def test_blacklist_whitelist(self):
"""test threaded auth - Blacklist and Whitelist"""
self.auth = auth = zmq.auth.ThreadedAuthenticator(self.context)
auth.start()
# Blacklist 127.0.0.1, connection should fail
auth.deny("127.0.0.1")
server = self.socket(zmq.PUSH)
# By setting a domain we switch on authentication for NULL sockets,
# though no policies are configured yet.
server.zap_domain = b"global"
client = self.socket(zmq.PULL)
self.assertFalse(self.can_connect(server, client))
client.close()
server.close()
# Whitelist 127.0.0.1, which overrides the blacklist, connection should pass"
auth.allow("127.0.0.1")
server = self.socket(zmq.PUSH)
# By setting a domain we switch on authentication for NULL sockets,
# though no policies are configured yet.
server.zap_domain = b"global"
client = self.socket(zmq.PULL)
self.assertTrue(self.can_connect(server, client))
client.close()
server.close()
auth.stop()
def run():
'''Run strawhouse client'''
allow_test_pass = False
deny_test_pass = False
ctx = zmq.Context().instance()
# Start an authenticator for this context.
auth = ThreadAuthenticator(ctx)
auth.start()
# Part 1 - demonstrate allowing clients based on IP address
auth.allow('127.0.0.1')
server = ctx.socket(zmq.PUSH)
server.zap_domain = b'global' # must come before bind
server.bind('tcp://*:9000')
client_allow = ctx.socket(zmq.PULL)
client_allow.connect('tcp://127.0.0.1:9000')
server.send(b"Hello")
msg = client_allow.recv()
if msg == b"Hello":
allow_test_pass = True
client_allow.close()
# Part 2 - demonstrate denying clients based on IP address
auth.stop()
auth = ThreadAuthenticator(ctx)
auth.start()
auth.deny('127.0.0.1')
client_deny = ctx.socket(zmq.PULL)
client_deny.connect('tcp://127.0.0.1:9000')
if server.poll(50, zmq.POLLOUT):
server.send(b"Hello")
if client_deny.poll(50):
msg = client_deny.recv()
else:
deny_test_pass = True
else:
deny_test_pass = True
client_deny.close()
auth.stop() # stop auth thread
if allow_test_pass and deny_test_pass:
logging.info("Strawhouse test OK")
else:
logging.error("Strawhouse test FAIL")
def test_blacklist(self):
""" test ioloop auth - Blacklist"""
self.auth = auth = zmq.auth.IOLoopAuthenticator(self.context, io_loop=self.io_loop)
auth.start()
# Blacklist 127.0.0.1, connection should fail
auth.deny("127.0.0.1")
self.server.zap_domain = b"global"
# The test should fail if a msg is received
self.pullstream.on_recv(self.on_message_fail)
t = self.io_loop.time()
self.io_loop.add_timeout(t + 0.1, self.attempt_connection)
self.io_loop.add_timeout(t + 0.2, self.send_msg)
# Timeout the test so the test case can complete even if no message
# is received.
self.io_loop.add_timeout(t + 0.5, self.on_test_timeout_succeed)
self.io_loop.start()
if not (self.test_result == True):
self.fail(self.test_result)
