for ZeroMQ security mechanisms.
This is implemented using an {Actor}.
Constants
- ALLOW_ANY
used to allow any CURVE client
- ZAUTH_FPTR
function pointer to the +zauth()+ function
Attributes
@return [Actor] the actor behind this authenticator
Public Class Methods
This installs authentication on all {Socket}s and {Actor}s. Until you add policies, all incoming NULL connections are allowed, and all PLAIN and CURVE connections are denied.
@param cert_store [CertStore] a custom certificate store
# File lib/cztop/authenticator.rb, line 23 def initialize(cert_store = nil) if cert_store raise ArgumentError unless cert_store.is_a?(CertStore) cert_store = cert_store.ffi_delegate cert_store.__undef_finalizer # native object is now owned by zauth() actor end @actor = Actor.new(ZAUTH_FPTR, cert_store) end
Public Instance Methods
Add a list of IP addresses to the whitelist. For NULL, all clients from these addresses will be accepted. For PLAIN and CURVE, they will be allowed to continue with authentication.
@param addrs [String] IP address(es) to allow @return [void]
# File lib/cztop/authenticator.rb, line 54 def allow(*addrs) @actor << ["ALLOW", *addrs] @actor.wait end
Configure CURVE authentication, using a directory that holds all public client certificates, i.e. their public keys. The certificates must have been created using {Certificate#save}/{Certificate#save_public}. You can add and remove certificates in that directory at any time.
@param directory [String] the directory to take the keys from @return [void]
# File lib/cztop/authenticator.rb, line 92 def curve(directory = ALLOW_ANY) @actor << ["CURVE", directory] @actor.wait end
Add a list of IP addresses to the blacklist. For all security mechanisms, this rejects the connection without any further authentication. Use either a whitelist, or a blacklist, not not both. If you define both a whitelist and a blacklist, only the whitelist takes effect.
@param addrs [String] IP address(es) to deny @return [void]
# File lib/cztop/authenticator.rb, line 67 def deny(*addrs) @actor << ["DENY", *addrs] @actor.wait end
Configure GSSAPI authentication. @return [void]
# File lib/cztop/authenticator.rb, line 99 def gssapi @actor << "GSSAPI" @actor.wait end
Configure PLAIN security mechanism using a plain-text password file. The password file will be reloaded automatically if modified externally.
@param filename [String] path to the password file @return [void]
# File lib/cztop/authenticator.rb, line 77 def plain(filename) @actor << ["PLAIN", *filename] @actor.wait end
Terminates the authenticator. @return [void]
# File lib/cztop/authenticator.rb, line 37 def terminate @actor.terminate end
Enable verbose logging of commands and activity. @return [void]
# File lib/cztop/authenticator.rb, line 43 def verbose! @actor << "VERBOSE" @actor.wait end