libzmqpp-dev 4.1.2-0ubuntu2 / usr / include / zmqpp / auth.hpp

This file is indexed.

/usr/include/zmqpp/auth.hpp is in libzmqpp-dev 4.1.2-0ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
/*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * This file is part of zmqpp.
 * Copyright (c) 2011-2015 Contributors as noted in the AUTHORS file.
 */

/**
 * \file
 *
 * \date   25 Nov 2014
 * \author Prem Shankar Kumar (\@meprem)
 */

#ifndef ZMQPP_AUTH_HPP_
#define ZMQPP_AUTH_HPP_

#include <string>
#include <memory>
#include <unordered_set>
#include <unordered_map>

#include "actor.hpp"
#include "poller.hpp"
#include "socket.hpp"
#include "context.hpp"
#include "zap_request.hpp"


// Authentication is something from zmq 4
#if (ZMQ_VERSION_MAJOR > 3)

namespace zmqpp
{

/**
 * auth - authentication for ZeroMQ security mechanisms
 * 
 * An auth actor takes over authentication for all incoming connections in
 * its context. You can whitelist or blacklist peers based on IP address,
 * and define policies for securing PLAIN, CURVE, and GSSAPI connections.
 *
 */
class auth 
{
public:
	/**
	 * Constructor. A auth actor takes over authentication for all incoming connections in
	 * its context. You can whitelist or blacklist peers based on IP address,
	 * and define policies for securing PLAIN, CURVE, and GSSAPI connections.
	 *
	 */
	auth(context& ctx);

	/**
	 * Destructor.
	 *
	 */
    	~auth();

	/**
	 * Allow (whitelist) a single IP address. For NULL, all clients from this
	 * address will be accepted. For PLAIN and CURVE, they will be allowed to
	 * continue with authentication. You can call this method multiple times
	 * to whitelist multiple IP addresses. If you whitelist a single address,
	 * any non-whitelisted addresses are treated as blacklisted.
	 *
	 */
    	void allow(const std::string &address);

    	/**
	 * Deny (blacklist) a single IP address. For all security mechanisms, this
	 * rejects the connection without any further authentication. Use either a
     	 * whitelist, or a blacklist, not not both. If you define both a whitelist
     	 * and a blacklist, only the whitelist takes effect.
	 *
	 */
    	void deny(const std::string &address);

    	/**
	 * Configure a ZAP domain. To cover all domains, use "*".
	 */
    	void configure_domain(const std::string &domain);

    	/**
	 * Configure PLAIN authentication. PLAIN authentication uses a plain-text 
	 * username and password.
	 *
	 */
    	void configure_plain(const std::string &username, const std::string &password);

    	/**
	 * Configure CURVE authentication. CURVE authentication uses client public keys. 
	 * This method can be called multiple times. To cover all domains, use "*". 
	 * To allow all client keys without checking, specify CURVE_ALLOW_ANY for the client_public_key.
	 *
	 */
    	void configure_curve(const std::string &client_public_key);

    	/**
	 * Configure GSSAPI authentication. GSSAPI authentication uses an underlying 
	 * mechanism (usually Kerberos) to establish a secure context and perform mutual 
	 * authentication.
	 *
	 */
    	void configure_gssapi();

    	/**
	 * Enable verbose tracing of commands and activity.
	 *
	 */
    	void set_verbose(bool verbose);

private:
	/**
	 * Handle an authentication command from calling application.
	 *
	 */
    	void handle_command(socket& pipe);

	/**
	 * Handle a PLAIN authentication request from libzmq core
	 *
	 * @param user_id store the user as the User-Id.
	 */
    	bool authenticate_plain(zap_request& request, std::string &user_id);

	/**
	 * Handle a CURVE authentication request from libzmq core
	 *
	 * @param user_id store the public key (z85 encoded) as the User-Id.
	 */
    	bool authenticate_curve(zap_request& request, std::string &user_id);

    	/**
	 * Handle a GSSAPI authentication request from libzmq core
	 *
	 */
    	bool authenticate_gssapi(zap_request& request);

    	/**
     	 * Authentication.
     	 *
     	 */
    	void authenticate(socket& sock);
    
    	std::shared_ptr<actor>    		 	authenticator;	// ZAP authentication actor
    	poller 	            			 	auth_poller;	 // Socket poller
    	std::unordered_set<std::string> 		whitelist;      // Whitelisted addresses
    	std::unordered_set<std::string> 		blacklist;      // Blacklisted addresses
    	std::unordered_map<std::string, std::string> 	passwords;      // PLAIN passwords, if loaded
    	std::unordered_set<std::string> 		client_keys;    // Client public keys
    	std::string 				 	domain;			// ZAP domain
    	bool                        curve_allow_any;      // CURVE allows arbitrary clients
    	bool 					 	terminated;     // Did caller ask us to quit?
    	bool 					 	verbose;        // Verbose logging enabled?

#	if defined(ZMQPP_NO_CONSTEXPR)
        static const char * const zap_endpoint_;
#	else
        constexpr static const char * const zap_endpoint_ = "inproc://zeromq.zap.01";
#	endif
  
    	// No copy - private and not implemented
    	auth(auth const&) ZMQPP_EXPLICITLY_DELETED;
    	auth& operator=(auth const&) NOEXCEPT ZMQPP_EXPLICITLY_DELETED;
};

}

#endif

#endif /* ZMQPP_AUTH_HPP_ */

APT Browse - Built by Thomas Orozco.