int
hydra_post_save (hydra_post_t *self, const char *filename)
{
assert (self);
assert (filename);
// Creeate subdirectories if necessary
zsys_dir_create ("posts");
zsys_dir_create ("posts/blobs");
// If post content hasn't yet been serialised, write it to disk in the
// blobs directory and set the location property to point to it.
if (self->content) {
assert (!self->location);
self->location = zsys_sprintf ("posts/blobs/%s", self->digest);
FILE *output = fopen (self->location, "wb");
zchunk_write (self->content, output);
zchunk_destroy (&self->content);
fclose (output);
}
zconfig_t *root = zconfig_new ("root", NULL);
zconfig_put (root, "/post/ident", hydra_post_ident (self));
zconfig_put (root, "/post/subject", self->subject);
zconfig_put (root, "/post/timestamp", self->timestamp);
zconfig_put (root, "/post/parent-id", self->parent_id);
zconfig_put (root, "/post/mime-type", self->mime_type);
zconfig_put (root, "/post/digest", self->digest);
zconfig_put (root, "/post/location", self->location);
zconfig_putf (root, "/post/content-size", "%ld", self->content_size);
zconfig_savef (root, "posts/%s", filename);
zconfig_destroy (&root);
return 0;
}
void
zcert_test (bool verbose)
{
printf (" * zcert: ");
#if (ZMQ_VERSION_MAJOR == 4)
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zcert"
zsys_dir_create (TESTDIR);
// Create a simple certificate with metadata
zcert_t *cert = zcert_new ();
# if defined (HAVE_LIBSODIUM)
zcert_set_meta (cert, "email", "*****@*****.**");
zcert_set_meta (cert, "name", "Pieter Hintjens");
zcert_set_meta (cert, "organization", "iMatix Corporation");
zcert_set_meta (cert, "version", "%d", 1);
assert (streq (zcert_meta (cert, "email"), "*****@*****.**"));
zlist_t *keys = zcert_meta_keys (cert);
assert (zlist_size (keys) == 4);
zlist_destroy (&keys);
// Check the dup and eq methods
zcert_t *shadow = zcert_dup (cert);
assert (zcert_eq (cert, shadow));
zcert_destroy (&shadow);
// Check we can save and load certificate
zcert_save (cert, TESTDIR "/mycert.txt");
assert (zsys_file_exists (TESTDIR "/mycert.txt"));
assert (zsys_file_exists (TESTDIR "/mycert.txt_secret"));
// Load certificate, will in fact load secret one
shadow = zcert_load (TESTDIR "/mycert.txt");
assert (shadow);
assert (zcert_eq (cert, shadow));
zcert_destroy (&shadow);
// Delete secret certificate, load public one
int rc = zsys_file_delete (TESTDIR "/mycert.txt_secret");
assert (rc == 0);
shadow = zcert_load (TESTDIR "/mycert.txt");
// 32-byte null key encodes as 40 '0' characters
assert (streq (zcert_secret_txt (shadow),
"0000000000000000000000000000000000000000"));
zcert_destroy (&shadow);
zcert_destroy (&cert);
# else
// Libsodium isn't installed; should have returned NULL
assert (cert == NULL);
# endif
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
#endif
printf ("OK\n");
}
int
zfile_output (zfile_t *self)
{
assert (self);
// Wipe symbolic link if that's what the file was
if (self->link) {
free (self->link);
self->link = NULL;
}
// Create file path if it doesn't exist
char *file_path = strdup (self->fullname);
char *last_slash = strrchr (file_path, '/');
if (last_slash)
*last_slash = 0;
if (zsys_dir_create (file_path))
return -1;
free (file_path);
// Create file if it doesn't exist
if (self->handle)
zfile_close (self);
self->handle = fopen (self->fullname, "r+b");
if (!self->handle) {
self->handle = fopen (self->fullname, "w+b");
if (!self->handle)
self->handle = fopen (self->fullname, "w+b");
}
return self->handle? 0: -1;
}
void
zcertstore_test (bool verbose)
{
printf (" * zcertstore: ");
if (verbose)
printf ("\n");
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zcertstore"
zsys_dir_create (TESTDIR);
// Load certificate store from disk; it will be empty
zcertstore_t *certstore = zcertstore_new (TESTDIR);
assert (certstore);
// Create a single new certificate and save to disk
zcert_t *cert = zcert_new ();
assert (cert);
char *client_key = strdup (zcert_public_txt (cert));
assert (client_key);
zcert_set_meta (cert, "name", "John Doe");
zcert_save (cert, TESTDIR "/mycert.txt");
zcert_destroy (&cert);
// Check that certificate store refreshes as expected
cert = zcertstore_lookup (certstore, client_key);
assert (cert);
assert (streq (zcert_meta (cert, "name"), "John Doe"));
// Test custom loader
test_loader_state *state = (test_loader_state *) zmalloc (sizeof (test_loader_state));
state->index = 0;
zcertstore_set_loader (certstore, s_test_loader, s_test_destructor, (void *)state);
#if (ZMQ_VERSION_MAJOR >= 4)
cert = zcertstore_lookup (certstore, client_key);
assert (cert == NULL);
cert = zcertstore_lookup (certstore, "abcdefghijklmnopqrstuvwxyzabcdefghijklmn");
assert (cert);
#endif
free (client_key);
if (verbose)
zcertstore_print (certstore);
zcertstore_destroy (&certstore);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
assert (dir);
zdir_remove (dir, true);
zdir_destroy (&dir);
#if defined (__WINDOWS__)
zsys_shutdown();
#endif
// @end
printf ("OK\n");
}
void
drops_test (bool verbose)
{
printf (" * drops: ");
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_drops"
// Create two drops instances and test some to and fro
zsys_dir_create (TESTDIR "/box1");
drops_t *drops1 = drops_new (TESTDIR "/box1");
zsys_dir_create (TESTDIR "/box2");
drops_t *drops2 = drops_new (TESTDIR "/box2");
// Give time for nodes to discover each other and interconnect
zclock_sleep (100);
FILE *output = fopen (TESTDIR "/box1/bilbo", "w");
fprintf (output, "Hello, world");
fclose (output);
// Directory monitoring is once per second at present, so this gives
// time for box1 to see its new file, and send it to box2
zclock_sleep (1200);
char buffer [256];
FILE *input = fopen (TESTDIR "/box2/bilbo", "r");
assert (input);
char *result = fgets (buffer, 256, input);
assert (result == buffer);
assert (streq (buffer, "Hello, world"));
fclose (input);
drops_destroy (&drops2);
drops_destroy (&drops1);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
zclock_sleep (100);
printf ("OK\n");
}
JNIEXPORT jint JNICALL
Java_org_zeromq_czmq_Zsys__1_1dirCreate (JNIEnv *env, jclass c, jstring pathname)
{
char *pathname_ = (char *) (*env)->GetStringUTFChars (env, pathname, NULL);
jint dir_create_ = (jint) zsys_dir_create (pathname_);
(*env)->ReleaseStringUTFChars (env, pathname, pathname_);
return dir_create_;
}
void
hydra_post_test (bool verbose)
{
printf (" * hydra_post: ");
if (verbose)
printf ("\n");
// @selftest
// Simple create/destroy test
zsys_dir_create (".hydra_test");
zsys_dir_change (".hydra_test");
hydra_post_t *post = hydra_post_new ("Test post");
assert (post);
hydra_post_set_content (post, "Hello, World");
assert (streq (hydra_post_mime_type (post), "text/plain"));
char *content = hydra_post_content (post);
assert (content);
assert (streq (content, "Hello, World"));
zstr_free (&content);
int rc = hydra_post_save (post, "testpost");
assert (rc == 0);
hydra_post_destroy (&post);
post = hydra_post_load ("testpost");
assert (post);
assert (hydra_post_content_size (post) == 12);
if (verbose)
hydra_post_print (post);
content = hydra_post_content (post);
assert (content);
assert (streq (content, "Hello, World"));
zstr_free (&content);
zchunk_t *chunk = hydra_post_fetch (
post, hydra_post_content_size (post), 0);
assert (chunk);
assert (zchunk_size (chunk) == 12);
zchunk_destroy (&chunk);
hydra_post_t *copy = hydra_post_dup (post);
assert (streq (hydra_post_ident (copy), hydra_post_ident (post)));
hydra_post_destroy (&post);
hydra_post_destroy (©);
// Delete the test directory
zsys_dir_change ("..");
zdir_t *dir = zdir_new (".hydra_test", NULL);
assert (dir);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
printf ("OK\n");
}
int
zsys_test (bool verbose)
{
printf (" * zsys: ");
// @selftest
zsys_handler_reset ();
zsys_handler_set (NULL);
zsys_handler_set (NULL);
zsys_handler_reset ();
zsys_handler_reset ();
int rc = zsys_file_delete ("nosuchfile");
assert (rc == -1);
bool rc_bool = zsys_file_exists ("nosuchfile");
assert (rc_bool != true);
rc = (int) zsys_file_size ("nosuchfile");
assert (rc == -1);
time_t when = zsys_file_modified (".");
assert (when > 0);
rc = zsys_dir_create ("%s/%s", ".", ".testsys/subdir");
assert (rc == 0);
when = zsys_file_modified ("./.testsys/subdir");
assert (when > 0);
rc = zsys_dir_delete ("%s/%s", ".", ".testsys/subdir");
assert (rc == 0);
rc = zsys_dir_delete ("%s/%s", ".", ".testsys");
assert (rc == 0);
int major, minor, patch;
zsys_version (&major, &minor, &patch);
assert (major == CZMQ_VERSION_MAJOR);
assert (minor == CZMQ_VERSION_MINOR);
assert (patch == CZMQ_VERSION_PATCH);
char *string = s_vprintf ("%s %02x", "Hello", 16);
assert (streq (string, "Hello 10"));
zstr_free (&string);
char *str64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,.";
int num10 = 1234567890;
string = s_vprintf ("%s%s%s%s%d", str64, str64, str64, str64, num10);
assert (strlen (string) == (4 * 64 + 10));
zstr_free (&string);
// @end
printf ("OK\n");
return 0;
}
void
zconfig_test (bool verbose)
{
printf (" * zconfig: ");
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zconfig"
zsys_dir_create (TESTDIR);
zconfig_t *root = zconfig_new ("root", NULL);
zconfig_t *section, *item;
section = zconfig_new ("headers", root);
item = zconfig_new ("email", section);
zconfig_set_value (item, "*****@*****.**");
item = zconfig_new ("name", section);
zconfig_set_value (item, "Justin Kayce");
zconfig_put (root, "/curve/secret-key", "Top Secret");
zconfig_set_comment (root, " CURVE certificate");
zconfig_set_comment (root, " -----------------");
assert (zconfig_comments (root));
zconfig_save (root, TESTDIR "/test.cfg");
zconfig_destroy (&root);
root = zconfig_load (TESTDIR "/test.cfg");
if (verbose)
zconfig_save (root, "-");
char *email = zconfig_resolve (root, "/headers/email", NULL);
assert (email);
assert (streq (email, "*****@*****.**"));
char *passwd = zconfig_resolve (root, "/curve/secret-key", NULL);
assert (passwd);
assert (streq (passwd, "Top Secret"));
zconfig_save (root, TESTDIR "/test.cfg");
zconfig_destroy (&root);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
printf ("OK\n");
}
void
zcertstore_test (bool verbose)
{
printf (" * zcertstore: ");
if (verbose)
printf ("\n");
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zcertstore"
zsys_dir_create (TESTDIR);
// Load certificate store from disk; it will be empty
zcertstore_t *certstore = zcertstore_new (TESTDIR);
assert (certstore);
// Create a single new certificate and save to disk
zcert_t *cert = zcert_new ();
assert (cert);
char *client_key = strdup (zcert_public_txt (cert));
assert (client_key);
zcert_set_meta (cert, "name", "John Doe");
zcert_save (cert, TESTDIR "/mycert.txt");
zcert_destroy (&cert);
// Check that certificate store refreshes as expected
cert = zcertstore_lookup (certstore, client_key);
assert (cert);
assert (streq (zcert_meta (cert, "name"), "John Doe"));
free (client_key);
if (verbose)
zcertstore_print (certstore);
zcertstore_destroy (&certstore);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
assert (dir);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
printf ("OK\n");
}
int
zsys_test (bool verbose)
{
printf (" * zsys: ");
// @selftest
zsys_handler_reset ();
zsys_handler_set (NULL);
zsys_handler_set (NULL);
zsys_handler_reset ();
zsys_handler_reset ();
int rc = zsys_file_delete ("nosuchfile");
assert (rc == -1);
bool rc_bool = zsys_file_exists ("nosuchfile");
assert (rc_bool != true);
rc = (int) zsys_file_size ("nosuchfile");
assert (rc == -1);
time_t when = zsys_file_modified (".");
assert (when > 0);
rc = zsys_dir_create ("%s/%s", ".", ".testsys/subdir");
assert (rc == 0);
when = zsys_file_modified ("./.testsys/subdir");
assert (when > 0);
rc = zsys_dir_delete ("%s/%s", ".", ".testsys/subdir");
assert (rc == 0);
char *string = s_vprintf ("%s %02x", "Hello", 16);
assert (streq (string, "Hello 10"));
free (string);
// @end
printf ("OK\n");
return 0;
}
void ZeroMQEngine::Initialize(const string endPoint, const string instanceName, const string instanceID)
{
zcert_t* localCertificate = nullptr;
// Handle common security initialization for server and client instances
if (SecurityEnabled())
{
if (!zsys_has_curve())
throw runtime_error("Failed to locate needed curve security libraries, cannot initialize ZeroMQ security");
string localCertDirectory = CURVECERTLOCALDIR "/";
string publicCertFileName;
string privateCertFileName;
// Make sure certificate store directories exist
if (zsys_dir_create(CURVECERTLOCALDIR) != 0)
throw runtime_error("Failed to create local curve security store, cannot initialize ZeroMQ security");
if (zsys_dir_create(CURVECERTREMOTEDIR) != 0)
throw runtime_error("Failed to create remote curve security store, cannot initialize ZeroMQ security");
// Derive certificate file names based on engine mode
if (ServerMode())
{
publicCertFileName = localCertDirectory + SVRPUBCERTFILENAME;
privateCertFileName = localCertDirectory + SVRPVTCERTFILENAME;
}
else
{
publicCertFileName = localCertDirectory + instanceName + PUBCERTFILENAMEEXT;
privateCertFileName = localCertDirectory + instanceName + PVTCERTFILENAMEEXT;
}
// See if private certificate already exists
if (zsys_file_exists(privateCertFileName.c_str()))
{
// Load existing local certificate
localCertificate = zcert_load(privateCertFileName.c_str());
if (localCertificate == nullptr)
throw runtime_error("Failed to load local curve certificate, cannot initialize ZeroMQ security");
}
else
{
// Create a new full certificate (public + private)
localCertificate = zcert_new();
if (localCertificate == nullptr)
throw runtime_error("Failed to create local curve certificate, cannot initialize ZeroMQ security");
zcert_set_meta(localCertificate, "name", instanceName.c_str());
zcert_set_meta(localCertificate, "id", instanceID.c_str());
zcert_set_meta(localCertificate, "type", ServerMode() ? "server" : "client");
// Persist certificates for future runs
if (zcert_save_public(localCertificate, publicCertFileName.c_str()) != 0)
throw runtime_error("Failed to save local curve public certificate, cannot initialize ZeroMQ security");
if (zcert_save_secret(localCertificate, privateCertFileName.c_str()) != 0)
throw runtime_error("Failed to save local curve private certificate, cannot initialize ZeroMQ security");
}
}
// Create new ZeroMQ engine instance
if (ServerMode())
m_instance = new ZeroMQServer(m_bufferReceivedCallback, SecurityEnabled(), InactiveClientTimeout(), VerboseOutput(), ConnectionID(), localCertificate);
else
m_instance = new ZeroMQClient(m_bufferReceivedCallback, SecurityEnabled(), InactiveClientTimeout(), VerboseOutput(), ConnectionID(), localCertificate);
m_instance->Initialize(endPoint, instanceName, instanceID);
log_info("\nEstablished ZeroMQ socket [%s]\n", ConnectionID().ToString().c_str());
}
int
zauth_test (bool verbose)
{
printf (" * zauth: ");
#if (ZMQ_VERSION_MAJOR == 4)
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zauth"
zsys_dir_create (TESTDIR);
// Install the authenticator
zctx_t *ctx = zctx_new ();
zauth_t *auth = zauth_new (ctx);
assert (auth);
zauth_set_verbose (auth, verbose);
// A default NULL connection should always success, and not go through
// our authentication infrastructure at all.
void *server = zsocket_new (ctx, ZMQ_PUSH);
void *client = zsocket_new (ctx, ZMQ_PULL);
bool success = s_can_connect (server, client);
assert (success);
// When we set a domain on the server, we switch on authentication
// for NULL sockets, but with no policies, the client connection will
// be allowed.
//
// TODO: libzmq should accept new security options after unbind/bind
// but for now we have to create a new server socket each time.
server = zsocket_new (ctx, ZMQ_PUSH);
zsocket_set_zap_domain (server, "global");
success = s_can_connect (server, client);
assert (success);
// Blacklist 127.0.0.1, connection should fail
zauth_deny (auth, "127.0.0.1");
success = s_can_connect (server, client);
assert (!success);
// Whitelist our address, which overrides the blacklist
zauth_allow (auth, "127.0.0.1");
success = s_can_connect (server, client);
assert (success);
// Try PLAIN authentication
FILE *password = fopen (TESTDIR "/password-file", "w");
assert (password);
fprintf (password, "admin=Password\n");
fclose (password);
zsocket_set_plain_server (server, 1);
zsocket_set_plain_username (client, "admin");
zsocket_set_plain_password (client, "Password");
success = s_can_connect (server, client);
assert (!success);
zauth_configure_plain (auth, "*", TESTDIR "/password-file");
success = s_can_connect (server, client);
assert (success);
zsocket_set_plain_password (client, "Bogus");
success = s_can_connect (server, client);
assert (!success);
# if defined (HAVE_LIBSODIUM)
// Try CURVE authentication
// We'll create two new certificates and save the client public
// certificate on disk; in a real case we'd transfer this securely
// from the client machine to the server machine.
zcert_t *server_cert = zcert_new ();
zcert_apply (server_cert, server);
zsocket_set_curve_server (server, 1);
zcert_t *client_cert = zcert_new ();
zcert_apply (client_cert, client);
char *server_key = zcert_public_txt (server_cert);
zsocket_set_curve_serverkey (client, server_key);
// We've not set-up any authentication, connection will fail
success = s_can_connect (server, client);
assert (!success);
// PH: 2013/09/18
// There's an issue with libzmq where it sometimes fails to
// connect even if the ZAP handler allows it. It's timing
// dependent, so this is a voodoo hack. To be removed, I've
// no idea this even applies to all boxes.
sleep (1);
// Test CURVE_ALLOW_ANY
zauth_configure_curve (auth, "*", CURVE_ALLOW_ANY);
success = s_can_connect (server, client);
assert (success);
// Test full client authentication using certificates
zcert_save_public (client_cert, TESTDIR "/mycert.txt");
zauth_configure_curve (auth, "*", TESTDIR);
success = s_can_connect (server, client);
assert (success);
zcert_destroy (&server_cert);
zcert_destroy (&client_cert);
# endif
// Remove the authenticator and check a normal connection works
zauth_destroy (&auth);
success = s_can_connect (server, client);
assert (success);
zctx_destroy (&ctx);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
#endif
printf ("OK\n");
return 0;
}
int zfile_mkdir (const char *pathname) {
return zsys_dir_create (pathname);
}
void
zconfig_test (bool verbose)
{
printf (" * zconfig: ");
// @selftest
const char *SELFTEST_DIR_RW = "src/selftest-rw";
const char *testbasedir = ".test_zconfig";
const char *testfile = "test.cfg";
char *basedirpath = NULL; // subdir in a test, under SELFTEST_DIR_RW
char *filepath = NULL; // pathname to testfile in a test, in dirpath
basedirpath = zsys_sprintf ("%s/%s", SELFTEST_DIR_RW, testbasedir);
assert (basedirpath);
filepath = zsys_sprintf ("%s/%s", basedirpath, testfile);
assert (filepath);
// Make sure old aborted tests do not hinder us
zdir_t *dir = zdir_new (basedirpath, NULL);
if (dir) {
zdir_remove (dir, true);
zdir_destroy (&dir);
}
zsys_file_delete (filepath);
zsys_dir_delete (basedirpath);
// Create temporary directory for test files
zsys_dir_create (basedirpath);
zconfig_t *root = zconfig_new ("root", NULL);
assert (root);
zconfig_t *section, *item;
section = zconfig_new ("headers", root);
assert (section);
item = zconfig_new ("email", section);
assert (item);
zconfig_set_value (item, "*****@*****.**");
item = zconfig_new ("name", section);
assert (item);
zconfig_set_value (item, "Justin Kayce");
zconfig_putf (root, "/curve/secret-key", "%s", "Top Secret");
zconfig_set_comment (root, " CURVE certificate");
zconfig_set_comment (root, " -----------------");
assert (zconfig_comments (root));
zconfig_save (root, filepath);
zconfig_destroy (&root);
root = zconfig_load (filepath);
if (verbose)
zconfig_save (root, "-");
assert (streq (zconfig_filename (root), filepath));
char *email = zconfig_get (root, "/headers/email", NULL);
assert (email);
assert (streq (email, "*****@*****.**"));
char *passwd = zconfig_get (root, "/curve/secret-key", NULL);
assert (passwd);
assert (streq (passwd, "Top Secret"));
zconfig_savef (root, "%s/%s", basedirpath, testfile);
assert (!zconfig_has_changed (root));
int rc = zconfig_reload (&root);
assert (rc == 0);
assert (!zconfig_has_changed (root));
zconfig_destroy (&root);
// Test chunk load/save
root = zconfig_new ("root", NULL);
assert (root);
section = zconfig_new ("section", root);
assert (section);
item = zconfig_new ("value", section);
assert (item);
zconfig_set_value (item, "somevalue");
zconfig_t *search = zconfig_locate (root, "section/value");
assert (search == item);
zchunk_t *chunk = zconfig_chunk_save (root);
assert (strlen ((char *) zchunk_data (chunk)) == 32);
char *string = zconfig_str_save (root);
assert (string);
assert (streq (string, (char *) zchunk_data (chunk)));
freen (string);
assert (chunk);
zconfig_destroy (&root);
root = zconfig_chunk_load (chunk);
assert (root);
char *value = zconfig_get (root, "/section/value", NULL);
assert (value);
assert (streq (value, "somevalue"));
// Test config can't be saved to a file in a path that doesn't
// exist or isn't writable
rc = zconfig_savef (root, "%s/path/that/doesnt/exist/%s", basedirpath, testfile);
assert (rc == -1);
zconfig_destroy (&root);
zchunk_destroy (&chunk);
// Test subtree removal
{
zconfig_t *root = zconfig_str_load (
"context\n"
" iothreads = 1\n"
" verbose = 1 # Ask for a trace\n"
"main\n"
" type = zqueue # ZMQ_DEVICE type\n"
" frontend\n"
" option\n"
" hwm = 1000\n"
" swap = 25000000 # 25MB\n"
" bind = 'inproc://addr1'\n"
" bind = 'ipc://addr2'\n"
" backend\n"
" bind = inproc://addr3\n"
);
zconfig_t *to_delete = zconfig_locate (root, "main/frontend");
assert (to_delete);
zconfig_remove (to_delete);
char *value = zconfig_get (root, "/main/type", NULL);
assert (value);
assert (streq (value, "zqueue"));
value = zconfig_get (root, "/main/backend/bind", NULL);
assert (value);
assert (streq (value, "inproc://addr3"));
value = zconfig_get (root, "/main/frontend", NULL);
assert (value);
value = zconfig_get (root, "/main/frontend/option", NULL);
assert (value == NULL);
value = zconfig_get (root, "/main/frontend/option/swap", NULL);
assert (value == NULL);
zconfig_destroy (&root);
}
// Test str_load
zconfig_t *config = zconfig_str_load (
"malamute\n"
" endpoint = ipc://@/malamute\n"
" producer = STREAM\n"
" consumer\n"
" STREAM2 = .*\n"
" STREAM3 = HAM\n"
"server\n"
" verbose = true\n"
);
assert (config);
assert (streq (zconfig_get (config, "malamute/endpoint", NULL), "ipc://@/malamute"));
assert (streq (zconfig_get (config, "malamute/producer", NULL), "STREAM"));
assert (zconfig_locate (config, "malamute/consumer"));
zconfig_t *c = zconfig_child (zconfig_locate (config, "malamute/consumer"));
assert (c);
assert (streq (zconfig_name (c), "STREAM2"));
assert (streq (zconfig_value (c), ".*"));
c = zconfig_next (c);
assert (c);
assert (streq (zconfig_name (c), "STREAM3"));
assert (streq (zconfig_value (c), "HAM"));
c = zconfig_next (c);
assert (!c);
assert (streq (zconfig_get (config, "server/verbose", NULL), "true"));
zconfig_destroy (&config);
// Delete all test files
dir = zdir_new (basedirpath, NULL);
assert (dir);
zdir_remove (dir, true);
zdir_destroy (&dir);
zstr_free (&basedirpath);
zstr_free (&filepath);
#if defined (__WINDOWS__)
zsys_shutdown();
#endif
// @end
printf ("OK\n");
}
///
// Create a file path if it doesn't exist. The file path is treated as
// printf format.
int QmlZsysAttached::dirCreate (const QString &pathname) {
return zsys_dir_create (pathname.toUtf8().data());
};
void
curve_client_test (bool verbose)
{
printf (" * curve_client: ");
// @selftest
// Create temporary directory for test files
zsys_dir_create (TESTDIR);
// We'll create two new certificates and save the client public
// certificate on disk; in a real case we'd transfer this securely
// from the client machine to the server machine.
zcert_t *server_cert = zcert_new ();
zcert_save (server_cert, TESTDIR "/server.cert");
// We'll run the server as a background task, and the
// client in this foreground thread.
zthread_new (server_task, &verbose);
zcert_t *client_cert = zcert_new ();
zcert_save_public (client_cert, TESTDIR "/client.cert");
curve_client_t *client = curve_client_new (&client_cert);
curve_client_set_metadata (client, "Client", "CURVEZMQ/curve_client");
curve_client_set_metadata (client, "Identity", "E475DA11");
curve_client_set_verbose (client, verbose);
curve_client_connect (client, "tcp://127.0.0.1:9005", (byte *)zcert_public_key (server_cert));
curve_client_sendstr (client, "Hello, World");
char *reply = curve_client_recvstr (client);
assert (streq (reply, "Hello, World"));
free (reply);
// Try a multipart message
zmsg_t *msg = zmsg_new ();
zmsg_addstr (msg, "Hello, World");
zmsg_addstr (msg, "Second frame");
curve_client_send (client, &msg);
msg = curve_client_recv (client);
assert (zmsg_size (msg) == 2);
zmsg_destroy (&msg);
// Now send messages of increasing size, check they work
int count;
int size = 0;
for (count = 0; count < 18; count++) {
if (verbose)
printf ("Testing message of size=%d...\n", size);
zframe_t *data = zframe_new (NULL, size);
int byte_nbr;
// Set data to sequence 0...255 repeated
for (byte_nbr = 0; byte_nbr < size; byte_nbr++)
zframe_data (data)[byte_nbr] = (byte) byte_nbr;
msg = zmsg_new ();
zmsg_prepend (msg, &data);
curve_client_send (client, &msg);
msg = curve_client_recv (client);
data = zmsg_pop (msg);
assert (data);
assert (zframe_size (data) == size);
for (byte_nbr = 0; byte_nbr < size; byte_nbr++) {
assert (zframe_data (data)[byte_nbr] == (byte) byte_nbr);
}
zframe_destroy (&data);
zmsg_destroy (&msg);
size = size * 2 + 1;
}
// Signal end of test
curve_client_sendstr (client, "END");
reply = curve_client_recvstr (client);
free (reply);
zcert_destroy (&server_cert);
zcert_destroy (&client_cert);
curve_client_destroy (&client);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
// Ensure server thread has exited before we do
zclock_sleep (100);
printf ("OK\n");
}
void
zcertstore_test (bool verbose)
{
printf (" * zcertstore: ");
if (verbose)
printf ("\n");
// @selftest
const char *SELFTEST_DIR_RW = "src/selftest-rw";
const char *testbasedir = ".test_zcertstore";
const char *testfile = "mycert.txt";
char *basedirpath = NULL; // subdir in a test, under SELFTEST_DIR_RW
char *filepath = NULL; // pathname to testfile in a test, in dirpath
basedirpath = zsys_sprintf ("%s/%s", SELFTEST_DIR_RW, testbasedir);
assert (basedirpath);
filepath = zsys_sprintf ("%s/%s", basedirpath, testfile);
assert (filepath);
// Make sure old aborted tests do not hinder us
zdir_t *dir = zdir_new (basedirpath, NULL);
if (dir) {
zdir_remove (dir, true);
zdir_destroy (&dir);
}
zsys_file_delete (filepath);
zsys_dir_delete (basedirpath);
// Create temporary directory for test files
zsys_dir_create (basedirpath);
// Load certificate store from disk; it will be empty
zcertstore_t *certstore = zcertstore_new (basedirpath);
assert (certstore);
// Create a single new certificate and save to disk
zcert_t *cert = zcert_new ();
assert (cert);
char *client_key = strdup (zcert_public_txt (cert));
assert (client_key);
zcert_set_meta (cert, "name", "John Doe");
zcert_save (cert, filepath);
zcert_destroy (&cert);
// Check that certificate store refreshes as expected
cert = zcertstore_lookup (certstore, client_key);
assert (cert);
assert (streq (zcert_meta (cert, "name"), "John Doe"));
#ifdef CZMQ_BUILD_DRAFT_API
// DRAFT-API: Security
// Iterate through certs
zlistx_t *certs = zcertstore_certs(certstore);
cert = (zcert_t *) zlistx_first(certs);
int cert_count = 0;
while (cert) {
assert (streq (zcert_meta (cert, "name"), "John Doe"));
cert = (zcert_t *) zlistx_next(certs);
cert_count++;
}
assert(cert_count==1);
zlistx_destroy(&certs);
#endif
// Test custom loader
test_loader_state *state = (test_loader_state *) zmalloc (sizeof (test_loader_state));
state->index = 0;
zcertstore_set_loader (certstore, s_test_loader, s_test_destructor, (void *)state);
#if (ZMQ_VERSION_MAJOR >= 4)
cert = zcertstore_lookup (certstore, client_key);
assert (cert == NULL);
cert = zcertstore_lookup (certstore, "abcdefghijklmnopqrstuvwxyzabcdefghijklmn");
assert (cert);
#endif
freen (client_key);
if (verbose)
zcertstore_print (certstore);
zcertstore_destroy (&certstore);
// Delete all test files
dir = zdir_new (basedirpath, NULL);
assert (dir);
zdir_remove (dir, true);
zdir_destroy (&dir);
zstr_free (&basedirpath);
zstr_free (&filepath);
#if defined (__WINDOWS__)
zsys_shutdown();
#endif
// @end
printf ("OK\n");
}
// Authentication test procedure for zproxy sockets - matches zauth_test steps
static void
zproxy_test_authentication (int selected_sockets, bool verbose)
{
# define TESTDIR ".test_zproxy"
# define TESTPWDS TESTDIR "/password-file"
# define TESTCERT TESTDIR "/mycert.txt"
# define TESTFRONTEND (selected_sockets & FRONTEND_SOCKET)
# define TESTBACKEND (selected_sockets & BACKEND_SOCKET)
// Demarcate test boundaries
zsys_info ("zproxy: TEST authentication type=%s%s%s",
TESTFRONTEND? "FRONTEND": "",
TESTFRONTEND && TESTBACKEND? "+": "",
TESTBACKEND? "BACKEND": "");
// Create temporary directory for test files
zsys_dir_create (TESTDIR);
// Clear out any test files from previous run
if (zsys_file_exists (TESTPWDS))
zsys_file_delete (TESTPWDS);
if (zsys_file_exists (TESTCERT))
zsys_file_delete (TESTCERT);
zactor_t *proxy = NULL;
zsock_t *faucet = NULL;
zsock_t *sink = NULL;
char *frontend = NULL;
char *backend = NULL;
// Check there's no authentication
s_create_test_sockets (&proxy, &faucet, &sink, verbose);
s_bind_proxy_sockets (proxy, &frontend, &backend);
bool success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
// Install the authenticator
zactor_t *auth = zactor_new (zauth, NULL);
assert (auth);
if (verbose) {
zstr_sendx (auth, "VERBOSE", NULL);
zsock_wait (auth);
}
// Check there's no authentication on a default NULL server
s_bind_proxy_sockets (proxy, &frontend, &backend);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
// When we set a domain on the server, we switch on authentication
// for NULL sockets, but with no policies, the client connection
// will be allowed.
s_send_proxy_command (proxy, "DOMAIN", selected_sockets, "global", NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
// Blacklist 127.0.0.1, connection should fail
s_send_proxy_command (proxy, "DOMAIN", selected_sockets, "global", NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
zstr_sendx (auth, "DENY", "127.0.0.1", NULL);
zsock_wait (auth);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (!success);
// Whitelist our address, which overrides the blacklist
s_send_proxy_command (proxy, "DOMAIN", selected_sockets, "global", NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
zstr_sendx (auth, "ALLOW", "127.0.0.1", NULL);
zsock_wait (auth);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
// Try PLAIN authentication
// Test negative case (no server-side passwords defined)
s_send_proxy_command (proxy, "PLAIN", selected_sockets, NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
s_configure_plain_auth (faucet, sink, selected_sockets, "admin", "Password");
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (!success);
// Test positive case (server-side passwords defined)
FILE *password = fopen (TESTPWDS, "w");
assert (password);
fprintf (password, "admin=Password\n");
fclose (password);
s_send_proxy_command (proxy, "PLAIN", selected_sockets, NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
s_configure_plain_auth (faucet, sink, selected_sockets, "admin", "Password");
zstr_sendx (auth, "PLAIN", TESTPWDS, NULL);
zsock_wait (auth);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
// Test negative case (bad client password)
s_send_proxy_command (proxy, "PLAIN", selected_sockets, NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
s_configure_plain_auth (faucet, sink, selected_sockets, "admin", "Bogus");
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (!success);
if (zsys_has_curve ()) {
// We'll create two new certificates and save the client public
// certificate on disk
zcert_t *server_cert = zcert_new ();
assert (server_cert);
zcert_t *client_cert = zcert_new ();
assert (client_cert);
char *public_key = zcert_public_txt (server_cert);
char *secret_key = zcert_secret_txt (server_cert);
// Try CURVE authentication
// Test without setting-up any authentication
s_send_proxy_command (proxy, "CURVE", selected_sockets, public_key, secret_key, NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
s_configure_curve_auth (faucet, sink, selected_sockets, client_cert, public_key);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (!success);
// Test CURVE_ALLOW_ANY
s_send_proxy_command (proxy, "CURVE", selected_sockets, public_key, secret_key, NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
s_configure_curve_auth (faucet, sink, selected_sockets, client_cert, public_key);
zstr_sendx (auth, "CURVE", CURVE_ALLOW_ANY, NULL);
zsock_wait (auth);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
// Test with client certificate file in authentication folder
s_send_proxy_command (proxy, "CURVE", selected_sockets, public_key, secret_key, NULL);
s_bind_proxy_sockets (proxy, &frontend, &backend);
s_configure_curve_auth (faucet, sink, selected_sockets, client_cert, public_key);
zcert_save_public (client_cert, TESTCERT);
zstr_sendx (auth, "CURVE", TESTDIR, NULL);
zsock_wait (auth);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
zcert_destroy (&server_cert);
zcert_destroy (&client_cert);
}
// Remove the authenticator and check a normal connection works
zactor_destroy (&auth);
s_bind_proxy_sockets (proxy, &frontend, &backend);
success = s_can_connect (&proxy, &faucet, &sink, frontend, backend, verbose);
assert (success);
zsock_destroy (&faucet);
zsock_destroy (&sink);
zactor_destroy (&proxy);
zstr_free (&frontend);
zstr_free (&backend);
}
void
zsys_test (bool verbose)
{
printf (" * zsys: ");
if (verbose)
printf ("\n");
// @selftest
zsys_catch_interrupts ();
// Check capabilities without using the return value
int rc = zsys_has_curve ();
if (verbose) {
char *hostname = zsys_hostname ();
zsys_info ("host name is %s", hostname);
free (hostname);
zsys_info ("system limit is %zd ZeroMQ sockets", zsys_socket_limit ());
}
zsys_set_io_threads (1);
zsys_set_max_sockets (0);
zsys_set_linger (0);
zsys_set_sndhwm (1000);
zsys_set_rcvhwm (1000);
zsys_set_pipehwm (2500);
assert (zsys_pipehwm () == 2500);
zsys_set_ipv6 (0);
rc = zsys_file_delete ("nosuchfile");
assert (rc == -1);
bool rc_bool = zsys_file_exists ("nosuchfile");
assert (rc_bool != true);
rc = (int) zsys_file_size ("nosuchfile");
assert (rc == -1);
time_t when = zsys_file_modified (".");
assert (when > 0);
mode_t mode = zsys_file_mode (".");
assert (S_ISDIR (mode));
assert (mode & S_IRUSR);
assert (mode & S_IWUSR);
zsys_file_mode_private ();
rc = zsys_dir_create ("%s/%s", ".", ".testsys/subdir");
assert (rc == 0);
when = zsys_file_modified ("./.testsys/subdir");
assert (when > 0);
assert (!zsys_file_stable ("./.testsys/subdir"));
rc = zsys_dir_delete ("%s/%s", ".", ".testsys/subdir");
assert (rc == 0);
rc = zsys_dir_delete ("%s/%s", ".", ".testsys");
assert (rc == 0);
zsys_file_mode_default ();
int major, minor, patch;
zsys_version (&major, &minor, &patch);
assert (major == CZMQ_VERSION_MAJOR);
assert (minor == CZMQ_VERSION_MINOR);
assert (patch == CZMQ_VERSION_PATCH);
char *string = zsys_sprintf ("%s %02x", "Hello", 16);
assert (streq (string, "Hello 10"));
free (string);
char *str64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,.";
int num10 = 1234567890;
string = zsys_sprintf ("%s%s%s%s%d", str64, str64, str64, str64, num10);
assert (strlen (string) == (4 * 64 + 10));
free (string);
// Test logging system
zsys_set_logident ("czmq_selftest");
zsys_set_logsender ("inproc://logging");
void *logger = zsys_socket (ZMQ_SUB, NULL, 0);
assert (logger);
rc = zsocket_connect (logger, "inproc://logging");
assert (rc == 0);
rc = zmq_setsockopt (logger, ZMQ_SUBSCRIBE, "", 0);
assert (rc == 0);
if (verbose) {
zsys_error ("This is an %s message", "error");
zsys_warning ("This is a %s message", "warning");
zsys_notice ("This is a %s message", "notice");
zsys_info ("This is a %s message", "info");
zsys_debug ("This is a %s message", "debug");
zsys_set_logident ("hello, world");
zsys_info ("This is a %s message", "info");
zsys_debug ("This is a %s message", "debug");
// Check that logsender functionality is working
char *received = zstr_recv (logger);
assert (received);
zstr_free (&received);
}
zsys_close (logger, NULL, 0);
// @end
printf ("OK\n");
}
int
zauth_test (bool verbose)
{
printf (" * zauth: ");
#if (ZMQ_VERSION_MAJOR == 4)
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zauth"
zsys_dir_create (TESTDIR);
// Install the authenticator
zctx_t *ctx = zctx_new ();
zauth_t *auth = zauth_new (ctx);
assert (auth);
zauth_set_verbose (auth, verbose);
// A default NULL connection should always success, and not
// go through our authentication infrastructure at all.
void *server = zsocket_new (ctx, ZMQ_PUSH);
void *client = zsocket_new (ctx, ZMQ_PULL);
bool success = s_can_connect (ctx, &server, &client);
assert (success);
// When we set a domain on the server, we switch on authentication
// for NULL sockets, but with no policies, the client connection
// will be allowed.
zsocket_set_zap_domain (server, "global");
success = s_can_connect (ctx, &server, &client);
assert (success);
// Blacklist 127.0.0.1, connection should fail
zsocket_set_zap_domain (server, "global");
zauth_deny (auth, "127.0.0.1");
success = s_can_connect (ctx, &server, &client);
assert (!success);
// Whitelist our address, which overrides the blacklist
zsocket_set_zap_domain (server, "global");
zauth_allow (auth, "127.0.0.1");
success = s_can_connect (ctx, &server, &client);
assert (success);
// Try PLAIN authentication
zsocket_set_plain_server (server, 1);
zsocket_set_plain_username (client, "admin");
zsocket_set_plain_password (client, "Password");
success = s_can_connect (ctx, &server, &client);
assert (!success);
FILE *password = fopen (TESTDIR "/password-file", "w");
assert (password);
fprintf (password, "admin=Password\n");
fclose (password);
zsocket_set_plain_server (server, 1);
zsocket_set_plain_username (client, "admin");
zsocket_set_plain_password (client, "Password");
zauth_configure_plain (auth, "*", TESTDIR "/password-file");
success = s_can_connect (ctx, &server, &client);
assert (success);
zsocket_set_plain_server (server, 1);
zsocket_set_plain_username (client, "admin");
zsocket_set_plain_password (client, "Bogus");
success = s_can_connect (ctx, &server, &client);
assert (!success);
# if defined (HAVE_LIBSODIUM)
// Try CURVE authentication
// We'll create two new certificates and save the client public
// certificate on disk; in a real case we'd transfer this securely
// from the client machine to the server machine.
zcert_t *server_cert = zcert_new ();
zcert_t *client_cert = zcert_new ();
char *server_key = zcert_public_txt (server_cert);
// Test without setting-up any authentication
zcert_apply (server_cert, server);
zcert_apply (client_cert, client);
zsocket_set_curve_server (server, 1);
zsocket_set_curve_serverkey (client, server_key);
success = s_can_connect (ctx, &server, &client);
assert (!success);
// Test CURVE_ALLOW_ANY
zcert_apply (server_cert, server);
zcert_apply (client_cert, client);
zsocket_set_curve_server (server, 1);
zsocket_set_curve_serverkey (client, server_key);
zauth_configure_curve (auth, "*", CURVE_ALLOW_ANY);
success = s_can_connect (ctx, &server, &client);
assert (success);
// Test full client authentication using certificates
zcert_apply (server_cert, server);
zcert_apply (client_cert, client);
zsocket_set_curve_server (server, 1);
zsocket_set_curve_serverkey (client, server_key);
zcert_save_public (client_cert, TESTDIR "/mycert.txt");
zauth_configure_curve (auth, "*", TESTDIR);
success = s_can_connect (ctx, &server, &client);
assert (success);
zcert_destroy (&server_cert);
zcert_destroy (&client_cert);
# endif
// Remove the authenticator and check a normal connection works
zauth_destroy (&auth);
success = s_can_connect (ctx, &server, &client);
assert (success);
zctx_destroy (&ctx);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
#endif
printf ("OK\n");
return 0;
}
void
zconfig_test (bool verbose)
{
printf (" * zconfig: ");
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zconfig"
zsys_dir_create (TESTDIR);
zconfig_t *root = zconfig_new ("root", NULL);
assert (root);
zconfig_t *section, *item;
section = zconfig_new ("headers", root);
assert (section);
item = zconfig_new ("email", section);
assert (item);
zconfig_set_value (item, "*****@*****.**");
item = zconfig_new ("name", section);
assert (item);
zconfig_set_value (item, "Justin Kayce");
zconfig_putf (root, "/curve/secret-key", "%s", "Top Secret");
zconfig_set_comment (root, " CURVE certificate");
zconfig_set_comment (root, " -----------------");
assert (zconfig_comments (root));
zconfig_save (root, TESTDIR "/test.cfg");
zconfig_destroy (&root);
root = zconfig_load (TESTDIR "/test.cfg");
if (verbose)
zconfig_save (root, "-");
assert (streq (zconfig_filename (root), TESTDIR "/test.cfg"));
char *email = zconfig_get (root, "/headers/email", NULL);
assert (email);
assert (streq (email, "*****@*****.**"));
char *passwd = zconfig_get (root, "/curve/secret-key", NULL);
assert (passwd);
assert (streq (passwd, "Top Secret"));
zconfig_savef (root, "%s/%s", TESTDIR, "test.cfg");
assert (!zconfig_has_changed (root));
int rc = zconfig_reload (&root);
assert (rc == 0);
assert (!zconfig_has_changed (root));
zconfig_destroy (&root);
// Test chunk load/save
root = zconfig_new ("root", NULL);
assert (root);
section = zconfig_new ("section", root);
assert (section);
item = zconfig_new ("value", section);
assert (item);
zconfig_set_value (item, "somevalue");
zconfig_t *search = zconfig_locate (root, "section/value");
assert (search == item);
zchunk_t *chunk = zconfig_chunk_save (root);
assert (strlen ((char *) zchunk_data (chunk)) == 32);
char *string = zconfig_str_save (root);
assert (string);
assert (streq (string, (char *) zchunk_data (chunk)));
free (string);
assert (chunk);
zconfig_destroy (&root);
root = zconfig_chunk_load (chunk);
assert (root);
char *value = zconfig_get (root, "/section/value", NULL);
assert (value);
assert (streq (value, "somevalue"));
// Test config can't be saved to a file in a path that doesn't
// exist or isn't writable
rc = zconfig_savef (root, "%s/path/that/doesnt/exist/%s", TESTDIR, "test.cfg");
assert (rc == -1);
zconfig_destroy (&root);
zchunk_destroy (&chunk);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
assert (dir);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
printf ("OK\n");
}
void
curve_server_test (bool verbose)
{
printf (" * curve_server: ");
// @selftest
// Create temporary directory for test files
srand (time (NULL));
zsys_dir_create (TESTDIR);
zcert_t *server_cert = zcert_new ();
zcert_save (server_cert, TESTDIR "/server.cert");
// Install the authenticator
zctx_t *ctx = zctx_new ();
zauth_t *auth = zauth_new (ctx);
assert (auth);
zauth_set_verbose (auth, verbose);
zauth_configure_curve (auth, "*", TESTDIR);
// We'll run a set of clients as background tasks, and the
// server in this foreground thread. Don't pass verbose to
// the clients as the results are unreadable.
int live_clients;
for (live_clients = 0; live_clients < 5; live_clients++)
zthread_new (client_task, &verbose);
curve_server_t *server = curve_server_new (ctx, &server_cert);
curve_server_set_verbose (server, verbose);
curve_server_bind (server, "tcp://127.0.0.1:9006");
while (live_clients > 0) {
zmsg_t *msg = curve_server_recv (server);
if (memcmp (zframe_data (zmsg_last (msg)), "END", 3) == 0)
live_clients--;
curve_server_send (server, &msg);
}
// Try an invalid client/server combination
byte bad_server_key [32] = { 0 };
zcert_t *unknown = zcert_new ();
curve_client_t *client = curve_client_new (&unknown);
curve_client_set_verbose (client, true);
curve_client_connect (client, "tcp://127.0.0.1:9006", bad_server_key);
curve_client_sendstr (client, "Hello, World");
// Expect no reply after 250msec
zmq_pollitem_t pollitems [] = {
{ curve_client_handle (client), 0, ZMQ_POLLIN, 0 }
};
assert (zmq_poll (pollitems, 1, 250) == 0);
curve_client_destroy (&client);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
zdir_remove (dir, true);
zdir_destroy (&dir);
curve_server_destroy (&server);
zauth_destroy (&auth);
zctx_destroy (&ctx);
// @end
// Ensure client threads have exited before we do
zclock_sleep (100);
printf ("OK\n");
}
void
zauth_test (bool verbose)
{
printf (" * zauth: ");
#if (ZMQ_VERSION_MAJOR == 4)
if (verbose)
printf ("\n");
// @selftest
// Create temporary directory for test files
# define TESTDIR ".test_zauth"
zsys_dir_create (TESTDIR);
// Check there's no authentication
zsock_t *server = zsock_new (ZMQ_PUSH);
assert (server);
zsock_t *client = zsock_new (ZMQ_PULL);
assert (client);
bool success = s_can_connect (&server, &client);
assert (success);
// Install the authenticator
zactor_t *auth = zactor_new (zauth, NULL);
assert (auth);
if (verbose) {
zstr_sendx (auth, "VERBOSE", NULL);
zsock_wait (auth);
}
// Check there's no authentication on a default NULL server
success = s_can_connect (&server, &client);
assert (success);
// When we set a domain on the server, we switch on authentication
// for NULL sockets, but with no policies, the client connection
// will be allowed.
zsock_set_zap_domain (server, "global");
success = s_can_connect (&server, &client);
assert (success);
// Blacklist 127.0.0.1, connection should fail
zsock_set_zap_domain (server, "global");
zstr_sendx (auth, "DENY", "127.0.0.1", NULL);
zsock_wait (auth);
success = s_can_connect (&server, &client);
assert (!success);
// Whitelist our address, which overrides the blacklist
zsock_set_zap_domain (server, "global");
zstr_sendx (auth, "ALLOW", "127.0.0.1", NULL);
zsock_wait (auth);
success = s_can_connect (&server, &client);
assert (success);
// Try PLAIN authentication
zsock_set_plain_server (server, 1);
zsock_set_plain_username (client, "admin");
zsock_set_plain_password (client, "Password");
success = s_can_connect (&server, &client);
assert (!success);
FILE *password = fopen (TESTDIR "/password-file", "w");
assert (password);
fprintf (password, "admin=Password\n");
fclose (password);
zsock_set_plain_server (server, 1);
zsock_set_plain_username (client, "admin");
zsock_set_plain_password (client, "Password");
zstr_sendx (auth, "PLAIN", TESTDIR "/password-file", NULL);
zsock_wait (auth);
success = s_can_connect (&server, &client);
assert (success);
zsock_set_plain_server (server, 1);
zsock_set_plain_username (client, "admin");
zsock_set_plain_password (client, "Bogus");
success = s_can_connect (&server, &client);
assert (!success);
if (zsys_has_curve ()) {
// Try CURVE authentication
// We'll create two new certificates and save the client public
// certificate on disk; in a real case we'd transfer this securely
// from the client machine to the server machine.
zcert_t *server_cert = zcert_new ();
assert (server_cert);
zcert_t *client_cert = zcert_new ();
assert (client_cert);
char *server_key = zcert_public_txt (server_cert);
// Test without setting-up any authentication
zcert_apply (server_cert, server);
zcert_apply (client_cert, client);
zsock_set_curve_server (server, 1);
zsock_set_curve_serverkey (client, server_key);
success = s_can_connect (&server, &client);
assert (!success);
// Test CURVE_ALLOW_ANY
zcert_apply (server_cert, server);
zcert_apply (client_cert, client);
zsock_set_curve_server (server, 1);
zsock_set_curve_serverkey (client, server_key);
zstr_sendx (auth, "CURVE", CURVE_ALLOW_ANY, NULL);
zsock_wait (auth);
success = s_can_connect (&server, &client);
assert (success);
// Test full client authentication using certificates
zcert_apply (server_cert, server);
zcert_apply (client_cert, client);
zsock_set_curve_server (server, 1);
zsock_set_curve_serverkey (client, server_key);
zcert_save_public (client_cert, TESTDIR "/mycert.txt");
zstr_sendx (auth, "CURVE", TESTDIR, NULL);
zsock_wait (auth);
success = s_can_connect (&server, &client);
assert (success);
zcert_destroy (&server_cert);
zcert_destroy (&client_cert);
}
// Remove the authenticator and check a normal connection works
zactor_destroy (&auth);
success = s_can_connect (&server, &client);
assert (success);
zsock_destroy (&client);
zsock_destroy (&server);
// Delete all test files
zdir_t *dir = zdir_new (TESTDIR, NULL);
assert (dir);
zdir_remove (dir, true);
zdir_destroy (&dir);
// @end
#endif
printf ("OK\n");
}
int main (int argc, char *argv [])
{
puts (PRODUCT);
puts (COPYRIGHT);
puts (NOWARRANTY);
int argn = 1;
bool verbose = false;
if (argn < argc && streq (argv [argn], "-h")) {
puts ("syntax: hydrad [ directory ]");
puts (" -- defaults to .hydra in current directory");
exit (0);
}
if (argn < argc && streq (argv [argn], "-v")) {
verbose = true;
argn++;
}
// By default, current node runs in .hydra directory; create this if
// it's missing (don't create directory passed as argument);
char *workdir = ".hydra";
if (argn < argc)
workdir = argv [argn++];
else
zsys_dir_create (workdir);
// ----------------------------------------------------------------------
// This code eventually goes into a reusable hydra actor class
// Switch to working directory
zsys_info ("hydrad: data store in %s directory", workdir);
if (zsys_dir_change (workdir)) {
zsys_error ("hydrad: cannot access %s: %s", workdir, strerror (errno));
return 1;
}
// Check we are the only process currently running here
if (zsys_run_as ("hydrad.lock", NULL, NULL)) {
zsys_error ("hydrad: cannot start process safely, exiting");
return 1;
}
// Get node identity from config file, or generate new identity
zconfig_t *config = zconfig_load ("hydra.cfg");
if (!config) {
// Set defaults for Hydra service
config = zconfig_new ("root", NULL);
zconfig_put (config, "/server/timeout", "5000");
zconfig_put (config, "/server/background", "0");
zconfig_put (config, "/server/verbose", "0");
}
char *identity = zconfig_resolve (config, "/hydra/identity", NULL);
if (!identity) {
zuuid_t *uuid = zuuid_new ();
zconfig_put (config, "/hydra/identity", zuuid_str (uuid));
zconfig_put (config, "/hydra/nickname", "Anonymous");
zconfig_save (config, "hydra.cfg");
zuuid_destroy (&uuid);
}
// Create store structure, if necessary
zsys_dir_create ("content");
zsys_dir_create ("posts");
// Start server and bind to ephemeral TCP port. We can run many
// servers on the same box, for testing.
zactor_t *server = zactor_new (hydra_server, NULL);
if (verbose)
zstr_send (server, "VERBOSE");
// Bind Hydra service to ephemeral port and get that port number
char *command;
int port_nbr;
zsock_send (server, "ss", "CONFIGURE", "hydra.cfg");
zsock_send (server, "ss", "BIND", "tcp://*:*");
zsock_send (server, "s", "PORT");
zsock_recv (server, "si", &command, &port_nbr);
zsys_info ("hydrad: TCP server started on port=%d", port_nbr);
assert (streq (command, "PORT"));
free (command);
// We're going to use Zyre for discovery and presence, and our own
// Hydra protocol for content exchange
zyre_t *zyre = zyre_new (NULL);
if (verbose)
zyre_set_verbose (zyre);
char *hostname = zsys_hostname ();
char *endpoint = zsys_sprintf ("tcp://%s:%d", hostname, port_nbr);
zyre_set_header (zyre, "X-HYDRA", "%s", endpoint);
zstr_free (&endpoint);
zstr_free (&hostname);
if (zyre_start (zyre)) {
zsys_info ("hydrad: can't start Zyre discovery service");
zactor_destroy (&server);
zyre_destroy (&zyre);
return 1;
}
// When we get a new peer, handle it
zpoller_t *poller = zpoller_new (zyre_socket (zyre), NULL);
while (!zpoller_terminated (poller)) {
void *which = zpoller_wait (poller, -1);
if (which == zyre_socket (zyre)) {
zyre_event_t *event = zyre_event_new (zyre);
if (zyre_event_type (event) == ZYRE_EVENT_ENTER) {
zsys_debug ("hydrad: new peer name=%s endpoint=%s",
zyre_event_name (event),
zyre_event_header (event, "X-HYDRA"));
s_handle_peer (zyre_event_header (event, "X-HYDRA"), verbose);
}
zyre_event_destroy (&event);
}
else
break;
}
zsys_info ("hydrad: shutting down...");
zpoller_destroy (&poller);
// Shutdown all services
zactor_destroy (&server);
zyre_destroy (&zyre);
zconfig_destroy (&config);
return 0;
}
