void zcert_test (bool verbose) { printf (" * zcert: "); #if (ZMQ_VERSION_MAJOR == 4) // @selftest // Create temporary directory for test files # define TESTDIR ".test_zcert" zsys_dir_create (TESTDIR); // Create a simple certificate with metadata zcert_t *cert = zcert_new (); # if defined (HAVE_LIBSODIUM) zcert_set_meta (cert, "email", "*****@*****.**"); zcert_set_meta (cert, "name", "Pieter Hintjens"); zcert_set_meta (cert, "organization", "iMatix Corporation"); zcert_set_meta (cert, "version", "%d", 1); assert (streq (zcert_meta (cert, "email"), "*****@*****.**")); zlist_t *keys = zcert_meta_keys (cert); assert (zlist_size (keys) == 4); zlist_destroy (&keys); // Check the dup and eq methods zcert_t *shadow = zcert_dup (cert); assert (zcert_eq (cert, shadow)); zcert_destroy (&shadow); // Check we can save and load certificate zcert_save (cert, TESTDIR "/mycert.txt"); assert (zsys_file_exists (TESTDIR "/mycert.txt")); assert (zsys_file_exists (TESTDIR "/mycert.txt_secret")); // Load certificate, will in fact load secret one shadow = zcert_load (TESTDIR "/mycert.txt"); assert (shadow); assert (zcert_eq (cert, shadow)); zcert_destroy (&shadow); // Delete secret certificate, load public one int rc = zsys_file_delete (TESTDIR "/mycert.txt_secret"); assert (rc == 0); shadow = zcert_load (TESTDIR "/mycert.txt"); // 32-byte null key encodes as 40 '0' characters assert (streq (zcert_secret_txt (shadow), "0000000000000000000000000000000000000000")); zcert_destroy (&shadow); zcert_destroy (&cert); # else // Libsodium isn't installed; should have returned NULL assert (cert == NULL); # endif // Delete all test files zdir_t *dir = zdir_new (TESTDIR, NULL); zdir_remove (dir, true); zdir_destroy (&dir); // @end #endif printf ("OK\n"); }
static void s_load_certs_from_disk (zcertstore_t *self) { s_empty_store (self); zdir_t *dir = zdir_new (self->location, NULL); if (dir) { // Load all certificates including those in subdirectories zfile_t **filelist = zdir_flatten (dir); uint index; for (index = 0;; index++) { zfile_t *file = filelist [index]; if (!file) break; // End of list if (zfile_is_regular (file)) { zcert_t *cert = zcert_load (zfile_filename (file, NULL)); if (cert) zcertstore_insert (self, &cert); } } zdir_flatten_free (&filelist); self->modified = zdir_modified (dir); self->count = zdir_count (dir); self->cursize = zdir_cursize (dir); zdir_destroy (&dir); } }
void HHVM_METHOD(ZMQCert, __construct, const Variant& filename) { auto cert = Native::data<ZMQCert>(this_); if (filename.isNull()) { cert->zcert = zcert_new(); if (!cert->zcert) { throwExceptionClass(s_ZMQCertExceptionClass, "Failed to create the underlying zcert object. Is libsodium installed?", PHP_ZMQ_INTERNAL_ERROR); } } else { cert->zcert = zcert_load(filename.asCStrRef().c_str()); if (!cert->zcert) { throwExceptionClassFmt(s_ZMQCertExceptionClass, "Failed to load the certificate from {}", filename.asCStrRef()); } } }
static void s_disk_loader (zcertstore_t *certstore) { disk_loader_state *state = (disk_loader_state *)certstore->state; zdir_t *dir = zdir_new (state->location, NULL); if (dir && (state->modified != zdir_modified (dir) || state->count != zdir_count (dir) || state->cursize != (size_t) zdir_cursize (dir))) { zhashx_purge (certstore->certs); // Load all certificates including those in subdirectories zfile_t **filelist = zdir_flatten (dir); assert (filelist); zrex_t *rex = zrex_new ("_secret$"); assert (rex); uint index; for (index = 0;; index++) { zfile_t *file = filelist [index]; if (!file) break; // End of list if (zfile_is_regular (file) && !zrex_matches (rex, zfile_filename (file, NULL))) { zcert_t *cert = zcert_load (zfile_filename (file, NULL)); if (cert) zcertstore_insert (certstore, &cert); } } zdir_flatten_free (&filelist); state->modified = zdir_modified (dir); state->count = zdir_count (dir); state->cursize = zdir_cursize (dir); zrex_destroy (&rex); } zdir_destroy (&dir); }
/// // Load certificate from file QmlZcert *QmlZcertAttached::load (const QString &filename) { QmlZcert *qmlSelf = new QmlZcert (); qmlSelf->self = zcert_load (filename.toUtf8().data()); return qmlSelf; };
void ZeroMQEngine::Initialize(const string endPoint, const string instanceName, const string instanceID) { zcert_t* localCertificate = nullptr; // Handle common security initialization for server and client instances if (SecurityEnabled()) { if (!zsys_has_curve()) throw runtime_error("Failed to locate needed curve security libraries, cannot initialize ZeroMQ security"); string localCertDirectory = CURVECERTLOCALDIR "/"; string publicCertFileName; string privateCertFileName; // Make sure certificate store directories exist if (zsys_dir_create(CURVECERTLOCALDIR) != 0) throw runtime_error("Failed to create local curve security store, cannot initialize ZeroMQ security"); if (zsys_dir_create(CURVECERTREMOTEDIR) != 0) throw runtime_error("Failed to create remote curve security store, cannot initialize ZeroMQ security"); // Derive certificate file names based on engine mode if (ServerMode()) { publicCertFileName = localCertDirectory + SVRPUBCERTFILENAME; privateCertFileName = localCertDirectory + SVRPVTCERTFILENAME; } else { publicCertFileName = localCertDirectory + instanceName + PUBCERTFILENAMEEXT; privateCertFileName = localCertDirectory + instanceName + PVTCERTFILENAMEEXT; } // See if private certificate already exists if (zsys_file_exists(privateCertFileName.c_str())) { // Load existing local certificate localCertificate = zcert_load(privateCertFileName.c_str()); if (localCertificate == nullptr) throw runtime_error("Failed to load local curve certificate, cannot initialize ZeroMQ security"); } else { // Create a new full certificate (public + private) localCertificate = zcert_new(); if (localCertificate == nullptr) throw runtime_error("Failed to create local curve certificate, cannot initialize ZeroMQ security"); zcert_set_meta(localCertificate, "name", instanceName.c_str()); zcert_set_meta(localCertificate, "id", instanceID.c_str()); zcert_set_meta(localCertificate, "type", ServerMode() ? "server" : "client"); // Persist certificates for future runs if (zcert_save_public(localCertificate, publicCertFileName.c_str()) != 0) throw runtime_error("Failed to save local curve public certificate, cannot initialize ZeroMQ security"); if (zcert_save_secret(localCertificate, privateCertFileName.c_str()) != 0) throw runtime_error("Failed to save local curve private certificate, cannot initialize ZeroMQ security"); } } // Create new ZeroMQ engine instance if (ServerMode()) m_instance = new ZeroMQServer(m_bufferReceivedCallback, SecurityEnabled(), InactiveClientTimeout(), VerboseOutput(), ConnectionID(), localCertificate); else m_instance = new ZeroMQClient(m_bufferReceivedCallback, SecurityEnabled(), InactiveClientTimeout(), VerboseOutput(), ConnectionID(), localCertificate); m_instance->Initialize(endPoint, instanceName, instanceID); log_info("\nEstablished ZeroMQ socket [%s]\n", ConnectionID().ToString().c_str()); }
static void * client_task (void *args) { bool verbose = *((bool *) args); char filename [256]; snprintf (filename, 255, TESTDIR "/client-%07d.cert", randof (10000000)); zcert_t *client_cert = zcert_new (); zcert_save_public (client_cert, filename); curve_client_t *client = curve_client_new (&client_cert); curve_client_set_verbose (client, verbose); zcert_t *server_cert = zcert_load (TESTDIR "/server.cert"); assert (server_cert); curve_client_connect (client, "tcp://127.0.0.1:9006", zcert_public_key (server_cert)); zcert_destroy (&server_cert); curve_client_sendstr (client, "Hello, World"); char *reply = curve_client_recvstr (client); assert (streq (reply, "Hello, World")); free (reply); // Try a multipart message zmsg_t *msg = zmsg_new (); zmsg_addstr (msg, "Hello, World"); zmsg_addstr (msg, "Second frame"); curve_client_send (client, &msg); msg = curve_client_recv (client); assert (zmsg_size (msg) == 2); zmsg_destroy (&msg); // Now send messages of increasing size, check they work int count; int size = 0; for (count = 0; count < 18; count++) { zframe_t *data = zframe_new (NULL, size); int byte_nbr; // Set data to sequence 0...255 repeated for (byte_nbr = 0; byte_nbr < size; byte_nbr++) zframe_data (data)[byte_nbr] = (byte) byte_nbr; msg = zmsg_new (); zmsg_prepend (msg, &data); curve_client_send (client, &msg); msg = curve_client_recv (client); data = zmsg_pop (msg); assert (data); assert (zframe_size (data) == size); for (byte_nbr = 0; byte_nbr < size; byte_nbr++) { assert (zframe_data (data)[byte_nbr] == (byte) byte_nbr); } zframe_destroy (&data); zmsg_destroy (&msg); size = size * 2 + 1; } // Signal end of test curve_client_sendstr (client, "END"); reply = curve_client_recvstr (client); free (reply); curve_client_destroy (&client); return NULL; }
static void * server_task (void *args) { bool verbose = *((bool *) args); // Install the authenticator zctx_t *ctx = zctx_new (); zauth_t *auth = zauth_new (ctx); assert (auth); zauth_set_verbose (auth, verbose); zauth_configure_curve (auth, "*", TESTDIR); void *router = zsocket_new (ctx, ZMQ_ROUTER); int rc = zsocket_bind (router, "tcp://127.0.0.1:9005"); assert (rc != -1); zcert_t *server_cert = zcert_load (TESTDIR "/server.cert"); assert (server_cert); curve_codec_t *server = curve_codec_new_server (server_cert, ctx); assert (server); zcert_destroy (&server_cert); curve_codec_set_verbose (server, verbose); // Set some metadata properties curve_codec_set_metadata (server, "Server", "CURVEZMQ/curve_codec"); // Execute incoming frames until ready or exception // In practice we'd want a server instance per unique client while (!curve_codec_connected (server)) { zframe_t *sender = zframe_recv (router); zframe_t *input = zframe_recv (router); assert (input); zframe_t *output = curve_codec_execute (server, &input); assert (output); zframe_send (&sender, router, ZFRAME_MORE); zframe_send (&output, router, 0); } // Check client metadata char *client_name = (char *) zhash_lookup (curve_codec_metadata (server), "client"); assert (client_name); assert (streq (client_name, "CURVEZMQ/curve_client")); bool finished = false; while (!finished) { // Now act as echo service doing a full decode and encode zframe_t *sender = zframe_recv (router); zframe_t *encrypted = zframe_recv (router); assert (encrypted); zframe_t *cleartext = curve_codec_decode (server, &encrypted); assert (cleartext); if (memcmp (cleartext, "END", 3) == 0) finished = true; // Echo message back encrypted = curve_codec_encode (server, &cleartext); assert (encrypted); zframe_send (&sender, router, ZFRAME_MORE); zframe_send (&encrypted, router, 0); } curve_codec_destroy (&server); zauth_destroy (&auth); zctx_destroy (&ctx); return NULL; }
/// // Load certificate from file QZcert* QZcert::load (const QString &filename, QObject *qObjParent) { return new QZcert (zcert_load (filename.toUtf8().data()), qObjParent); }
static rsRetVal addListener(instanceConf_t* iconf){ DEFiRet; DBGPRINTF("imczmq: addListener called..\n"); struct listener_t* pData; CHKmalloc(pData=(struct listener_t*)MALLOC(sizeof(struct listener_t))); pData->ruleset = iconf->pBindRuleset; pData->sock = zsock_new(iconf->sockType); if(!pData->sock) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "imczmq: new socket failed for endpoints: %s", iconf->sockEndpoints); ABORT_FINALIZE(RS_RET_NO_ERRCODE); } DBGPRINTF("imczmq: created socket of type %d..\n", iconf->sockType); if(runModConf->authType) { if(!strcmp(runModConf->authType, "CURVESERVER")) { DBGPRINTF("imczmq: we are a CURVESERVER\n"); zcert_t *serverCert = zcert_load(runModConf->serverCertPath); if(!serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load cert %s", runModConf->serverCertPath); ABORT_FINALIZE(RS_RET_ERR); } zsock_set_zap_domain(pData->sock, "global"); zsock_set_curve_server(pData->sock, 1); zcert_apply(serverCert, pData->sock); zcert_destroy(&serverCert); } else if(!strcmp(runModConf->authType, "CURVECLIENT")) { DBGPRINTF("imczmq: we are a CURVECLIENT\n"); zcert_t *serverCert = zcert_load(runModConf->serverCertPath); if(!serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load cert %s", runModConf->serverCertPath); ABORT_FINALIZE(RS_RET_ERR); } const char *server_key = zcert_public_txt(serverCert); zcert_destroy(&serverCert); zsock_set_curve_serverkey(pData->sock, server_key); zcert_t *clientCert = zcert_load(runModConf->clientCertPath); if(!clientCert) { errmsg.LogError(0, NO_ERRCODE, "could not load cert %s", runModConf->clientCertPath); ABORT_FINALIZE(RS_RET_ERR); } zcert_apply(clientCert, pData->sock); zcert_destroy(&clientCert); } } switch(iconf->sockType) { case ZMQ_SUB: #if defined(ZMQ_DISH) case ZMQ_DISH: #endif iconf->serverish = true; break; case ZMQ_PULL: #if defined(ZMQ_GATHER) case ZMQ_GATHER: #endif case ZMQ_ROUTER: #if defined(ZMQ_SERVER) case ZMQ_SERVER: #endif iconf->serverish = true; break; } if(iconf->topics) { char topic[256]; while(*iconf->topics) { char *delimiter = strchr(iconf->topics, ','); if(!delimiter) { delimiter = iconf->topics + strlen(iconf->topics); } memcpy (topic, iconf->topics, delimiter - iconf->topics); topic[delimiter-iconf->topics] = 0; DBGPRINTF("imczmq: subscribing to %s\n", topic); if(iconf->sockType == ZMQ_SUB) { zsock_set_subscribe (pData->sock, topic); } #if defined(ZMQ_DISH) else if(iconf->sockType == ZMQ_DISH) { int rc = zsock_join (pData->sock, topic); if(rc != 0) { errmsg.LogError(0, NO_ERRCODE, "could not join group %s", topic); ABORT_FINALIZE(RS_RET_ERR); } } #endif if(*delimiter == 0) { break; } iconf->topics = delimiter + 1; } } int rc = zsock_attach(pData->sock, (const char*)iconf->sockEndpoints, iconf->serverish); if (rc == -1) { errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s failed", iconf->sockEndpoints); ABORT_FINALIZE(RS_RET_ERR); } DBGPRINTF("imczmq: attached socket to %s\n", iconf->sockEndpoints); rc = zlist_append(listenerList, (void *)pData); if(rc != 0) { errmsg.LogError(0, NO_ERRCODE, "could not append listener"); ABORT_FINALIZE(RS_RET_ERR); } finalize_it: RETiRet; }
static rsRetVal addListener(instanceConf_t* iconf){ struct lstn_s* pData; DEFiRet; CHKmalloc(pData=(struct lstn_s*)MALLOC(sizeof(struct lstn_s))); pData->next = NULL; pData->pRuleset = iconf->pBindRuleset; /* Create the zeromq socket */ /* ------------------------ */ pData->sock = zsock_new(iconf->sockType); if (!pData->sock) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "imczmq: new socket failed for endpoints: %s", iconf->sockEndpoints); ABORT_FINALIZE(RS_RET_NO_ERRCODE); } DBGPRINTF ("imczmq: created socket...\n"); /* Create the beacon actor if configured */ /* ------------------------------------- */ if((iconf->beacon != NULL) && (iconf->beaconPort > 0)) { DBGPRINTF ("imczmq: starting beacon actor...\n"); pData->beaconActor = zactor_new(zbeacon, NULL); if (!pData->beaconActor) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "imczmq: could not create beacon service"); ABORT_FINALIZE (RS_RET_NO_ERRCODE); } zsock_send(pData->beaconActor, "si", "CONFIGURE", iconf->beaconPort); char *hostname = zstr_recv(pData->beaconActor); if (!*hostname) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "imczmq: no UDP broadcasting available"); ABORT_FINALIZE (RS_RET_NO_ERRCODE); } zsock_send(pData->beaconActor, "sbi", "PUBLISH", pData->beaconActor, strlen(iconf->beacon)); DBGPRINTF ("omczmq: beacon is lit: hostname: '%s', port: '%d'...\n", hostname, iconf->beaconPort); } DBGPRINTF("imczmq: authtype is: %s\n", iconf->authType); if (iconf->authType != NULL) { /* CURVESERVER */ /* ----------- */ if (!strcmp(iconf->authType, "CURVESERVER")) { zsock_set_zap_domain(pData->sock, "global"); zsock_set_curve_server(pData->sock, 1); pData->serverCert = zcert_load(iconf->serverCertPath); if (!pData->serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load server cert"); ABORT_FINALIZE(RS_RET_ERR); } zcert_apply(pData->serverCert, pData->sock); zstr_sendx(authActor, "CURVE", iconf->clientCertPath, NULL); zsock_wait(authActor); DBGPRINTF("imczmq: CURVESERVER: serverCertPath: '%s'\n", iconf->serverCertPath); DBGPRINTF("mczmq: CURVESERVER: clientCertPath: '%s'\n", iconf->clientCertPath); } /* CURVECLIENT */ /* ----------- */ else if (!strcmp(iconf->authType, "CURVECLIENT")) { if (!strcmp(iconf->clientCertPath, "*")) { pData->clientCert = zcert_new(); } else { pData->clientCert = zcert_load(iconf->clientCertPath); } if (!pData->clientCert) { errmsg.LogError(0, NO_ERRCODE, "could not load client cert"); ABORT_FINALIZE(RS_RET_ERR); } zcert_apply(pData->clientCert, pData->sock); pData->serverCert = zcert_load(iconf->serverCertPath); if (!pData->serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load server cert"); ABORT_FINALIZE(RS_RET_ERR); } char *server_key = zcert_public_txt(pData->serverCert); zsock_set_curve_serverkey (pData->sock, server_key); DBGPRINTF("imczmq: CURVECLIENT: serverCertPath: '%s'\n", iconf->serverCertPath); DBGPRINTF("imczmq: CURVECLIENT: clientCertPath: '%s'\n", iconf->clientCertPath); DBGPRINTF("imczmq: CURVECLIENT: server_key: '%s'\n", server_key); } else { errmsg.LogError(0, NO_ERRCODE, "unrecognized auth type: '%s'", iconf->authType); ABORT_FINALIZE(RS_RET_ERR); } } /* subscribe to topics */ /* ------------------- */ if (iconf->sockType == ZMQ_SUB) { char topic[256], *list = iconf->topicList; while (list) { char *delimiter = strchr(list, ','); if (!delimiter) { delimiter = list + strlen (list); } if (delimiter - list > 255) { errmsg.LogError(0, NO_ERRCODE, "iconf->topicList must be under 256 characters"); ABORT_FINALIZE(RS_RET_ERR); } memcpy(topic, list, delimiter - list); topic[delimiter - list] = 0; zsock_set_subscribe(pData->sock, topic); if (*delimiter == 0) { break; } list = delimiter + 1; } } switch (iconf->sockType) { case ZMQ_SUB: iconf->serverish = false; break; case ZMQ_PULL: case ZMQ_ROUTER: iconf->serverish = true; break; } int rc = zsock_attach(pData->sock, (const char*)iconf->sockEndpoints, iconf->serverish); if (rc == -1) { errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s", iconf->sockEndpoints); ABORT_FINALIZE(RS_RET_ERR); } /* add this struct to the global */ /* ----------------------------- */ if(lcnfRoot == NULL) { lcnfRoot = pData; } if(lcnfLast == NULL) { lcnfLast = pData; } else { lcnfLast->next = pData; lcnfLast = pData; } finalize_it: RETiRet; }
static rsRetVal initCZMQ(instanceData* pData) { DEFiRet; /* tell czmq to not use it's own signal handler */ putenv ("ZSYS_SIGHANDLER=false"); /* create new auth actor */ DBGPRINTF ("omczmq: starting auth actor...\n"); pData->authActor = zactor_new (zauth, NULL); if (!pData->authActor) { errmsg.LogError (0, RS_RET_NO_ERRCODE, "omczmq: could not create auth service"); ABORT_FINALIZE (RS_RET_NO_ERRCODE); } /* create our zeromq socket */ DBGPRINTF ("omczmq: creating zeromq socket...\n"); pData->sock = zsock_new (pData->sockType); if (!pData->sock) { errmsg.LogError (0, RS_RET_NO_ERRCODE, "omczmq: new socket failed for endpoints: %s", pData->sockEndpoints); ABORT_FINALIZE(RS_RET_NO_ERRCODE); } bool is_server = false; /* if we are a CURVE server */ if (!strcmp(pData->authType, "CURVESERVER")) { DBGPRINTF("omczmq: we are a curve server...\n"); is_server = true; /* set global auth domain */ zsock_set_zap_domain(pData->sock, "global"); /* set that we are a curve server */ zsock_set_curve_server(pData->sock, 1); /* get and set our server cert */ DBGPRINTF("omczmq: server cert is %s...\n", pData->serverCertPath); pData->serverCert = zcert_load(pData->serverCertPath); if (!pData->serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load server cert"); ABORT_FINALIZE(RS_RET_ERR); } zcert_apply(pData->serverCert, pData->sock); /* set allowed clients */ DBGPRINTF("omczmq: allowed clients are %s...\n", pData->clientCertPath); zstr_sendx(pData->authActor, "CURVE", pData->clientCertPath, NULL); zsock_wait(pData->authActor); } /* if we are a CURVE client */ if (!strcmp(pData->authType, "CURVECLIENT")) { DBGPRINTF("omczmq: we are a curve client...\n"); is_server = false; /* get our client cert */ pData->clientCert = zcert_load(pData->clientCertPath); if (!pData->clientCert) { errmsg.LogError(0, NO_ERRCODE, "could not load client cert"); ABORT_FINALIZE(RS_RET_ERR); } /* apply the client cert to the socket */ zcert_apply(pData->clientCert, pData->sock); /* get the server cert */ DBGPRINTF("omczmq: server cert is %s...\n", pData->serverCertPath); pData->serverCert = zcert_load(pData->serverCertPath); if (!pData->serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load server cert"); ABORT_FINALIZE(RS_RET_ERR); } /* get the server public key and set it for the socket */ char *server_key = zcert_public_txt(pData->serverCert); DBGPRINTF("omczmq: server public key is %s...\n", server_key); zsock_set_curve_serverkey (pData->sock, server_key); } /* we default to CONNECT unless told otherwise */ int rc = zsock_attach(pData->sock, (const char*)pData->sockEndpoints, is_server); if (rc == -1) { errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s failed", pData->sockEndpoints); ABORT_FINALIZE(RS_RET_ERR); } finalize_it: RETiRet; }
static rsRetVal initCZMQ(instanceData* pData) { DEFiRet; /* Turn off CZMQ signal handling */ /* ----------------------------- */ putenv ("ZSYS_SIGHANDLER=false"); /* Create the authentication actor */ /* ------------------------------ */ pData->authActor = zactor_new(zauth, NULL); if (!pData->authActor) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "omczmq: could not create auth actor"); ABORT_FINALIZE (RS_RET_SUSPENDED); } DBGPRINTF ("omczmq: auth actor started\n"); /* Create the zeromq socket */ /* ------------------------ */ pData->sock = zsock_new(pData->sockType); if (!pData->sock) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "omczmq: new socket failed for endpoints: %s", pData->sockEndpoints); ABORT_FINALIZE(RS_RET_SUSPENDED); } DBGPRINTF ("omczmq: created socket...\n"); /* Create the beacon actor if configured */ /* ------------------------------------- */ if((pData->beacon != NULL) && (pData->beaconport > 0)) { pData->beaconActor = zactor_new(zbeacon, NULL); if (!pData->beaconActor) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "omczmq: could not create beacon service"); ABORT_FINALIZE (RS_RET_SUSPENDED); } zsock_send(pData->beaconActor, "si", "CONFIGURE", pData->beaconport); char *hostname = zstr_recv(pData->beaconActor); if (!*hostname) { errmsg.LogError(0, RS_RET_NO_ERRCODE, "omczmq: no UDP broadcasting available"); ABORT_FINALIZE (RS_RET_SUSPENDED); } zsock_send(pData->beaconActor, "sbi", "PUBLISH", pData->beacon, strlen(pData->beacon)); DBGPRINTF ("omczmq: beacon is lit: hostname: '%s', port: '%d'...\n", hostname, pData->beaconport); zstr_free (&hostname); } /* Load certs for auth if auth is used */ /* ----------------------------------- */ if (pData->authType != NULL) { /* CURVESERVER */ /* ---------- */ if (!strcmp(pData->authType, "CURVESERVER")) { zsock_set_zap_domain(pData->sock, "global"); zsock_set_curve_server(pData->sock, 1); pData->serverCert = zcert_load(pData->serverCertPath); if (!pData->serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load server cert"); ABORT_FINALIZE(RS_RET_ERR); } zcert_apply(pData->serverCert, pData->sock); zstr_sendx(pData->authActor, "CURVE", pData->clientCertPath, NULL); zsock_wait(pData->authActor); DBGPRINTF("omczmq: CURVESERVER: serverCertPath: '%s'\n", pData->serverCertPath); DBGPRINTF("omczmq: CURVESERVER: clientCertPath: '%s'\n", pData->clientCertPath); } /* CURVECLIENT */ /* ----------- */ else if (!strcmp(pData->authType, "CURVECLIENT")) { if (!strcmp(pData->clientCertPath, "*")) { pData->clientCert = zcert_new(); } else { pData->clientCert = zcert_load(pData->clientCertPath); } if (!pData->clientCert) { errmsg.LogError(0, NO_ERRCODE, "could not load client cert"); ABORT_FINALIZE(RS_RET_ERR); } zcert_apply(pData->clientCert, pData->sock); pData->serverCert = zcert_load(pData->serverCertPath); if (!pData->serverCert) { errmsg.LogError(0, NO_ERRCODE, "could not load server cert"); ABORT_FINALIZE(RS_RET_ERR); } char *server_key = zcert_public_txt(pData->serverCert); zsock_set_curve_serverkey (pData->sock, server_key); DBGPRINTF("omczmq: CURVECLIENT: serverCertPath: '%s'\n", pData->serverCertPath); DBGPRINTF("omczmq: CURVECLIENT: clientCertPath: '%s'\n", pData->clientCertPath); DBGPRINTF("omczmq: CURVECLIENT: server_key: '%s'\n", server_key); } else { errmsg.LogError(0, NO_ERRCODE, "unrecognized auth type: '%s'", pData->authType); ABORT_FINALIZE(RS_RET_ERR); } } switch (pData->sockType) { case ZMQ_PUB: pData->serverish = true; break; case ZMQ_PUSH: case ZMQ_DEALER: pData->serverish = false; break; } int rc = zsock_attach(pData->sock, (const char*)pData->sockEndpoints, pData->serverish); if (rc == -1) { errmsg.LogError(0, NO_ERRCODE, "zsock_attach to %s failed", pData->sockEndpoints); ABORT_FINALIZE(RS_RET_SUSPENDED); } finalize_it: RETiRet; }
int main(int argc, char **argv) { if( argc < 4 ) { printf("HEY! Usage:\n banshare-report [-d] <program-name> <jail-name> <banned-ip>\n\n"); printf(" where -d sets debug mode\n"); exit(1); } int baseind = 1; if( argv[1][0] == '-' && argv[1][1] == 'd') { debug = 1; baseind = 2; } char *progname = argv[baseind]; char *jailname = argv[baseind+1]; char *bannedip = argv[baseind+2]; zauth_t *auth; zcert_t *cert; zcert_t *server_public_cert; char certdir[256]; char servercert[512]; if (access("/etc/ssl/certs/banshare/", R_OK) == 0 ) { // ubuntu, CentOS 6.x strcpy(certdir, "/etc/ssl/certs/banshare"); strcpy(servercert, "/etc/ssl/certs/banshare/server_banshare"); } else if (access("/etc/pki/tls/certs/banshare/", R_OK) == 0 ) { // CentOS 5.x strcpy(certdir, "/etc/pki/tls/certs/banshare"); strcpy(servercert, "/etc/pki/tls/certs/banshare/server_banshare"); } zctx_t *ctx = zctx_new(); if (enc) { auth = zauth_new (ctx); zauth_set_verbose (auth, true); zauth_configure_curve (auth, "*", certdir); cert = zcert_new_from(banshare_client_public, banshare_client_private); server_public_cert = zcert_load(servercert); } void *rep_sock = zsocket_new(ctx, ZMQ_REQ); // This will be request socket to complement the server's REP socket! if (enc) { zcert_apply (cert, rep_sock); zsocket_set_curve_serverkey (rep_sock, zcert_public_txt(server_public_cert)); } zsocket_set_rcvtimeo(rep_sock, 3000); // set read and write timeouts to 3 sec. zsocket_set_sndtimeo(rep_sock, 3000); int rc; char *servip; if (server_is_local()) { servip = "127.0.0.1"; } else { servip = BANSHARE_SERVER_IP; } rc = zsocket_connect(rep_sock, "tcp://%s:%d", servip, SERVER_REPORT_PORT); if (rc != 0) { printf("Connect to REQ socket to %s:%d FAILED with rc=%d\n", servip, SERVER_REPORT_PORT, rc); exit(0); } if (debug) printf("Connected to tcp://%s:%d Just fine...\n", servip, SERVER_REPORT_PORT); zclock_sleep(500); while (!zctx_interrupted) { char buf[1000]; int ret1 = zstr_sendf(rep_sock, "%s;%s;%s;%s", progname, jailname, bannedip, this_ip); if (ret1 == -1) { printf("Timeout while sending report! Server is DOWN?\n"); exit(1); } if( debug) printf("Sent: %s;%s;%s;%s to %s\n", progname, jailname, bannedip, this_ip, servip); // and like all good req-rep sockets, we should get a response! char *rec = zstr_recv(rep_sock); if (!rec) { printf("Timeout while waiting for OK! Server is DOWN?\n"); exit(1); } if (debug) printf("Got %s back from server\n", rec); zstr_free(&rec); // Oh, all that was really difficult, wasn't it? we are done. disconnect and exit exit(0); } }
zcert_t* load_cert(const std::string& filename) { return zcert_load(filename.c_str()); }