def test_blacklist_whitelist(self): """test threaded auth - Blacklist and Whitelist""" self.auth = auth = zmq.auth.ThreadedAuthenticator(self.context) auth.start() # Blacklist 127.0.0.1, connection should fail auth.deny("127.0.0.1") server = self.socket(zmq.PUSH) # By setting a domain we switch on authentication for NULL sockets, # though no policies are configured yet. server.zap_domain = b"global" client = self.socket(zmq.PULL) self.assertFalse(self.can_connect(server, client)) client.close() server.close() # Whitelist 127.0.0.1, which overrides the blacklist, connection should pass" auth.allow("127.0.0.1") server = self.socket(zmq.PUSH) # By setting a domain we switch on authentication for NULL sockets, # though no policies are configured yet. server.zap_domain = b"global" client = self.socket(zmq.PULL) self.assertTrue(self.can_connect(server, client)) client.close() server.close() auth.stop()
def run(): '''Run strawhouse client''' allow_test_pass = False deny_test_pass = False ctx = zmq.Context().instance() # Start an authenticator for this context. auth = ThreadAuthenticator(ctx) auth.start() # Part 1 - demonstrate allowing clients based on IP address auth.allow('127.0.0.1') server = ctx.socket(zmq.PUSH) server.zap_domain = b'global' # must come before bind server.bind('tcp://*:9000') client_allow = ctx.socket(zmq.PULL) client_allow.connect('tcp://127.0.0.1:9000') server.send(b"Hello") msg = client_allow.recv() if msg == b"Hello": allow_test_pass = True client_allow.close() # Part 2 - demonstrate denying clients based on IP address auth.stop() auth = ThreadAuthenticator(ctx) auth.start() auth.deny('127.0.0.1') client_deny = ctx.socket(zmq.PULL) client_deny.connect('tcp://127.0.0.1:9000') if server.poll(50, zmq.POLLOUT): server.send(b"Hello") if client_deny.poll(50): msg = client_deny.recv() else: deny_test_pass = True else: deny_test_pass = True client_deny.close() auth.stop() # stop auth thread if allow_test_pass and deny_test_pass: logging.info("Strawhouse test OK") else: logging.error("Strawhouse test FAIL")
def test_blacklist(self): """ test ioloop auth - Blacklist""" self.auth = auth = zmq.auth.IOLoopAuthenticator(self.context, io_loop=self.io_loop) auth.start() # Blacklist 127.0.0.1, connection should fail auth.deny("127.0.0.1") self.server.zap_domain = b"global" # The test should fail if a msg is received self.pullstream.on_recv(self.on_message_fail) t = self.io_loop.time() self.io_loop.add_timeout(t + 0.1, self.attempt_connection) self.io_loop.add_timeout(t + 0.2, self.send_msg) # Timeout the test so the test case can complete even if no message # is received. self.io_loop.add_timeout(t + 0.5, self.on_test_timeout_succeed) self.io_loop.start() if not (self.test_result == True): self.fail(self.test_result)