-
Notifications
You must be signed in to change notification settings - Fork 95
/
auth.go
140 lines (107 loc) · 2.73 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package goczmq
/*
#include "czmq.h"
zactor_t *Auth_new () {
zactor_t *auth = zactor_new(zauth, NULL); return auth;
}
*/
import "C"
import (
"unsafe"
)
// Auth wraps the CZMQ zauth actor. It handles authentication
// for all incoming connections. It allows whitelisting and
// blackisting peers based on IP address and support
// PLAIN and CURVE authentication policies.
type Auth struct {
zactorT *C.struct__zactor_t
}
// NewAuth creates a new Auth actor.
func NewAuth() *Auth {
z := &Auth{}
z.zactorT = C.Auth_new()
return z
}
// Verbose sets the auth actor to log information to stdout.
func (a *Auth) Verbose() error {
cmd := C.CString("VERBOSE")
defer C.free(unsafe.Pointer(cmd))
rc := C.zstr_send(unsafe.Pointer(a.zactorT), cmd)
if rc == -1 {
return ErrActorCmd
}
C.zsock_wait(unsafe.Pointer(a.zactorT))
return nil
}
// Deny adds an address to a socket's deny list
func (a *Auth) Deny(address string) error {
cmd := C.CString("DENY")
defer C.free(unsafe.Pointer(cmd))
cAddress := C.CString(address)
defer C.free(unsafe.Pointer(cAddress))
rc := C.zstr_sendm(unsafe.Pointer(a.zactorT), cmd)
if rc == -1 {
return ErrActorCmd
}
rc = C.zstr_send(unsafe.Pointer(a.zactorT), cAddress)
if rc == -1 {
return ErrActorCmd
}
C.zsock_wait(unsafe.Pointer(a.zactorT))
return nil
}
// Allow removes a previous Deny
func (a *Auth) Allow(address string) error {
cmd := C.CString("ALLOW")
defer C.free(unsafe.Pointer(cmd))
cAddress := C.CString(address)
defer C.free(unsafe.Pointer(cAddress))
rc := C.zstr_sendm(unsafe.Pointer(a.zactorT), cmd)
if rc == -1 {
return ErrActorCmd
}
rc = C.zstr_send(unsafe.Pointer(a.zactorT), cAddress)
if rc == -1 {
return ErrActorCmd
}
C.zsock_wait(unsafe.Pointer(a.zactorT))
return nil
}
// Curve sets auth method to curve
func (a *Auth) Curve(allowed string) error {
cmd := C.CString("CURVE")
defer C.free(unsafe.Pointer(cmd))
cAllowed := C.CString(allowed)
defer C.free(unsafe.Pointer(cAllowed))
rc := C.zstr_sendm(unsafe.Pointer(a.zactorT), cmd)
if rc == -1 {
return ErrActorCmd
}
rc = C.zstr_send(unsafe.Pointer(a.zactorT), cAllowed)
if rc == -1 {
return ErrActorCmd
}
C.zsock_wait(unsafe.Pointer(a.zactorT))
return nil
}
// Plain sets auth method to plain
func (a *Auth) Plain(directory string) error {
cmd := C.CString("PLAIN")
defer C.free(unsafe.Pointer(cmd))
cDirectory := C.CString(directory)
defer C.free(unsafe.Pointer(cDirectory))
rc := C.zstr_sendm(unsafe.Pointer(a.zactorT), cmd)
if rc == -1 {
return ErrActorCmd
}
rc = C.zstr_send(unsafe.Pointer(a.zactorT), cDirectory)
if rc == -1 {
return ErrActorCmd
}
C.zsock_wait(unsafe.Pointer(a.zactorT))
return nil
}
// Destroy destroys the auth actor.
func (a *Auth) Destroy() {
C.zactor_destroy(&a.zactorT)
}